--- policy: /ce/ca/aws/apigateway/api-route-authorization-type logic: /ce/ca/aws/apigateway/api-route-authorization-type/prod.logic.yaml executionTime: 2026-06-06T12:02:29.03607126Z generationMs: 57 executionMs: 1266 rows: - id: test1 match: true status: expected: DISAPPEARED actual: DISAPPEARED conditionIndex: expected: 99 actual: 99 conditionText: expected: isDisappeared(CA10__disappearanceTime__c) actual: isDisappeared(CA10__disappearanceTime__c) runtimeError: {} - id: test2 match: true status: expected: INAPPLICABLE actual: INAPPLICABLE conditionIndex: expected: 199 actual: 199 conditionText: expected: "not(setOfText(['httpApi']).contains(RecordType.DeveloperName))" actual: "not(setOfText(['httpApi']).contains(RecordType.DeveloperName))" runtimeError: {} - id: test3 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 399 actual: 399 conditionText: expected: extract('CA10__protocolType__c') == 'HTTP' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT) actual: extract('CA10__protocolType__c') == 'HTTP' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT) runtimeError: {} - id: test4 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 299 actual: 299 conditionText: expected: extract('CA10__protocolType__c') == 'WEBSOCKET' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT) actual: extract('CA10__protocolType__c') == 'WEBSOCKET' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT) runtimeError: {} - id: test5 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 400 actual: 400 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: test6 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 400 actual: 400 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: test7 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 400 actual: 400 conditionText: expected: otherwise actual: otherwise runtimeError: {} usedFiles: - path: /ce/ca/aws/apigateway/api-route-authorization-type/policy.yaml md5Hash: 734DDBB07D28E2B379E86EFB6208BCD0 content: "---\nnames:\n full: AWS API Gateway API Route Authorization Type is\ \ not configured\n contextual: API Route Authorization Type is not configured\n\ description: >\n Ensure that each API Route in AWS API Gateway API has a mechanisms\ \ for \n controlling and managing access to the API.\ncategories:\n - \"SECURITY\"\ \ntype: \"COMPLIANCE_POLICY\"\nframeworkMappings:\n - \"/frameworks/cloudaware/resource-security/secure-access\"\ \n - \"/frameworks/aws-fsbp-v1.0.0/api-gateway/08\"\nsimilarPolicies:\n internal:\n\ \ - \"dec-x-5fa71eac\"" - path: /ce/ca/aws/apigateway/api-route-authorization-type/prod.logic.yaml md5Hash: 123417446FD722A9C103644E8E4DB54D content: "---\ninputType: \"CA10__CaAwsApiGatewayRestApi__c\"\nrecordTypes:\n\ \ - httpApi\nimportExtracts:\n - file: \"/types/CA10__CaAwsApiGatewayRestApi__c/object.extracts.yaml\"\ \n - file: \"/types/CA10A1__CaAwsApiGatewayRoute__c/object.extracts.yaml\"\n\ testData:\n - file: \"test-data.json\"\nconditions:\n - status: \"INCOMPLIANT\"\ \n currentStateMessage: \"The WebSocket API has at least one API route with\\\ \n \\ no authorization type configured.\"\n remediationMessage: \"Configure\ \ an authorization type for the\\\n \\ API route in API Gateway.\"\n \ \ check: \n AND:\n args:\n - IS_EQUAL:\n \ \ left:\n EXTRACT: \"CA10__protocolType__c\"\n right:\n\ \ TEXT: \"WEBSOCKET\"\n - RELATED_LIST_HAS:\n \ \ status: \"INCOMPLIANT\"\n relationshipName: \"CA10A1__AWS_API_Gateway_Routes__r\"\ \n - status: \"INCOMPLIANT\"\n currentStateMessage: \"The HTTP API has at\ \ least one API route with\\\n \\ no authorization type configured.\"\n\ \ remediationMessage: \"Configure an authorization type for the\\\n \ \ \\ API route in API Gateway.\"\n check:\n AND:\n args:\n \ \ - IS_EQUAL:\n left:\n EXTRACT: \"CA10__protocolType__c\"\ \n right:\n TEXT: \"HTTP\"\n - RELATED_LIST_HAS:\n\ \ status: \"INCOMPLIANT\"\n relationshipName: \"CA10A1__AWS_API_Gateway_Routes__r\"\ \notherwise:\n status: \"COMPLIANT\"\n currentStateMessage: \"All API routes\ \ have an authorization type configured.\"\nrelatedLists:\n - relationshipName:\ \ \"CA10A1__AWS_API_Gateway_Routes__r\"\n conditions:\n - status: \"\ INCOMPLIANT\"\n currentStateMessage: \"API Gateway route authorization\ \ type is not configured.\"\n remediationMessage: \"Configure an authorization\ \ type for the API Gateway route.\"\n check:\n IS_EQUAL:\n \ \ left:\n EXTRACT: \"CA10A1__authorizationType__c\"\n\ \ right:\n TEXT: \"NONE\"\n otherwise:\n status:\ \ \"COMPLIANT\"\n currentStateMessage: \"API Gateway route authorization\ \ type is configured.\"\n\n" - path: /ce/ca/aws/apigateway/api-route-authorization-type/test-data.json md5Hash: 8CC03B321232263D24F91E025DA92884 content: |- [ { "expectedResult": { "status": "DISAPPEARED", "conditionIndex": "99", "conditionText": "isDisappeared(CA10__disappearanceTime__c)", "runtimeError": null }, "context": { "snapshotTime": "2025-04-15T09:25:27Z" }, "Id": "test1", "RecordTypeId": "RecordTypeId1", "CA10__disappearanceTime__c": "2025-04-15T09:25:27Z", "CA10__protocolType__c": "", "RecordType": { "DeveloperName": "restApi", "Id": "RecordTypeId1" }, "CA10A1__AWS_API_Gateway_Routes__r": [] }, { "expectedResult": { "status": "INAPPLICABLE", "conditionIndex": "199", "conditionText": "not(setOfText(['httpApi']).contains(RecordType.DeveloperName))", "runtimeError": null }, "context": { "snapshotTime": "2025-04-15T09:25:27Z" }, "Id": "test2", "RecordTypeId": "RecordTypeId1", "CA10__disappearanceTime__c": null, "CA10__protocolType__c": "", "RecordType": { "DeveloperName": "restApi", "Id": "RecordTypeId1" }, "CA10A1__AWS_API_Gateway_Routes__r": [] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "399", "conditionText": "extract('CA10__protocolType__c') == 'HTTP' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2025-04-15T09:25:27Z" }, "Id": "test3", "RecordTypeId": "RecordTypeId2", "CA10__disappearanceTime__c": null, "CA10__protocolType__c": "HTTP", "RecordType": { "DeveloperName": "httpApi", "Id": "RecordTypeId2" }, "CA10A1__AWS_API_Gateway_Routes__r": [ { "Id": "test3_1", "CA10A1__disappearanceTime__c": null, "CA10A1__authorizationType__c": "NONE", "CA10A1__api__c": "test3" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "299", "conditionText": "extract('CA10__protocolType__c') == 'WEBSOCKET' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2025-04-15T09:25:27Z" }, "Id": "test4", "RecordTypeId": "RecordTypeId3", "CA10__disappearanceTime__c": null, "CA10__protocolType__c": "WEBSOCKET", "RecordType": { "DeveloperName": "httpApi", "Id": "RecordTypeId3" }, "CA10A1__AWS_API_Gateway_Routes__r": [ { "Id": "test4_1", "CA10A1__disappearanceTime__c": null, "CA10A1__authorizationType__c": "NONE", "CA10A1__api__c": "test4" } ] }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "400", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-04-15T09:25:27Z" }, "Id": "test5", "RecordTypeId": "RecordTypeId3", "CA10__disappearanceTime__c": null, "CA10__protocolType__c": "WEBSOCKET", "RecordType": { "DeveloperName": "httpApi", "Id": "RecordTypeId3" }, "CA10A1__AWS_API_Gateway_Routes__r": [ { "Id": "test5_1", "CA10A1__disappearanceTime__c": null, "CA10A1__authorizationType__c": "JWT", "CA10A1__api__c": "test5" } ] }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "400", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-04-15T09:25:27Z" }, "Id": "test6", "RecordTypeId": "RecordTypeId3", "CA10__disappearanceTime__c": null, "CA10__protocolType__c": "WEBSOCKET", "RecordType": { "DeveloperName": "httpApi", "Id": "RecordTypeId3" }, "CA10A1__AWS_API_Gateway_Routes__r": [ { "Id": "test6_1", "CA10A1__disappearanceTime__c": "2025-04-15T09:25:27Z", "CA10A1__authorizationType__c": "NONE", "CA10A1__api__c": "test6" } ] }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "400", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-04-15T09:25:27Z" }, "Id": "test7", "RecordTypeId": "RecordTypeId3", "CA10__disappearanceTime__c": null, "CA10__protocolType__c": "WEBSOCKET", "RecordType": { "DeveloperName": "httpApi", "Id": "RecordTypeId3" }, "CA10A1__AWS_API_Gateway_Routes__r": [] } ] - path: /types/CA10__CaAwsApiGatewayRestApi__c/object.extracts.yaml md5Hash: 746F09341E8149BAD88C53E274DB1DD5 content: "---\nextracts:\n# Values: HTTP | WEBSOCKET. Nullable. Can't have no\ \ access, retrieved via apigateway:GetApis.\n# Null value indicates REST type\n\ \ - name: CA10__protocolType__c\n value: \n FIELD:\n path: CA10__protocolType__c\n\ # Values: REGIONAL | EDGE | PRIVATE. Not Nullable. Can't have no access, retrieved\ \ via apigateway:GetRestApis.\n - name: CA10__endpointType__c\n value: \n\ \ FIELD:\n path: CA10__endpointType__c" - path: /types/CA10A1__CaAwsApiGatewayRoute__c/object.extracts.yaml md5Hash: 341AE92FA4ED622FA3D827EAEFA95B7F content: "---\nextracts:\n#Values: NONE | AWS_IAM | CUSTOM | JWT. Not Nullable.\ \ Can't have no access, retrieved via apigatewayv2:GetRoutes.\n - name: CA10A1__authorizationType__c\n\ \ value: \n FIELD:\n path: CA10A1__authorizationType__c\n \ \ undeterminedIf:\n isEmpty: \"Authorization Type cannot be empty.\ \ Possibly corrupted data.\"" script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "test1", "expectedResult" : { "status" : "DISAPPEARED", "conditionIndex" : "99", "conditionText" : "isDisappeared(CA10__disappearanceTime__c)", "runtimeError" : null } }, { "Id" : "test2", "expectedResult" : { "status" : "INAPPLICABLE", "conditionIndex" : "199", "conditionText" : "not(setOfText(['httpApi']).contains(RecordType.DeveloperName))", "runtimeError" : null } }, { "Id" : "test3", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "399", "conditionText" : "extract('CA10__protocolType__c') == 'HTTP' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT)", "runtimeError" : null } }, { "Id" : "test4", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "299", "conditionText" : "extract('CA10__protocolType__c') == 'WEBSOCKET' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT)", "runtimeError" : null } }, { "Id" : "test5", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "400", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "test6", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "400", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "test7", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "400", "conditionText" : "otherwise", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsApiGatewayRestApi__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10__disappearanceTime__c" : new Date("2025-04-15T09:25:27Z"), "CA10__protocolType__c" : "", "Id" : "test1", "RecordTypeId" : "RecordTypeId1" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10__protocolType__c" : "", "Id" : "test2", "RecordTypeId" : "RecordTypeId1" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10__protocolType__c" : "HTTP", "Id" : "test3", "RecordTypeId" : "RecordTypeId2" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10__protocolType__c" : "WEBSOCKET", "Id" : "test4", "RecordTypeId" : "RecordTypeId3" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10__protocolType__c" : "WEBSOCKET", "Id" : "test5", "RecordTypeId" : "RecordTypeId3" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10__protocolType__c" : "WEBSOCKET", "Id" : "test6", "RecordTypeId" : "RecordTypeId3" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10__protocolType__c" : "WEBSOCKET", "Id" : "test7", "RecordTypeId" : "RecordTypeId3" } ]; """; CREATE TEMP FUNCTION mock_RecordType() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "DeveloperName" : "restApi", "Id" : "RecordTypeId1" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "DeveloperName" : "httpApi", "Id" : "RecordTypeId2" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "DeveloperName" : "httpApi", "Id" : "RecordTypeId3" } ]; """; CREATE TEMP FUNCTION mock_CA10A1__CaAwsApiGatewayRoute__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10A1__authorizationType__c" : "NONE", "CA10A1__api__c" : "test3", "Id" : "test3_1" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10A1__authorizationType__c" : "NONE", "CA10A1__api__c" : "test4", "Id" : "test4_1" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10A1__authorizationType__c" : "JWT", "CA10A1__api__c" : "test5", "Id" : "test5_1" }, { "context" : { "snapshotTime" : new Date("2025-04-15T09:25:27Z") }, "CA10A1__disappearanceTime__c" : new Date("2025-04-15T09:25:27Z"), "CA10A1__authorizationType__c" : "NONE", "CA10A1__api__c" : "test6", "Id" : "test6_1" } ]; """; CREATE TEMP FUNCTION process_CA10__CaAwsApiGatewayRestApi__c( obj STRUCT< CA10__disappearanceTime__c TIMESTAMP, RecordType STRUCT< DeveloperName STRING, Id STRING >, CA10__protocolType__c STRING, CA10A1__AWS_API_Gateway_Routes__r ARRAY >>, Id STRING, RecordTypeId STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var BytesLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg; }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var CollectionLib = new function () { this.parse = function(arg, separator, skipEmpty, skipDuplicates, sort, normalize) { if (arg == null) return []; let parts = arg.split(separator); return this.fromArray(parts, skipEmpty, skipDuplicates, sort, normalize); }; this.fromArray = function(arr, skipEmpty, skipDuplicates, sort, normalize) { if (arr == null) return []; let result = []; let seen = new Set(); arr.forEach(el => { let normalized = normalize ? TextLib.normalize(el) : BytesLib.normalize(el); if (!skipEmpty || (normalize ? TextLib.isNotEmpty(el) : BytesLib.isNotEmpty(el))) { if (!skipDuplicates || !seen.has(normalized)) { if (skipDuplicates) seen.add(normalized); result.push(normalized); } } }); if (sort) result.sort(); return result; }; this.equal = function(left, right) { left = left == null ? [] : left; right = right == null ? [] : right; if (left.length !== right.length) return false; for (let i = 0; i < left.length; i++) { if (left[i] !== right[i]) return false; } return true; }; this.notEqual = function(left, right) { return !this.equal(left, right); }; this.size = function(collection) { return collection == null ? 0 : collection.length; }; this.startsWith = function(collection, search, normalize) { if (collection == null || collection.length === 0) return false; let normalizedSearch = normalize ? TextLib.normalize(search) : BytesLib.normalize(search); return collection[0] === normalizedSearch; }; this.endsWith = function(collection, search, normalize) { if (collection == null || collection.length === 0) return false; let normalizedSearch = normalize ? TextLib.normalize(search) : BytesLib.normalize(search); return collection[collection.length - 1] === normalizedSearch; }; this.contains = function(collection, search, normalize) { if (collection == null || collection.length === 0) return false; return collection.includes(normalize ? TextLib.normalize(search) : BytesLib.normalize(search)); }; this.containsAll = function(collection, searchArray, normalize) { if (collection == null || collection.length === 0 || searchArray == null || searchArray.length === 0) return false; return searchArray.every(search => collection.includes(normalize ? TextLib.normalize(search) : BytesLib.normalize(search))); }; this.containsAny = function(collection, searchArray, normalize) { if (collection == null || collection.length === 0 || searchArray == null || searchArray.length === 0) return false; return searchArray.some(search => collection.includes(normalize ? TextLib.normalize(search) : BytesLib.normalize(search))); }; }(); var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10__disappearanceTime__c]: ' + obj.CA10__disappearanceTime__c); if (obj.CA10__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] references1.push('Record Type Name [obj.RecordType.DeveloperName]: ' + obj.RecordType.DeveloperName); if (!CollectionLib.contains(CollectionLib.fromArray(['httpApi'], true, true, true, true), obj.RecordType.DeveloperName, true)) { return {status: 'INAPPLICABLE', conditionIndex: 199, conditionText: "not(setOfText(['httpApi']).contains(RecordType.DeveloperName))", currentStateMessage: "Object record type is not applicable", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } var count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 = 0; if (obj.CA10A1__AWS_API_Gateway_Routes__r != null) { for (var i7 = 0; i7 < obj.CA10A1__AWS_API_Gateway_Routes__r.length; i7++) { if (typeof(obj.CA10A1__AWS_API_Gateway_Routes__r[i7].status) !== 'undefined') { if (obj.CA10A1__AWS_API_Gateway_Routes__r[i7].status == 'INCOMPLIANT') { count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 += obj.CA10A1__AWS_API_Gateway_Routes__r[i7].count; } } else { if (obj.CA10A1__AWS_API_Gateway_Routes__r[i7].result.status == 'INCOMPLIANT') { count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 += 1; } } } } // condition[2], conditionIndex:[200..299] function extract4() { if (!this.out) { this.out = obj.CA10__protocolType__c; } return this.out; }; references1.push('Protocol Type [obj.CA10__protocolType__c]: ' + obj.CA10__protocolType__c); references1.push('Related list [CA10A1__AWS_API_Gateway_Routes__r] ' + (count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 > 0 ? 'has' : 'does not have') + ' objects in INCOMPLIANT status'); if (TextLib.equal(extract4.call(extract4), 'WEBSOCKET') && count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 > 0) { return {status: 'INCOMPLIANT', conditionIndex: 299, conditionText: "extract('CA10__protocolType__c') == 'WEBSOCKET' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT)", currentStateMessage: "The WebSocket API has at least one API route with no authorization type configured.", currentStateReferences: references1.join('\n'), remediation: "Configure an authorization type for the API route in API Gateway.", runtimeError: null}; } var count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 = 0; if (obj.CA10A1__AWS_API_Gateway_Routes__r != null) { for (var i11 = 0; i11 < obj.CA10A1__AWS_API_Gateway_Routes__r.length; i11++) { if (typeof(obj.CA10A1__AWS_API_Gateway_Routes__r[i11].status) !== 'undefined') { if (obj.CA10A1__AWS_API_Gateway_Routes__r[i11].status == 'INCOMPLIANT') { count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 += obj.CA10A1__AWS_API_Gateway_Routes__r[i11].count; } } else { if (obj.CA10A1__AWS_API_Gateway_Routes__r[i11].result.status == 'INCOMPLIANT') { count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 += 1; } } } } // condition[3], conditionIndex:[300..399] function extract9() { if (!this.out) { this.out = obj.CA10__protocolType__c; } return this.out; }; if (TextLib.equal(extract9.call(extract9), 'HTTP') && count_CA10A1__AWS_API_Gateway_Routes__r_INCOMPLIANT6 > 0) { return {status: 'INCOMPLIANT', conditionIndex: 399, conditionText: "extract('CA10__protocolType__c') == 'HTTP' && CA10A1__AWS_API_Gateway_Routes__r.has(INCOMPLIANT)", currentStateMessage: "The HTTP API has at least one API route with no authorization type configured.", currentStateReferences: references1.join('\n'), remediation: "Configure an authorization type for the API route in API Gateway.", runtimeError: null}; } return {status: 'COMPLIANT', conditionIndex: 400, conditionText: "otherwise", currentStateMessage: "All API routes have an authorization type configured.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; CREATE TEMP FUNCTION process_CA10A1__AWS_API_Gateway_Routes__r( obj STRUCT< CA10A1__disappearanceTime__c TIMESTAMP, CA10A1__authorizationType__c STRING, CA10A1__api__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10A1__disappearanceTime__c]: ' + obj.CA10A1__disappearanceTime__c); if (obj.CA10A1__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10A1__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function fieldChecked4() { if (TextLib.isEmpty(obj.CA10A1__authorizationType__c)) { throw new Error("UNDETERMINED condition:101", {cause: {status: 'UNDETERMINED', conditionIndex: 101, conditionText: "CA10A1__authorizationType__c.isEmpty()", currentStateMessage: "Authorization Type cannot be empty. Possibly corrupted data.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10A1__authorizationType__c; } function extract3() { if (!this.out) { this.out = fieldChecked4(); } return this.out; }; references1.push('Authorization Type [obj.CA10A1__authorizationType__c]: ' + obj.CA10A1__authorizationType__c); try { if (TextLib.equal(extract3.call(extract3), 'NONE')) { return {status: 'INCOMPLIANT', conditionIndex: 199, conditionText: "extract('CA10A1__authorizationType__c') == 'NONE'", currentStateMessage: "API Gateway route authorization type is not configured.", currentStateReferences: references1.join('\n'), remediation: "Configure an authorization type for the API Gateway route.", runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } return {status: 'COMPLIANT', conditionIndex: 200, conditionText: "otherwise", currentStateMessage: "API Gateway route authorization type is configured.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, STRUCT ( `RecordType`.DeveloperName AS DeveloperName, `RecordType`.Id AS Id ) AS RecordType, sObject.CA10__protocolType__c AS CA10__protocolType__c, `CA10A1__AWS_API_Gateway_Routes__r`.arr AS CA10A1__AWS_API_Gateway_Routes__r, sObject.Id AS Id, sObject.RecordTypeId AS RecordTypeId, process_CA10__CaAwsApiGatewayRestApi__c( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, STRUCT ( `RecordType`.DeveloperName AS DeveloperName, `RecordType`.Id AS Id ) AS RecordType, sObject.CA10__protocolType__c AS CA10__protocolType__c, `CA10A1__AWS_API_Gateway_Routes__r`.arr AS CA10A1__AWS_API_Gateway_Routes__r, sObject.Id AS Id, sObject.RecordTypeId AS RecordTypeId ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10__CaAwsApiGatewayRestApi__c()) AS sObject LEFT JOIN UNNEST(mock_RecordType()) AS `RecordType` ON sObject.RecordTypeId = `RecordType`.Id LEFT JOIN ( SELECT sObject.CA10A1__api__c, ARRAY_AGG( STRUCT( sObject.CA10A1__disappearanceTime__c AS CA10A1__disappearanceTime__c, sObject.CA10A1__authorizationType__c AS CA10A1__authorizationType__c, sObject.CA10A1__api__c AS CA10A1__api__c, sObject.Id AS Id, process_CA10A1__AWS_API_Gateway_Routes__r( STRUCT( sObject.CA10A1__disappearanceTime__c AS CA10A1__disappearanceTime__c, sObject.CA10A1__authorizationType__c AS CA10A1__authorizationType__c, sObject.CA10A1__api__c AS CA10A1__api__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result ) ) AS arr FROM UNNEST(mock_CA10A1__CaAwsApiGatewayRoute__c()) AS sObject GROUP BY sObject.CA10A1__api__c ) AS `CA10A1__AWS_API_Gateway_Routes__r` ON sObject.Id = `CA10A1__AWS_API_Gateway_Routes__r`.CA10A1__api__c ) sObject ON sObject.Id = expectedResult.Id;