---
inputType: "CA10__CaAwsAccount__c"
testData:
  - file: test-data.json
conditions:
  - status: "COMPLIANT"
    currentStateMessage: "The number of passwords to remember is set to the maximum of 24."
    check:
      RELATED_LIST_HAS:
        relationshipName: "CA10__AWS_IAM_Password_Policies__r"
        status: "COMPLIANT"
  - status: "INCOMPLIANT"
    currentStateMessage: "The number of passwords to remember is not set to the maximum of 24."
    remediationMessage: "Set the number of passwords to remember to the maximum of 24."
    check:
      RELATED_LIST_HAS:
        relationshipName: "CA10__AWS_IAM_Password_Policies__r"
        status: "INCOMPLIANT"
otherwise:
  status: "INCOMPLIANT"
  currentStateMessage: "The AWS account password policy does not exist."
relatedLists:
  - relationshipName: "CA10__AWS_IAM_Password_Policies__r"
    importExtracts:
      - file: /types/CA10__CaAwsPasswordPolicy__c/object.extracts.yaml
    conditions:
      - status: "INCOMPLIANT"
        currentStateMessage: "The password policy does not have 'Number of passwords to remember' set to the maximum of 24."
        remediationMessage: "Set 'Number of passwords to remember' to 24."
        check:
          NOT_EQUAL:
            left:
              EXTRACT: "CA10__passwordReusePrevention__c"
            right:
              NUMBER: 24.0
      - status: "COMPLIANT"
        currentStateMessage: "The password policy has 'Number of passwords to remember' set to the maximum of 24."
        check:
          IS_EQUAL:
            left:
              EXTRACT: "CA10__passwordReusePrevention__c"
            right:
              NUMBER: 24.0
    otherwise:
      status: "UNDETERMINED"
      currentStateMessage: "Unexpected value in the field."