# ###################################
##       Rule Specification        ##
#####################################
# 
# Rule Identifier:
#   step_functions_state_machine_tracing_enabled_check
# 
# Description:
#   This control checks whether an AWS Step Functions state machine has AWS X-Ray tracing enabled.
# 
# Reports on:
#   AWS::StepFunctions::StateMachine
# 
# Evaluates:
#   AWS CloudFormation, AWS CloudFormation hook
# 
# Rule Parameters:
#   None
# 
# Scenarios:
#   Scenario: 1
#     Given: The input document is an AWS CloudFormation or CloudFormation hook document
#       And: The input document does not contain any StepFunctions state machine resources
#      Then: SKIP
#   Scenario: 2
#     Given: The input document is an AWS CloudFormation or CloudFormation hook document
#       And: The input document contains a StepFunctions state machine resource
#       And: 'TracingConfiguration' has not been provided
#      Then: FAIL
#   Scenario: 3
#     Given: The input document is an AWS CloudFormation or CloudFormation hook document
#       And: The input document contains a StepFunctions state machine resource
#       And: 'TracingConfiguration' has been provided
#       And: In 'TracingConfiguration', 'Enabled' has not been provided or provided and set to a value other
#            than bool(true)
#      Then: FAIL
#   Scenario: 4
#     Given: The input document is an AWS CloudFormation or CloudFormation hook document
#       And: The input document contains a StepFunctions state machine resource
#       And: 'TracingConfiguration' has been provided
#       And: In 'TracingConfiguration', 'Enabled' has been provided and set to bool(true)
#      Then: PASS

#
# Constants
#
let STEP_FUNCTIONS_STATE_MACHINE_TYPE = "AWS::StepFunctions::StateMachine"
let INPUT_DOCUMENT = this

#
# Assignments
#
let step_functions_state_machines = Resources.*[ Type == %STEP_FUNCTIONS_STATE_MACHINE_TYPE ]

#
# Primary Rules
#
rule step_functions_state_machine_tracing_enabled_check when is_cfn_template(%INPUT_DOCUMENT)
                                                             %step_functions_state_machines not empty {
    check(%step_functions_state_machines.Properties)
        <<
        [CT.STEPFUNCTIONS.PR.2]: Require an AWS Step Functions state machine to have AWS X-Ray tracing activated
        [FIX]: In the 'TracingConfiguration' property, set the value of 'Enabled' to true.
        >>
}

rule step_functions_state_machine_tracing_enabled_check when is_cfn_hook(%INPUT_DOCUMENT, %STEP_FUNCTIONS_STATE_MACHINE_TYPE) {
    check(%INPUT_DOCUMENT.%STEP_FUNCTIONS_STATE_MACHINE_TYPE.resourceProperties)
        <<
        [CT.STEPFUNCTIONS.PR.2]: Require an AWS Step Functions state machine to have AWS X-Ray tracing activated
        [FIX]: In the 'TracingConfiguration' property, set the value of 'Enabled' to true.
        >>
}

rule check(step_functions_state_machine) {
    %step_functions_state_machine {
        # Scenario 2
        TracingConfiguration exists
        TracingConfiguration is_struct

        TracingConfiguration {
            # Scenarios 3 and 4
            Enabled exists
            Enabled == true
        }
    }
}

#
# Utility Rules
#
rule is_cfn_template(doc) {
    %doc {
        AWSTemplateFormatVersion exists  or
        Resources exists
    }
}

rule is_cfn_hook(doc, RESOURCE_TYPE) {
    %doc.%RESOURCE_TYPE.resourceProperties exists
}