Class: SPCM
Constant Summary collapse
- DEFAULT_TEMPLATE_PATTERN =
'..*\.json$|..*\.yaml$|..*\.yml$|..*\.template$'
Instance Method Summary collapse
- #aggregate_metrics(input_path:, parameter_values_path: nil, condition_values_path: nil, template_pattern: DEFAULT_TEMPLATE_PATTERN) ⇒ Object
- #metric(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil) ⇒ Object
- #metric_impl(cfn_model) ⇒ Object
Instance Method Details
#aggregate_metrics(input_path:, parameter_values_path: nil, condition_values_path: nil, template_pattern: DEFAULT_TEMPLATE_PATTERN) ⇒ Object
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/cfn-nag/iam_complexity_metric/spcm.rb', line 10 def aggregate_metrics(input_path:, parameter_values_path: nil, condition_values_path: nil, template_pattern: DEFAULT_TEMPLATE_PATTERN) parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path) condition_values_string = condition_values_path.nil? ? nil : IO.read(condition_values_path) templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path, template_pattern: template_pattern) aggregate_results = [] templates.each do |template| aggregate_results << { filename: template, file_results: metric( cloudformation_string: IO.read(template), parameter_values_string: parameter_values_string, condition_values_string: condition_values_string ) } end aggregate_results end |
#metric(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil) ⇒ Object
33 34 35 36 37 38 39 40 |
# File 'lib/cfn-nag/iam_complexity_metric/spcm.rb', line 33 def metric(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil) cfn_model = CfnParser.new.parse cloudformation_string, parameter_values_string, false, condition_values_string metric_impl(cfn_model) end |
#metric_impl(cfn_model) ⇒ Object
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/cfn-nag/iam_complexity_metric/spcm.rb', line 42 def metric_impl(cfn_model) policy_documents = { 'AWS::IAM::Policy' => {}, 'AWS::IAM::Role' => {} } cfn_model.resources_by_type('AWS::IAM::Policy').each do |policy| update_policy_metric(policy_documents, policy) end cfn_model.resources_by_type('AWS::IAM::Role').each do |role| role.policy_objects.each do |policy| update_role_policy_metric(policy_documents, role, policy) end end policy_documents end |