From e212e6887ca29e3b344e60b764d35bb08c153fbd Mon Sep 17 00:00:00 2001
From: seanlongcc <seanlongcc@gmail.com>
Date: Mon, 1 Jul 2024 14:28:18 -0400
Subject: [PATCH] remove inspec overlay

---
 README.md                                      |  2 +-
 mongo-validate.pkr.hcl                         |  2 +-
 spec/ansible/mongo-stig-hardening-playbook.yml | 13 +++++++------
 spec/ansible/requirements.yml                  |  7 ++++---
 spec/mongo-inspec-profile/controls/overlay.rb  |  1 -
 spec/mongo-inspec-profile/inspec.yml           | 15 ---------------
 spec/scripts/scan.sh                           |  5 +++--
 7 files changed, 16 insertions(+), 29 deletions(-)
 delete mode 100644 spec/mongo-inspec-profile/controls/overlay.rb
 delete mode 100644 spec/mongo-inspec-profile/inspec.yml

diff --git a/README.md b/README.md
index 4e180cb..59831a8 100644
--- a/README.md
+++ b/README.md
@@ -147,7 +147,7 @@ Full repository [here](https://github.com/mitre/mongodb-enterprise-advanced-4-st
   - Remove the `--controls` flag to run all inspec checks at once.
 
   ```sh
-  inspec exec spec/mongo-inspec-profile/ -t docker://mongo-hardened --controls=SV-252134 --input-file=spec/mongo-inspec-profile/inputs.yml --reporter cli json:reports/inspec_results.json --no-create-lockfile --show-progress
+  inspec exec spec/mongo-inspec-profile/ -t docker://mongo-hardened --controls=SV-252134 --input-file=spec/mongo-inspec-profile/inputs.yml --reporter cli json:reports/inspec_results.json --no-create-lockfile --enhanced-outcomes
   ```
 
 - Deeper Testing with InSpec Shell
diff --git a/mongo-validate.pkr.hcl b/mongo-validate.pkr.hcl
index 1758905..ad04105 100644
--- a/mongo-validate.pkr.hcl
+++ b/mongo-validate.pkr.hcl
@@ -23,8 +23,8 @@ variable "input_hardened_image" {
 variable "scan" {
   type = map(string)
   default = {
+    "inspec_profile"         = "https://github.com/mitre/mongodb-enterprise-advanced-4-stig-baseline.git",
     "report_dir"             = "reports",
-    "inspec_profile"         = "spec/mongo-inspec-profile",
     "inspec_report_filename" = "inspec_results.json",
     "inspec_input_file"      = "spec/mongo-inspec-profile/inputs.yml"
   }
diff --git a/spec/ansible/mongo-stig-hardening-playbook.yml b/spec/ansible/mongo-stig-hardening-playbook.yml
index 8578675..2e8ad70 100644
--- a/spec/ansible/mongo-stig-hardening-playbook.yml
+++ b/spec/ansible/mongo-stig-hardening-playbook.yml
@@ -2,11 +2,12 @@
 - hosts:
     - localhost
   roles:
-    - roles/prep
-    - mitre.yedit
-    - mongo-stig
+    - role: roles/prep
+    - role: mitre.yedit
+    - role: mongoSTIG
+      vars:
+        fips_mode: true
+        enterprise_edition: true
   serial: 50
   user: 0
-  vars:
-    fips_mode: true
-    enterprise_edition: true
+
diff --git a/spec/ansible/requirements.yml b/spec/ansible/requirements.yml
index 949a620..2dd38c3 100644
--- a/spec/ansible/requirements.yml
+++ b/spec/ansible/requirements.yml
@@ -1,8 +1,9 @@
 ---
 roles:
-  - name: rhel8STIG
-    src: https://github.com/ansible-lockdown/RHEL8-STIG
-
+  - name: mongoSTIG
+    src: https://github.com/mitre/ansible-mongodb-enterprise-advanced-4-stig-hardening
+    version: main
+    
   - src: mitre.yedit
 
 collections:
diff --git a/spec/mongo-inspec-profile/controls/overlay.rb b/spec/mongo-inspec-profile/controls/overlay.rb
deleted file mode 100644
index 7017450..0000000
--- a/spec/mongo-inspec-profile/controls/overlay.rb
+++ /dev/null
@@ -1 +0,0 @@
-include_controls 'mongodb-enterprise-advanced-4-stig-baseline'
\ No newline at end of file
diff --git a/spec/mongo-inspec-profile/inspec.yml b/spec/mongo-inspec-profile/inspec.yml
deleted file mode 100644
index e58f0af..0000000
--- a/spec/mongo-inspec-profile/inspec.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: MongoDB_Enterprise_Advanced_4-x_STIG_Overlay
-title: null
-maintainer: null
-copyright: null
-copyright_email: null
-license: null
-summary: null
-description: null
-version: 1.0.0
-supports: []
-depends: 
-  - name: mongodb-enterprise-advanced-4-stig-baseline
-    git:  https://github.com/mitre/mongodb-enterprise-advanced-4-stig-baseline.git
-    branch: main
-inspec_version: null
\ No newline at end of file
diff --git a/spec/scripts/scan.sh b/spec/scripts/scan.sh
index b4b1c50..df8afd5 100755
--- a/spec/scripts/scan.sh
+++ b/spec/scripts/scan.sh
@@ -8,5 +8,6 @@ echo "--- Running InSpec Profile ($PROFILE) against target ---"
 inspec exec $PROFILE \
     -t docker://$CONTAINER_ID \
     --input-file=$INPUT_FILE \
-    --reporter cli json:$REPORT_DIR/$REPORT_FILE \
-    --no-create-lockfile
\ No newline at end of file
+    --reporter progress-bar json:$REPORT_DIR/$REPORT_FILE \
+    --no-create-lockfile \
+    --enhanced-outcomes
\ No newline at end of file