From 8b874b5cea00360b3190ec0ee30eabc3b4153cdd Mon Sep 17 00:00:00 2001 From: Roy Lane Date: Thu, 2 Jan 2025 09:55:17 -0500 Subject: [PATCH] meet rego: remove log event implementation for 1.1 - 4.1 --- .../Testing/RegoTests/meet/meet01_test.rego | 460 --------------- .../Testing/RegoTests/meet/meet02_test.rego | 534 ------------------ .../Testing/RegoTests/meet/meet03_test.rego | 337 ----------- .../Testing/RegoTests/meet/meet04_test.rego | 397 ------------- scubagoggles/rego/Meet.rego | 247 +------- 5 files changed, 12 insertions(+), 1963 deletions(-) delete mode 100644 scubagoggles/Testing/RegoTests/meet/meet01_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/meet/meet02_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/meet/meet03_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/meet/meet04_test.rego diff --git a/scubagoggles/Testing/RegoTests/meet/meet01_test.rego b/scubagoggles/Testing/RegoTests/meet/meet01_test.rego deleted file mode 100644 index 89d918c9..00000000 --- a/scubagoggles/Testing/RegoTests/meet/meet01_test.rego +++ /dev/null @@ -1,460 +0,0 @@ -package meet - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestGroupNonCompliant -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.MEET.1.1 -#-- - -test_Access_Correct_V1 if { - # Test meeting access when there's only one event - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_Access_Correct_V2 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_Access_Correct_V3 if { - # Test meeting access when there are events in multiple OUs - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - PassTestResult(PolicyId, Output) -} - -test_Access_Correct_V4 if { - # Test history setting when set to inherit from parent - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_Access_Incorrect_V1 if { - # Test meeting access when there are no relevant events - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_Access_Incorrect_V2 if { - # Test meeting access when there's only one event and it's wrong - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_Access_Incorrect_V3 if { - # Test meeting access when there are multiple events and the most recent is wrong - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_Access_Incorrect_V4 if { - # Test allow user to change history setting when there are multiple OU and a secondary OU is wrong - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_Access_Incorrect_V5 if { - # Test allow user to change history setting when the primary OU is missing but a different one is present - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_Access_Incorrect_V6 if { - # Test meeting access when there's only one event and it's wrong - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_Access_Incorrect_V7 if { - # Test meeting access when there are multiple events and the most recent is wrong - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_Access_Incorrect_V8 if { - # Test allow user to change history setting when there are multiple OU and a secondary OU is wrong - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_Access_Incorrect_V9 if { - # Test allow user to change history setting when the primary OU is missing but a different one is present - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyDomainLockProto users_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} -#-- - -test_Access_Incorrect_V10 if { - # Test group wrong - PolicyId := MeetId1_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "SafetyDomainLockProto users_allowed_to_join" - }, - {"name": "NEW_VALUE", "value": "LOGGED_IN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "SafetyDomainLockProto users_allowed_to_join" - }, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "GROUP_EMAIL", "value": "group@example.com"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedGroup := [{"Name": "group@example.com", - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1("ALL"))}] - FailTestGroupNonCompliant(PolicyId, Output, failedGroup) -} diff --git a/scubagoggles/Testing/RegoTests/meet/meet02_test.rego b/scubagoggles/Testing/RegoTests/meet/meet02_test.rego deleted file mode 100644 index 6fa45fd4..00000000 --- a/scubagoggles/Testing/RegoTests/meet/meet02_test.rego +++ /dev/null @@ -1,534 +0,0 @@ -package meet - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestGroupNonCompliant -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# Baseline 2 - Policy 1 -#-- - -test_JoinExternalPers_Correct_V1 if { - # Test meeting access when there's only one event - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinExternalPers_Correct_V2 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinExternalPers_Correct_V3 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_History_Correct_V4 if { - # Test history setting when set to inherit from parent - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinExternalPers_Correct_V5 if { - # Test meeting access when there's only one event - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinExternalPers_Correct_V6 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinExternalPers_Correct_V7 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_History_Correct_V8 if { - # Test history setting when set to inherit from parent - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinExternalPers_Incorrect_V1 if { - # Test meeting access when there are no relevant events - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_JoinExternalPers_Incorrect_V2 if { - # Test meeting access when there's only one event and it's wrong - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_JoinExternalPers_Incorrect_V3 if { - # Test meeting access when there are multiple events and the most recent is wrong - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_JoinExternalPers_Incorrect_V4 if { - # Test allow user to change history setting when there are multiple OU and a secondary OU is wrong - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_JoinExternalPers_Incorrect_V5 if { - # Test allow user to change history setting when the primary OU is missing but a different one is present - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_JoinExternalPers_Incorrect_V6 if { - # Test meeting access when there's only one event and it's wrong - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_JoinExternalPers_Incorrect_V7 if { - # Test meeting access when there are multiple events and the most recent is wrong - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, - {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("ALL"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_JoinExternalPers_Incorrect_V8 if { - # Test group wrong - PolicyId := MeetId2_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "SafetyAccessLockProto meetings_allowed_to_join" - }, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "SafetyAccessLockProto meetings_allowed_to_join" - }, - {"name": "NEW_VALUE", "value": "ALL"}, - {"name": "GROUP_EMAIL", "value": "group@example.com"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedGroup := [{"Name": "group@example.com", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("ALL"))}] - FailTestGroupNonCompliant(PolicyId, Output, failedGroup) -} diff --git a/scubagoggles/Testing/RegoTests/meet/meet03_test.rego b/scubagoggles/Testing/RegoTests/meet/meet03_test.rego deleted file mode 100644 index 60558534..00000000 --- a/scubagoggles/Testing/RegoTests/meet/meet03_test.rego +++ /dev/null @@ -1,337 +0,0 @@ -package meet - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestGroupNonCompliant -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.MEET.3.1 -#-- - -test_HostMan_Correct_V1 if { - # Test meeting access when there's only one event - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_HostMan_Correct_V2 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_HostMan_Correct_V3 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_Access_Correct_V4 if { - # Test history setting when set to inherit from parent - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_HostMan_Incorrect_V1 if { - # Test meeting access when there are no relevant events - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_HostMan_Incorrect_V2 if { - # Test meeting access when there's only one event and it's wrong - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_HostMan_Incorrect_V3 if { - # Test meeting access when there are multiple events and the most recent is wrong - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_HostMan_Incorrect_V4 if { - # Test allow user to change history setting when there are multiple OU and a secondary OU is wrong - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage3_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_HostMan_Incorrect_V5 if { - # Test allow user to change history setting when the primary OU is missing but a different one is present - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "SafetyModerationLockProto host_management_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} -#-- - -test_HostMan_Incorrect_V6 if { - # Test group wrong - PolicyId := MeetId3_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "SafetyModerationLockProto host_management_enabled" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "SafetyModerationLockProto host_management_enabled" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "GROUP_EMAIL", "value": "group@example.com"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedGroup := [{"Name": "group@example.com", - "Value": NonComplianceMessage3_1("disabled")}] - FailTestGroupNonCompliant(PolicyId, Output, failedGroup) -} diff --git a/scubagoggles/Testing/RegoTests/meet/meet04_test.rego b/scubagoggles/Testing/RegoTests/meet/meet04_test.rego deleted file mode 100644 index e73a29c8..00000000 --- a/scubagoggles/Testing/RegoTests/meet/meet04_test.rego +++ /dev/null @@ -1,397 +0,0 @@ -package meet - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestGroupNonCompliant -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.MEET.4.1 -#-- - -test_ExternWarn_Correct_V1 if { - # Test meeting access when there's only one event - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_ExternWarn_Correct_V2 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_ExternWarn_Correct_V3 if { - # Test meeting access when there's multiple events and the most most recent is correct - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_ExternWarn_Correct_V4 if { - # Test history setting when set to inherit from parent - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_ExternWarn_Incorrect_V1 if { - # Test meeting access when there are no relevant events - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_ExternWarn_Incorrect_V2 if { - # Test meeting access when there's only one event and it's wrong - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_ExternWarn_Incorrect_V3 if { - # Test meeting access when there are multiple events and the most recent is wrong - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_ExternWarn_Incorrect_V4 if { - # Test allow user to change history setting when there are multiple OU and a secondary OU is wrong - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage4_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_ExternWarn_Incorrect_V5 if { - # Test allow user to change history setting when the primary OU is missing but a different one is present - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage4_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_ExternWarn_Incorrect_V6 if { - # Test group wrong - PolicyId := MeetId4_1 - Output := tests with input as { - "meet_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Warn for external participants External or unidentified participants in a meeting are given a label" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "GROUP_EMAIL", "value": "group@example.com"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedGroup := [{"Name": "group@example.com", - "Value": NonComplianceMessage4_1("disabled")}] - FailTestGroupNonCompliant(PolicyId, Output, failedGroup) -} diff --git a/scubagoggles/rego/Meet.rego b/scubagoggles/rego/Meet.rego index 9f6db45f..5ce99cba 100644 --- a/scubagoggles/rego/Meet.rego +++ b/scubagoggles/rego/Meet.rego @@ -3,7 +3,6 @@ package meet import future.keywords import data.utils import data.utils.GetFriendlyEnabledValue -import data.utils.PolicyApiInUse MeetEnabled(orgunit) := utils.AppEnabled(input.policies, "meet", orgunit) @@ -19,16 +18,6 @@ LogEvents := utils.GetEvents("meet_logs") MeetId1_1 := utils.PolicyIdWithSuffix("GWS.MEET.1.1") -LogMessage1_1 := "SafetyDomainLockProto users_allowed_to_join" - -Check1_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage1_1, utils.TopLevelOU) - count(events) > 0 -} - -Check1_1_OK if {PolicyApiInUse} - NonComplianceMessage1_1(value) := sprintf("Who can join meetings is set to: %s", [value]) @@ -40,34 +29,6 @@ GetFriendlyValue1_1(Value) := "all users (including users not signed in with a G Value == "LOGGED_IN" } else := Value -NonCompliantOUs1_1 contains { - "Name": OU, - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage1_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "ALL" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - -NonCompliantGroups1_1 contains { - "Name": Group, - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some Group in utils.GroupsWithEvents - Events := utils.FilterEventsGroup(LogEvents, LogMessage1_1, Group) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "ALL" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs1_1 contains { "Name": OU, "Value": NonComplianceMessage1_1(GetFriendlyValue1_1(meetAccess)) @@ -81,29 +42,13 @@ NonCompliantOUs1_1 contains { tests contains { "PolicyId": MeetId1_1, "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check1_1_OK -} - -tests contains { - "PolicyId": MeetId1_1, - "Criticality": "Should", - "ReportDetails": utils.ReportDetails(NonCompliantOUs1_1, NonCompliantGroups1_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1, "NonCompliantGroups": NonCompliantGroups1_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_1, []), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Check1_1_OK - Conditions := {count(NonCompliantOUs1_1) == 0, count(NonCompliantGroups1_1) == 0} - Status := (false in Conditions) == false + Status := count(NonCompliantOUs1_1) == 0 } #-- @@ -117,16 +62,6 @@ if { MeetId2_1 := utils.PolicyIdWithSuffix("GWS.MEET.2.1") -LogMessage2_1 := "SafetyAccessLockProto meetings_allowed_to_join" - -Check2_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage2_1, utils.TopLevelOU) - count(events) > 0 -} - -Check2_1_OK if {PolicyApiInUse} - NonComplianceMessage2_1(value) := sprintf("What meetings can users join is set to: %s", [value]) @@ -138,34 +73,6 @@ GetFriendlyValue2_1(Value) := "any meetings (including meetings created with per Value == "ANY_WORKSPACE_ORGANIZATION" } else := Value -NonCompliantOUs2_1 contains { - "Name": OU, - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage2_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "ALL" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - -NonCompliantGroups2_1 contains { - "Name": Group, - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some Group in utils.GroupsWithEvents - Events := utils.FilterEventsGroup(LogEvents, LogMessage2_1, Group) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "ALL" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs2_1 contains { "Name": OU, "Value": NonComplianceMessage2_1(GetFriendlyValue2_1(meetAccess)) @@ -179,31 +86,13 @@ NonCompliantOUs2_1 contains { tests contains { "PolicyId": MeetId2_1, "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check2_1_OK -} - -tests contains { - "PolicyId": MeetId2_1, - "Criticality": "Shall", - "ReportDetails": utils.ReportDetails(NonCompliantOUs2_1, NonCompliantGroups2_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1, - "NonCompliantGroups": NonCompliantGroups2_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs2_1, []), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Check2_1_OK - Conditions := {count(NonCompliantOUs2_1) == 0, - count(NonCompliantGroups2_1) == 0} - Status := (false in Conditions) == false + Status := count(NonCompliantOUs2_1) == 0 } #-- @@ -217,47 +106,9 @@ if { MeetId3_1 := utils.PolicyIdWithSuffix("GWS.MEET.3.1") -LogMessage3_1 := "SafetyModerationLockProto host_management_enabled" - -Check3_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage3_1, utils.TopLevelOU) - count(events) > 0 -} - -Check3_1_OK if {PolicyApiInUse} - NonComplianceMessage3_1(value) := sprintf("Host management when video calls start is: %s", [value]) -NonCompliantOUs3_1 contains { - "Name": OU, - "Value": NonComplianceMessage3_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage3_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - -NonCompliantGroups3_1 contains { - "Name": Group, - "Value": NonComplianceMessage3_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some Group in utils.GroupsWithEvents - Events := utils.FilterEventsGroup(LogEvents, LogMessage3_1, Group) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs3_1 contains { "Name": OU, "Value": NonComplianceMessage3_1(GetFriendlyEnabledValue(hostMgt)) @@ -268,34 +119,16 @@ NonCompliantOUs3_1 contains { hostMgt != true } -tests contains { - "PolicyId": MeetId3_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check3_1_OK -} - tests contains { "PolicyId": MeetId3_1, "Criticality": "Shall", - "ReportDetails": utils.ReportDetails(NonCompliantOUs3_1, - NonCompliantGroups3_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1, - "NonCompliantGroups": NonCompliantGroups3_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs3_1, []), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Check3_1_OK - Conditions := {count(NonCompliantOUs3_1) == 0, count(NonCompliantGroups3_1) == 0} - Status := (false in Conditions) == false + Status := count(NonCompliantOUs3_1) == 0 } #-- @@ -309,49 +142,9 @@ if { MeetId4_1 := utils.PolicyIdWithSuffix("GWS.MEET.4.1") -LogMessage4_1 := concat("", ["Warn for external participants External or ", - "unidentified participants in a meeting are ", - "given a label"]) - -Check4_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage4_1, utils.TopLevelOU) - count(events) > 0 -} - -Check4_1_OK if {PolicyApiInUse} - NonComplianceMessage4_1(value) := sprintf("Warning label for external or unidentified meeting participants is: %s", [value]) -NonCompliantOUs4_1 contains { - "Name": OU, - "Value": NonComplianceMessage4_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage4_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - -NonCompliantGroups4_1 contains { - "Name": Group, - "Value": NonComplianceMessage4_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some Group in utils.GroupsWithEvents - Events := utils.FilterEventsGroup(LogEvents, LogMessage4_1, Group) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs4_1 contains { "Name": OU, "Value": NonComplianceMessage4_1(GetFriendlyEnabledValue(extWarn)) @@ -365,29 +158,13 @@ NonCompliantOUs4_1 contains { tests contains { "PolicyId": MeetId4_1, "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check4_1_OK -} - -tests contains { - "PolicyId": MeetId4_1, - "Criticality": "Shall", - "ReportDetails": utils.ReportDetails(NonCompliantOUs4_1, NonCompliantGroups4_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1, "NonCompliantGroups": NonCompliantGroups4_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs4_1, []), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Check4_1_OK - Conditions := {count(NonCompliantOUs4_1) == 0, count(NonCompliantGroups4_1) == 0} - Status := (false in Conditions) == false + Status := count(NonCompliantOUs4_1) == 0 } #--