--- inputType: "CA10__CaAzureKeyVault__c" importExtracts: - file: "/types/CA10__CaAzureKeyVault__c/object.extracts.yaml" testData: - file: "test-data.json" conditions: - status: "INAPPLICABLE" currentStateMessage: "This is an RBAC-enabled Key Vault." check: IS_EQUAL: left: EXTRACT: "CA10__rbacAuthorization__c" right: TEXT: "Enabled" - status: "INCOMPLIANT" currentStateMessage: "The Key Vault has keys without an expiration date." remediationMessage: "Set expiration dates for all enabled keys." check: RELATED_LIST_HAS: relationshipName: CA10__Azure_Key_Vault_Keys__r status: "INCOMPLIANT" - status: "COMPLIANT" currentStateMessage: "Expiration dates are set for all enabled keys in the Key Vault." check: RELATED_LIST_HAS: relationshipName: CA10__Azure_Key_Vault_Keys__r status: "COMPLIANT" - status: "INAPPLICABLE" currentStateMessage: "The Key Vault contains only disabled keys." check: RELATED_LIST_HAS: relationshipName: CA10__Azure_Key_Vault_Keys__r status: "INAPPLICABLE" otherwise: status: "UNDETERMINED" currentStateMessage: "The Key Vault has no keys, or Cloudaware does not have access to view keys." relatedLists: - relationshipName: CA10__Azure_Key_Vault_Keys__r importExtracts: - file: "/types/CA10__CaAzureKeyVaultKey__c/object.extracts.yaml" conditions: - status: "INAPPLICABLE" currentStateMessage: "The key is disabled." check: NOT_EQUAL: left: EXTRACT: "CA10__enabledStatus__c" right: TEXT: "Enabled" - status: "INCOMPLIANT" currentStateMessage: "The key expiration date is not set." remediationMessage: "Set a key expiration date." check: IS_EMPTY: arg: EXTRACT: "CA10__expirationDate__c" - status: "COMPLIANT" currentStateMessage: "The key expiration date is set." check: NOT_EMPTY: arg: EXTRACT: "CA10__expirationDate__c" otherwise: status: "UNDETERMINED" currentStateMessage: "Unexpected values in the fields."