###
# DYNAMODB_TABLE_MUST_BE_ENCRYPTED tests
###
---
- name: Empty, SKIP
  input: {}
  expectations:
    rules:
      DYNAMODB_TABLE_MUST_BE_ENCRYPTED: SKIP

- name: Scenario a) No resources, SKIP
  input:
    Resources: {}
  expectations:
    rules:
      DYNAMODB_TABLE_MUST_BE_ENCRYPTED: SKIP

- name: Scenario b) DynamoDB Table with missing SSESpecification property but rule suppressed, SKIP
  input:
    Resources:
      Exampletable:
        Type: AWS::DynamoDB::Table
        Metadata:
          guard:
            SuppressedRules:
            - DYNAMODB_TABLE_MUST_BE_ENCRYPTED
        Properties:
          KeySchema:
            - AttributeName: Id
              KeyType: HASH
          AttributeDefinitions:
            - AttributeName: Id
              AttributeType: S
            - AttributeName: dummy
              AttributeType: S
            - AttributeName: name
              AttributeType: S
            - AttributeName: owner
              AttributeType: S
            - AttributeName: createdAt
              AttributeType: S
  expectations:
    rules:
      DYNAMODB_TABLE_MUST_BE_ENCRYPTED : SKIP

- name: Scenario c) DynamoDB Table with missing SSESpecification property, FAIL
  input:
    Resources:
      Exampletable:
        Type: AWS::DynamoDB::Table
        Properties:
          KeySchema:
            - AttributeName: Id
              KeyType: HASH
          AttributeDefinitions:
            - AttributeName: Id
              AttributeType: S
            - AttributeName: dummy
              AttributeType: S
            - AttributeName: name
              AttributeType: S
            - AttributeName: owner
              AttributeType: S
            - AttributeName: createdAt
              AttributeType: S
  expectations:
    rules:
      DYNAMODB_TABLE_MUST_BE_ENCRYPTED: FAIL

- name: Scenario d) DynamoDB Table with SSEEnabled set to false, FAIL
  input:
    Resources:
      Exampletable:
        Type: AWS::DynamoDB::Table
        Properties:
          KeySchema:
            - AttributeName: Id
              KeyType: HASH
          AttributeDefinitions:
            - AttributeName: Id
              AttributeType: S
            - AttributeName: dummy
              AttributeType: S
            - AttributeName: name
              AttributeType: S
            - AttributeName: owner
              AttributeType: S
            - AttributeName: createdAt
              AttributeType: S
          SSESpecification:
            SSEEnabled: false
  expectations:
    rules:
      DYNAMODB_TABLE_MUST_BE_ENCRYPTED: FAIL

- name: Scenario e) DynamoDB Table with SSEEnabled set to true, PASS
  input:
    Resources:
      Exampletable:
        Type: AWS::DynamoDB::Table
        Properties:
          KeySchema:
            - AttributeName: Id
              KeyType: HASH
          AttributeDefinitions:
            - AttributeName: Id
              AttributeType: S
            - AttributeName: dummy
              AttributeType: S
            - AttributeName: name
              AttributeType: S
            - AttributeName: owner
              AttributeType: S
            - AttributeName: createdAt
              AttributeType: S
          SSESpecification:
            SSEEnabled: true
  expectations:
    rules:
      DYNAMODB_TABLE_MUST_BE_ENCRYPTED: PASS