Fixes lint workflow

.github/workflows/OS.tfvars

@@ -5,5 +5,5 @@ ami_username  = "ec2-user"
 ami_user_home = "/home/ec2-user"
 instance_tags = {
   Name        = "Amazon2-CIS"
-  Environment = "lockdown_github_repo_workflow"
+  Environment = "github_test_pipeline"
 }

.github/workflows/github_networks.tf

@@ -1,11 +1,53 @@
 resource "aws_vpc" "Main" {
   cidr_block = var.main_vpc_cidr
-  tags = var.instance_tags
+  instance_tenancy = "default"
+  tags       = { 
+    Environment = "${var.environment}"
+    Name = "${var.namespace}-VPC"
+    }
 }
 
 resource "aws_internet_gateway" "IGW" {
   vpc_id = aws_vpc.Main.id
   tags = {
-    Name      = "${var.namespace}-IGW"
+    Environment = "${var.environment}"
+    Name = "${var.namespace}-IGW"
   }
 }
+
+resource "aws_subnet" "publicsubnets" {
+  vpc_id =  aws_vpc.Main.id
+  cidr_block = var.public_subnets
+  availability_zone = var.availability_zone
+  tags = {
+    Environment = "${var.environment}"
+    Name = "${var.namespace}-pubsub"
+  }
+}
+
+resource "aws_subnet" "Main" {
+  vpc_id =  aws_vpc.Main.id
+  availability_zone = var.availability_zone
+  cidr_block = var.private_subnets
+  tags = {
+    Environment = "${var.environment}"
+    Name = "${var.namespace}-prvsub"
+  }
+}
+
+resource "aws_route_table" "PublicRT" {
+   vpc_id =  aws_vpc.Main.id
+   route {
+   cidr_block = "0.0.0.0/0"
+   gateway_id = aws_internet_gateway.IGW.id
+   }
+   tags = {
+    Environment = "${var.environment}"
+    Name = "${var.namespace}-publicRT"
+  }
+}
+
+resource "aws_route_table_association" "rt_associate_public" {
+  subnet_id = aws_subnet.Main.id
+  route_table_id = aws_route_table.PublicRT.id
+}

.github/workflows/github_vars.tfvars

@@ -4,9 +4,10 @@
 // 
 
 namespace         = "github_actions"
+environment       = "github_test_pipeline"
 
 // Matching pair name found in AWS for keypairs PEM key
 ami_key_pair_name = "github_actions"
 main_vpc_cidr     = "172.22.0.0/24"
 public_subnets    = "172.22.0.128/26"
-private_subnets   = "172.22.0.192/26"
+private_subnets   = "172.22.0.192/26"

.github/workflows/main.tf

@@ -5,9 +5,6 @@ provider "aws" {
 
 // Create a security group with access to port 22 and port 80 open to serve HTTP traffic
 
-data "aws_vpc" "default" {
-  default = true
-}
 
 resource "random_id" "server" {
   keepers = {
@@ -19,8 +16,8 @@ resource "random_id" "server" {
 }
 
 resource "aws_security_group" "github_actions" {
-  name   = "${var.namespace}-${random_id.server.hex}"
-  vpc_id = data.aws_vpc.default.id
+  name   = "${var.namespace}-${random_id.server.hex}-SG"
+  vpc_id = aws_vpc.Main.id
 
   ingress {
     from_port   = 22
@@ -43,6 +40,7 @@ resource "aws_security_group" "github_actions" {
     cidr_blocks = ["0.0.0.0/0"]
   }
   tags = {
+    Environment = "${var.environment}"
     Name = "${var.namespace}-SG"
  }
 }
@@ -51,11 +49,13 @@ resource "aws_security_group" "github_actions" {
 
 resource "aws_instance" "testing_vm" {
   ami                         = var.ami_id
+  availability_zone           = var.availability_zone
   associate_public_ip_address = true
   key_name                    = var.ami_key_pair_name # This is the key as known in the ec2 key_pairs
   instance_type               = var.instance_type
   tags                        = var.instance_tags
   vpc_security_group_ids      = [aws_security_group.github_actions.id]
+  subnet_id                   = aws_subnet.Main.id
   root_block_device {
         delete_on_termination = true
   }

.github/workflows/terraform.tfvars

@@ -1,4 +1,5 @@
 // vars should be loaded by OSname.tfvars
+availability_zone      = "us-east-1b"
 aws_region    = "us-east-1"
 ami_os        = var.ami_os
 ami_username  = var.ami_username

.github/workflows/variables.tf

@@ -6,6 +6,12 @@ variable "aws_region" {
   type        = string
 }
 
+variable "availability_zone" {
+  description = "List of availability zone in the region"
+  default     = "us-east-1b"
+  type        = string
+}
+
 variable "instance_type" {
   description = "EC2 Instance Type"
   default     = "t3.micro"
@@ -47,6 +53,11 @@ variable "namespace" {
   type        = string
 }
 
+variable "environment" {
+  description = "Env Name used across all tags"
+  type        = string
+}
+
 // taken from github_vars.tfvars &
 
 variable "main_vpc_cidr" {
@@ -62,4 +73,4 @@ variable "public_subnets" {
 variable "private_subnets" {
   description = "private subnet cidr block"
   type        = string
-}
+}

.gitignore

@@ -0,0 +1,47 @@
+.env
+*.log
+*.retry
+.vagrant
+.cache
+tests/*redhat-subscription
+tests/Dockerfile
+*.iso
+*.box
+packer_cache
+delete*
+ignore*
+# VSCode
+.vscode
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# DS_Store
+.DS_Store
+._*
+
+# Linux Editors
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+.elc
+auto-save-list
+tramp
+.\#*
+*.swp
+*.swo
+rh-creds.env
+travis.env
+
+# Lockdown-specific
+benchparse/
+*xccdf.xml
+*.retry
+test_inv
+
+# ignore refactr pipeline test conf
+.github/
+

collections/requirements.yml

@@ -0,0 +1,8 @@
+---
+
+collections:
+- name: community.general
+
+- name: community.crypto
+
+- name: ansible.posix

tasks/check_prereqs.yml

@@ -6,45 +6,19 @@
       state: latest
   register: python2_packages
   with_items:
-      - rpm-python
+      - python2-rpm
       - libselinux-python
-  when:
-      - ansible_python.version.major is version('2', '=')
   vars:
       ansible_python_interpreter: "{{ python2_bin }}"
 
-- name: "PREREQ | Add the required packages | Python 3"
-  block:
-      - name: Check if python36-rpm package installed
-        command: rpm -q python36-rpm
-        changed_when: false
-        failed_when: ( python36_rpm_present.rc not in [ 0, 1 ] )
-        register: python36_rpm_present
-        args:
-            warn: false
-
-      - name: Add the EPEL repository required for the python36-rpm pkg
-        package:
-            name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-            state: present
-        register: epel_installed
-        when:
-            - python36_rpm_present.rc is version('0', '>')
-
-      - name: "PREREQ | Check required packages installed | Python3 "
-        package:
-            name: "{{ item }}"
-            state: present
-        register: python3reqs_installed
-        with_items:
-            - python36-rpm
-            - libselinux-python3
-
-      - name: Disable Epel repo if installed earlier
-        command: yum-config-manager disable epel
-        when: epel_installed.changed
+- name: "PREREQ | Check required packages installed | Python3 "
+  package:
+      name: "{{ item }}"
+      state: present
+  register: python3reqs_installed
+  with_items:
+      - python3-rpm
   when:
-      - ansible_python.version.major is version('3', '=') and
-        ansible_python.version.minor is version('6', '=')
+      - ansible_python.version.major is version('3', '=')
   vars:
       ansible_python_interpreter: "{{ python2_bin }}"

tasks/main.yml

@@ -36,12 +36,12 @@
   tags:
       - rule_5.7
 
-- include: check_prereqs.yml
+- include_tasks: check_prereqs.yml
   tags:
       - always
       - prereqs
 
-- include: prelim.yml
+- include_tasks: prelim.yml
   tags:
       - prelim_tasks
       - always
@@ -58,37 +58,37 @@
   tags:
       - always
 
-- include: section_1/main.yml
+- include_tasks: section_1/main.yml
   when: amazon2cis_section1
   tags:
       - amazon2cis_section1
 
-- include: section_2/main.yml
+- include_tasks: section_2/main.yml
   when: amazon2cis_section2
   tags:
       - amazon2cis_section2
 
-- include: section_3/main.yml
+- include_tasks: section_3/main.yml
   when: amazon2cis_section3
   tags:
       - amazon2cis_section3
 
-- include: section_4/main.yml
+- include_tasks: section_4/main.yml
   when: amazon2cis_section4
   tags:
       - amazon2cis_section4
 
-- include: section_5/main.yml
+- include_tasks: section_5/main.yml
   when: amazon2cis_section5
   tags:
       - amazon2cis_section5
 
-- include: section_6/main.yml
+- include_tasks: section_6/main.yml
   when: amazon2cis_section6
   tags:
       - amazon2cis_section6
 
-# - include: post.yml
+# - include_tasks: post.yml
 #   tags:
 #   - post_tasks
 #   - always

tasks/prelim.yml

@@ -1,7 +1,7 @@
 ---
 # Preliminary tasks that should always be run
 # List users in order to look files inside each home directory
-- include: parse_etc_password.yml
+- include_tasks: parse_etc_password.yml
   when:
       - amazon2cis_section5 or
         amazon2cis_section6