From 34a30a18568260071fb280effe06c96b9cc9a4b5 Mon Sep 17 00:00:00 2001 From: Alden Hilton Date: Tue, 16 Jan 2024 10:55:56 -0800 Subject: [PATCH] Merge calendar sharing controls into a single group rego changes --- .../RegoTests/calendar/calendar01_test.rego | 187 ++++++++++++ .../RegoTests/calendar/calendar03_test.rego | 92 +++--- .../RegoTests/calendar/calendar04_test.rego | 157 +++++++--- .../RegoTests/calendar/calendar05_test.rego | 274 ------------------ rego/Calendar.rego | 136 +++++---- 5 files changed, 420 insertions(+), 426 deletions(-) delete mode 100644 Testing/RegoTests/calendar/calendar05_test.rego diff --git a/Testing/RegoTests/calendar/calendar01_test.rego b/Testing/RegoTests/calendar/calendar01_test.rego index 2f375ef2..2b53b7c5 100644 --- a/Testing/RegoTests/calendar/calendar01_test.rego +++ b/Testing/RegoTests/calendar/calendar01_test.rego @@ -391,4 +391,191 @@ test_ExtSharingPrimaryCal_Incorrect_V5 if { not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." } +#-- + +# +# GWS.CALENDAR.1.2v0.1 +#-- +test_ExtSharingSecondaryCal_Correct_V1 if { + # Test external sharing for secondary calendars when there's only one event + PolicyId := "GWS.CALENDAR.1.2v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, + {"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "" + } + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == concat("", [ + "Only free busy/information for secondary calendars ", + " is shared outside Test Top-Level Domain" + ]) +} + +test_ExtSharingSecondaryCal_Correct_V2 if { + # Test external sharing for secondary calendars when there's multiple events and the most most recent is correct + PolicyId := "GWS.CALENDAR.1.2v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, + {"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + ] + }] + }, + { + "id": {"time": "2021-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, + {"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "" + } + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == concat("", [ + "Only free busy/information for secondary calendars ", + "is shared outside Test Top-Level Domain" + ]) +} + +test_ExtSharingSecondaryCal_Incorrect_V1 if { + # Test external sharing for secondary calendars when there are no relevant events + PolicyId := "GWS.CALENDAR.1.2v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "Something else"}, + {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "" + } + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + not RuleOutput[0].RequirementMet + RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) +} + +test_ExtSharingSecondaryCal_Incorrect_V2 if { + # Test external sharing for secondary calendars when there's only one event and it's wrong + PolicyId := "GWS.CALENDAR.1.2v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, + {"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "" + } + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + not RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == concat("", [ + "All information for secondary calendars ", + " is shared outside Test Top-Level Domain but outsiders cannot change calendars." + ]) +} + +test_ExtSharingSecondaryCal_Incorrect_V3 if { + # Test external sharing for secondary calendars when there are multiple events and the most recent is wrong + PolicyId := "GWS.CALENDAR.1.2v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, + {"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + ] + }] + }, + { + "id": {"time": "2021-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, + {"name": "NEW_VALUE", "value": "READ_WRITE_ACCESS"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "" + }, + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + not RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == concat("", [ + "All information for secondary calendars ", + " is shared outside Test Top-Level Domain but outsiders cannot change calendars." + ]) +} #-- \ No newline at end of file diff --git a/Testing/RegoTests/calendar/calendar03_test.rego b/Testing/RegoTests/calendar/calendar03_test.rego index 3b1de973..d54def0c 100644 --- a/Testing/RegoTests/calendar/calendar03_test.rego +++ b/Testing/RegoTests/calendar/calendar03_test.rego @@ -1,11 +1,12 @@ package calendar import future.keywords + # -# GWS.CALENDAR.3.1v0.1 +# Policy 1 #-- -test_ExtSharingSecondaryCal_Correct_V1 if { - # Test external sharing for secondary calendars when there's only one event +test_CalInteropMan_Correct_V1 if { +# Test calendar interop management when there's only one event PolicyId := "GWS.CALENDAR.3.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -13,8 +14,8 @@ test_ExtSharingSecondaryCal_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, - {"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"}, + {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] @@ -30,14 +31,12 @@ test_ExtSharingSecondaryCal_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "Only free busy/information for secondary calendars ", - " is shared outside Test Top-Level Domain" - ]) + RuleOutput[0].ReportDetails == + "Calendar interop is not enabled for Test Top-Level Domain" } -test_ExtSharingSecondaryCal_Correct_V2 if { - # Test external sharing for secondary calendars when there's multiple events and the most most recent is correct +test_CalInteropMan_Correct_V2 if { + # Test calendar interop management when there's multiple events and the most most recent is correct PolicyId := "GWS.CALENDAR.3.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -45,8 +44,8 @@ test_ExtSharingSecondaryCal_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, - {"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"}, + {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] @@ -56,8 +55,8 @@ test_ExtSharingSecondaryCal_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, - {"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"}, + {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] @@ -73,14 +72,12 @@ test_ExtSharingSecondaryCal_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "Only free busy/information for secondary calendars ", - "is shared outside Test Top-Level Domain" - ]) + RuleOutput[0].ReportDetails == + "Calendar interop is not enabled for Test Top-Level Domain" } -test_ExtSharingSecondaryCal_Incorrect_V1 if { - # Test external sharing for secondary calendars when there are no relevant events +test_CalInteropMan_Incorrect_V1 if { + # Test calendar interop management when there are no relevant events PolicyId := "GWS.CALENDAR.3.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -112,8 +109,8 @@ test_ExtSharingSecondaryCal_Incorrect_V1 if { ]) } -test_ExtSharingSecondaryCal_Incorrect_V2 if { - # Test external sharing for secondary calendars when there's only one event and it's wrong +test_CalInteropMan_Incorrect_V2 if { + # Test calendar interop management when there's only one event and it's wrong PolicyId := "GWS.CALENDAR.3.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -121,8 +118,8 @@ test_ExtSharingSecondaryCal_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, - {"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"}, + {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] @@ -138,14 +135,11 @@ test_ExtSharingSecondaryCal_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "All information for secondary calendars ", - " is shared outside Test Top-Level Domain but outsiders cannot change calendars." - ]) + RuleOutput[0].ReportDetails == "Calendar interop is enabled for Test Top-Level Domain" } -test_ExtSharingSecondaryCal_Incorrect_V3 if { - # Test external sharing for secondary calendars when there are multiple events and the most recent is wrong +test_CalInteropMan_Incorrect_V3 if { + # Test calendar interop management when there are multiple events and the most recent is wrong PolicyId := "GWS.CALENDAR.3.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -153,8 +147,8 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, - {"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"}, + {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] @@ -164,8 +158,8 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"}, - {"name": "NEW_VALUE", "value": "READ_WRITE_ACCESS"}, + {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] @@ -181,9 +175,29 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "All information for secondary calendars ", - " is shared outside Test Top-Level Domain but outsiders cannot change calendars." - ]) + RuleOutput[0].ReportDetails == "Calendar interop is enabled for Test Top-Level Domain" +} +#-- + +# +# GWS.CALENDAR.3.2v0.1 +#-- + +test_OAuth_Correct_V1 if { + # Not-Implemented + PolicyId := "GWS.CALENDAR.3.2v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + ]}, + "tenant_info": { + "topLevelOU": "Test Top-Level OU" + } + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + not RuleOutput[0].RequirementMet + RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == "Currently not able to be tested automatically; please manually check." } #-- \ No newline at end of file diff --git a/Testing/RegoTests/calendar/calendar04_test.rego b/Testing/RegoTests/calendar/calendar04_test.rego index c13c334a..3bc6ed48 100644 --- a/Testing/RegoTests/calendar/calendar04_test.rego +++ b/Testing/RegoTests/calendar/calendar04_test.rego @@ -1,12 +1,11 @@ package calendar import future.keywords - # -# Policy 1 +# GWS.CALENDAR.4.1v0.1 #-- -test_CalInteropMan_Correct_V1 if { -# Test calendar interop management when there's only one event +test_CalendarAppointmentSlot_Correct_V1 if { + # Test Calendar Appointment Slot when there's only one event PolicyId := "GWS.CALENDAR.4.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -14,10 +13,9 @@ test_CalInteropMan_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"} ] }] } @@ -31,12 +29,11 @@ test_CalInteropMan_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == - "Calendar interop is not enabled for Test Top-Level Domain" + RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_CalInteropMan_Correct_V2 if { - # Test calendar interop management when there's multiple events and the most most recent is correct +test_CalendarAppointmentSlot_Correct_V2 if { + # Test Calendar Appointment Slot when there's multiple events and the most recent is correct PolicyId := "GWS.CALENDAR.4.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -44,10 +41,9 @@ test_CalInteropMan_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] }] }, @@ -55,10 +51,9 @@ test_CalInteropMan_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] }] } @@ -72,12 +67,49 @@ test_CalInteropMan_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == - "Calendar interop is not enabled for Test Top-Level Domain" + RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_CalInteropMan_Incorrect_V1 if { - # Test calendar interop management when there are no relevant events +test_CalendarAppointmentSlot_Correct_V3 if { + # Test Calendar Appointment Slot when there's correct events in multiple OUs + PolicyId := "GWS.CALENDAR.4.1v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, + {"name": "NEW_VALUE", "value": "false"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + ] + }] + }, + { + "id": {"time": "2022-12-21T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, + {"name": "NEW_VALUE", "value": "false"}, + {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "Test Top-Level OU" + } + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == "Requirement met in all OUs." +} + +test_CalendarAppointmentSlot_Incorrect_V1 if { + # Test Calendar Appointment Slot when there are no relevant events PolicyId := "GWS.CALENDAR.4.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -86,9 +118,8 @@ test_CalInteropMan_Incorrect_V1 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] }] } @@ -109,8 +140,8 @@ test_CalInteropMan_Incorrect_V1 if { ]) } -test_CalInteropMan_Incorrect_V2 if { - # Test calendar interop management when there's only one event and it's wrong +test_CalendarAppointmentSlot_Incorrect_V2 if { + # Test Calendar Appointment Slot when there's only one event and it's wrong PolicyId := "GWS.CALENDAR.4.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -118,10 +149,9 @@ test_CalInteropMan_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] }] } @@ -135,11 +165,11 @@ test_CalInteropMan_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Calendar interop is enabled for Test Top-Level Domain" + RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_CalInteropMan_Incorrect_V3 if { - # Test calendar interop management when there are multiple events and the most recent is wrong +test_CalendarAppointmentSlot_Incorrect_V3 if { + # Test Calendar Appointment Slot when there are multiple events and the most recent is wrong PolicyId := "GWS.CALENDAR.4.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -147,10 +177,9 @@ test_CalInteropMan_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] }] }, @@ -158,10 +187,9 @@ test_CalInteropMan_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"}, + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"}, ] }] } @@ -175,29 +203,72 @@ test_CalInteropMan_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Calendar interop is enabled for Test Top-Level Domain" + RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -#-- -# -# GWS.CALENDAR.4.2v0.1 -#-- +test_CalendarAppointmentSlot_Incorrect_V4 if { + # Test Calendar Appointment Slot when there's only one event and it's wrong + PolicyId := "GWS.CALENDAR.4.1v0.1" + Output := tests with input as { + "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, + {"name": "NEW_VALUE", "value": "true"}, + {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "" + } + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + not RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." +} -test_OAuth_Correct_V1 if { - # Not-Implemented - PolicyId := "GWS.CALENDAR.4.2v0.1" +test_CalendarAppointmentSlot_Incorrect_V5 if { + # Test Calendar Appointment Slot when there are multiple events and the most recent is wrong + PolicyId := "GWS.CALENDAR.4.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, + {"name": "NEW_VALUE", "value": "true"}, + {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, + ] + }] + }, + { + "id": {"time": "2021-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, + {"name": "NEW_VALUE", "value": "false"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + ] + }] + } ]}, "tenant_info": { "topLevelOU": "Test Top-Level OU" - } + }, } RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet - RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Currently not able to be tested automatically; please manually check." + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." } #-- \ No newline at end of file diff --git a/Testing/RegoTests/calendar/calendar05_test.rego b/Testing/RegoTests/calendar/calendar05_test.rego deleted file mode 100644 index 6700b74f..00000000 --- a/Testing/RegoTests/calendar/calendar05_test.rego +++ /dev/null @@ -1,274 +0,0 @@ -package calendar -import future.keywords - -# -# GWS.CALENDAR.5.1v0.1 -#-- -test_CalendarAppointmentSlot_Correct_V1 if { - # Test Calendar Appointment Slot when there's only one event - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"} - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_CalendarAppointmentSlot_Correct_V2 if { - # Test Calendar Appointment Slot when there's multiple events and the most recent is correct - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_CalendarAppointmentSlot_Correct_V3 if { - # Test Calendar Appointment Slot when there's correct events in multiple OUs - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_CalendarAppointmentSlot_Incorrect_V1 if { - # Test Calendar Appointment Slot when there are no relevant events - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", - "While we are unable to determine the state from the logs, the default setting ", - "is non-compliant; manual check recommended." - ]) -} - -test_CalendarAppointmentSlot_Incorrect_V2 if { - # Test Calendar Appointment Slot when there's only one event and it's wrong - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." -} - -test_CalendarAppointmentSlot_Incorrect_V3 if { - # Test Calendar Appointment Slot when there are multiple events and the most recent is wrong - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." -} - -test_CalendarAppointmentSlot_Incorrect_V4 if { - # Test Calendar Appointment Slot when there's only one event and it's wrong - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." -} - -test_CalendarAppointmentSlot_Incorrect_V5 if { - # Test Calendar Appointment Slot when there are multiple events and the most recent is wrong - PolicyId := "GWS.CALENDAR.5.1v0.1" - Output := tests with input as { - "calendar_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "CalendarAppointmentSlotAdminSettingsProto payments_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." -} -#-- \ No newline at end of file diff --git a/rego/Calendar.rego b/rego/Calendar.rego index f239af0f..8e36fa56 100644 --- a/rego/Calendar.rego +++ b/rego/Calendar.rego @@ -53,58 +53,9 @@ if { } #-- -################## -# GWS.CALENDAR.2 # -################## - # -# Baseline GWS.CALENDAR.2.1v0.1 +# Baseline GWS.CALENDAR.1.2v0.1 #-- -NonCompliantOUs2_1 contains OU if { - some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" -} - -tests contains { - "PolicyId": "GWS.CALENDAR.2.1v0.1", - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) - count(Events) == 0 -} - -tests contains { - "PolicyId": "GWS.CALENDAR.2.1v0.1", - "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, - "RequirementMet": Status, - "NoSuchEvent": false -} -if { - Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) - count(Events) > 0 - Status := count(NonCompliantOUs2_1) == 0 -} -#-- - - -################## -# GWS.CALENDAR.3 # -################## - ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { LastEvent.NewValue == "SHOW_ONLY_FREE_BUSY_INFORMATION" Description := concat("", [ @@ -140,11 +91,8 @@ ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { ]) } -# -# Baseline GWS.CALENDAR.3.1v0.1 -#-- tests contains { - "PolicyId": "GWS.CALENDAR.3.1v0.1", + "PolicyId": "GWS.CALENDAR.1.2v0.1", "Criticality": "Shall", "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", @@ -158,7 +106,7 @@ if { } tests contains { - "PolicyId": "GWS.CALENDAR.3.1v0.1", + "PolicyId": "GWS.CALENDAR.1.2v0.1", "Criticality": "Shall", "ReportDetails": ExtSharingSecondaryCalSettingDetailsStr(LastEvent), "ActualValue": {LastEvent.Setting: LastEvent.NewValue}, @@ -175,7 +123,55 @@ if { ################## -# GWS.CALENDAR.4 # +# GWS.CALENDAR.2 # +################## + +# +# Baseline GWS.CALENDAR.2.1v0.1 +#-- +NonCompliantOUs2_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", OU) + # Ignore OUs without any events. We're already asserting that the + # top-level OU has at least one event; for all other OUs we assume + # they inherit from a parent OU if they have no events. + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + LastEvent.NewValue == "false" +} + +tests contains { + "PolicyId": "GWS.CALENDAR.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { + DefaultSafe := false + Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.CALENDAR.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) + count(Events) > 0 + Status := count(NonCompliantOUs2_1) == 0 +} +#-- + + +################## +# GWS.CALENDAR.3 # ################## CalInteropManSettingDetailsStr(LastEvent) := Description if { @@ -195,10 +191,10 @@ CalInteropManSettingDetailsStr(LastEvent) := Description if { } # -# Baseline GWS.CALENDAR.4.1v0.1 +# Baseline GWS.CALENDAR.3.1v0.1 #-- tests contains { - "PolicyId": "GWS.CALENDAR.4.1v0.1", + "PolicyId": "GWS.CALENDAR.3.1v0.1", "Criticality": "Should", "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", @@ -212,7 +208,7 @@ if { } tests contains { - "PolicyId": "GWS.CALENDAR.4.1v0.1", + "PolicyId": "GWS.CALENDAR.3.1v0.1", "Criticality": "Should", "ReportDetails": CalInteropManSettingDetailsStr(LastEvent), "ActualValue": {LastEvent.Setting: LastEvent.NewValue}, @@ -229,10 +225,10 @@ if { # -# Baseline GWS.CALENDAR.4.2v0.1 +# Baseline GWS.CALENDAR.3.2v0.1 #-- tests contains { - "PolicyId": "GWS.CALENDAR.4.2v0.1", + "PolicyId": "GWS.CALENDAR.3.2v0.1", "Criticality": "Shall/Not-Implemented", "ReportDetails": "Currently not able to be tested automatically; please manually check.", "ActualValue": "", @@ -241,12 +237,12 @@ tests contains { } #-- + ################## -# GWS.CALENDAR.5 # +# GWS.CALENDAR.4 # ################## - -NonCompliantOUs5_1 contains OU if { +NonCompliantOUs4_1 contains OU if { some OU in utils.OUsWithEvents Events := utils.FilterEvents(LogEvents, "CalendarAppointmentSlotAdminSettingsProto payments_enabled", OU) # Ignore OUs without any events. We're already asserting that the @@ -258,10 +254,10 @@ NonCompliantOUs5_1 contains OU if { } # -# Baseline GWS.CALENDAR.5.1v0.1 +# Baseline GWS.CALENDAR.4.1v0.1 #-- tests contains { - "PolicyId": "GWS.CALENDAR.5.1v0.1", + "PolicyId": "GWS.CALENDAR.4.1v0.1", "Criticality": "Shall", "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs.", @@ -276,10 +272,10 @@ if { } tests contains { - "PolicyId": "GWS.CALENDAR.5.1v0.1", + "PolicyId": "GWS.CALENDAR.4.1v0.1", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } @@ -287,6 +283,6 @@ if { SettingName := "CalendarAppointmentSlotAdminSettingsProto payments_enabled" Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs5_1) == 0 + Status := count(NonCompliantOUs4_1) == 0 } #-- \ No newline at end of file