Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

meet: implement group checks (issue 320) #329

Merged
merged 1 commit into from
Jul 25, 2024
Merged

meet: implement group checks (issue 320) #329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 50 additions & 1 deletion Testing/RegoTests/meet/meet01_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -466,4 +466,53 @@ test_Access_Incorrect_V9 if {
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])}
#--
#--

test_Access_Incorrect_V10 if {
# Test group wrong
PolicyId := "GWS.MEET.1.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyDomainLockProto users_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "LOGGED_IN"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyDomainLockProto users_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "ALL"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: Who can join meetings is set to all users ",
"(including users not signed in with a Google account)</li>",
"</ul>"
])
}
49 changes: 49 additions & 0 deletions Testing/RegoTests/meet/meet02_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -555,3 +555,52 @@ test_JoinExternalPers_Incorrect_V7 if {
"What meetings can org users join is set to any meetings, ",
"including meetings created with personal accounts</li></ul>"])
}

test_JoinExternalPers_Incorrect_V8 if {
# Test group wrong
PolicyId := "GWS.MEET.2.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyAccessLockProto meetings_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "SAME_DOMAIN"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyAccessLockProto meetings_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "ALL"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: What meetings can org users join is set to ",
"any meetings, including meetings created with personal accounts</li>",
"</ul>"
])
}
50 changes: 49 additions & 1 deletion Testing/RegoTests/meet/meet03_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,4 +327,52 @@ test_HostMan_Incorrect_V5 if {
"is non-compliant; manual check recommended."
])
}
#--
#--

test_HostMan_Incorrect_V6 if {
# Test group wrong
PolicyId := "GWS.MEET.3.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyModerationLockProto host_management_enabled"
},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyModerationLockProto host_management_enabled"
},
{"name": "NEW_VALUE", "value": "false"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: Host management when video calls start is set to off</li>",
"</ul>"
])
}
55 changes: 53 additions & 2 deletions Testing/RegoTests/meet/meet04_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ test_HostMan_Correct_V3 if {
RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
}

test_Access_Correct_V4 if {
test_HostMan_Correct_V4 if {
# Test history setting when set to inherit from parent
PolicyId := "GWS.MEET.4.1v0.2"
Output := tests with input as {
Expand Down Expand Up @@ -383,4 +383,55 @@ test_HostMan_Incorrect_V5 if {
"is non-compliant; manual check recommended."
])
}
#--
#--

test_HostMan_Incorrect_V6 if {
# Test group wrong
PolicyId := "GWS.MEET.4.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value":
"Warn for external participants External or unidentified participants in a meeting are given a label"
},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value":
"Warn for external participants External or unidentified participants in a meeting are given a label"
},
{"name": "NEW_VALUE", "value": "false"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: Warning label for external or unidentified ",
"meeting participants is set to no warning label</li>",
"</ul>"
])
}
Loading
Loading