test data tidy up

elastic · Aug 14, 2023 · 05bce95 · 05bce95
1 parent d69996d
commit 05bce95
Showing 1 changed file with 55 additions and 81 deletions.
diff --git a/bundle/compliance/cis_gcp/test_data.rego b/bundle/compliance/cis_gcp/test_data.rego
@@ -1,17 +1,5 @@
 package cis_gcp.test_data
 
-generate_iam_policy(members, role) = {
-	"resource": {
-		"resource": {},
-		"iam_policy": {"bindings": [{
-			"role": role,
-			"members": members,
-		}]},
-	},
-	"type": "key-management",
-	"subType": "gcp-iam-service-account",
-}
-
 generate_gcp_asset(type, subtype, resource, iam_policy) = {
 	"resource": {
 		"resource": resource,
@@ -21,79 +9,65 @@ generate_gcp_asset(type, subtype, resource, iam_policy) = {
 	"subType": subtype,
 }
 
-generate_monitoring_asset(log_metrics, alerts) = {
-	"resource": {
-		"log_metrics": log_metrics,
-		"alerts": alerts,
-	},
-	"type": "monitoring",
-	"subType": "gcp-monitoring",
-}
+generate_iam_policy(members, role) = generate_gcp_asset(
+	"key-management",
+	"gcp-iam-service-account",
+	{},
+	{"bindings": [{"role": role, "members": members}]},
+)
 
-generate_kms_resource(members, rotationPeriod, nextRotationTime, primary) = {
-	"resource": {
-		"resource": {"data": {
-			"nextRotationTime": nextRotationTime,
-			"rotationPeriod": rotationPeriod,
-			"primary": primary,
-		}},
-		"iam_policy": {"bindings": [{
-			"role": "roles/cloudkms.cryptoKeyEncrypterDecrypter",
-			"members": members,
-		}]},
-	},
-	"type": "key-management",
-	"subType": "gcp-cloudkms-crypto-key",
-}
+generate_monitoring_asset(log_metrics, alerts) = generate_gcp_asset(
+	"monitoring",
+	"gcp-monitoring",
+	{"log_metrics": log_metrics, "alerts": alerts},
+	{},
+)
 
-generate_gcs_resource(members, isBucketLevelAccessEnabled) = {
-	"resource": {
-		"resource": {"data": {"iamConfiguration": {"uniformBucketLevelAccess": {"enabled": isBucketLevelAccessEnabled}}}},
-		"iam_policy": {"bindings": [{
-			"role": "roles/storage.objectViewer",
-			"members": members,
-		}]},
-	},
-	"type": "cloud-storage",
-	"subType": "gcp-storage-bucket",
-}
+generate_kms_resource(members, rotationPeriod, nextRotationTime, primary) = generate_gcp_asset(
+	"key-management",
+	"gcp-cloudkms-crypto-key",
+	{"data": {"nextRotationTime": nextRotationTime, "rotationPeriod": rotationPeriod, "primary": primary}},
+	{"bindings": [{"role": "roles/cloudkms.cryptoKeyEncrypterDecrypter", "members": members}]},
+)
 
-generate_bq_resource(config, subType, members) = {
-	"resource": {
-		"resource": {"data": {"defaultEncryptionConfiguration": config}},
-		"iam_policy": {"bindings": [{
-			"role": "roles/bigquery.dataViewer",
-			"members": members,
-		}]},
-	},
-	"type": "cloud-storage",
-	"subType": subType,
-}
+generate_gcs_resource(members, isBucketLevelAccessEnabled) = generate_gcp_asset(
+	"cloud-storage",
+	"gcp-storage-bucket",
+	{"data": {"iamConfiguration": {"uniformBucketLevelAccess": {"enabled": isBucketLevelAccessEnabled}}}},
+	{"bindings": [{"role": "roles/storage.objectViewer", "members": members}]},
+)
 
-generate_compute_resource(subType, info) = {
-	"resource": {"resource": {"data": info}},
-	"type": "cloud-compute",
-	"subType": subType,
-}
+generate_bq_resource(config, subType, members) = generate_gcp_asset(
+	"cloud-storage",
+	subType,
+	{"data": {"defaultEncryptionConfiguration": config}},
+	{"bindings": [{"role": "roles/bigquery.dataViewer", "members": members}]},
+)
 
-generate_iam_service_account_key(resourceData) = {
-	"resource": {
-		"resource": {"data": resourceData},
-		"iam_policy": {},
-	},
-	"type": "kidentity-management",
-	"subType": "gcp-iam-service-account-key",
-}
+generate_compute_resource(subType, info) = generate_gcp_asset(
+	"cloud-compute",
+	subType,
+	{"data": info},
+	{},
+)
 
-not_eval_resource = {
-	"resource": {},
-	"type": "key-management",
-	"subType": "no-exisitng-type",
-}
+generate_iam_service_account_key(resourceData) = generate_gcp_asset(
+	"identity-management",
+	"gcp-iam-service-account-key",
+	{"data": resourceData},
+	{},
+)
 
-# missing resource.iam_policy
-no_policy_resource = {
-	"resource": {"resource": {}},
-	"type": "key-management",
-	"subType": "gcp-iam",
-}
+not_eval_resource = generate_gcp_asset(
+	"key-management",
+	"non-existing-subtype",
+	{},
+	{},
+)
+
+no_policy_resource = generate_gcp_asset(
+	"key-management",
+	"gcp-iam",
+	{},
+	null, # missing resource.iam_policy
+)