---
inputType: CA10__CaAwsUser__c
testData:
  - file: "test-data.json"
importExtracts:
  - file: "/types/CA10__CaAwsUser__c/credReport.extracts.yaml"
  - file: "/types/CA10__CaAwsUser__c/object.extracts.yaml"
conditions:
  - status: "INAPPLICABLE"
    currentStateMessage: "The user was created recently and may still be under configuration."
    check:
      IS_WITHIN_LAST_DAYS:
        offsetDays: 30
        arg:
          EXTRACT: "CA10__createDate__c"
  - status: "COMPLIANT"
    currentStateMessage: "The user has at least one active authentication method."
    check:
      OR:
        args:
          - IS_EQUAL:
              left:
                EXTRACT: "CA10__credReportPasswordEnabled__c"
              right:
                BOOLEAN: true
          - IS_EQUAL:
              left:
                EXTRACT: "CA10__credReportAccessKey1Active__c"
              right:
                BOOLEAN: true
          - IS_EQUAL:
              left:
                EXTRACT: "CA10__credReportAccessKey2Active__c"
              right:
                BOOLEAN: true
otherwise:
  status: "INCOMPLIANT"
  currentStateMessage: "The user has no console password and no active access keys."
  remediationMessage: "Delete this IAM user account if it is no longer needed."