Refactoring of Qualys things

1. "030-qualys-vpc" becomes "030-qualys-scanners" and has only the
    scanners proper
2. new "010-vpc-scanners" for holding all the scanners using a standard
   vpc module
3. nessus uses the new vpc-scanners vpc

bin/terragrunt-providers

@@ -1,5 +1,10 @@
 #! /bin/bash
 
+TG=terragrunt
+if [[ "$1" == "local" ]]; then
+	TG=terragrunt-local
+fi
+
 rm -rf .terragrunt-cache
 mv .terraform.lock.hcl .terraform.lock.hcl.bak
-terragrunt providers lock -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 -platform=linux_arm64
+${TG} providers lock -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 -platform=linux_arm64

test/aws-us-gov/mdr-test-c2/031-attach-qualys-vpc-to-transit-gateway/terragrunt.hcl → test/aws-us-gov/mdr-test-c2/010-vpc-scanners/terragrunt.hcl

@@ -2,8 +2,6 @@ locals {
   # If you want to use any of the variables in _this_ file, you have to load them here.
   # However, they will all be available as inputs to the module loaded in terraform.source
   # below.
-
-  # e.g. inherited variables:
   environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
   partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
   region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
@@ -11,20 +9,15 @@ locals {
   global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 }
 
-dependency "transit_gateway" {
-  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
-}
-
-dependency "target_vpc" {
-  config_path = "../030-qualys-vpc"
-}
-
-
 # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v1.0.7"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.23.25"
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -37,13 +30,13 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  accept_tgw_invitation = false # Should we accept the Transit GT invitation? Should only be true for the first vpc
+  # no arns for the account hosting the transit gateway
+  #tgw_share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_info = local.account_vars.locals.vpc_info["vpc-scanners"]
   tags = {
-    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}"
+    Purpose = "Vulnerability Scanners"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
-  accept_invitation = false # Should only be true for the first one
-  tgw_id = dependency.transit_gateway.outputs.tgw_id
-  vpc_id = dependency.target_vpc.outputs.vpc_id
-  subnets = dependency.target_vpc.outputs.private_subnets
-  route_tables = concat(dependency.target_vpc.outputs.private_route_tables, dependency.target_vpc.outputs.public_route_tables)
 }

test/aws-us-gov/mdr-test-c2/030-qualys-vpc/README.md

@@ -1,2 +0,0 @@
-# Qualys VPC and Scanner(s)
-

test/aws-us-gov/mdr-test-c2/031-attach-qualys-vpc-to-transit-gateway/README.md

@@ -1,5 +0,0 @@
-# Attaches this account's Qualys VPCs to the transit gateway, but for the HUB account.
-
-You can reuse this module to attach additional VPCs by updating
-either the dependencies or the inputs, as appropriate.
-

test/aws-us-gov/mdr-test-c2/031-attach-qualys-vpc-to-transit-gateway/.terraform.lock.hcl → test/aws-us-gov/mdr-test-c2/032-qualys-scanners/.terraform.lock.hcl

@@ -3,7 +3,7 @@
 
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "3.37.0"
-  constraints = "3.37.0"
+  constraints = ">= 2.42.0, 3.37.0"
   hashes = [
     "h1:GeRKgHncFkh8vd+Rlq6G/5D7wgfd9LXLYrfNvLiMy48=",
     "h1:RvLGIfRZfbzY58wUja9B6CvGdgVVINy7zLVBdLqIelA=",

test/aws-us-gov/mdr-test-c2/030-qualys-vpc/terragrunt.hcl → test/aws-us-gov/mdr-test-c2/032-qualys-scanners/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_scanners?ref=v1.23.22"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_scanners?ref=v1.23.25"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -26,18 +26,22 @@ include {
   path = find_in_parent_folders()
 }
 
+dependency "vpc" {
+  config_path = "../010-vpc-scanners"
+}
+
 # These are the variables we have to pass in to use the module specified in the terragrunt source above
 inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
-  name = "${ local.account_vars.locals.vpc_info["vpc-qualys"]["name"] }-${local.account_vars.locals.account_name}"
-  cidr = local.account_vars.locals.vpc_info["vpc-qualys"]["cidr"]
   tags = {
-    Purpose = local.account_vars.locals.vpc_info["vpc-qualys"]["purpose"]
+    Purpose = "Qualys Scanning Appliances"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 
+  vpc_id                = dependency.vpc.outputs.vpc_id
+  subnets               = dependency.vpc.outputs.private_subnets
   personalization_codes = local.account_vars.locals.qualys_personalization_codes
 
 }

test/aws-us-gov/mdr-test-c2/275-nessus-security-scanners/terragrunt.hcl

@@ -17,7 +17,7 @@ terraform {
 }
 
 dependency "vpc" {
-  config_path = "../030-qualys-vpc"
+  config_path = "../010-vpc-scanners"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -102,8 +102,8 @@ locals {
       "cidr" = "10.20.0.0/22",
       "tgw_attached" = false, # NOTE: This is attached via the transit gateway creation
     },
-    "vpc-qualys" = {
-      "name" = "vpc-qualys",
+    "vpc-scanners" = {
+      "name" = "vpc-scanners",
       "purpose" = "Security Scanning",
       "cidr" = "10.20.12.0/22",
       "tgw_attached" = true,
@@ -219,8 +219,8 @@ locals {
 
   # Qualys Scanners
   qualys_personalization_codes = {
-    standard = "21009597903247"
-    preauthorized = "21005906078774"
+    standard      = "21035137513195" # XDR_Test_Govcloud_Standard
+    preauthorized = "21054299967066" # XDR_Test_Govcloud_Preauthorized
   }
 
   # Qualys Connector

test/aws-us-gov/mdr-test-modelclient/account.hcl

@@ -22,7 +22,7 @@ locals {
     "vpc-splunk" = {
        "name" = "vpc-splunk",
        "purpose" = "Splunk Systems (modelclient)", # Substitute with Customer Name
-       "cidr" = "10.20.8.0/22",
+       "cidr" = "10.20.8.0/22",	                   # In the wrong place, needs to be changed to 10.22/16
        "tgw_attached" = true
     }
   } 

test/env.hcl

@@ -66,7 +66,7 @@ locals {
 
   dns_servers = [
     "10.20.2.64",
-    "10.16.2.123",
+    "10.20.2.185",
   ]
   inbound_resolver_endpoints = [
     "10.20.0.119",