--- inputType: "CA10O1__CaOracleIamUser__c" testData: - file: test-data.json importExtracts: - file: /types/CA10O1__CaOracleIamUser__c/object.extracts.yaml conditions: - status: "INAPPLICABLE" currentStateMessage: "This Oracle IAM user is not active." check: NOT_EQUAL: left: EXTRACT: "CA10O1__lifecycleState__c" right: TEXT: "ACTIVE" - status: "INAPPLICABLE" currentStateMessage: "This active Oracle IAM user is not a member of the tenancy Administrators group." check: RELATED_LIST_HAS_NO: status: "COMPLIANT" relationshipName: "CA10O1__Oracle_IAM_User_Group_Memberships__r" - status: "INCOMPLIANT" currentStateMessage: "This active tenancy administrator user has an active API key." remediationMessage: "Delete active API keys from this tenancy administrator user, or move required automation to a least-privileged identity." check: RELATED_LIST_HAS: status: "COMPLIANT" relationshipName: "CA10O1__Oracle_IAM_User_API_Keys__r" otherwise: status: "COMPLIANT" currentStateMessage: "This active tenancy administrator user does not have active API keys." relatedLists: - relationshipName: "CA10O1__Oracle_IAM_User_Group_Memberships__r" importExtracts: - file: /types/CA10O1__CaOracleIamGroup__c/object.extracts.yaml conditions: - status: "COMPLIANT" currentStateMessage: "This group membership grants membership in the tenancy Administrators group." check: IS_EQUAL: left: EXTRACT: "CA10O1__group__r.Name" right: TEXT: "Administrators" otherwise: status: "INAPPLICABLE" currentStateMessage: "This group membership does not grant membership in the tenancy Administrators group." - relationshipName: "CA10O1__Oracle_IAM_User_API_Keys__r" importExtracts: - file: /types/CA10O1__CaOracleIamUserApiKey__c/object.extracts.yaml conditions: - status: "COMPLIANT" currentStateMessage: "This Oracle IAM API key is active." check: IS_EQUAL: left: EXTRACT: "CA10O1__lifecycleState__c" right: TEXT: "ACTIVE" otherwise: status: "INAPPLICABLE" currentStateMessage: "This Oracle IAM API key is not active."