Updates and fixes found during 'apply all everywhere'

* apply_module_everywhere updates to skip unused accounts
* Legacy HEC updates to remove legacy internal DNS entries that had been manually removed
* 086-keycloak-configuration module removed, as it had never been implemented
* 275-nessus-security-managers updated to latest for security group fix

bin/apply_module_everywhere

@@ -7,8 +7,17 @@
 
 
 for i in $( find . -type d -name "$1" -print | egrep -v "000-skeleton" ); do
+  echo ""
+  echo ------------------------------------
   echo Processing $i...
+  echo ------------------------------------
   pushd $i
+  if [[ -f "../UNUSED.ACCOUNT" ]]; then
+    echo $i is unused. Continuing.
+    popd
+    continue
+  fi
+  #echo terragrunt init && echo terragrunt apply
   terragrunt init && terragrunt apply
   popd
 done

prod/aws-us-gov/mdr-prod-afs/165-splunk-legacy-hec/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v1.24.13"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v2.1.2"
 }
 
 generate "provider-legacy" {

prod/aws-us-gov/mdr-prod-c2/165-splunk-legacy-hec/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v2.1.2"
 }
 
 generate "provider-legacy" {

prod/aws-us-gov/mdr-prod-dc-c19/165-splunk-legacy-hec/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v1.24.6"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v2.1.2"
 }
 
 generate "provider-legacy" {

prod/aws-us-gov/mdr-prod-la-c19/165-splunk-legacy-hec/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v1.24.6"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v2.1.2"
 }
 
 generate "provider-legacy" {

prod/aws-us-gov/mdr-prod-ma-c19/165-splunk-legacy-hec/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v1.24.6"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v2.1.2"
 }
 
 generate "provider-legacy" {

prod/aws-us-gov/mdr-prod-malware/007-backups/terragrunt.hcl

@@ -1,35 +0,0 @@
-locals {
-  # If you want to use any of the variables in _this_ file, you have to load them here.
-  # However, they will all be available as inputs to the module loaded in terraform.source
-  # below.
-
-  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
-  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
-  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
-  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
-  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
-}
-
-# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
-# working directory, into a temporary folder, and execute your Terraform commands in that folder.
-terraform {
-  # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/backups?ref=v2.1.0"
-}
-
-# Include all settings from the root terragrunt.hcl file
-include {
-  path = find_in_parent_folders()
-}
-
-# These are the variables we have to pass in to use the module specified in the terragrunt source above
-inputs = {
-  # All of the inputs from the inherited hcl files are available automatically
-  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
-  # will be more flexible if you specify particular input values.
-  tags = {
-    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
-  }
-}
-terraform_version_constraint = "= 0.15.1"
-terragrunt_version_constraint = ">= 0.29, < 0.30"

prod/aws-us-gov/mdr-prod-modelclient/account.hcl

@@ -5,8 +5,8 @@ locals {
   account_alias  = "afs-mdr-prod-modelclient-gov"
   aws_account_id = "738736370544"
   instance_termination_protection = true # set to true for production!
-  splunk_prefix = "TODO"
-  splunk_private_hec = TODO # True if the customer needs a private HTTP Event Collector such as for ALSI
+  splunk_prefix = "modelclient"
+  splunk_private_hec = false # True if the customer needs a private HTTP Event Collector such as for ALSI
 
   splunk_data_sources = [
     "x.x.x.x/32", # TODO: Add customer's public IP addresses

prod/aws-us-gov/mdr-prod-malware/007-backups/.terraform.lock.hcl → prod/aws-us-gov/mdr-tiaas/006-account-standards-regional/us-gov-west-1/.terraform.lock.hcl

@@ -1,27 +1,6 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
-provider "registry.terraform.io/hashicorp/archive" {
-  version = "2.1.0"
-  hashes = [
-    "h1:EkUZ8/5ZEFtUErBcThuMyAXMJ4SNyDebp+rCD8Oakso=",
-    "h1:K4Q9hmTnCrGbXZBq2hf6CbekHx5oXFwPBmWOwAPNqtM=",
-    "h1:Rjd4bHMA69V+16tiriAUTW8vvqoljzNLmEaRBCgzpUs=",
-    "h1:f3WXKM/FBu5EMY6j2BGt982hzVMNicrxTyEAz5EsrOU=",
-    "zh:033279ecbf60f565303222e9a6d26b50fdebe43aa1c6e8f565f09bb64d67c3fd",
-    "zh:0af998e42eb421c92e87202df5bfee436b3cfe553214394f08d786c72a9e3f70",
-    "zh:1183b661c692f38409a61eefb5d412167c246fcd9e49d4d61d6d910012d206ba",
-    "zh:5febb66f4a8207117f71dcd460fb9c81d3afb7b600b5e598cf517cf6e27cf4b2",
-    "zh:66135ce46d29d0ccf0e3b6a119423754ca334dbf4266bc989cce5b0b667b5fde",
-    "zh:6b9dc1a4f0a680bb650a7191784927f99675a8c8dd3c155ba821185f630db604",
-    "zh:91e249482c016ecf6bf8b83849964005cd2d0b4396688419cd1752809b46b23e",
-    "zh:a6a2e5f2f010c511e66174cb84ea18899e8bcfc1354c4b9fed972fdb131ffffc",
-    "zh:bb1f6abc76552a883732caff897ff7b07a91977a9b4bb97915f6aac54116bb65",
-    "zh:f05a9a63607f85719fde705f58d82ee16fa67f9158a5c3424c0216507631eddf",
-    "zh:fc603a05a06814387ffa4a054d1baee8ea6b5ab32c53cb73e90a5bf9a2616777",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "3.37.0"
   constraints = "3.37.0"
@@ -44,42 +23,6 @@ provider "registry.terraform.io/hashicorp/aws" {
   ]
 }
 
-provider "registry.terraform.io/hashicorp/external" {
-  version = "2.1.0"
-  hashes = [
-    "h1:LTl5CGW8wiIEe16AC4MtXN/95xWWNDbap70zJsBTk0w=",
-    "zh:0d83ffb72fbd08986378204a7373d8c43b127049096eaf2765bfdd6b00ad9853",
-    "zh:7577d6edc67b1e8c2cf62fe6501192df1231d74125d90e51d570d586d95269c5",
-    "zh:9c669ded5d5affa4b2544952c4b6588dfed55260147d24ced02dca3a2829f328",
-    "zh:a404d46f2831f90633947ab5d57e19dbfe35b3704104ba6ec80bcf50b058acfd",
-    "zh:ae1caea1c936d459ceadf287bb5c5bd67b5e2a7819df6f5c4114b7305df7f822",
-    "zh:afb4f805477694a4b9dde86b268d2c0821711c8aab1c6088f5f992228c4c06fb",
-    "zh:b993b4a1de8a462643e78f4786789e44ce5064b332fee1cb0d6250ed085561b8",
-    "zh:c84b2c13fa3ea2c0aa7291243006d560ce480a5591294b9001ce3742fc9c5791",
-    "zh:c8966f69b7eccccb771704fd5335923692eccc9e0e90cb95d14538fe2e92a3b8",
-    "zh:d5fe68850d449b811e633a300b114d0617df6d450305e8251643b4d143dc855b",
-    "zh:ddebfd1e674ba336df09b1f27bbaa0e036c25b7a7087dc8081443f6e5954028b",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
-  version = "3.1.0"
-  hashes = [
-    "h1:xhbHC6in3nQryvTQBWKxebi3inG5OCgHgc4fRxL0ymc=",
-    "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2",
-    "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515",
-    "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521",
-    "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2",
-    "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e",
-    "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53",
-    "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d",
-    "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8",
-    "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70",
-    "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b",
-    "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/template" {
   version     = "2.2.0"
   constraints = "2.2.0"

test/aws-us-gov/mdr-test-c2/086-keycloak-configuration/.terraform.lock.hcl → prod/aws-us-gov/mdr-tiaas/006-account-standards/.terraform.lock.hcl

@@ -1,6 +1,27 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/hashicorp/archive" {
+  version = "2.2.0"
+  hashes = [
+    "h1:2K5LQkuWRS2YN1/YoNaHn9MAzjuTX8Gaqy6i8Mbfv8Y=",
+    "h1:CIWi5G6ob7p2wWoThRQbOB8AbmFlCzp7Ka81hR3cVp0=",
+    "h1:Rxkd7mWSvHMLppeKeW6+7BxWGP0h4xZdfb5sd4pGQq8=",
+    "h1:mZPzA0bba3fHD0Ht01Qu1r1x8uKHGJbKK1/CJn11vFI=",
+    "zh:06bd875932288f235c16e2237142b493c2c2b6aba0e82e8c85068332a8d2a29e",
+    "zh:0c681b481372afcaefddacc7ccdf1d3bb3a0c0d4678a526bc8b02d0c331479bc",
+    "zh:100fc5b3fc01ea463533d7bbfb01cb7113947a969a4ec12e27f5b2be49884d6c",
+    "zh:55c0d7ddddbd0a46d57c51fcfa9b91f14eed081a45101dbfc7fd9d2278aa1403",
+    "zh:73a5dd68379119167934c48afa1101b09abad2deb436cd5c446733e705869d6b",
+    "zh:841fc4ac6dc3479981330974d44ad2341deada8a5ff9e3b1b4510702dfbdbed9",
+    "zh:91be62c9b41edb137f7f835491183628d484e9d6efa82fcb75cfa538c92791c5",
+    "zh:acd5f442bd88d67eb948b18dc2ed421c6c3faee62d3a12200e442bfff0aa7d8b",
+    "zh:ad5720da5524641ad718a565694821be5f61f68f1c3c5d2cfa24426b8e774bef",
+    "zh:e63f12ea938520b3f83634fc29da28d92eed5cfbc5cc8ca08281a6a9c36cca65",
+    "zh:f6542918faa115df46474a36aabb4c3899650bea036b5f8a5e296be6f8f25767",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "3.37.0"
   constraints = "3.37.0"
@@ -23,28 +44,6 @@ provider "registry.terraform.io/hashicorp/aws" {
   ]
 }
 
-provider "registry.terraform.io/hashicorp/random" {
-  version     = "3.1.0"
-  constraints = ">= 2.2.0, >= 3.1.0"
-  hashes = [
-    "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
-    "h1:EPIax4Ftp2SNdB9pUfoSjxoueDoLc/Ck3EUoeX0Dvsg=",
-    "h1:cH1JxJhQqK+FqqkJkmpX9QPC1OD08Bak1fm5IZcnMYw=",
-    "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=",
-    "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
-    "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
-    "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
-    "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
-    "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
-    "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
-    "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
-    "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
-    "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
-    "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
-    "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/template" {
   version     = "2.2.0"
   constraints = "2.2.0"
@@ -108,23 +107,3 @@ provider "registry.terraform.io/jtopjian/sensu" {
     "zh:c86d3aa646335ac7d5bb85475e7be115b62adc8d06ab4fb962c7f2874a1b5108",
   ]
 }
-
-provider "registry.terraform.io/mrparkers/keycloak" {
-  version     = "3.0.1"
-  constraints = "3.0.1"
-  hashes = [
-    "h1:IrAwRXe/8Wp/qdN8BLmA3fOtn8fTe9GOM72NiPduQ9s=",
-    "zh:1126fd3b851b9764b68251259629de5433da9fe84b5a41c747819cfd53b07227",
-    "zh:1a8a6777016d53011dd773c90880ba8521f344965b8b7bf82c5f9a9d9ba1c099",
-    "zh:5c6ec73033c794d5cc0a0c3abd7547a2bf9c62385feaa1459b7115e8010d8903",
-    "zh:69ddff873d308bd6429bf4ccdb7b50a4ae9cf02eb19d30288edfccc201f72eb5",
-    "zh:6b739f3eeb69bb1beab75812678059a86263788cbd8e1279cb3753ff9369a4aa",
-    "zh:8d10b0bbeb85272dae0ae7dc7d59c3161e10fd32bcc504dc01535d286bcf08d5",
-    "zh:bf9aea83a2d8165e2d6b68b4b88c53b5639ee02f7a363c4bf1f1a0c4bd23cb4c",
-    "zh:c22059482ae6e37571ea0538dfb449407ad7c27b70ffa7384f8242ae0bbeea54",
-    "zh:c44960a402372dbfe077f966ff1d2eec4bcdc83920b6e5974ac28ca214928f78",
-    "zh:c766bdb154e98698d777466a97d36cb04d46835283f74e472bf405a9d05ac078",
-    "zh:e1ae3c37887be3a29eaf705851fd92128ff772038cc2c611fcb8e602134175f2",
-    "zh:f82aaa8b8595e277731d1af6f1dd16b154a17402aeacde27abe96903494c5f15",
-  ]
-}

test/aws-us-gov/mdr-test-c2/086-keycloak-configuration/README.md

@@ -1,6 +0,0 @@
-Apply via:
-```
-KEYCLOAK_URL=https://10.x.x.x:8443 KEYCLOAK_CLIENT_SECRET=blah terragrunt apply
-```
-
-You *must* use the IP address and not the hostname, or DNS resolution will fail (for whatever reason, it doesn't use the VPN). You should only need to run against one server.

test/aws-us-gov/mdr-test-c2/086-keycloak-configuration/terragrunt.hcl

@@ -1,81 +0,0 @@
-locals {
-  # If you want to use any of the variables in _this_ file, you have to load them here.
-  # However, they will all be available as inputs to the module loaded in terraform.source
-  # below.
-  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
-  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
-  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
-  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
-  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
-}
-
-# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
-# working directory, into a temporary folder, and execute your Terraform commands in that folder.
-terraform {
-  # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/keycloak-configuration?ref=v1.25.0"
-}
-
-generate "required_providers" {
-  path      = "required_provider.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-terraform {
-  required_providers {
-    aws = {
-      source = "hashicorp/aws"
-      version = "= 3.37.0" # 2021-04-29: upgrade from 2.66
-    }
-    template = {
-      source = "hashicorp/template"
-      version = "= 2.2.0" # 2021-04-29: ugprade from 2.1.0
-    }
-    vault = {
-      source = "hashicorp/vault"
-      version = "= 2.19.1" # 2021-04-29: upgrade from 2.18.0
-    }
-    sensu = {
-      source = "jtopjian/sensu"
-      version = "= 0.10.5"
-    }
-    keycloak = {
-      source = "mrparkers/keycloak"
-      version = "= 3.0.1"
-    }
-  }
-}
-EOF
-}
-
-generate "provider-keycloak" {
-  path      = "provider-keycloak.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-provider "keycloak" {
-   client_id     = "terraform"
-   # Specify the secret in the environment variable KEYCLOAK_CLIENT_SECRET
-   #client_secret = blahblahblah
-   # Specify the url in the environment variable KEYCLOAK_URL
-   #url           = "http://keycloak-0.pvt.xdrtest.accenturefederalcyber.com:8443"
-   tls_insecure_skip_verify = true # Should probably specify the CA
-}
-EOF
-}
-
-# Include all settings from the root terragrunt.hcl file
-include {
-  path = find_in_parent_folders()
-}
-
-# These are the variables we have to pass in to use the module specified in the terragrunt source above
-inputs = {
-  # All of the inputs from the inherited hcl files are available automatically
-  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
-  # will be more flexible if you specify particular input values.
-  tags = {
-    Purpose = "Identity Provider Configuration",
-    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
-  }
-}
-terraform_version_constraint = "= 0.15.1"
-terragrunt_version_constraint = ">= 0.29, < 0.30"

test/aws-us-gov/mdr-test-c2/165-splunk-legacy-hec/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v2.1.2"
 }
 
 generate "provider-legacy" {

test/aws-us-gov/mdr-test-c2/275-nessus-security-managers/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_manager?ref=v2.0.9"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_manager?ref=v2.1.0"
 }
 
 dependency "vpc" {