--- policy: /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days logic: /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml executionTime: 2026-02-10T22:33:00.328515793Z generationMs: 83 executionMs: 963 rows: - id: a01 match: true status: expected: INAPPLICABLE actual: INAPPLICABLE conditionIndex: expected: 199 actual: 199 conditionText: expected: extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == false actual: extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == false runtimeError: {} - id: a02 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 299 actual: 299 conditionText: expected: extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey1LastRotated__c').beyondLastDays(90) actual: extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey1LastRotated__c').beyondLastDays(90) runtimeError: {} - id: a03 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 399 actual: 399 conditionText: expected: extract('CA10__credReportAccessKey2Active__c') == true && extract('CA10__credReportAccessKey2LastRotated__c').beyondLastDays(90) actual: extract('CA10__credReportAccessKey2Active__c') == true && extract('CA10__credReportAccessKey2LastRotated__c').beyondLastDays(90) runtimeError: {} - id: a04 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 400 actual: 400 conditionText: expected: otherwise actual: otherwise runtimeError: {} usedFiles: - path: /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/policy.yaml md5Hash: E3C41BA2C07E3BC3412721E43EF4E9AB content: | --- names: full: AWS IAM User Access Keys are not rotated every 90 days or less contextual: User Access Keys are not rotated every 90 days or less description: "Access keys consist of an access key ID and secret access key, which\ \ are used to sign programmatic requests that you make to AWS. AWS users need their\ \ own access keys to make programmatic calls to AWS from the AWS Command Line Interface\ \ (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using\ \ the APIs for individual AWS services. It is recommended that all access keys be\ \ regularly rotated." type: COMPLIANCE_POLICY categories: - SECURITY frameworkMappings: - "/frameworks/cis-aws-v6.0.0/02/13" - "/frameworks/cloudaware/identity-and-access-governance/credential-lifecycle-management" - "/frameworks/aws-fsbp-v1.0.0/iam/03" similarPolicies: internal: - dec-x-bcb0c78f cloudConformity: - url: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/access-keys-rotated-90-days.html name: Access Keys Rotated 90 Days - path: /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml md5Hash: 3F97A1A2EE64964DEBA0B4C2DFDA45DD content: "---\ninputType: \"CA10__CaAwsUser__c\"\ntestData:\n - file: test-data.json\n\ importExtracts:\n - file: /types/CA10__CaAwsUser__c/credReport.extracts.yaml\n\ conditions:\n - status: \"INAPPLICABLE\"\n currentStateMessage: \"This user\ \ does not have active access keys.\"\n check:\n AND:\n args:\n\ \ - IS_EQUAL:\n left:\n EXTRACT: CA10__credReportAccessKey1Active__c\n\ \ right:\n BOOLEAN: false\n - IS_EQUAL:\n\ \ left:\n EXTRACT: CA10__credReportAccessKey2Active__c\n\ \ right:\n BOOLEAN: false\n - status: \"INCOMPLIANT\"\ \n currentStateMessage: \"Access key 1 has not been rotated for over 90 days.\"\ \n check: \n AND:\n args:\n - IS_EQUAL:\n \ \ left:\n EXTRACT: CA10__credReportAccessKey1Active__c\n \ \ right:\n BOOLEAN: true\n - IS_BEYOND_LAST_DAYS:\n\ \ offsetDays: 90\n arg:\n EXTRACT:\ \ CA10__credReportAccessKey1LastRotated__c\n - status: \"INCOMPLIANT\"\n \ \ currentStateMessage: \"Access key 2 has not been rotated for over 90 days.\"\ \n check: \n AND:\n args:\n - IS_EQUAL:\n \ \ left:\n EXTRACT: CA10__credReportAccessKey2Active__c\n \ \ right:\n BOOLEAN: true\n - IS_BEYOND_LAST_DAYS:\n\ \ offsetDays: 90\n arg:\n EXTRACT:\ \ CA10__credReportAccessKey2LastRotated__c\notherwise:\n status: \"COMPLIANT\"\ \n currentStateMessage: \"All access keys are rotated regularly.\"\n" - path: /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/test-data.json md5Hash: 5784E5E64674F7948A9F2AD8210E7614 content: | [ { "expectedResult": { "status": "INAPPLICABLE", "conditionIndex": "199", "conditionText": "extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == false", "runtimeError": null }, "context": { "snapshotTime": "2024-05-30T18:23:28Z" }, "Id": "a01", "CA10__disappearanceTime__c": null, "CA10__credReportAttributesJson__c": "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"false\",\"access_key_1_active\":\"false\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"N/A\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"N/A\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}" }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "299", "conditionText": "extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey1LastRotated__c').beyondLastDays(90)", "runtimeError": null }, "context": { "snapshotTime": "2024-05-30T18:23:28Z" }, "Id": "a02", "CA10__disappearanceTime__c": null, "CA10__credReportAttributesJson__c": "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"false\",\"access_key_1_active\":\"true\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"N/A\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"2018-07-17T12:13:14+00:00\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}" }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "399", "conditionText": "extract('CA10__credReportAccessKey2Active__c') == true && extract('CA10__credReportAccessKey2LastRotated__c').beyondLastDays(90)", "runtimeError": null }, "context": { "snapshotTime": "2024-05-30T18:23:28Z" }, "Id": "a03", "CA10__disappearanceTime__c": null, "CA10__credReportAttributesJson__c": "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"true\",\"access_key_1_active\":\"false\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"2023-06-09T15:41:50+00:00\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"2020-01-15T12:46:32+00:00\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}" }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "400", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2024-05-30T18:23:28Z" }, "Id": "a04", "CA10__disappearanceTime__c": null, "CA10__credReportAttributesJson__c": "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"false\",\"access_key_1_active\":\"true\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"N/A\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"2024-03-07T15:33:12+00:00\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}" } ] - path: /types/CA10__CaAwsUser__c/credReport.extracts.yaml md5Hash: F6D383D933A0B64268B39ADE7012508C content: "\n# password_last_used: 2021-10-15T16:30:24+00:00\n# access_key_1_last_used_region:\ \ us-east-1\n# password_enabled: not_supported\n# access_key_1_last_used_date:\ \ 2020-02-27T12:03:00+00:00\n# access_key_1_last_used_service: s3\n# mfa_active:\ \ false\n# access_key_2_last_used_date: N/A\n# user_creation_time: 2008-06-17T18:41:41+00:00\n\ # cert_2_active: false\n# cert_1_active: true\n# cert_1_last_rotated: 2011-04-27T13:23:57+00:00\n\ # access_key_2_last_used_service: N/A\n# access_key_2_active: false\n# access_key_1_active:\ \ false\n# password_next_rotation: not_supported\n# access_key_2_last_rotated:\ \ 2014-07-03T15:12:24+00:00\n# arn: arn:aws:iam::814021343637:root\n# access_key_1_last_rotated:\ \ 2011-04-27T13:20:07+00:00\n# access_key_2_last_used_region: N/A\n# user: \n\ # password_last_changed: not_supported\n# cert_2_last_rotated: N/A\n---\nextracts:\n\ \ - name: CA10__credReportAttributesJson__c\n value: \n JSON_FROM:\n\ \ arg:\n FIELD:\n path: CA10__credReportAttributesJson__c\n\ \ returnType: BYTES\n undeterminedIf:\n isEmpty:\ \ Credential report attributes are empty, this is either permission issue or\ \ the data haven't been populated yet\n undeterminedIf:\n isInvalid:\ \ \"Cred report attributes JSON is invalid\"\n - name: CA10__credReportAccessKey1Active__c\n\ \ value:\n BOOLEAN_FROM:\n arg:\n JSON_QUERY_TEXT:\n\ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n\ \ expression: \"to_string(access_key_1_active)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ undeterminedIf:\n isEmpty: Value of 'access_key_1_active' is empty,\ \ unexpected data\n - name: CA10__credReportAccessKey2Active__c\n value:\n\ \ BOOLEAN_FROM:\n arg:\n JSON_QUERY_TEXT:\n \ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n \ \ expression: \"to_string(access_key_2_active)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ undeterminedIf:\n isEmpty: Value of 'access_key_1_active' is empty,\ \ unexpected data\n - name: CA10__credReportPasswordLastUsed__c\n value:\n\ \ DATE_TIME_FROM:\n arg:\n JSON_QUERY_TEXT:\n \ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n \ \ expression: \"to_string(password_last_used)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ nullValues:\n - \"no_information\"\n - \"N/A\"\n \ \ format: ISO_8601\n undeterminedIf:\n # value CAN be empty,\ \ for example when password was never used.\n #isEmpty: Value of 'password_last_used'\ \ is empty, unexpected data\n invalidFormat: Value of 'password_last_used'\ \ does not match ISO-8601 format\n - name: CA10__credReportAccessKey1LastUsed__c\n\ \ value:\n DATE_TIME_FROM:\n arg:\n JSON_QUERY_TEXT:\n\ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n\ \ expression: \"to_string(access_key_1_last_used_date)\"\n \ \ undeterminedIf:\n evaluationError: \"The JSON query has\ \ failed.\"\n resultTypeMismatch: \"The JSON query did not return\ \ text type.\"\n nullValues:\n - \"N/A\"\n format: ISO_8601\n\ \ undeterminedIf:\n # value CAN be empty, for example when password\ \ was never used.\n #isEmpty: Value of 'access_key_1_last_used_date'\ \ is empty, unexpected data\n invalidFormat: Value of 'access_key_1_last_used_date'\ \ does not match ISO-8601 format\n - name: CA10__credReportAccessKey2LastUsed__c\n\ \ value:\n DATE_TIME_FROM:\n arg:\n JSON_QUERY_TEXT:\n\ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n\ \ expression: \"to_string(access_key_2_last_used_date)\"\n \ \ undeterminedIf:\n evaluationError: \"The JSON query has\ \ failed.\"\n resultTypeMismatch: \"The JSON query did not return\ \ text type.\"\n nullValues:\n - \"N/A\"\n format: ISO_8601\n\ \ undeterminedIf:\n # value CAN be empty, for example when password\ \ was never used.\n #isEmpty: Value of 'access_key_2_last_used_date'\ \ is empty, unexpected data\n invalidFormat: Value of 'access_key_2_last_used_date'\ \ does not match ISO-8601 format\n - name: CA10__credReportMfaActive__c\n \ \ value:\n BOOLEAN_FROM:\n arg:\n JSON_QUERY_TEXT:\n\ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n\ \ expression: \"to_string(mfa_active)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ undeterminedIf:\n isEmpty: Credential report 'mfa_active' key is\ \ empty, unexpected data\n - name: CA10__credReportPasswordEnabled__c\n \ \ value:\n BOOLEAN_FROM:\n arg:\n JSON_QUERY_TEXT:\n \ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n\ \ expression: \"to_string(password_enabled)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ undeterminedIf:\n isEmpty: Value of 'password_enabled' is empty,\ \ unexpected data\n - name: CA10__credReportPasswordLastChanged__c\n value:\n\ \ DATE_TIME_FROM:\n arg:\n JSON_QUERY_TEXT:\n \ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n \ \ expression: \"to_string(password_last_changed)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ nullValues:\n - \"N/A\"\n format: ISO_8601\n undeterminedIf:\n\ \ # value CAN be empty, for example when password was never changed.\n\ \ #isEmpty: Value of 'password_last_changed' is empty, unexpected data\n\ \ invalidFormat: Value of 'password_last_changed' does not match ISO-8601\ \ format\n - name: CA10__credReportAccessKey1LastRotated__c\n value:\n \ \ DATE_TIME_FROM:\n arg:\n JSON_QUERY_TEXT:\n \ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n \ \ expression: \"to_string(access_key_1_last_rotated)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ nullValues:\n - \"N/A\"\n format: ISO_8601\n undeterminedIf:\n\ \ # value CAN be empty, for example when key was never changed.\n \ \ #isEmpty: Value of 'access_key_1_last_rotated' is empty, unexpected\ \ data\n invalidFormat: Value of 'access_key_1_last_rotated' does not\ \ match ISO-8601 format\n - name: CA10__credReportAccessKey2LastRotated__c\n\ \ value:\n DATE_TIME_FROM:\n arg:\n JSON_QUERY_TEXT:\n\ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n\ \ expression: \"to_string(access_key_2_last_rotated)\"\n \ \ undeterminedIf:\n evaluationError: \"The JSON query has failed.\"\ \n resultTypeMismatch: \"The JSON query did not return text type.\"\ \n nullValues:\n - \"N/A\"\n format: ISO_8601\n \ \ undeterminedIf:\n # value CAN be empty, for example when key\ \ was never changed.\n #isEmpty: Value of 'access_key_2_last_rotated'\ \ is empty, unexpected data\n invalidFormat: Value of 'access_key_2_last_rotated'\ \ does not match ISO-8601 format\n - name: CA10__credReportCert1Active__c\n\ \ value:\n BOOLEAN_FROM:\n arg:\n JSON_QUERY_TEXT:\n\ \ arg:\n EXTRACT: CA10__credReportAttributesJson__c\n\ \ expression: \"to_string(cert_1_active)\"\n undeterminedIf:\n\ \ evaluationError: \"The JSON query has failed.\"\n \ \ resultTypeMismatch: \"The JSON query did not return text type.\"\n \ \ undeterminedIf:\n isEmpty: Value of 'cert_1_active' is empty, unexpected\ \ data\n - name: CA10__credReportCert2Active__c\n value:\n BOOLEAN_FROM:\n\ \ arg:\n JSON_QUERY_TEXT:\n arg:\n EXTRACT:\ \ CA10__credReportAttributesJson__c\n expression: \"to_string(cert_2_active)\"\ \n undeterminedIf:\n evaluationError: \"The JSON query\ \ has failed.\"\n resultTypeMismatch: \"The JSON query did not\ \ return text type.\"\n undeterminedIf:\n isEmpty: Value of\ \ 'cert_1_active' is empty, unexpected data" script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "a01", "expectedResult" : { "status" : "INAPPLICABLE", "conditionIndex" : "199", "conditionText" : "extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == false", "runtimeError" : null } }, { "Id" : "a02", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "299", "conditionText" : "extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey1LastRotated__c').beyondLastDays(90)", "runtimeError" : null } }, { "Id" : "a03", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "399", "conditionText" : "extract('CA10__credReportAccessKey2Active__c') == true && extract('CA10__credReportAccessKey2LastRotated__c').beyondLastDays(90)", "runtimeError" : null } }, { "Id" : "a04", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "400", "conditionText" : "otherwise", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsUser__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2024-05-30T18:23:28Z") }, "CA10__credReportAttributesJson__c" : "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"false\",\"access_key_1_active\":\"false\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"N/A\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"N/A\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}", "Id" : "a01" }, { "context" : { "snapshotTime" : new Date("2024-05-30T18:23:28Z") }, "CA10__credReportAttributesJson__c" : "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"false\",\"access_key_1_active\":\"true\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"N/A\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"2018-07-17T12:13:14+00:00\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}", "Id" : "a02" }, { "context" : { "snapshotTime" : new Date("2024-05-30T18:23:28Z") }, "CA10__credReportAttributesJson__c" : "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"true\",\"access_key_1_active\":\"false\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"2023-06-09T15:41:50+00:00\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"2020-01-15T12:46:32+00:00\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}", "Id" : "a03" }, { "context" : { "snapshotTime" : new Date("2024-05-30T18:23:28Z") }, "CA10__credReportAttributesJson__c" : "{\"password_last_used\":\"2024-07-17T17:37:46Z\",\"access_key_1_last_used_region\":\"N/A\",\"password_enabled\":\"true\",\"access_key_1_last_used_date\":\"N/A\",\"access_key_1_last_used_service\":\"N/A\",\"mfa_active\":\"true\",\"access_key_2_last_used_date\":\"N/A\",\"user_creation_time\":\"2017-09-27T19:51:41Z\",\"cert_2_active\":\"false\",\"cert_1_active\":\"false\",\"cert_1_last_rotated\":\"N/A\",\"access_key_2_last_used_service\":\"N/A\",\"access_key_2_active\":\"false\",\"access_key_1_active\":\"true\",\"password_next_rotation\":\"2024-10-15T17:38:45Z\",\"access_key_2_last_rotated\":\"N/A\",\"arn\":\"arn:aws:iam::526216611803:user/srichter\",\"access_key_1_last_rotated\":\"2024-03-07T15:33:12+00:00\",\"access_key_2_last_used_region\":\"N/A\",\"user\":\"srichter\",\"password_last_changed\":\"2024-07-17T17:38:45Z\",\"cert_2_last_rotated\":\"N/A\"}", "Id" : "a04" } ]; """; CREATE TEMP FUNCTION process_CA10__CaAwsUser__c( obj STRUCT< CA10__disappearanceTime__c TIMESTAMP, CA10__credReportAttributesJson__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js OPTIONS (library=['gs://compliance-platform-public/jmespath.min.js']) AS r""" var BytesLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg; }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var TemporalLib = new function () { var iso8601regex = /^([\+-]?\d{4}(?!\d{2}\b))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([T\s]((([01]\d|2[0-3])((:?)[0-5]\d)?|24\:?00)([\.,]\d+(?!:))?)?(\17[0-5]\d([\.,]\d+)?)?([zZ]|([\+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$/ this.checkIso8601 = function(arg) { return arg == null || iso8601regex.test(arg); }; this.parseIso8601 = function(arg) { return arg == null ? null: new Date(arg); }; this.replaceNullValues = function(arg, nullValues) { for (var i = 0; i < nullValues.length; i++) { if (TextLib.equal(arg, nullValues[i])) { return null; } } return arg; }; }(); var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var todayMinus90Day = new Date(snapshotTime.toISOString().substr(0,10)+'T00:00:00.000Z').getTime() + (-90 * 86400000); var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10__disappearanceTime__c]: ' + obj.CA10__disappearanceTime__c); if (obj.CA10__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function boolChecked4() { var boolFrom10 = jsonQueryChecked5(); if (TextLib.isEmpty(boolFrom10)) { throw new Error("UNDETERMINED condition:105", {cause: {status: 'UNDETERMINED', conditionIndex: 105, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_active)').isEmpty()", currentStateMessage: "Value of 'access_key_1_active' is empty, unexpected data", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return TextLib.equal('true', boolFrom10); } function jsonQueryChecked5() { var input = extract7.call(extract7); var out; try { out = jmespath.search(input, 'to_string(access_key_1_active)'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:103", {cause: {status: 'UNDETERMINED', conditionIndex: 103, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_active)').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:104", {cause: {status: 'UNDETERMINED', conditionIndex: 104, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_active)').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked8() { var input = fieldChecked9(); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:102", {cause: {status: 'UNDETERMINED', conditionIndex: 102, conditionText: "CA10__credReportAttributesJson__c.asJson().isInvalid()", currentStateMessage: "Cred report attributes JSON is invalid", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function fieldChecked9() { if (BytesLib.isEmpty(obj.CA10__credReportAttributesJson__c)) { throw new Error("UNDETERMINED condition:101", {cause: {status: 'UNDETERMINED', conditionIndex: 101, conditionText: "CA10__credReportAttributesJson__c.isEmpty()", currentStateMessage: "Credential report attributes are empty, this is either permission issue or the data haven't been populated yet", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__credReportAttributesJson__c; } function extract7() { if (!this.out) { this.out = jsonChecked8(); } return this.out; }; function extract3() { if (!this.out) { this.out = boolChecked4(); } return this.out; }; function boolChecked13() { var boolFrom16 = jsonQueryChecked14(); if (TextLib.isEmpty(boolFrom16)) { throw new Error("UNDETERMINED condition:108", {cause: {status: 'UNDETERMINED', conditionIndex: 108, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_active)').isEmpty()", currentStateMessage: "Value of 'access_key_1_active' is empty, unexpected data", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return TextLib.equal('true', boolFrom16); } function jsonQueryChecked14() { var input = extract7.call(extract7); var out; try { out = jmespath.search(input, 'to_string(access_key_2_active)'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:106", {cause: {status: 'UNDETERMINED', conditionIndex: 106, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_active)').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:107", {cause: {status: 'UNDETERMINED', conditionIndex: 107, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_active)').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function extract12() { if (!this.out) { this.out = boolChecked13(); } return this.out; }; references1.push('Cred Report: Attributes JSON [obj.CA10__credReportAttributesJson__c]: ' + obj.CA10__credReportAttributesJson__c); try { if (extract3.call(extract3) == false && extract12.call(extract12) == false) { return {status: 'INAPPLICABLE', conditionIndex: 199, conditionText: "extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == false", currentStateMessage: "This user does not have active access keys.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } // condition[2], conditionIndex:[200..299] function boolChecked19() { var boolFrom25 = jsonQueryChecked20(); if (TextLib.isEmpty(boolFrom25)) { throw new Error("UNDETERMINED condition:205", {cause: {status: 'UNDETERMINED', conditionIndex: 205, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_active)').isEmpty()", currentStateMessage: "Value of 'access_key_1_active' is empty, unexpected data", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return TextLib.equal('true', boolFrom25); } function jsonQueryChecked20() { var input = extract22.call(extract22); var out; try { out = jmespath.search(input, 'to_string(access_key_1_active)'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:203", {cause: {status: 'UNDETERMINED', conditionIndex: 203, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_active)').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:204", {cause: {status: 'UNDETERMINED', conditionIndex: 204, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_active)').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked23() { var input = fieldChecked24(); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:202", {cause: {status: 'UNDETERMINED', conditionIndex: 202, conditionText: "CA10__credReportAttributesJson__c.asJson().isInvalid()", currentStateMessage: "Cred report attributes JSON is invalid", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function fieldChecked24() { if (BytesLib.isEmpty(obj.CA10__credReportAttributesJson__c)) { throw new Error("UNDETERMINED condition:201", {cause: {status: 'UNDETERMINED', conditionIndex: 201, conditionText: "CA10__credReportAttributesJson__c.isEmpty()", currentStateMessage: "Credential report attributes are empty, this is either permission issue or the data haven't been populated yet", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__credReportAttributesJson__c; } function extract22() { if (!this.out) { this.out = jsonChecked23(); } return this.out; }; function extract18() { if (!this.out) { this.out = boolChecked19(); } return this.out; }; function dateChecked28() { var dateTimeFrom29 = jsonQueryChecked30(); dateTimeFrom29 = TemporalLib.replaceNullValues(dateTimeFrom29, ['N/A']); if (!TemporalLib.checkIso8601(dateTimeFrom29)) { throw new Error("UNDETERMINED condition:208", {cause: {status: 'UNDETERMINED', conditionIndex: 208, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_last_rotated)').checkIso8601()", currentStateMessage: "Value of 'access_key_1_last_rotated' does not match ISO-8601 format", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return TemporalLib.parseIso8601(dateTimeFrom29); } function jsonQueryChecked30() { var input = extract22.call(extract22); var out; try { out = jmespath.search(input, 'to_string(access_key_1_last_rotated)'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:206", {cause: {status: 'UNDETERMINED', conditionIndex: 206, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_last_rotated)').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:207", {cause: {status: 'UNDETERMINED', conditionIndex: 207, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_1_last_rotated)').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function extract27() { if (!this.out) { this.out = dateChecked28(); } return this.out; }; try { if (extract18.call(extract18) == true && (extract27.call(extract27) != null && extract27.call(extract27).getTime() < todayMinus90Day)) { return {status: 'INCOMPLIANT', conditionIndex: 299, conditionText: "extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey1LastRotated__c').beyondLastDays(90)", currentStateMessage: "Access key 1 has not been rotated for over 90 days.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } // condition[3], conditionIndex:[300..399] function boolChecked35() { var boolFrom41 = jsonQueryChecked36(); if (TextLib.isEmpty(boolFrom41)) { throw new Error("UNDETERMINED condition:305", {cause: {status: 'UNDETERMINED', conditionIndex: 305, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_active)').isEmpty()", currentStateMessage: "Value of 'access_key_1_active' is empty, unexpected data", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return TextLib.equal('true', boolFrom41); } function jsonQueryChecked36() { var input = extract38.call(extract38); var out; try { out = jmespath.search(input, 'to_string(access_key_2_active)'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:303", {cause: {status: 'UNDETERMINED', conditionIndex: 303, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_active)').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:304", {cause: {status: 'UNDETERMINED', conditionIndex: 304, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_active)').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked39() { var input = fieldChecked40(); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:302", {cause: {status: 'UNDETERMINED', conditionIndex: 302, conditionText: "CA10__credReportAttributesJson__c.asJson().isInvalid()", currentStateMessage: "Cred report attributes JSON is invalid", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function fieldChecked40() { if (BytesLib.isEmpty(obj.CA10__credReportAttributesJson__c)) { throw new Error("UNDETERMINED condition:301", {cause: {status: 'UNDETERMINED', conditionIndex: 301, conditionText: "CA10__credReportAttributesJson__c.isEmpty()", currentStateMessage: "Credential report attributes are empty, this is either permission issue or the data haven't been populated yet", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__credReportAttributesJson__c; } function extract38() { if (!this.out) { this.out = jsonChecked39(); } return this.out; }; function extract34() { if (!this.out) { this.out = boolChecked35(); } return this.out; }; function dateChecked44() { var dateTimeFrom45 = jsonQueryChecked46(); dateTimeFrom45 = TemporalLib.replaceNullValues(dateTimeFrom45, ['N/A']); if (!TemporalLib.checkIso8601(dateTimeFrom45)) { throw new Error("UNDETERMINED condition:308", {cause: {status: 'UNDETERMINED', conditionIndex: 308, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_last_rotated)').checkIso8601()", currentStateMessage: "Value of 'access_key_2_last_rotated' does not match ISO-8601 format", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return TemporalLib.parseIso8601(dateTimeFrom45); } function jsonQueryChecked46() { var input = extract38.call(extract38); var out; try { out = jmespath.search(input, 'to_string(access_key_2_last_rotated)'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:306", {cause: {status: 'UNDETERMINED', conditionIndex: 306, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_last_rotated)').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:307", {cause: {status: 'UNDETERMINED', conditionIndex: 307, conditionText: "extract('CA10__credReportAttributesJson__c').jsonQueryText('to_string(access_key_2_last_rotated)').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function extract43() { if (!this.out) { this.out = dateChecked44(); } return this.out; }; try { if (extract34.call(extract34) == true && (extract43.call(extract43) != null && extract43.call(extract43).getTime() < todayMinus90Day)) { return {status: 'INCOMPLIANT', conditionIndex: 399, conditionText: "extract('CA10__credReportAccessKey2Active__c') == true && extract('CA10__credReportAccessKey2LastRotated__c').beyondLastDays(90)", currentStateMessage: "Access key 2 has not been rotated for over 90 days.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } return {status: 'COMPLIANT', conditionIndex: 400, conditionText: "otherwise", currentStateMessage: "All access keys are rotated regularly.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__credReportAttributesJson__c AS CA10__credReportAttributesJson__c, sObject.Id AS Id, process_CA10__CaAwsUser__c( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__credReportAttributesJson__c AS CA10__credReportAttributesJson__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10__CaAwsUser__c()) AS sObject ) sObject ON sObject.Id = expectedResult.Id;