Skip to content

Commit

Permalink
meet: implement group checks (#329)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rlxdev
rlxdev authored Jul 25, 2024
1 parent 94657a0 commit f32cf59
Show file tree
Hide file tree
Showing 5 changed files with 286 additions and 21 deletions.
51 changes: 50 additions & 1 deletion Testing/RegoTests/meet/meet01_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -466,4 +466,53 @@ test_Access_Incorrect_V9 if {
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])}
#--
#--

test_Access_Incorrect_V10 if {
# Test group wrong
PolicyId := "GWS.MEET.1.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyDomainLockProto users_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "LOGGED_IN"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyDomainLockProto users_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "ALL"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: Who can join meetings is set to all users ",
"(including users not signed in with a Google account)</li>",
"</ul>"
])
}
49 changes: 49 additions & 0 deletions Testing/RegoTests/meet/meet02_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -555,3 +555,52 @@ test_JoinExternalPers_Incorrect_V7 if {
"What meetings can org users join is set to any meetings, ",
"including meetings created with personal accounts</li></ul>"])
}

test_JoinExternalPers_Incorrect_V8 if {
# Test group wrong
PolicyId := "GWS.MEET.2.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyAccessLockProto meetings_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "SAME_DOMAIN"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyAccessLockProto meetings_allowed_to_join"
},
{"name": "NEW_VALUE", "value": "ALL"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: What meetings can org users join is set to ",
"any meetings, including meetings created with personal accounts</li>",
"</ul>"
])
}
50 changes: 49 additions & 1 deletion Testing/RegoTests/meet/meet03_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,4 +327,52 @@ test_HostMan_Incorrect_V5 if {
"is non-compliant; manual check recommended."
])
}
#--
#--

test_HostMan_Incorrect_V6 if {
# Test group wrong
PolicyId := "GWS.MEET.3.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyModerationLockProto host_management_enabled"
},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "SafetyModerationLockProto host_management_enabled"
},
{"name": "NEW_VALUE", "value": "false"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: Host management when video calls start is set to off</li>",
"</ul>"
])
}
55 changes: 53 additions & 2 deletions Testing/RegoTests/meet/meet04_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ test_HostMan_Correct_V3 if {
RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
}

test_Access_Correct_V4 if {
test_HostMan_Correct_V4 if {
# Test history setting when set to inherit from parent
PolicyId := "GWS.MEET.4.1v0.2"
Output := tests with input as {
Expand Down Expand Up @@ -383,4 +383,55 @@ test_HostMan_Incorrect_V5 if {
"is non-compliant; manual check recommended."
])
}
#--
#--

test_HostMan_Incorrect_V6 if {
# Test group wrong
PolicyId := "GWS.MEET.4.1v0.2"
Output := tests with input as {
"meet_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value":
"Warn for external participants External or unidentified participants in a meeting are given a label"
},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value":
"Warn for external participants External or unidentified participants in a meeting are given a label"
},
{"name": "NEW_VALUE", "value": "false"},
{"name": "GROUP_EMAIL", "value": "[email protected]"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"The following groups are non-compliant:<ul>",
"<li>[email protected]: Warning label for external or unidentified ",
"meeting participants is set to no warning label</li>",
"</ul>"
])
}
Loading

0 comments on commit f32cf59

Please sign in to comment.