--- policy: /ce/ca/aws/account/multi-region-cloudtrail logic: /ce/ca/aws/account/multi-region-cloudtrail/prod.logic.yaml executionTime: 2026-02-10T22:32:28.207288271Z generationMs: 161 executionMs: 1480 rows: - id: test2 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 199 actual: 199 conditionText: expected: CA10__AWS_CloudTrail_Trails__r.has(COMPLIANT) actual: CA10__AWS_CloudTrail_Trails__r.has(COMPLIANT) runtimeError: {} - id: test3 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: test4 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: test5 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: test6 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: test7 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: test7 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} usedFiles: - path: /ce/ca/aws/account/multi-region-cloudtrail/policy.yaml md5Hash: 6BC957A5AC083B48F58B8A0AAB0A8D3B content: |- --- names: full: AWS Account Multi-Region CloudTrail is not enabled contextual: Multi-Region CloudTrail is not enabled description: "AWS CloudTrail is a web service that records AWS API calls for your\ \ account and delivers log files to you. The recorded information includes the identity\ \ of the API caller, the time of the API call, the source IP address of the API\ \ caller, the request parameters, and the response elements returned by the AWS\ \ service." type: COMPLIANCE_POLICY categories: - SECURITY - RELIABILITY frameworkMappings: - "/frameworks/cis-aws-v6.0.0/04/01" - "/frameworks/cloudaware/logging-and-monitoring/logging-and-monitoring-configuration" - "/frameworks/aws-fsbp-v1.0.0/cloudtrail/01" similarPolicies: internal: - dec-z-3ba226c7 cloudConformity: - url: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudTrail/cloudtrail-enabled.html name: CloudTrail Enabled awsSecurityHub: - name: "[CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events" url: "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-1" - path: /ce/ca/aws/account/multi-region-cloudtrail/prod.logic.yaml md5Hash: D02619E51B6DBF678FA58FC3C547A012 content: | --- inputType: "CA10__CaAwsAccount__c" testData: - file: "test-data.json" conditions: - status: "COMPLIANT" currentStateMessage: "This AWS account has a multi-Region CloudTrail enabled." check: RELATED_LIST_HAS: status: "COMPLIANT" relationshipName: "CA10__AWS_CloudTrail_Trails__r" otherwise: status: "INCOMPLIANT" currentStateMessage: "This AWS account does not have a multi-Region CloudTrail enabled." relatedLists: - relationshipName: "CA10__AWS_CloudTrail_Trails__r" importExtracts: - file: "/types/CA10__CaAwsCloudTrailTrail__c/object.extracts.yaml" conditions: - status: "COMPLIANT" currentStateMessage: "This CloudTrail is multi-Region and logging." check: AND: args: - IS_EQUAL: left: EXTRACT: "CA10__multiRegionTrail__c" right: BOOLEAN: true - IS_EQUAL: left: EXTRACT: "CA10__isLogging__c" right: BOOLEAN: true - IS_EQUAL: left: EXTRACT: "caJsonText__eventSelectorsJsonReadWriteType__c" right: TEXT: "All" - IS_EQUAL: left: EXTRACT: "caJsonBoolean__eventSelectorsJsonIncludeManagementEvents__c" right: BOOLEAN: true otherwise: status: "INCOMPLIANT" currentStateMessage: "This CloudTrail is not multi-Region or not logging." remediationMessage: "Enable this CloudTrail as a multi-Region trail." - path: /ce/ca/aws/account/multi-region-cloudtrail/test-data.json md5Hash: 0EA1BDF4C80F9A020776C988E85CA870 content: |- [ { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "199", "conditionText": "CA10__AWS_CloudTrail_Trails__r.has(COMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2024-05-28T17:35:50Z" }, "Id": "test2", "CA10__AWS_CloudTrail_Trails__r": [ { "Id": "test2_1", "CA10__disappearanceTime__c": null, "CA10__multiRegionTrail__c": true, "CA10__isLogging__c": true, "CA10__eventSelectorsJson__c": "[{\"readWriteType\":\"All\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c": "test2" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2024-05-28T17:35:50Z" }, "Id": "test3", "CA10__AWS_CloudTrail_Trails__r": [ { "Id": "test3_1", "CA10__disappearanceTime__c": null, "CA10__multiRegionTrail__c": false, "CA10__isLogging__c": true, "CA10__eventSelectorsJson__c": "[{\"readWriteType\":\"All\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c": "test3" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2024-05-28T17:35:50Z" }, "Id": "test4", "CA10__AWS_CloudTrail_Trails__r": [ { "Id": "test4_1", "CA10__disappearanceTime__c": null, "CA10__multiRegionTrail__c": true, "CA10__isLogging__c": false, "CA10__eventSelectorsJson__c": "[{\"readWriteType\":\"All\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c": "test4" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2024-05-28T17:35:50Z" }, "Id": "test5", "CA10__AWS_CloudTrail_Trails__r": [ { "Id": "test5_1", "CA10__disappearanceTime__c": null, "CA10__multiRegionTrail__c": true, "CA10__isLogging__c": true, "CA10__eventSelectorsJson__c": "[{\"readWriteType\":\"WriteOnly\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c": "test5" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2024-05-28T17:35:50Z" }, "Id": "test6", "CA10__AWS_CloudTrail_Trails__r": [ { "Id": "test6_1", "CA10__disappearanceTime__c": null, "CA10__multiRegionTrail__c": true, "CA10__isLogging__c": true, "CA10__eventSelectorsJson__c": "[{\"readWriteType\":\"ReadOnly\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c": "test6" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2024-05-28T17:35:50Z" }, "Id": "test7", "CA10__AWS_CloudTrail_Trails__r": [ { "Id": "test7_1", "CA10__disappearanceTime__c": null, "CA10__multiRegionTrail__c": true, "CA10__isLogging__c": true, "CA10__eventSelectorsJson__c": "[{\"readWriteType\":\"All\",\"includeManagementEvents\":false,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c": "test7" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2024-05-28T17:35:50Z" }, "Id": "test7", "CA10__AWS_CloudTrail_Trails__r": [ { "Id": "test7_1", "CA10__disappearanceTime__c": null, "CA10__multiRegionTrail__c": true, "CA10__isLogging__c": true, "CA10__eventSelectorsJson__c": "{", "CA10__account__c": "test8" } ] } ] - path: /types/CA10__CaAwsCloudTrailTrail__c/object.extracts.yaml md5Hash: E81F4D5C3A3DF3406D05985DF80BF9C5 content: "---\nextracts:\n# Checkbox. Can't have no access, retrieved via cloudtrail:DescribeTrails\n\ \ - name: \"CA10__multiRegionTrail__c\"\n value: \n FIELD:\n \ \ path: \"CA10__multiRegionTrail__c\"\n# Checkbox. \n - name: \"CA10__isLogging__c\"\ \n value: \n FIELD:\n path: \"CA10__isLogging__c\"\n undeterminedIf:\n\ \ noAccessDelegate:\n path: \"CA10__isLogging__c\"\n \ \ currentStateMessage: \"Unable to determine Logging status. Possible\ \ permission issue with cloudtrail:GetTrailStatus.\"\n# Checkbox. Can't have\ \ no access, retrieved via cloudtrail:DescribeTrails\n - name: \"CA10__logFileValidationEnabled__c\"\ \n value: \n FIELD:\n path: \"CA10__logFileValidationEnabled__c\"\ \n# Nullable\n - name: \"CA10__eventSelectorsJson__c\"\n value: \n \ \ FIELD:\n path: \"CA10__eventSelectorsJson__c\"\n returnType:\ \ BYTES\n undeterminedIf:\n noAccessDelegate:\n path:\ \ \"CA10__eventSelectorsJson__c\"\n currentStateMessage: \"Unable\ \ to determine Logging status. Possible permission issue with cloudtrail:GetEventSelectors.\"\ \n - name: \"caJsonFrom__eventSelectorsJson__c\"\n value: \n JSON_FROM:\n\ \ arg:\n EXTRACT: \"CA10__eventSelectorsJson__c\"\n undeterminedIf:\n\ \ isInvalid: \"Provided CloudTrail Event Selector has invalid JSON.\"\ \n# Returns TEXT. Values: All, WriteOnly, ReadOnly\n - name: \"caJsonText__eventSelectorsJsonReadWriteType__c\"\ \n value: \n JSON_QUERY_TEXT:\n arg: \n EXTRACT: \"\ caJsonFrom__eventSelectorsJson__c\"\n expression: \"[*].readWriteType\ \ | [0]\"\n undeterminedIf:\n evaluationError: \"The JSON text\ \ query has failed.\"\n resultTypeMismatch: \"The JSON query did not\ \ return a text type.\"\n# Returns BOOLEAN true or false\n - name: \"caJsonBoolean__eventSelectorsJsonIncludeManagementEvents__c\"\ \n value: \n JSON_QUERY_BOOLEAN:\n arg: \n EXTRACT:\ \ \"caJsonFrom__eventSelectorsJson__c\"\n expression: \"[*].includeManagementEvents\ \ | [0]\"\n undeterminedIf:\n evaluationError: \"The JSON boolean\ \ query has failed.\"\n resultTypeMismatch: \"The JSON query did not\ \ return a boolean type.\"\n# Nullable. Can't have no access, retrieved via\ \ cloudtrail:DescribeTrails\n - name: \"CA10__kmsKey__c\"\n value: \n \ \ FIELD:\n path: \"CA10__kmsKey__c\"\n" script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "test2", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "199", "conditionText" : "CA10__AWS_CloudTrail_Trails__r.has(COMPLIANT)", "runtimeError" : null } }, { "Id" : "test3", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "test4", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "test5", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "test6", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "test7", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "test7", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsAccount__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "Id" : "test2" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "Id" : "test3" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "Id" : "test4" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "Id" : "test5" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "Id" : "test6" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "Id" : "test7" } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsCloudTrailTrail__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "CA10__multiRegionTrail__c" : true, "CA10__isLogging__c" : true, "CA10__eventSelectorsJson__c" : "[{\"readWriteType\":\"All\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c" : "test2", "Id" : "test2_1" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "CA10__multiRegionTrail__c" : false, "CA10__isLogging__c" : true, "CA10__eventSelectorsJson__c" : "[{\"readWriteType\":\"All\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c" : "test3", "Id" : "test3_1" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "CA10__multiRegionTrail__c" : true, "CA10__isLogging__c" : false, "CA10__eventSelectorsJson__c" : "[{\"readWriteType\":\"All\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c" : "test4", "Id" : "test4_1" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "CA10__multiRegionTrail__c" : true, "CA10__isLogging__c" : true, "CA10__eventSelectorsJson__c" : "[{\"readWriteType\":\"WriteOnly\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c" : "test5", "Id" : "test5_1" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "CA10__multiRegionTrail__c" : true, "CA10__isLogging__c" : true, "CA10__eventSelectorsJson__c" : "[{\"readWriteType\":\"ReadOnly\",\"includeManagementEvents\":true,\"dataResources\":[],\"excludeManagementEventSources\":[]}]", "CA10__account__c" : "test6", "Id" : "test6_1" }, { "context" : { "snapshotTime" : new Date("2024-05-28T17:35:50Z") }, "CA10__multiRegionTrail__c" : true, "CA10__isLogging__c" : true, "CA10__eventSelectorsJson__c" : "{", "CA10__account__c" : "test8", "Id" : "test7_1" } ]; """; CREATE TEMP FUNCTION process_CA10__CaAwsAccount__c( obj STRUCT< Id STRING, CA10__AWS_CloudTrail_Trails__r ARRAY >> >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var references1 = []; // condition[0], conditionIndex:[0..99] if (false) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared()", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } var count_CA10__AWS_CloudTrail_Trails__r_COMPLIANT2 = 0; if (obj.CA10__AWS_CloudTrail_Trails__r != null) { for (var i3 = 0; i3 < obj.CA10__AWS_CloudTrail_Trails__r.length; i3++) { if (typeof(obj.CA10__AWS_CloudTrail_Trails__r[i3].status) !== 'undefined') { if (obj.CA10__AWS_CloudTrail_Trails__r[i3].status == 'COMPLIANT') { count_CA10__AWS_CloudTrail_Trails__r_COMPLIANT2 += obj.CA10__AWS_CloudTrail_Trails__r[i3].count; } } else { if (obj.CA10__AWS_CloudTrail_Trails__r[i3].result.status == 'COMPLIANT') { count_CA10__AWS_CloudTrail_Trails__r_COMPLIANT2 += 1; } } } } // condition[1], conditionIndex:[100..199] references1.push('Related list [CA10__AWS_CloudTrail_Trails__r] ' + (count_CA10__AWS_CloudTrail_Trails__r_COMPLIANT2 > 0 ? 'has' : 'does not have') + ' objects in COMPLIANT status'); if (count_CA10__AWS_CloudTrail_Trails__r_COMPLIANT2 > 0) { return {status: 'COMPLIANT', conditionIndex: 199, conditionText: "CA10__AWS_CloudTrail_Trails__r.has(COMPLIANT)", currentStateMessage: "This AWS account has a multi-Region CloudTrail enabled.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } return {status: 'INCOMPLIANT', conditionIndex: 200, conditionText: "otherwise", currentStateMessage: "This AWS account does not have a multi-Region CloudTrail enabled.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; CREATE TEMP FUNCTION process_CA10__AWS_CloudTrail_Trails__r( obj STRUCT< CA10__disappearanceTime__c TIMESTAMP, CA10__multiRegionTrail__c BOOLEAN, CA10__isLogging__c BOOLEAN, CA10__eventSelectorsJson__c STRING, CA10__account__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js OPTIONS (library=['gs://compliance-platform-public/jmespath.min.js']) AS r""" var BytesLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg; }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var IsEmptyLib = new function () { this.simpleIsEmpty = function(arg) { return arg == null; }; this.simpleIsNotEmpty = function(arg) { return arg != null; }; }(); var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10__disappearanceTime__c]: ' + obj.CA10__disappearanceTime__c); if (obj.CA10__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function extract3() { if (!this.out) { this.out = obj.CA10__multiRegionTrail__c; } return this.out; }; function fieldChecked7() { if (IsEmptyLib.simpleIsEmpty(obj.CA10__isLogging__c)) { throw new Error("UNDETERMINED condition:101", {cause: {status: 'UNDETERMINED', conditionIndex: 101, conditionText: "CA10__isLogging__c.delegatedTo(CA10__isLogging__c).isEmpty()", currentStateMessage: "Unable to determine Logging status. Possible permission issue with cloudtrail:GetTrailStatus.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__isLogging__c; } function extract6() { if (!this.out) { this.out = fieldChecked7(); } return this.out; }; function jsonQueryChecked10() { var input = extract12.call(extract12); var out; try { out = jmespath.search(input, '[*].readWriteType | [0]'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:104", {cause: {status: 'UNDETERMINED', conditionIndex: 104, conditionText: "extract('caJsonFrom__eventSelectorsJson__c').jsonQueryText('[*].readWriteType | [0]').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return a text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:105", {cause: {status: 'UNDETERMINED', conditionIndex: 105, conditionText: "extract('caJsonFrom__eventSelectorsJson__c').jsonQueryText('[*].readWriteType | [0]').isEvaluationFailed()", currentStateMessage: "The JSON text query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked13() { var input = extract15.call(extract15); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:103", {cause: {status: 'UNDETERMINED', conditionIndex: 103, conditionText: "extract('CA10__eventSelectorsJson__c').asJson().isInvalid()", currentStateMessage: "Provided CloudTrail Event Selector has invalid JSON.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function fieldChecked16() { if (BytesLib.isEmpty(obj.CA10__eventSelectorsJson__c)) { throw new Error("UNDETERMINED condition:102", {cause: {status: 'UNDETERMINED', conditionIndex: 102, conditionText: "CA10__eventSelectorsJson__c.delegatedTo(CA10__eventSelectorsJson__c).isEmpty()", currentStateMessage: "Unable to determine Logging status. Possible permission issue with cloudtrail:GetEventSelectors.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__eventSelectorsJson__c; } function extract15() { if (!this.out) { this.out = fieldChecked16(); } return this.out; }; function extract12() { if (!this.out) { this.out = jsonChecked13(); } return this.out; }; function extract9() { if (!this.out) { this.out = jsonQueryChecked10(); } return this.out; }; function jsonQueryChecked19() { var input = extract12.call(extract12); var out; try { out = jmespath.search(input, '[*].includeManagementEvents | [0]'); if (out != null && typeof out != 'boolean') { throw new Error("UNDETERMINED condition:106", {cause: {status: 'UNDETERMINED', conditionIndex: 106, conditionText: "extract('caJsonFrom__eventSelectorsJson__c').jsonQueryText('[*].includeManagementEvents | [0]').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return a boolean type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:107", {cause: {status: 'UNDETERMINED', conditionIndex: 107, conditionText: "extract('caJsonFrom__eventSelectorsJson__c').jsonQueryText('[*].includeManagementEvents | [0]').isEvaluationFailed()", currentStateMessage: "The JSON boolean query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function extract18() { if (!this.out) { this.out = jsonQueryChecked19(); } return this.out; }; references1.push('Multi Region Trail [obj.CA10__multiRegionTrail__c]: ' + obj.CA10__multiRegionTrail__c); references1.push('Logging [obj.CA10__isLogging__c]: ' + obj.CA10__isLogging__c); references1.push('Event Selectors JSON [obj.CA10__eventSelectorsJson__c]: ' + obj.CA10__eventSelectorsJson__c); try { if (extract3.call(extract3) == true && extract6.call(extract6) == true && TextLib.equal(extract9.call(extract9), 'All') && extract18.call(extract18) == true) { return {status: 'COMPLIANT', conditionIndex: 199, conditionText: "extract('CA10__multiRegionTrail__c') == true && extract('CA10__isLogging__c') == true && extract('caJsonText__eventSelectorsJsonReadWriteType__c') == 'All' && extract('caJsonBoolean__eventSelectorsJsonIncludeManagementEvents__c') == true", currentStateMessage: "This CloudTrail is multi-Region and logging.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } return {status: 'INCOMPLIANT', conditionIndex: 200, conditionText: "otherwise", currentStateMessage: "This CloudTrail is not multi-Region or not logging.", currentStateReferences: references1.join('\n'), remediation: "Enable this CloudTrail as a multi-Region trail.", runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT sObject.Id AS Id, `CA10__AWS_CloudTrail_Trails__r`.arr AS CA10__AWS_CloudTrail_Trails__r, process_CA10__CaAwsAccount__c( STRUCT( sObject.Id AS Id, `CA10__AWS_CloudTrail_Trails__r`.arr AS CA10__AWS_CloudTrail_Trails__r ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10__CaAwsAccount__c()) AS sObject LEFT JOIN ( SELECT sObject.CA10__account__c, ARRAY_AGG( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__multiRegionTrail__c AS CA10__multiRegionTrail__c, sObject.CA10__isLogging__c AS CA10__isLogging__c, sObject.CA10__eventSelectorsJson__c AS CA10__eventSelectorsJson__c, sObject.CA10__account__c AS CA10__account__c, sObject.Id AS Id, process_CA10__AWS_CloudTrail_Trails__r( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__multiRegionTrail__c AS CA10__multiRegionTrail__c, sObject.CA10__isLogging__c AS CA10__isLogging__c, sObject.CA10__eventSelectorsJson__c AS CA10__eventSelectorsJson__c, sObject.CA10__account__c AS CA10__account__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result ) ) AS arr FROM UNNEST(mock_CA10__CaAwsCloudTrailTrail__c()) AS sObject GROUP BY sObject.CA10__account__c ) AS `CA10__AWS_CloudTrail_Trails__r` ON sObject.Id = `CA10__AWS_CloudTrail_Trails__r`.CA10__account__c ) sObject ON sObject.Id = expectedResult.Id;