diff --git a/scubagoggles/Testing/RegoTests/groups/groups01_test.rego b/scubagoggles/Testing/RegoTests/groups/groups01_test.rego deleted file mode 100644 index 0b2e2f12..00000000 --- a/scubagoggles/Testing/RegoTests/groups/groups01_test.rego +++ /dev/null @@ -1,155 +0,0 @@ -package groups - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# Policy 1 -#-- -test_GroupAccess_Correct_V1 if { - # Test group access when there's only one event - PolicyId := GroupsId1_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto collaboration_policy"}, - {"name": "NEW_VALUE", "value": "CLOSED"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupAccess_Correct_V2 if { - # Test group access when there's multiple events and the most most recent is correct - PolicyId := GroupsId1_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto collaboration_policy"}, - {"name": "NEW_VALUE", "value": "CLOSED"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto collaboration_policy"}, - {"name": "NEW_VALUE", "value": "OPEN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupsAccess_Incorrect_V1 if { - # Test group access when there are no relevant events - PolicyId := GroupsId1_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "CLOSED"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -#TODO -test_GroupAccess_Incorrect_V2 if { - # Test group access when there's only one event and it's wrong - PolicyId := GroupsId1_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto collaboration_policy"}, - {"name": "NEW_VALUE", "value": "OPEN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1("Any user")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#TODO -test_GroupAccess_Incorrect_V3 if { - # Test group access when there are multiple events and the most recent is wrong - PolicyId := GroupsId1_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto collaboration_policy"}, - {"name": "NEW_VALUE", "value": "OPEN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto collaboration_policy"}, - {"name": "NEW_VALUE", "value": "CLOSED"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1("Any user")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/groups/groups02_test.rego b/scubagoggles/Testing/RegoTests/groups/groups02_test.rego deleted file mode 100644 index 58fc25f8..00000000 --- a/scubagoggles/Testing/RegoTests/groups/groups02_test.rego +++ /dev/null @@ -1,173 +0,0 @@ -package groups - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# Policy 1 -#-- -test_GroupAddExternal_Correct_V1 if { - # Test group owners' ability to add external memebers when there's only one event - PolicyId := GroupsId2_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_external_members" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupAddExternal_Correct_V2 if { - # Test group owners' ability to add external memebers when there's - # multiple events and the most most recent is correct - PolicyId := GroupsId2_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_external_members" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_external_members" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupAddExternal_Incorrect_V1 if { - # Test group owners' ability to add external memebers when there are no relevant events - PolicyId := GroupsId2_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_GroupAddExternal_Incorrect_V2 if { - # Test group owners' ability to add external memebers when there's only one event and it's wrong - PolicyId := GroupsId2_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_external_members" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1("Yes")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupAddExternal_Incorrect_V3 if { - # Test group owners' ability to add external memebers when there are multiple events and the most recent is wrong - PolicyId := GroupsId2_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_external_members" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_external_members" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage2_1("Yes")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/groups/groups03_test.rego b/scubagoggles/Testing/RegoTests/groups/groups03_test.rego deleted file mode 100644 index a5de1be4..00000000 --- a/scubagoggles/Testing/RegoTests/groups/groups03_test.rego +++ /dev/null @@ -1,175 +0,0 @@ -package groups - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# Policy 1 -#-- -test_GroupIncomingMailPosting_Correct_V1 if { - # Test group owners' ability to allow incoming mail for posting group messages when there's only one event - PolicyId := GroupsId3_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupIncomingMailPosting_Correct_V2 if { - # Test group owners' ability to allow incoming mail for posting group messages when - # there's multiple events and the most most recent is correct - PolicyId := GroupsId3_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupIncomingMailPosting_Incorrect_V1 if { - # Test group owners' ability to allow incoming mail for posting group messages when there are no relevant events - PolicyId := GroupsId3_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_GroupIncomingMailPosting_Incorrect_V2 if { - # Test group owners' ability to allow incoming mail for posting group messages when - # there's only one event and it's wrong - PolicyId := GroupsId3_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("Yes")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupIncomingMailPosting_Incorrect_V3 if { - # Test group owners' ability to allow incoming mail for posting group messages - # when there are multiple events and the most recent is wrong - PolicyId := GroupsId3_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage3_1("Yes")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/groups/groups04_test.rego b/scubagoggles/Testing/RegoTests/groups/groups04_test.rego deleted file mode 100644 index 99a74fc6..00000000 --- a/scubagoggles/Testing/RegoTests/groups/groups04_test.rego +++ /dev/null @@ -1,217 +0,0 @@ -package groups - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# Policy 1 -#-- -test_GroupCreation_Correct_V1 if { - # Test group creation restrictions when there's only one event - PolicyId := GroupsId4_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "ADMIN_ONLY"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupCreation_Correct_V2 if { - # Test group creation restrictions when there's multiple events and the most most recent is correct - PolicyId := GroupsId4_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "ADMIN_ONLY"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "USERS_IN_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupCreation_Incorrect_V1 if { - # Test group creation restrictions when there are no relevant events - PolicyId := GroupsId4_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "ADMIN_ONLY"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_GroupCreation_Incorrect_V2 if { - # Test group creation restrictions when there's only one event and it's wrong - PolicyId := GroupsId4_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "USERS_IN_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("Users in your domain only")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupCreation_Incorrect_V3 if { - # Test group creation restrictions when there are multiple events and the most recent is wrong - PolicyId := GroupsId4_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "USERS_IN_DOMAIN"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "ADMIN_ONLY"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("Users in your domain only")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_GroupCreation_Incorrect_V4 if { - # Test group creation restrictions when there's only one event and it's wrong - PolicyId := GroupsId4_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "WORLD"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("Any user")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupCreation_Incorrect_V5 if { - # Test group creation restrictions when there are multiple events and the most recent is wrong - PolicyId := GroupsId4_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "WORLD"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto who_can_create_groups"}, - {"name": "NEW_VALUE", "value": "ADMIN_ONLY"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage4_1("Any user")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/groups/groups05_test.rego b/scubagoggles/Testing/RegoTests/groups/groups05_test.rego deleted file mode 100644 index 96e6f84e..00000000 --- a/scubagoggles/Testing/RegoTests/groups/groups05_test.rego +++ /dev/null @@ -1,359 +0,0 @@ -package groups - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - - -# -# Policy 1 -#-- -test_GroupConservationViewPermission_Correct_V1 if { - # Test group conversation view permissions when there's only one event - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MEMBERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupConservationViewPermission_Correct_V2 if { - # Test group conversation view permissions when there's multiple events and the most most recent is correct - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MEMBERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "DOMAIN_USERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupConservationViewPermission_Incorrect_V1 if { - # Test group conversation view permissions when there are no relevant events - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "MEMBERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_GroupConservationViewPermission_Incorrect_V2 if { - # Test group conversation view permissions when there's only one event and it's wrong - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "DOMAIN_USERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("Users in your domain only")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupConservationViewPermission_Incorrect_V3 if { - # Test group conversation view permissions when there's only one event and it's wrong - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MANAGERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("Managers")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupConservationViewPermission_Incorrect_V4 if { - # Test group conversation view permissions when there's only one event and it's wrong - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "OWNERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("Owners")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupConservationViewPermission_Incorrect_V5 if { - # Test group conversation view permissions when there are multiple events and the most recent is wrong - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "DOMAIN_USERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MEMBERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("Users in your domain only")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupConservationViewPermission_Incorrect_V6 if { - # Test group conversation view permissions when there are multiple events and the most recent is wrong - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MANAGERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MEMBERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("Managers")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupConservationViewPermission_Incorrect_V7 if { - # Test group conversation view permissions when there are multiple events and the most recent is wrong - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "OWNERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MEMBERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("Owners")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -test_GroupConservationViewPermission_Incorrect_V8 if { - # Test group conversation view permissions when there are multiple events - # and the most recent is wrong - PolicyId := GroupsId5_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "PUBLIC"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "GroupsSharingSettingsProto default_view_topics_access_level" - }, - {"name": "NEW_VALUE", "value": "MEMBERS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("Any user")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/groups/groups06_test.rego b/scubagoggles/Testing/RegoTests/groups/groups06_test.rego deleted file mode 100644 index 6cf64e9a..00000000 --- a/scubagoggles/Testing/RegoTests/groups/groups06_test.rego +++ /dev/null @@ -1,190 +0,0 @@ -package groups - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - - -# -# Policy 1 -#-- -test_GroupOwnersHideGroups_Correct_V1 if { - # Test group owners' ability to hide groups when there's only one event - PolicyId := GroupsId6_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupOwnersHideGroups_Correct_V2 if { - # Test group owners' ability to hide groups when there's multiple events and the most most recent is correct - PolicyId := GroupsId6_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GroupOwnersHideGroups_Incorrect_V1 if { - # Test group owners' ability to hide groups when there are no relevant events - PolicyId := GroupsId6_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_GroupOwnersHideGroups_Incorrect_V2 if { - # Test group owners' ability to hide groups when there's only one event and it's wrong - PolicyId := GroupsId6_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_1("Yes")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupOwnersHideGroups_Incorrect_V3 if { - # Test group owners' ability to hide groups when there are multiple events and the most recent is wrong - PolicyId := GroupsId6_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_1("Yes")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GroupOwnersHideGroups_Incorrect_V4 if { - PolicyId := GroupsId6_1 - Output := tests with input as { - "groups_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto allow_unlisted_groups"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_1("Yes")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/rego/Groups.rego b/scubagoggles/rego/Groups.rego index 03876922..0e4c070e 100644 --- a/scubagoggles/rego/Groups.rego +++ b/scubagoggles/rego/Groups.rego @@ -2,12 +2,15 @@ package groups import future.keywords import data.utils -import data.utils.PolicyApiInUse - -LogEvents := utils.GetEvents("groups_logs") GroupsEnabled(orgunit) := utils.AppEnabled(input.policies, "groups_for_business", orgunit) +GetFriendlyYesNoBoolean(Value) := "Yes" if { + Value == true +} else := "No" if { + Value == false +} else := Value + ################ # GWS.GROUPS.1 # ################ @@ -18,39 +21,14 @@ GroupsEnabled(orgunit) := utils.AppEnabled(input.policies, "groups_for_business" GroupsId1_1 := utils.PolicyIdWithSuffix("GWS.GROUPS.1.1") -LogMessage1_1 := "GroupsSharingSettingsProto collaboration_policy" - -Check1_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage1_1, utils.TopLevelOU) - count(events) > 0 -} - -Check1_1_OK if {PolicyApiInUse} - GetFriendlyValue1_1(Value) := "Users in your domain only" if { - Value in {"CLOSED", "DOMAIN_USERS_ONLY"} + Value == "DOMAIN_USERS_ONLY" } else := "Any user" if { - Value in {"OPEN", "ANYONE_CAN_ACCESS"} + Value == "ANYONE_CAN_ACCESS" } else := Value NonComplianceMessage1_1(value) := sprintf("Group access set to: %s", [value]) -NonCompliantOUs1_1 contains { - "Name": OU, - "Value": NonComplianceMessage1_1(GetFriendlyValue1_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage1_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "CLOSED" -} - NonCompliantOUs1_1 contains { "Name": OU, "Value": NonComplianceMessage1_1(GetFriendlyValue1_1(whoCanShare)) @@ -61,20 +39,6 @@ NonCompliantOUs1_1 contains { whoCanShare != "DOMAIN_USERS_ONLY" } -tests contains { - "PolicyId": GroupsId1_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check1_1_OK -} - tests contains { "PolicyId": GroupsId1_1, "Criticality": "Shall", @@ -84,7 +48,6 @@ tests contains { "NoSuchEvent": false } if { - Check1_1_OK Status := count(NonCompliantOUs1_1) == 0 } #-- @@ -99,42 +62,11 @@ if { GroupsId2_1 := utils.PolicyIdWithSuffix("GWS.GROUPS.2.1") -LogMessage2_1 := "GroupsSharingSettingsProto owners_can_allow_external_members" - -Check2_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage2_1, utils.TopLevelOU) - count(events) > 0 -} - -Check2_1_OK if {PolicyApiInUse} - -GetFriendlyValue2_1(Value) := "Yes" if { - Value in {true, "true"} -} else := "No" if { - Value in {false, "false"} -} else := Value - NonComplianceMessage2_1(value) := sprintf("Allowing external group members is set to: %s", [value]) NonCompliantOUs2_1 contains { "Name": OU, - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage2_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "false" -} - -NonCompliantOUs2_1 contains { - "Name": OU, - "Value": NonComplianceMessage2_1(GetFriendlyValue2_1(allowExternal)) + "Value": NonComplianceMessage2_1(GetFriendlyYesNoBoolean(allowExternal)) } if { some OU, settings in input.policies GroupsEnabled(OU) @@ -142,20 +74,6 @@ NonCompliantOUs2_1 contains { allowExternal != false } -tests contains { - "PolicyId": GroupsId2_1, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check2_1_OK -} - tests contains { "PolicyId": GroupsId2_1, "Criticality": "Should", @@ -165,7 +83,6 @@ tests contains { "NoSuchEvent": false } if { - Check2_1_OK Status := count(NonCompliantOUs2_1) == 0 } #-- @@ -180,42 +97,11 @@ if { GroupsId3_1 := utils.PolicyIdWithSuffix("GWS.GROUPS.3.1") -LogMessage3_1 := "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" - -Check3_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage3_1, utils.TopLevelOU) - count(events) > 0 -} - -Check3_1_OK if {PolicyApiInUse} - -GetFriendlyValue3_1(Value) := "Yes" if { - Value in {true, "true"} -} else := "No" if { - Value in {false, "false"} -} else := Value - NonComplianceMessage3_1(value) := sprintf("Allowing external email is set to: %s", [value]) NonCompliantOUs3_1 contains { "Name": OU, - "Value": NonComplianceMessage3_1(GetFriendlyValue3_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage3_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "false" -} - -NonCompliantOUs3_1 contains { - "Name": OU, - "Value": NonComplianceMessage3_1(GetFriendlyValue3_1(allowExternal)) + "Value": NonComplianceMessage3_1(GetFriendlyYesNoBoolean(allowExternal)) } if { some OU, settings in input.policies GroupsEnabled(OU) @@ -223,20 +109,6 @@ NonCompliantOUs3_1 contains { allowExternal != false } -tests contains { - "PolicyId": GroupsId3_1, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check3_1_OK -} - tests contains { "PolicyId": GroupsId3_1, "Criticality": "Should", @@ -246,7 +118,6 @@ tests contains { "NoSuchEvent": false } if { - Check3_1_OK Status := count(NonCompliantOUs3_1) == 0 } #-- @@ -261,41 +132,16 @@ if { GroupsId4_1 := utils.PolicyIdWithSuffix("GWS.GROUPS.4.1") -LogMessage4_1 := "GroupsSharingSettingsProto who_can_create_groups" - -Check4_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage4_1, utils.TopLevelOU) - count(events) > 0 -} - -Check4_1_OK if {PolicyApiInUse} - GetFriendlyValue4_1(Value) := "Administrators only" if { Value == "ADMIN_ONLY" } else := "Users in your domain only" if { Value == "USERS_IN_DOMAIN" } else := "Any user" if { - Value in {"ANYONE_CAN_CREATE", "WORLD"} + Value == "ANYONE_CAN_CREATE" } else := Value NonComplianceMessage4_1(value) := sprintf("Groups can be created by: %s", [value]) -NonCompliantOUs4_1 contains { - "Name": OU, - "Value": NonComplianceMessage4_1(GetFriendlyValue4_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage4_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "ADMIN_ONLY" -} - NonCompliantOUs4_1 contains { "Name": OU, "Value": NonComplianceMessage4_1(GetFriendlyValue4_1(whoCreates)) @@ -306,20 +152,6 @@ NonCompliantOUs4_1 contains { whoCreates != "ADMIN_ONLY" } -tests contains { - "PolicyId": GroupsId4_1, - "Criticality": "Should", - "ReportDetails":utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check4_1_OK -} - tests contains { "PolicyId": GroupsId4_1, "Criticality": "Should", @@ -329,7 +161,6 @@ tests contains { "NoSuchEvent": false } if { - Check4_1_OK Status := count(NonCompliantOUs4_1) == 0 } #-- @@ -344,16 +175,6 @@ if { GroupsId5_1 := utils.PolicyIdWithSuffix("GWS.GROUPS.5.1") -LogMessage5_1 := "GroupsSharingSettingsProto default_view_topics_access_level" - -Check5_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage5_1, utils.TopLevelOU) - count(events) > 0 -} - -Check5_1_OK if {PolicyApiInUse} - GetFriendlyValue5_1(Value) := "Owners" if { Value == "OWNERS" } else := "Managers" if { @@ -363,26 +184,11 @@ GetFriendlyValue5_1(Value) := "Owners" if { } else := "Users in your domain only" if { Value == "DOMAIN_USERS" } else := "Any user" if { - Value in {"ANYONE_CAN_VIEW_TOPICS", "PUBLIC"} + Value == "ANYONE_CAN_VIEW_TOPICS" } else := Value NonComplianceMessage5_1(value) := sprintf("Group conversations can be viewed by: %s", [value]) -NonCompliantOUs5_1 contains { - "Name": OU, - "Value": NonComplianceMessage5_1(GetFriendlyValue5_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage5_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "MEMBERS" -} - NonCompliantOUs5_1 contains { "Name": OU, "Value": NonComplianceMessage5_1(GetFriendlyValue5_1(whoCanView)) @@ -393,20 +199,6 @@ NonCompliantOUs5_1 contains { whoCanView != "GROUP_MEMBERS" } -tests contains { - "PolicyId": GroupsId5_1, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check5_1_OK -} - tests contains { "PolicyId": GroupsId5_1, "Criticality": "Should", @@ -416,7 +208,6 @@ tests contains { "NoSuchEvent": false } if { - Check5_1_OK Status := count(NonCompliantOUs5_1) == 0 } #-- @@ -431,42 +222,11 @@ if { GroupsId6_1 := utils.PolicyIdWithSuffix("GWS.GROUPS.6.1") -LogMessage6_1 := "GroupsSharingSettingsProto allow_unlisted_groups" - -Check6_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage6_1, utils.TopLevelOU) - count(events) > 0 -} - -Check6_1_OK if {PolicyApiInUse} - -GetFriendlyValue6_1(Value) := "Yes" if { - Value in {true, "true"} -} else := "No" if { - Value in {false, "false"} -} else := Value - NonComplianceMessage6_1(value) := sprintf("Group may be hidden: %s", [value]) NonCompliantOUs6_1 contains { "Name": OU, - "Value": NonComplianceMessage6_1(GetFriendlyValue6_1(LastEvent.NewValue)) -} if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage6_1, OU) - # Ignore OUs without any events. We're already asserting that the - # top-level OU has at least one event; for all other OUs we assume - # they inherit from a parent OU if they have no events. - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue != "false" -} - -NonCompliantOUs6_1 contains { - "Name": OU, - "Value": NonComplianceMessage6_1(GetFriendlyValue6_1(canHideGroups)) + "Value": NonComplianceMessage6_1(GetFriendlyYesNoBoolean(canHideGroups)) } if { some OU, settings in input.policies GroupsEnabled(OU) @@ -474,20 +234,6 @@ NonCompliantOUs6_1 contains { canHideGroups != false } -tests contains { - "PolicyId": GroupsId6_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue":"No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check6_1_OK -} - tests contains { "PolicyId": GroupsId6_1, "Criticality": "Shall", @@ -497,6 +243,5 @@ tests contains { "NoSuchEvent": false } if { - Check6_1_OK Status := count(NonCompliantOUs6_1) == 0 }