rule not_known_key K { config_not_contains_line 'keys' K }
rule not_known_dead D { config_not_contains_line 'keys.dead' D }
-rule account_synchronized A {
+rule all_known_installed_on A {
foreach K { known_key K } { key_installed_on A K }
}
+rule all_dead_not_installed_on A {
+ foreach K { known_dead K } { key_not_installed_on A K }
+}
+
+rule account_synchronized A {
+ all_known_installed_on A
+ all_dead_not_installed_on A
+}
+
rule all_synchronized {} {
foreach A { known_account A } { account_synchronized A }
}
rule unknown_installed_on { A K } {
key_installed_on A K
not { known_key K }
+ not { known_dead K }
+}
+
+rule known_installed_on { A K } {
+ key_installed_on A K
+ known_key K
+}
+
+rule dead_installed_on { A K } {
+ key_installed_on A K
+ known_dead K
}