---
inputType: "CA10__CaAwsDbInstance__c"
testData:
  - file: test-data.json
importExtracts:
  - file: /types/CA10__CaAwsDbInstance__c/object.extracts.yaml
conditions:
  - status: "INAPPLICABLE"
    currentStateMessage: "The instance is not available."
    check:
      NOT_EQUAL:
        left:
          EXTRACT: "CA10__status__c"
        right:
          TEXT: "available"
  - status: "INAPPLICABLE"
    currentStateMessage: "This policy does not apply to cluster instances."
    check:
      NOT_EMPTY:
        arg:
          EXTRACT: "CA10__clusterArn__c"
  - status: "INAPPLICABLE"
    currentStateMessage: "This policy does not apply to Neptune."
    check:
      IS_EQUAL:
        left:
          EXTRACT: "CA10__engine__c"
        right:
          TEXT: "neptune"
  - status: "INAPPLICABLE"
    currentStateMessage: "This policy does not apply to DocumentDB."
    check:
      IS_EQUAL:
        left:
          EXTRACT: "CA10__engine__c"
        right:
          TEXT: "docdb"          
  - status: "INCOMPLIANT"
    currentStateMessage: "The RDS instance has a default or insecure admin username."
    remediationMessage: "Change the instance admin username."
    check:
      CONTAINS:
        arg:
          SET:
            itemType: "TEXT"
            items:
              - "root"
              - "admin"
              - "administrator"
              - "adminuser"
              - "superuser"
              - "sa"
              - "sysadmin"
              - "dbadmin"
              - "user"
              - "dbuser"
              - "sys"
              - "system"
              - "awsuser"
              - "mysql"
              - "oracle"
              - "postgres"
        search:
          EXTRACT: "CA10__masterUsername__c"
otherwise:
  status: "COMPLIANT"
  currentStateMessage: "The RDS instance has a custom admin username."