---
inputType: "CA10__CaAzureActiveDirectory__c"
testData:
  - file: "test-data.json"
conditions:
      - status: "INCOMPLIANT"
        currentStateMessage: "Users outside the Global Administrator, User Administrator, and Guest Inviter roles can invite guests."
        remediationMessage: "Restrict guest invitations to approved roles."
        check:
          RELATED_LIST_HAS:
            status: "INCOMPLIANT"
            relationshipName: "CA10Z1__Azure_Active_Directory_Auth_Policies__r"
      - status: "COMPLIANT"
        currentStateMessage: "Guest invitations are restricted to approved roles."
        check:
          RELATED_LIST_HAS:
            status: "COMPLIANT"
            relationshipName: "CA10Z1__Azure_Active_Directory_Auth_Policies__r"
      - status: "UNDETERMINED"
        currentStateMessage: "Unable to determine Guest invite settings."
        check:
          RELATED_LIST_HAS:
            status: "UNDETERMINED"
            relationshipName: "CA10Z1__Azure_Active_Directory_Auth_Policies__r"
otherwise:
  status: "UNDETERMINED"
  currentStateMessage: "The Authorization Policy for Microsoft Entra is not present in the CMDB."
relatedLists:
  - relationshipName: "CA10Z1__Azure_Active_Directory_Auth_Policies__r"
    importExtracts:
      - file: "/types/CA10Z1__CaAzureActiveDirectoryAuthPolicy__c/object.extracts.yaml"
    conditions:
      - status: "INCOMPLIANT"
        currentStateMessage: "Everyone in the organization, including guests, can invite guests."
        remediationMessage: "Restrict guest invitations to approved roles."
        check:
          IS_EQUAL:
            left:
              EXTRACT: "CA10Z1__invitesFromState__c"
            right:
              TEXT: "everyone"
      - status: "INCOMPLIANT"
        currentStateMessage: "All User role members are allowed to invite guests."
        remediationMessage: "Restrict guest invitations to approved roles."
        check:
          IS_EQUAL:
            left:
              EXTRACT: "CA10Z1__invitesFromState__c"
            right:
              TEXT: "adminsGuestInvitersAndAllMembers"
      - status: "COMPLIANT"
        currentStateMessage: "Only Global Administrator, User Administrator, and Guest Inviter roles can invite guests."
        check:
          IS_EQUAL:
            left:
              EXTRACT: "CA10Z1__invitesFromState__c"
            right:
              TEXT: "adminsAndGuestInviters"
      - status: "COMPLIANT"
        currentStateMessage: "Guest invitations are disabled for all users, including administrators."
        check:
          IS_EQUAL:
            left:
              EXTRACT: "CA10Z1__invitesFromState__c"
            right:
              TEXT: "None"
    otherwise:
      status: "UNDETERMINED"
      currentStateMessage: "Unexpected value in the field."