diff --git a/scubagoggles/Testing/RegoTests/classroom/classroom01_test.rego b/scubagoggles/Testing/RegoTests/classroom/classroom01_test.rego deleted file mode 100644 index c73695f1..00000000 --- a/scubagoggles/Testing/RegoTests/classroom/classroom01_test.rego +++ /dev/null @@ -1,318 +0,0 @@ -package classroom -import future.keywords -import data.utils.FailTestOUNonCompliant -import data.utils.FailTestNoEvent -import data.utils.PassTestResult - -# -# GWS.CLASSROOM.1.1 -#-- - -test_JoinClassroom_Correct_V1 if { - # Test enforcing who can join classroom when there's only one event - PolicyId := ClassroomId1_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto who_can_join_classes"}, - {"name": "NEW_VALUE", "value": "1"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinClassroom_Correct_V2 if { - # Test enforcing MFA when there's multiple events, with the chronological latest - # correct but not last in json list - PolicyId := ClassroomId1_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto who_can_join_classes"}, - {"name": "NEW_VALUE", "value": "1"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto who_can_join_classes"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_JoinClassroom_Incorrect_V1 if { - # Test enforcing who can join classroom when there's only one event and it's wrong - PolicyId := ClassroomId1_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto who_can_join_classes"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1("Users in allowlisted domains")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_JoinClassroom_Incorrect_V2 if { - # Test who can join classroom when there's multiple events, with the chronological latest - # incorrect but not last in json list - PolicyId := ClassroomId1_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto who_can_join_classes"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto who_can_join_classes"}, - {"name": "NEW_VALUE", "value": "1"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1("Users in allowlisted domains")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - - -test_JoinClassroom_Incorrect_V3 if { - # Test enforcing who can join classroom when there no applicable event - PolicyId := ClassroomId1_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "SOMETHING_ELSE", - "parameters": [ - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} -#-- - -# -# GWS.CLASSROOM.1.2 -#-- - -test_WhichClasses_Correct_V1 if { - # Test enforcing which classes users can join when there's only one event - PolicyId := ClassroomId1_2 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto which_classes_can_users_join"}, - {"name": "NEW_VALUE", "value": "1"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_WhichClasses_Correct_V2 if { - # Test enforcing which classes users can join when there's multiple events, with the chronological latest - # correct but not last in json list - PolicyId := ClassroomId1_2 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto which_classes_can_users_join"}, - {"name": "NEW_VALUE", "value": "1"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto which_classes_can_users_join"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_WhichClasses_Incorrect_V1 if { - # Test enforcing which classes users can join when there's only one event and it's wrong - PolicyId := ClassroomId1_2 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto which_classes_can_users_join"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_2("Classes in allowlisted domains")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_WhichClasses_Incorrect_V2 if { - # Test enforcing which classes users can join when there's multiple events, with the chronological latest - # incorrect but not last in json list - PolicyId := ClassroomId1_2 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ClassMembershipSettingProto which_classes_can_users_join"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "name": "ClassMembershipSettingProto who_can_join_classes", - "parameters": [ - {"name": "NEW_VALUE", "value": "1"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_2("Classes in allowlisted domains")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_WhichClasses_Incorrect_V3 if { - # Test enforcing which classes users can join when there no applicable event - PolicyId := ClassroomId1_2 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "SOMETHING_ELSE", - "parameters": [ - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} diff --git a/scubagoggles/Testing/RegoTests/classroom/classroom02_test.rego b/scubagoggles/Testing/RegoTests/classroom/classroom02_test.rego deleted file mode 100644 index f02229ca..00000000 --- a/scubagoggles/Testing/RegoTests/classroom/classroom02_test.rego +++ /dev/null @@ -1,424 +0,0 @@ -package classroom -import future.keywords -import data.utils.FailTestOUNonCompliant -import data.utils.FailTestNoEvent -import data.utils.PassTestResult - -# GWS.CLASSROOM.2.1 -#-- - -test_APIAccess_Correct_V1 if { - # Test API Access is disabled when there's only one event - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_APIAccess_Correct_V2 if { - # Test enforcing API Access is disabled when there's multiple events, with the chronological latest - # correct but not last in json list - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_APIAccess_Correct_V3 if { - # Test enforcing API Access is disabled is correct when there are events in multiple OUs - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - PassTestResult(PolicyId, Output) -} - -test_APIAccess_Correct_V4 if { - # Test API Access is disabled when set to inherit from parent - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_APIAccess_Incorrect_V1 if { - # Test API Access is disabled when there's only one event and it's wrong - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("true"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_APIAccess_Incorrect_V2 if { - # Test API Access is disabled when there's multiple events, with the chronological latest - # incorrect but not last in json list - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("true"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_APIAccess_Incorrect_V3 if { - # Test API Access is disabled when there no applicable event - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_APIAccess_Incorrect_V4 if { - # Test allow API Access is disabled when there are multiple OU and a secondary OU is wrong - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1("true"))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_APIAccess_Incorrect_V5 if { - # Test API Access is disabled when the primary OU is missing but a different one is present - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_APIAccess_Incorrect_V6 if { - # Test API Access is disabled access when there's only one event and it's wrong - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_APIAccess_Incorrect_V7 if { - # Test API Access is disabled when there are multiple events and the most recent is wrong - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_APIAccess_Incorrect_V8 if { - # Test API Access is disabled when there are multiple OU and a secondary OU is wrong - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage2_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_APIAccess_Incorrect_V9 if { - # Test API Access is disabled when the primary OU is missing but a different one is present - PolicyId := ClassroomId2_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ApiDataAccessSettingProto api_access_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/classroom/classroom03_test.rego b/scubagoggles/Testing/RegoTests/classroom/classroom03_test.rego deleted file mode 100644 index c4c19066..00000000 --- a/scubagoggles/Testing/RegoTests/classroom/classroom03_test.rego +++ /dev/null @@ -1,425 +0,0 @@ -package classroom -import future.keywords -import data.utils.FailTestOUNonCompliant -import data.utils.FailTestNoEvent -import data.utils.PassTestResult - -# GWS.CLASSROOM.3.1 -#-- - -test_CleverRosterDisabled_Correct_V1 if { - # Test Clever Roster is disabled when there's only one event - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_CleverRosterDisabled_Correct_V2 if { - # Test enforcing Clever Roster is disabled when there's multiple events, with the chronological latest - # correct but not last in json list - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_CLEVER"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_CleverRosterDisabled_Correct_V3 if { - # Test enforcing Clever Roster is disabled is correct when there are events in multiple OUs - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - PassTestResult(PolicyId, Output) -} - -test_CleverRosterDisabled_Correct_V4 if { - # Test Clever Roster is disabled when set to inherit from parent - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_CLEVER"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_CleverRosterDisabled_Incorrect_V1 if { - # Test Clever Roster is disabled when there's only one event and it's wrong - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_CLEVER"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("ON - CLEVER")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_CleverRosterDisabled_Incorrect_V2 if { - # Test Clever Roster is disabled when there's multiple events, with the chronological latest - # incorrect but not last in json list - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_CLEVER"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("ON - CLEVER")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - - -test_CleverRosterDisabled_Incorrect_V3 if { - # Test Clever Roster is disabled when there no applicable event - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_CleverRosterDisabled_Incorrect_V4 if { - # Test allow Clever Roster is disabled when there are multiple OU and a secondary OU is wrong - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_CLEVER"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage3_1("ON - CLEVER")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_CleverRosterDisabled_Incorrect_V5 if { - # Test Clever Roster is disabled when the primary OU is missing but a different one is present - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_CLEVER"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_CleverRosterDisabled_Incorrect_V6 if { - # Test Clever Roster is disabled access when there's only one event and it's wrong - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_CleverRosterDisabled_Incorrect_V7 if { - # Test Clever Roster is disabled when there are multiple events and the most recent is wrong - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_CleverRosterDisabled_Incorrect_V8 if { - # Test Clever Roster is disabled when there are multiple OU and a secondary OU is wrong - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage3_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_CleverRosterDisabled_Incorrect_V9 if { - # Test Clever Roster is disabled when the primary OU is missing but a different one is present - PolicyId := ClassroomId3_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "RosterImportSettingsProto sis_integrator"}, - {"name": "NEW_VALUE", "value": "SIS_INTEGRATOR_NONE"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/classroom/classroom04_test.rego b/scubagoggles/Testing/RegoTests/classroom/classroom04_test.rego deleted file mode 100644 index 299e8203..00000000 --- a/scubagoggles/Testing/RegoTests/classroom/classroom04_test.rego +++ /dev/null @@ -1,426 +0,0 @@ -package classroom -import future.keywords -import data.utils.FailTestOUNonCompliant -import data.utils.FailTestNoEvent -import data.utils.PassTestResult - -# -# GWS.CLASSROOM.4.1 -#-- - -test_UnenrollStudents_Correct_V1 if { - # Test only teachers can unenroll students when there's only one event - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_UnenrollStudents_Correct_V2 if { - # Test enforcing only teachers can unenroll students when there's multiple events, with the chronological latest - # correct but not last in json list - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "STUDENTS_AND_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_UnenrollStudents_Correct_V3 if { - # Test enforcing only teachers can unenroll students is correct when there are events in multiple OUs - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - PassTestResult(PolicyId, Output) -} - -test_UnenrollStudents_Correct_V4 if { - # Test only teachers can unenroll students when set to inherit from parent - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "STUDENTS_AND_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_UnenrollStudents_Incorrect_V1 if { - # Test only teachers can unenroll students when there's only one event and it's wrong - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "STUDENTS_AND_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("Students and teachers")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_UnenrollStudents_Incorrect_V2 if { - # Test only teachers can unenroll students when there's multiple events, with the chronological latest - # incorrect but not last in json list - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "STUDENTS_AND_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("Students and teachers")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - - -test_UnenrollStudents_Incorrect_V3 if { - # Test only teachers can unenroll students when there no applicable event - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_UnenrollStudents_Incorrect_V4 if { - # Test allow only teachers can unenroll students when there are multiple OU and a secondary OU is wrong - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "STUDENTS_AND_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage4_1("Students and teachers")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_UnenrollStudents_Incorrect_V5 if { - # Test only teachers can unenroll students when the primary OU is missing but a different one is present - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "STUDENTS_AND_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_UnenrollStudents_Incorrect_V6 if { - # Test only teachers can unenroll students access when there's only one event and it's wrong - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_UnenrollStudents_Incorrect_V7 if { - # Test only teachers can unenroll students when there are multiple events and the most recent is wrong - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_UnenrollStudents_Incorrect_V8 if { - # Test only teachers can unenroll students when there are multiple OU and a secondary OU is wrong - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "SAME_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Secondary OU", - "Value": NonComplianceMessage4_1("SAME_DOMAIN")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_UnenrollStudents_Incorrect_V9 if { - # Test only teachers can unenroll students when the primary OU is missing but a different one is present - PolicyId := ClassroomId4_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "StudentUnenrollmentSettingsProto who_can_unenroll_students"}, - {"name": "NEW_VALUE", "value": "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/classroom/classroom05_test.rego b/scubagoggles/Testing/RegoTests/classroom/classroom05_test.rego deleted file mode 100644 index f1c4299e..00000000 --- a/scubagoggles/Testing/RegoTests/classroom/classroom05_test.rego +++ /dev/null @@ -1,164 +0,0 @@ -package classroom -import future.keywords -import data.utils.FailTestOUNonCompliant -import data.utils.FailTestNoEvent -import data.utils.PassTestResult - -# -# GWS.CLASSROOM.5.1 -#-- - -test_ClassroomCreation_Correct_V1 if { - # Test only teachers can unenroll students when there's only one event - PolicyId := ClassroomId5_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "TeacherPermissionsSettingProto who_can_create_class"}, - {"name": "NEW_VALUE", "value": "3"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_ClassroomCreation_Correct_V2 if { - # Test when there's multiple events, with the chronological latest - # correct but not last in json list - PolicyId := ClassroomId5_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "TeacherPermissionsSettingProto who_can_create_class"}, - {"name": "NEW_VALUE", "value": "3"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "TeacherPermissionsSettingProto who_can_create_class"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -# No tests for multiple OUs, inheritance, groups, etc as this setting can't be controlled at the OU or group level - -test_ClassroomCreation_Incorrect_V1 if { - # Test when there's only one event and it's wrong - PolicyId := ClassroomId5_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "TeacherPermissionsSettingProto who_can_create_class"}, - {"name": "NEW_VALUE", "value": "1"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("anyone in this domain")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_ClassroomCreation_Incorrect_V2 if { - # Test when there's multiple events, with the chronological latest - # incorrect but not last in json list - PolicyId := ClassroomId5_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "TeacherPermissionsSettingProto who_can_create_class"}, - {"name": "NEW_VALUE", "value": "2"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "TeacherPermissionsSettingProto who_can_create_class"}, - {"name": "NEW_VALUE", "value": "3"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("all pending and verified teachers")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_ClassroomCreation_Incorrect_V3 if { - # Test when there no applicable event - PolicyId := ClassroomId5_1 - Output := tests with input as { - "classroom_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name":"SETTING_NAME", - "value": "something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} diff --git a/scubagoggles/rego/Classroom.rego b/scubagoggles/rego/Classroom.rego index 86fcfbc5..2620d748 100644 --- a/scubagoggles/rego/Classroom.rego +++ b/scubagoggles/rego/Classroom.rego @@ -2,9 +2,6 @@ package classroom import future.keywords import data.utils -import data.utils.PolicyApiInUse - -LogEvents := utils.GetEvents("classroom_logs") ClassroomEnabled(orgunit) := utils.AppEnabled(input.policies, "classroom", orgunit) @@ -18,43 +15,18 @@ ClassroomEnabled(orgunit) := utils.AppEnabled(input.policies, "classroom", orgun ClassroomId1_1 := utils.PolicyIdWithSuffix("GWS.CLASSROOM.1.1") -LogMessage1_1 := "ClassMembershipSettingProto who_can_join_classes" - GetFriendlyValue1_1(Value) := "Users in your domain only" if { - Value in {"1", "ANYONE_IN_DOMAIN"} + Value == "ANYONE_IN_DOMAIN" } else := "Users in allowlisted domains" if { - Value in {"2", "ANYONE_IN_ALLOWLISTED_DOMAINS"} + Value == "ANYONE_IN_ALLOWLISTED_DOMAINS" } else := "Any Google Workspace user" if { - Value in {"3", "ANY_GOOGLE_WORKSPACE_USER"} + Value == "ANY_GOOGLE_WORKSPACE_USER" } else := "Any user" if { - Value in {"4", "ANYONE"} + Value == "ANYONE" } else := Value -Check1_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage1_1, utils.TopLevelOU) - count(events) > 0 -} - -Check1_1_OK if {PolicyApiInUse} - NonComplianceMessage1_1(value) := sprintf("Who can join classes in your domain is set to: %s", [value]) -NonCompliantOUs1_1 contains { - "Name": OU, - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage1_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "1" -} - NonCompliantOUs1_1 contains { "Name": OU, "Value": NonComplianceMessage1_1(GetFriendlyValue1_1(whoCanJoin)) @@ -65,20 +37,6 @@ NonCompliantOUs1_1 contains { whoCanJoin != "ANYONE_IN_DOMAIN" } -tests contains { - "PolicyId": ClassroomId1_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check1_1_OK -} - tests contains { "PolicyId": ClassroomId1_1, "Criticality": "Shall", @@ -90,7 +48,6 @@ tests contains { "NoSuchEvent": false } if { - Check1_1_OK Status := count(NonCompliantOUs1_1) == 0 } #-- @@ -101,41 +58,16 @@ if { ClassroomId1_2 := utils.PolicyIdWithSuffix("GWS.CLASSROOM.1.2") -LogMessage1_2 := "ClassMembershipSettingProto which_classes_can_users_join" - GetFriendlyValue1_2(Value) := "Classes in your domain only" if { - Value in {"1", "CLASSES_IN_DOMAIN"} + Value == "CLASSES_IN_DOMAIN" } else := "Classes in allowlisted domains" if { - Value in {"2", "CLASSES_IN_ALLOWLISTED_DOMAINS"} + Value == "CLASSES_IN_ALLOWLISTED_DOMAINS" } else := "Any Google Workspace class" if { - Value in {"3", "ANY_GOOGLE_WORKSPACE_CLASS"} + Value == "ANY_GOOGLE_WORKSPACE_CLASS" } else := Value -Check1_2_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage1_2, utils.TopLevelOU) - count(events) > 0 -} - -Check1_2_OK if {PolicyApiInUse} - NonComplianceMessage1_2(value) := sprintf("Which classes can users in your domain join is set to: %s", [value]) -NonCompliantOUs1_2 contains { - "Name": OU, - "Value": NonComplianceMessage1_2(GetFriendlyValue1_2(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage1_2, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "1" -} - NonCompliantOUs1_2 contains { "Name": OU, "Value": NonComplianceMessage1_2(GetFriendlyValue1_2(whichClasses)) @@ -146,20 +78,6 @@ NonCompliantOUs1_2 contains { whichClasses != "CLASSES_IN_DOMAIN" } -tests contains { - "PolicyId": ClassroomId1_2, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check1_2_OK -} - tests contains { "PolicyId": ClassroomId1_2, "Criticality": "Shall", @@ -171,7 +89,6 @@ tests contains { "NoSuchEvent": false } if { - Check1_2_OK Status := count(NonCompliantOUs1_2) == 0 } #-- @@ -186,42 +103,16 @@ if { ClassroomId2_1 := utils.PolicyIdWithSuffix("GWS.CLASSROOM.2.1") -LogMessage2_1 := "ApiDataAccessSettingProto api_access_enabled" - GetFriendlyValue2_1(Value) := "unable" if { - Value in {"false", false} + Value == false } else := "able" if { - Value in {"true", true} + Value == true } else := Value -Check2_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage2_1, utils.TopLevelOU) - count(events) > 0 -} - -Check2_1_OK if {PolicyApiInUse} - NonComplianceMessage2_1(value) := sprintf("Users %s to authorize apps to %s", [value, "access their Google Classroom data"]) -NonCompliantOUs2_1 contains { - "Name": OU, - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage2_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs2_1 contains { "Name": OU, "Value": NonComplianceMessage2_1(GetFriendlyValue2_1(dataAccessEnabled)) @@ -232,20 +123,6 @@ NonCompliantOUs2_1 contains { dataAccessEnabled != false } -tests contains { - "PolicyId": ClassroomId2_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check2_1_OK -} - tests contains { "PolicyId": ClassroomId2_1, "Criticality": "Shall", @@ -257,7 +134,6 @@ tests contains { "NoSuchEvent": false } if { - Check2_1_OK Status := count(NonCompliantOUs2_1) == 0 } #-- @@ -272,40 +148,14 @@ if { ClassroomId3_1 := utils.PolicyIdWithSuffix("GWS.CLASSROOM.3.1") -LogMessage3_1 := "RosterImportSettingsProto sis_integrator" - GetFriendlyValue3_1(Value) := "OFF" if { - Value in {"SIS_INTEGRATOR_NONE", "OFF"} + Value == "OFF" } else := "ON - CLEVER" if { - Value in {"SIS_INTEGRATOR_CLEVER", "ON_CLEVER"} + Value == "ON_CLEVER" } else := Value -Check3_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage3_1, utils.TopLevelOU) - count(events) > 0 -} - -Check3_1_OK if {PolicyApiInUse} - NonComplianceMessage3_1(value) := sprintf("Roster import is set to: %s", [value]) -NonCompliantOUs3_1 contains { - "Name": OU, - "Value": NonComplianceMessage3_1(GetFriendlyValue3_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage3_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "SIS_INTEGRATOR_NONE" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs3_1 contains { "Name": OU, "Value": NonComplianceMessage3_1(GetFriendlyValue3_1(rosterImportOption)) @@ -316,20 +166,6 @@ NonCompliantOUs3_1 contains { rosterImportOption != "OFF" } -tests contains { - "PolicyId": ClassroomId3_1, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check3_1_OK -} - tests contains { "PolicyId": ClassroomId3_1, "Criticality": "Should", @@ -339,7 +175,6 @@ tests contains { "NoSuchEvent": false } if { - Check3_1_OK Status := count(NonCompliantOUs3_1) == 0 } #-- @@ -354,40 +189,14 @@ if { ClassroomId4_1 := utils.PolicyIdWithSuffix("GWS.CLASSROOM.4.1") -LogMessage4_1 := "StudentUnenrollmentSettingsProto who_can_unenroll_students" - GetFriendlyValue4_1(Value) := "Students and teachers" if { - startswith(Value, "STUDENTS_AND_TEACHERS") == true + Value == "STUDENTS_AND_TEACHERS" } else := "Only teachers" if { - Value in {"ONLY_TEACHERS_CAN_UNENROLL_STUDENTS", "TEACHERS_ONLY"} + Value == "TEACHERS_ONLY" } else := Value -Check4_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage4_1, utils.TopLevelOU) - count(events) > 0 -} - -Check4_1_OK if {PolicyApiInUse} - NonComplianceMessage4_1(value) := sprintf("Who can unenroll students from classes is set to: %s", [value]) -NonCompliantOUs4_1 contains { - "Name": OU, - "Value": NonComplianceMessage4_1(GetFriendlyValue4_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage4_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs4_1 contains { "Name": OU, "Value": NonComplianceMessage4_1(GetFriendlyValue4_1(whoCanUnenroll)) @@ -398,19 +207,6 @@ NonCompliantOUs4_1 contains { whoCanUnenroll != "TEACHERS_ONLY" } -tests contains { - "PolicyId": ClassroomId4_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check4_1_OK -} tests contains { "PolicyId": ClassroomId4_1, @@ -421,7 +217,6 @@ tests contains { "NoSuchEvent": false } if { - Check4_1_OK Status := count(NonCompliantOUs4_1) == 0 } #-- @@ -439,37 +234,13 @@ ClassroomId5_1 := utils.PolicyIdWithSuffix("GWS.CLASSROOM.5.1") LogMessage5_1 := "TeacherPermissionsSettingProto who_can_create_class" GetFriendlyValue5_1(Value) := "anyone in this domain" if { - Value in {"1", "ANYONE_IN_DOMAIN"} + Value == "ANYONE_IN_DOMAIN" } else := "all pending and verified teachers" if { - Value in {"2", "ALL_PENDING_AND_VERIFIED_TEACHERS"} + Value == "ALL_PENDING_AND_VERIFIED_TEACHERS" } else := Value -Check5_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage5_1, utils.TopLevelOU) - count(events) > 0 -} - -Check5_1_OK if {PolicyApiInUse} - NonComplianceMessage5_1(value) := sprintf("Who can create classes is set to: %s", [value]) -NonCompliantOUs5_1 contains { - "Name": OU, - "Value": NonComplianceMessage5_1(GetFriendlyValue5_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage5_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "3" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs5_1 contains { "Name": OU, "Value": NonComplianceMessage5_1(GetFriendlyValue5_1(whoCanCreate)) @@ -480,20 +251,6 @@ NonCompliantOUs5_1 contains { whoCanCreate != "VERIFIED_TEACHERS_ONLY" } -tests contains { - "PolicyId": ClassroomId5_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check5_1_OK -} - tests contains { "PolicyId": ClassroomId5_1, "Criticality": "Shall", @@ -503,7 +260,6 @@ tests contains { "NoSuchEvent": false } if { - Check5_1_OK Status := count(NonCompliantOUs5_1) == 0 } #--