Merge pull request #16 from mitre/refactor

bug fixes for inspec command not being found by lambda

src/lambda_function.rb

@@ -62,9 +62,10 @@ def lambda_handler(event:, context:)
 
   # Execute InSpec
   # https://ruby-doc.org/core-2.3.0/Kernel.html#method-i-system
-  $logger.info("Executing InSpec command: #{inspec_cmd}")
-  system('inspec', *Shellwords.split(env_inspec_cmd))
-  $logger.info('InSpec exec completed!')
+  $logger.info("Executing InSpec command: inspec #{inspec_cmd}")
+  puts system('inspec help')
+  success = system('bundle', *(%w[exec inspec] + Shellwords.split(env_inspec_cmd)))
+  $logger.info("InSpec exec completed! Success: #{success.nil? ? 'nil (command might not be found)' : success}")
 
   return if event['results_buckets'].nil? || event['results_buckets'].empty?
 
@@ -278,19 +279,20 @@ def add_tmp_ssh_key(tmp_ssm_ssh_key, pub_key)
   conn = train.connection
 
   home_dir = conn.run_command("sudo -u #{user} sh -c 'echo $HOME'").stdout.strip
+  sleep 1
 
   put_cmd = "mkdir -p #{home_dir}/.ssh;"\
             " touch #{home_dir}/.ssh/authorized_keys;"\
             " echo '#{pub_key}' >> #{home_dir}/.ssh/authorized_keys;"
 
   rm_cmd = "sleep #{rm_wait};"\
-           " grep -vF \"#{pub_key}\" #{home_dir}/.ssh/authorized_keys > #{home_dir}/.ssh/authorized_keys.tmp;"\
+           " grep -vF '#{pub_key}' #{home_dir}/.ssh/authorized_keys > #{home_dir}/.ssh/authorized_keys.tmp;"\
            " mv #{home_dir}/.ssh/authorized_keys.tmp #{home_dir}/.ssh/authorized_keys"
 
-  put_result = conn.run_command(put_cmd)
-  puts "cmd result: #{put_result}"
+  puts "cmd result: #{conn.run_command(put_cmd)}"
+  sleep 1
   Thread.new do
-    _ = conn.run_command(rm_cmd)
+    puts "remove result: #{conn.run_command(rm_cmd)}"
     conn.close
     $logger.info('Removed temporary SSH key pair from instance.')
   end

src/run_lambda_locally.rb

@@ -11,34 +11,21 @@
 
 lambda_handler(
   event: {
-    'command' => 'inspec exec https://gitlab.dsolab.io/scv-content/inspec/kubernetes/baselines/k8s-cluster-stig-baseline/-/archive/master/k8s-cluster-stig-baseline-master.tar.gz'\
-                 ' -t k8s://',
-    'results_name' => 'k8s-cluster-stig-baseline-dev-cluster',
+    'command' => 'inspec exec https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline/archive/master.tar.gz'\
+                 ' -t ssh://ssm-user@i-00f1868f8f3b4eb03'\
+                 ' --sudo'\
+                 ' -i /tmp/tmp_ssh_key'\
+                 ' --input=\'disable_slow_controls=true\''\
+                 ' --proxy-command=\'sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p"\'',
+    'results_name' => 'redhat-enterprise-linux-7-stig-baseline-inspec-rhel7-test',
     'results_buckets' => [
       'inspec-results-bucket-dev'
     ],
-    'eval_tags' => 'ServerlessInspec,k8s',
-    'resources' => [
-      {
-        'local_file_path' => '/tmp/kube/config',
-        'source_aws_s3_bucket' => 'inspec-profiles-bucket-dev',
-        'source_aws_s3_key' => 'kube-dev/config'
-      },
-      {
-        'local_file_path' => '/tmp/kube/client.crt',
-        'source_aws_ssm_parameter_key' => '/inspec/kube-dev/client_crt'
-      },
-      {
-        'local_file_path' => '/tmp/kube/client.key',
-        'source_aws_ssm_parameter_key' => '/inspec/kube-dev/client_key'
-      },
-      {
-        'local_file_path' => '/tmp/kube/ca.crt',
-        'source_aws_ssm_parameter_key' => '/inspec/kube-dev/ca_crt'
-      }
-    ],
-    'env' => {
-      'KUBECONFIG' => '/tmp/kube/config'
+    'eval_tags' => 'ServerlessInspec,RHEL7,inspec-rhel7-test,SSH-SSM',
+    'tmp_ssm_ssh_key' => {
+      'host' => 'i-00f1868f8f3b4eb03',
+      'user' => 'ssm-user',
+      'key_name' => 'tmp_ssh_key'
     }
   },
   context: nil
@@ -68,6 +55,7 @@
 _ = {
   'command' => 'inspec exec https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline/archive/master.tar.gz'\
                ' -t ssh://ssm-user@i-00f1868f8f3b4eb03'\
+               ' --sudo'\
                ' -i /tmp/tmp_ssh_key'\
                ' --input=\'disable_slow_controls=true\''\
                ' --proxy-command=\'sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p"\'',

version

@@ -1 +1 @@
-0.15.1
+0.15.4