###
# RDS_INSTANCE_LOGGING_ENABLED tests
###
---
- name: Empty, SKIP
  input: {}
  expectations:
    rules:
      RDS_INSTANCE_LOGGING_ENABLED: SKIP

- name: No resources, SKIP
  input:
    Resources: {}
  expectations:
    rules:
      RDS_INSTANCE_LOGGING_ENABLED: SKIP

- name: RDS logging configured with EnableCloudwatchLogsExports set with logs to export, PASS
  input:
    Resources:
      ExampleRDS:
        Type: "AWS::RDS::DBInstance"
        Properties:
          DBInstanceClass: !Ref DBInstanceType
          SourceDBInstanceIdentifier: !Ref SourceDBInstanceIdentifier
          SourceRegion: !Ref SourceRegion
          KmsKeyId: !Ref MyKey
          MonitoringInterval: 1
          DeletionProtection: true
          EnableCloudwatchLogsExports:
            - "error"
            - "general"
            - "slowquery"
            - "audit"
  expectations:
    rules:
      RDS_INSTANCE_LOGGING_ENABLED: PASS

- name: RDS EnableCloudwatchLogsExports missing, FAIL
  input:
    Resources:
      ExampleRDS:
        Type: "AWS::RDS::DBInstance"
        Properties:
          DBInstanceClass: !Ref DBInstanceType
          SourceDBInstanceIdentifier: !Ref SourceDBInstanceIdentifier
          SourceRegion: !Ref SourceRegion
          KmsKeyId: !Ref MyKey
          MonitoringInterval: 0
          DeletionProtection: false
  expectations:
    rules:
      RDS_INSTANCE_LOGGING_ENABLED: FAIL

- name: RDS EnableCloudwatchLogsExports missing but rule suppressed, SKIP
  input:
    Resources:
      ExampleRDS:
        Type: "AWS::RDS::DBInstance"
        Metadata:
          guard:
            SuppressedRules:
            - RDS_INSTANCE_LOGGING_ENABLED
        Properties:
          DBInstanceClass: !Ref DBInstanceType
          SourceDBInstanceIdentifier: !Ref SourceDBInstanceIdentifier
          SourceRegion: !Ref SourceRegion
          KmsKeyId: !Ref MyKey
          MonitoringInterval: 0
          DeletionProtection: false
  expectations:
    rules:
      RDS_INSTANCE_LOGGING_ENABLED: SKIP