###
# IAM_NO_INLINE_POLICY_CHECK tests
###
---
- name: Empty, SKIP
  input: {}
  expectations:
    rules:
      IAM_NO_INLINE_POLICY_CHECK: SKIP

- name: No resources, SKIP
  input:
    Resources: {}
  expectations:
    rules:
      IAM_NO_INLINE_POLICY_CHECK: SKIP

- name: IAM User with no inline policies, PASS 
  input: 
    Resources: 
      ExampleUser: 
        Type: "AWS::IAM::User"
        Properties: 
  expectations:
    rules: 
      IAM_NO_INLINE_POLICY_CHECK: PASS

- name: IAM Role with no inline policies, PASS 
  input: 
    Resources: 
      ExampleUser: 
        Type: "AWS::IAM::Role"
        Properties: 
          AssumeRolePolicyDocument: !Ref AssumeRolePolicyDocument
  expectations:
    rules: 
      IAM_NO_INLINE_POLICY_CHECK: PASS

- name: IAM Group with no inline policies, PASS 
  input: 
    Resources: 
      ExampleUser: 
        Type: "AWS::IAM::Group"
        Properties: 
  expectations:
    rules: 
      IAM_NO_INLINE_POLICY_CHECK: PASS

- name: IAM User with inline policies, FAIL
  input: 
    Resources: 
      ExampleUser: 
        Type: "AWS::IAM::User"
        Properties: 
          Policies: 
            - PolicyName: "Admin"
              PolicyDocument: 
                Version: "2012-10-17"
                Statement:
                  - Effect: "Allow"
                    Action: "*"
                    Resource: "*"
  expectations:
    rules: 
      IAM_NO_INLINE_POLICY_CHECK: FAIL

- name: IAM Role with inline policies, FAIL
  input: 
    Resources: 
      ExampleUser: 
        Type: "AWS::IAM::Role"
        Properties: 
          AssumeRolePolicyDocument: !Ref AssumeRolePolicyDocument
          Policies: 
            - PolicyName: "Admin"
              PolicyDocument: 
                Version: "2012-10-17"
                Statement:
                  - Effect: "Allow"
                    Action: "service:*"
                    Resource: "*"
  expectations:
    rules: 
      IAM_NO_INLINE_POLICY_CHECK: FAIL

- name: IAM Group with inline policies, FAIL
  input: 
    Resources: 
      ExampleUser: 
        Type: "AWS::IAM::Group"
        Properties: 
          Policies: 
            - PolicyName: "Admin"
              PolicyDocument: 
                Version: "2012-10-17"
                Statement:
                  - Effect: "Allow"
                    Action: "*"
                    Resource: "*"
  expectations:
    rules: 
      IAM_NO_INLINE_POLICY_CHECK: FAIL

- name: IAM User with inline policies but rule suppressed, SKIP
  input: 
    Resources: 
      ExampleUser: 
        Type: "AWS::IAM::User"
        Metadata:
          guard:
            SuppressedRules:
            - IAM_NO_INLINE_POLICY_CHECK
        Properties: 
          Policies: 
            - PolicyName: "Admin"
              PolicyDocument: 
                Version: "2012-10-17"
                Statement:
                  - Effect: "Allow"
                    Action: "*"
                    Resource: "*"
  expectations:
    rules: 
      IAM_NO_INLINE_POLICY_CHECK: SKIP