Remove runtime config (elastic#161)

.pre-commit-config.yaml

@@ -5,15 +5,15 @@ repos:
         name: OPA fmt
         description: Formats Rego policy using opa fmt
         entry: opa fmt
-        args: [ -w ]
+        args: [-w]
         language: system
         files: (\.rego)$
 
       - id: opa-check
         name: OPA check
         description: Check syntax of staged Rego files
         entry: opa check
-        args: [ -S, './bundle/compliance' ]
+        args: [-S, "./bundle/compliance"]
         pass_filenames: false
         language: system
         files: (\.rego)$
@@ -22,24 +22,27 @@ repos:
         name: OPA test
         description: Runs OPA unit tests on rego source files
         entry: opa test
-        args: [ -b, './bundle' ]
+        args: [-b, "./bundle"]
         pass_filenames: false
         language: system
 
       - id: update-rules-status
         name: Update rules status
         description: Update rules status in rules_table.md
-        entry: python3 ./dev/update_rule_status.py
+        require_serial: true
+        entry: poetry run python ./dev/update_rule_status.py
         language: system
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
     rev: v0.32.2
     hooks:
       - id: markdownlint
-        args: [ '--disable',
-                MD013,  # Line length can be ignored for now
-                MD033,  # Allow inline HTML
-                MD046,  # Allow code blocks to be fenced with backticks
-                MD041,  # Allow multiple top level headers
-                '--' ]
-        files: \.(md|markdown)$
+        args: [
+            "--disable",
+            MD013, # Line length can be ignored for now
+            MD033, # Allow inline HTML
+            MD046, # Allow code blocks to be fenced with backticks
+            MD041, # Allow multiple top level headers
+            "--",
+          ]
+        files: \.(md|markdown)$

README.md

@@ -7,7 +7,7 @@
 ![Coverage Badge](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/oren-zohar/a7160df46e48dff45b24096de9302d38/raw/csp-security-policies_coverage.json)
 
 <details>
-<summary>Project structure</summary>  
+<summary>Project structure</summary>
 
     .
     ├── bundle
@@ -44,17 +44,13 @@
 
 **`input.json`**
 
-should contain a beat/agent output and the `activated_rules` (not mandatory - without specifying rules all rules will
-apply), e.g. filesystem data  
+should contain a beat/agent output and the `benchmark` (not mandatory - without specifying benchmark all benchmarks will
+apply), e.g. k8s eks aws
 
 ```json
 {
   "type": "file",
-  "activated_rules": {
-    "cis_k8s": [
-      "cis_1_1_1"
-    ]
-  },
+  "benchmark": "cis_k8s",
   "sub_type": "file",
   "resource": {
     "mode": "700",
@@ -83,7 +79,7 @@ opa eval data.main.findings --format pretty -i input.json -b ./bundle > output.j
 <details>
 <summary>Example output</summary>
 
-```json
+````json
 {
   "result": {
     "evaluation": "failed",
@@ -120,7 +116,7 @@ opa eval data.main.findings --format pretty -i input.json -b ./bundle > output.j
     "version": "1.0"
   }
 }
-```
+````
 
 </details>
 

bundle/compliance/main.rego

@@ -8,15 +8,13 @@ import data.compliance.lib.common
 resource = input.resource
 
 findings = f {
-	input.activated_rules
+	input.benchmark
 
-	# iterate over activated benchmarks
-	benchmarks := [key | input.activated_rules[key]]
+	# iterate over activated benchmark rules
+	benchmark := input.benchmark
 
-	# aggregate findings from activated benchmarks
+	# aggregate findings from activated benchmark
 	f := {finding |
-		benchmark := benchmarks[_]
-		rule := input.activated_rules[benchmark][_]
 		result := compliance[benchmark].rules[rule].finding with data.benchmark_data_adapter as compliance[benchmark].data_adapter
 		finding = {
 			"result": result,
@@ -26,7 +24,7 @@ findings = f {
 }
 
 findings = f {
-	not input.activated_rules
+	not input.benchmark
 
 	# aggregate findings from all benchmarks
 	f := {finding |