class EKSClusterEncryptionRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 19
def audit_impl(cfn_model)
  violating_clusters = cfn_model.resources_by_type('AWS::EKS::Cluster').select do |cluster|
    if cluster.encryptionConfig.nil?
      true
    elsif violating_configs?(cluster)
      true
    else
      violating_providers?(cluster)
    end
  end

  violating_clusters.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 15
def rule_id
  'W82'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 7
def rule_text
  'EKS Cluster EncryptionConfig Provider should specify KeyArn to enable Encryption.'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 11
def rule_type
  Violation::WARNING
end

Private Instance Methods

violating_configs?(cluster) click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 35
def violating_configs?(cluster)
  violating_config = cluster.encryptionConfig.select do |config|
    config['Provider'].nil?
  end
  !violating_config.empty?
end
violating_providers?(cluster) click to toggle source
# File lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb, line 42
def violating_providers?(cluster)
  violating_provider = cluster.encryptionConfig.select do |config|
    config['Provider']['KeyArn'].empty?
  end
  !violating_provider.empty?
end