---
inputType: "CA10__CaAwsCloudTrailTrail__c"
testData:
  - file: "test-data.json"
importExtracts:
  - file: "/types/CA10__CaAwsCloudTrailTrail__c/object.extracts.yaml"
  - file: "/types/CA10__CaAwsKmsKey__c/object.extracts.yaml"
conditions:
  - status: "INCOMPLIANT"
    currentStateMessage: "CloudTrail is not encrypted with a KMS CMK."
    remediationMessage: "Configure CloudTrail to use an active KMS CMK."
    check:
      IS_EMPTY_LOOKUP: "CA10__kmsKey__r"
  - status: "INCOMPLIANT"
    currentStateMessage: "The CloudTrail KMS CMK is not enabled."
    remediationMessage: "Configure CloudTrail to use an enabled KMS CMK."
    check:
      NOT_EQUAL:
        left:
          EXTRACT: "CA10__kmsKey__r.CA10__state__c"
        right:
          TEXT: "Enabled"
  - status: "COMPLIANT"
    currentStateMessage: "CloudTrail is encrypted with a KMS CMK."
    check:
      IS_EQUAL:
        left:
          EXTRACT: "CA10__kmsKey__r.CA10__state__c"
        right:
          TEXT: "Enabled"
otherwise:
  status: "UNDETERMINED"
  currentStateMessage: "Unexpected values in the fields."