-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathtest.rego
36 lines (28 loc) · 1.26 KB
/
test.rego
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package compliance.cis_aws.rules.cis_3_4
import data.cis_aws.test_data
import data.compliance.cis_aws.data_adapter
import data.compliance.lib.common
import data.lib.test
test_violation {
eval_fail with input as rule_input(false, null, null, false, null)
eval_fail with input as rule_input(false, null, common.past_date, false, null)
eval_fail with input as rule_input(false, "test-arn", null, false, null)
eval_fail with input as rule_input(false, "", common.current_date, false, null)
eval_fail with input as rule_input(false, "test-arn", common.past_date, false, null)
}
test_pass {
eval_pass with input as rule_input(false, "test-arn", common.current_date, false, null)
}
test_not_evaluated {
not_eval with input as test_data.not_evaluated_trail
}
rule_input(is_log_validation_enabled, cloudwatch_log_group_arn, log_delivery_time, is_bucket_logging_enabled, kms_key_id) = test_data.generate_enriched_trail(is_log_validation_enabled, cloudwatch_log_group_arn, log_delivery_time, is_bucket_logging_enabled, kms_key_id)
eval_fail {
test.assert_fail(finding) with data.benchmark_data_adapter as data_adapter
}
eval_pass {
test.assert_pass(finding) with data.benchmark_data_adapter as data_adapter
}
not_eval {
not finding with data.benchmark_data_adapter as data_adapter
}