class ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 22 def audit_impl(cfn_model) managed_blockchain_members = cfn_model.resources_by_type('AWS::ManagedBlockchain::Member') violating_managed_blockchains = managed_blockchain_members.select do |member| if password_property_does_not_exist(member) false else pw = member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword'] insecure_parameter?(cfn_model, pw) || insecure_string_or_dynamic_reference?(cfn_model, pw) end end violating_managed_blockchains.map(&:logical_resource_id) end
rule_id()
click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 18 def rule_id 'F71' end
rule_text()
click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 9 def rule_text 'ManagedBlockchain Member MemberFabricConfiguration AdminPasswordRule must ' \ 'not be a plaintext string or a Ref to a NoEcho Parameter with a Default value.' end
rule_type()
click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 14 def rule_type Violation::FAILING_VIOLATION end
Private Instance Methods
password_property_does_not_exist(member)
click to toggle source
Checks to see if these properties are present as they are optional properties for the 'AWS::ManagedBlockchain::Member' resource:
'MemberFrameworkConfiguration' 'MemberFabricConfiguration' 'AdminPassword'
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 44 def password_property_does_not_exist(member) if member.memberConfiguration['MemberFrameworkConfiguration'].nil? true elsif member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration'].nil? true elsif member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword'].nil? true else false end end