class ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 22
def audit_impl(cfn_model)
  managed_blockchain_members = cfn_model.resources_by_type('AWS::ManagedBlockchain::Member')
  violating_managed_blockchains = managed_blockchain_members.select do |member|
    if password_property_does_not_exist(member)
      false
    else
      pw = member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword']
      insecure_parameter?(cfn_model, pw) ||
        insecure_string_or_dynamic_reference?(cfn_model, pw)
    end
  end

  violating_managed_blockchains.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 18
def rule_id
  'F71'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 9
def rule_text
  'ManagedBlockchain Member MemberFabricConfiguration AdminPasswordRule must ' \
  'not be a plaintext string or a Ref to a NoEcho Parameter with a Default value.'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 14
def rule_type
  Violation::FAILING_VIOLATION
end

Private Instance Methods

password_property_does_not_exist(member) click to toggle source

Checks to see if these properties are present as they are optional properties for the 'AWS::ManagedBlockchain::Member' resource:

'MemberFrameworkConfiguration'
'MemberFabricConfiguration'
'AdminPassword'
# File lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb, line 44
def password_property_does_not_exist(member)
  if member.memberConfiguration['MemberFrameworkConfiguration'].nil?
    true
  elsif member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration'].nil?
    true
  elsif member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword'].nil?
    true
  else
    false
  end
end