---
inputType: CA10__CaAwsDbCluster__c
importExtracts:
  - file: /types/CA10__CaAwsDbCluster__c/object.extracts.yaml
testData:
  - file: "test-data.json"
conditions:
  - status: INAPPLICABLE
    currentStateMessage: This policy applies only to AWS RDS Aurora clusters.
    check:
      NOT:
        arg:
          STARTS_WITH:
              arg:
                EXTRACT: CA10__engine__c
              search:
                TEXT: aurora
  - status: INAPPLICABLE
    currentStateMessage: This AWS RDS Aurora cluster has no related RDS instances.
    check:
      AND:
        args:
          - RELATED_LIST_HAS_NO:
              relationshipName: CA10__AWS_RDS_Instances__r
              status: COMPLIANT
          - RELATED_LIST_HAS_NO:
              relationshipName: CA10__AWS_RDS_Instances__r
              status: INCOMPLIANT        
  - status: COMPLIANT
    currentStateMessage: This AWS RDS Aurora cluster's accessibility is consistent. 
      All Aurora instances within the cluster are publicly accessible.
    check:
      AND:
        args:
          - RELATED_LIST_HAS:
              relationshipName: CA10__AWS_RDS_Instances__r
              status: INCOMPLIANT
          - RELATED_LIST_HAS_NO:
              relationshipName: CA10__AWS_RDS_Instances__r
              status: COMPLIANT              
  - status: COMPLIANT
    currentStateMessage: This AWS RDS Aurora cluster's accessibility is consistent. 
      All Aurora instances within the cluster are private.
    check:
      AND:
        args:
          - RELATED_LIST_HAS:
              relationshipName: CA10__AWS_RDS_Instances__r
              status: COMPLIANT
          - RELATED_LIST_HAS_NO:
              relationshipName: CA10__AWS_RDS_Instances__r
              status: INCOMPLIANT               
otherwise:
  status: INCOMPLIANT
  currentStateMessage: This AWS RDS Aurora cluster's accessibility is not consistent.
  remediationMessage: Align the accessibility of all RDS instances in the cluster to be either public or private.
relatedLists:
  - relationshipName: CA10__AWS_RDS_Instances__r
    importExtracts:
      - file: /types/CA10__CaAwsDbInstance__c/object.extracts.yaml
    conditions:
      - status: INAPPLICABLE
        currentStateMessage: This policy applies only to AWS RDS Aurora instances.
        check:
          NOT:
            arg:
              STARTS_WITH:
                arg:
                  EXTRACT: CA10__engine__c
                search:
                  TEXT: aurora
      - status: INCOMPLIANT
        currentStateMessage: This RDS instance is publicly accessible.
        remediationMessage: N/A
        check:
          IS_EQUAL:
            left:
              EXTRACT: CA10__publiclyAccessible__c
            right:
              BOOLEAN: true 
    otherwise:
      status: COMPLIANT
      currentStateMessage: This RDS instance is private.