---
inputType: CA10__CaAwsUser__c
testData:
  - file: "test-data.json"
importExtracts:
  - file: "/types/CA10__CaAwsUser__c/credReport.extracts.yaml"
  - file: "/types/CA10__CaAwsUser__c/object.extracts.yaml"
conditions:
  - status: INAPPLICABLE
    currentStateMessage: "This is not a root user."
    check:
      NOT_EQUAL:
        left:
          EXTRACT: CA10__userName__c
        right:
          TEXT: root
  - status: INCOMPLIANT
    currentStateMessage: "The root user's access key was used within the last 30 days."
    remediationMessage: "Delete the access key for the root user."
    check:
      IS_WITHIN_LAST_DAYS:
        offsetDays: 30
        arg:
          EXTRACT: CA10__credReportAccessKey1LastUsed__c
  - status: INCOMPLIANT
    currentStateMessage: "The root user's access key was used within the last 30 days."
    remediationMessage: "Delete the access key for the root user."
    check:
      IS_WITHIN_LAST_DAYS:
        offsetDays: 30
        arg:
          EXTRACT: CA10__credReportAccessKey2LastUsed__c
  - status: INCOMPLIANT
    currentStateMessage: "The root user's password was used within the last 30 days."
    remediationMessage: "Avoid logging in as the root user."
    check:
      IS_WITHIN_LAST_DAYS:
        offsetDays: 30
        arg:
          EXTRACT: CA10__credReportPasswordLastUsed__c
otherwise:
  status: COMPLIANT
  currentStateMessage: "The root user's password has not been used within the last 30 days."