--- inputType: "CA10__CaAzureKeyVault__c" importExtracts: - file: "/types/CA10__CaAzureKeyVault__c/object.extracts.yaml" testData: - file: "test-data.json" conditions: - status: "INAPPLICABLE" currentStateMessage: "This is an RBAC-enabled Key Vault." check: IS_EQUAL: left: EXTRACT: "CA10__rbacAuthorization__c" right: TEXT: "Enabled" - status: "INCOMPLIANT" currentStateMessage: "The Key Vault has secrets without an expiration date." remediationMessage: "Set expiration dates for all enabled secrets." check: RELATED_LIST_HAS: relationshipName: CA10__Azure_Key_Vault_Secrets__r status: "INCOMPLIANT" - status: "COMPLIANT" currentStateMessage: "Expiration dates are set for all enabled secrets in the Key Vault." check: RELATED_LIST_HAS: relationshipName: CA10__Azure_Key_Vault_Secrets__r status: "COMPLIANT" - status: "INAPPLICABLE" currentStateMessage: "The Key Vault contains only disabled secrets." check: RELATED_LIST_HAS: relationshipName: CA10__Azure_Key_Vault_Secrets__r status: "INAPPLICABLE" otherwise: status: "UNDETERMINED" currentStateMessage: "The Key Vault has no secrets, or Cloudaware does not have access to view secrets." relatedLists: - relationshipName: CA10__Azure_Key_Vault_Secrets__r importExtracts: - file: "/types/CA10__CaAzureKeyVaultSecret__c/object.extracts.yaml" conditions: - status: "INAPPLICABLE" currentStateMessage: "The secret is disabled." check: NOT_EQUAL: left: EXTRACT: "CA10__enabledStatus__c" right: TEXT: "Enabled" - status: "INCOMPLIANT" currentStateMessage: "The secret expiration date is not set." remediationMessage: "Set a secret expiration date." check: IS_EMPTY: arg: EXTRACT: "CA10__expirationDate__c" - status: "COMPLIANT" currentStateMessage: "The secret expiration date is set." check: NOT_EMPTY: arg: EXTRACT: "CA10__expirationDate__c" otherwise: status: "UNDETERMINED" currentStateMessage: "Unexpected values in the fields."