Skip to content

Commit

Permalink
Merge calendar sharing controls into a single group rego changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@adhilto
adhilto committed Jan 16, 2024
1 parent a194def commit 34a30a1
Show file tree
Hide file tree
Showing 5 changed files with 420 additions and 426 deletions.
187 changes: 187 additions & 0 deletions Testing/RegoTests/calendar/calendar01_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,4 +391,191 @@ test_ExtSharingPrimaryCal_Incorrect_V5 if {
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU."
}
#--

#
# GWS.CALENDAR.1.2v0.1
#--
test_ExtSharingSecondaryCal_Correct_V1 if {
# Test external sharing for secondary calendars when there's only one event
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span>",
" is shared outside Test Top-Level Domain"
])
}

test_ExtSharingSecondaryCal_Correct_V2 if {
# Test external sharing for secondary calendars when there's multiple events and the most most recent is correct
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
},
{
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span> ",
"is shared outside Test Top-Level Domain"
])
}

test_ExtSharingSecondaryCal_Incorrect_V1 if {
# Test external sharing for secondary calendars when there are no relevant events
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Something else"},
{"name": "NEW_VALUE", "value": "SAME_DOMAIN"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}

test_ExtSharingSecondaryCal_Incorrect_V2 if {
# Test external sharing for secondary calendars when there's only one event and it's wrong
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
}

test_ExtSharingSecondaryCal_Incorrect_V3 if {
# Test external sharing for secondary calendars when there are multiple events and the most recent is wrong
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
},
{
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_WRITE_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
},
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
}
#--
92 changes: 53 additions & 39 deletions Testing/RegoTests/calendar/calendar03_test.rego
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
package calendar
import future.keywords


#
# GWS.CALENDAR.3.1v0.1
# Policy 1
#--
test_ExtSharingSecondaryCal_Correct_V1 if {
# Test external sharing for secondary calendars when there's only one event
test_CalInteropMan_Correct_V1 if {
# Test calendar interop management when there's only one event
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -30,23 +31,21 @@ test_ExtSharingSecondaryCal_Correct_V1 if {
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span>",
" is shared outside Test Top-Level Domain"
])
RuleOutput[0].ReportDetails ==
"<span class=setting>Calendar interop is not enabled </span> for Test Top-Level Domain"
}

test_ExtSharingSecondaryCal_Correct_V2 if {
# Test external sharing for secondary calendars when there's multiple events and the most most recent is correct
test_CalInteropMan_Correct_V2 if {
# Test calendar interop management when there's multiple events and the most most recent is correct
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -56,8 +55,8 @@ test_ExtSharingSecondaryCal_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -73,14 +72,12 @@ test_ExtSharingSecondaryCal_Correct_V2 if {
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span> ",
"is shared outside Test Top-Level Domain"
])
RuleOutput[0].ReportDetails ==
"<span class=setting>Calendar interop is not enabled </span> for Test Top-Level Domain"
}

test_ExtSharingSecondaryCal_Incorrect_V1 if {
# Test external sharing for secondary calendars when there are no relevant events
test_CalInteropMan_Incorrect_V1 if {
# Test calendar interop management when there are no relevant events
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
Expand Down Expand Up @@ -112,17 +109,17 @@ test_ExtSharingSecondaryCal_Incorrect_V1 if {
])
}

test_ExtSharingSecondaryCal_Incorrect_V2 if {
# Test external sharing for secondary calendars when there's only one event and it's wrong
test_CalInteropMan_Incorrect_V2 if {
# Test calendar interop management when there's only one event and it's wrong
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -138,23 +135,20 @@ test_ExtSharingSecondaryCal_Incorrect_V2 if {
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
RuleOutput[0].ReportDetails == "<span class=setting>Calendar interop is enabled </span> for Test Top-Level Domain"
}

test_ExtSharingSecondaryCal_Incorrect_V3 if {
# Test external sharing for secondary calendars when there are multiple events and the most recent is wrong
test_CalInteropMan_Incorrect_V3 if {
# Test calendar interop management when there are multiple events and the most recent is wrong
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -164,8 +158,8 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_WRITE_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -181,9 +175,29 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if {
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
RuleOutput[0].ReportDetails == "<span class=setting>Calendar interop is enabled </span> for Test Top-Level Domain"
}
#--

#
# GWS.CALENDAR.3.2v0.1
#--

test_OAuth_Correct_V1 if {
# Not-Implemented
PolicyId := "GWS.CALENDAR.3.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == "Currently not able to be tested automatically; please manually check."
}
#--
Loading

0 comments on commit 34a30a1

Please sign in to comment.