class PassRoleBaseRule

Constants

IAM_ACTION_PATTERNS

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 14
def audit_impl(cfn_model)
  policies = cfn_model.resources_by_type(policy_type)

  violating_policies = policies.select do |policy|
    violating_statements = policy.policy_document.statements.select do |statement|
      passrole_action?(statement) && wildcard_resource?(statement)
    end
    !violating_statements.empty?
  end
  violating_policies.map(&:logical_resource_id)
end
policy_type() click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 10
def policy_type
  raise 'must implement in subclass'
end

Private Instance Methods

passrole_action?(statement) click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 28
def passrole_action?(statement)
  statement.actions.find { |action| IAM_ACTION_PATTERNS.include? action }
end
wildcard_resource?(statement) click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 32
def wildcard_resource?(statement)
  statement.resources.find { |resource| resource == '*' }
end