class PassRoleBaseRule
Constants
- IAM_ACTION_PATTERNS
Public Instance Methods
audit_impl(cfn_model)
click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 14 def audit_impl(cfn_model) policies = cfn_model.resources_by_type(policy_type) violating_policies = policies.select do |policy| violating_statements = policy.policy_document.statements.select do |statement| passrole_action?(statement) && wildcard_resource?(statement) end !violating_statements.empty? end violating_policies.map(&:logical_resource_id) end
policy_type()
click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 10 def policy_type raise 'must implement in subclass' end
Private Instance Methods
passrole_action?(statement)
click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 28 def passrole_action?(statement) statement.actions.find { |action| IAM_ACTION_PATTERNS.include? action } end
wildcard_resource?(statement)
click to toggle source
# File lib/cfn-nag/custom_rules/passrole_base_rule.rb, line 32 def wildcard_resource?(statement) statement.resources.find { |resource| resource == '*' } end