revert

fixed /32 on RDS module IPs

See merge request qmi/qmi-cloud-tf-modules!7

appgateways/appgw-443-only/main.tf

@@ -13,14 +13,8 @@ locals {
     redirect_configuration_80   = "${var.appgw_hostname}-80redirect"
 }
 
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-
-data "azurerm_key_vault_secret" "cert-data" {
-  name         = "star-qmi-qlikpoc-com-data"
+data "azurerm_key_vault_certificate" "qmi-cert" {
+  name         = "star-qmi-qlikpoc-com-cert"
   key_vault_id = var.key_vault_id
 }
 
@@ -45,6 +39,11 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
   resource_group_name = var.app_gw_rg
   location            = var.location
 
+  identity {
+    type = "UserAssigned"
+    identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
+  }
+
   tags = {
     Deployment = "QMI PoC"
     "Cost Center" = "3100"
@@ -87,8 +86,7 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
 
   ssl_certificate {
     name          = var.cert_name
-    password      = data.azurerm_key_vault_secret.cert-password.value
-    data          = data.azurerm_key_vault_secret.cert-data.value
+    key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
   }
 
   ssl_policy {

appgateways/appgw-e2e/main.tf

@@ -45,14 +45,8 @@ locals {
     
 }
 
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-
-data "azurerm_key_vault_secret" "cert-data" {
-  name         = "star-qmi-qlikpoc-com-data"
+data "azurerm_key_vault_certificate" "qmi-cert" {
+  name         = "star-qmi-qlikpoc-com-cert"
   key_vault_id = var.key_vault_id
 }
 
@@ -77,6 +71,11 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
   resource_group_name = var.app_gw_rg
   location            = var.location
 
+  identity {
+    type = "UserAssigned"
+    identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
+  }
+
   tags = {
     Deployment = "QMI PoC"
     "Cost Center" = "3100"
@@ -205,8 +204,7 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
 
   ssl_certificate {
     name          = var.cert_name
-    password      = data.azurerm_key_vault_secret.cert-password.value
-    data          = data.azurerm_key_vault_secret.cert-data.value
+    key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
   }
 
   ssl_policy {

appgateways/appgw-qdc-qs/main.tf

@@ -37,14 +37,8 @@ locals {
     
 }
 
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-
-data "azurerm_key_vault_secret" "cert-data" {
-  name         = "star-qmi-qlikpoc-com-data"
+data "azurerm_key_vault_certificate" "qmi-cert" {
+  name         = "star-qmi-qlikpoc-com-cert"
   key_vault_id = var.key_vault_id
 }
 
@@ -70,6 +64,11 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
   resource_group_name = var.app_gw_rg
   location            = var.location
 
+  identity {
+    type = "UserAssigned"
+    identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
+  }
+
   tags = {
     Deployment = "QMI PoC"
     "Cost Center" = "3100"
@@ -189,8 +188,7 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
 
   ssl_certificate {
     name          = var.cert_name
-    password      = data.azurerm_key_vault_secret.cert-password.value
-    data          = data.azurerm_key_vault_secret.cert-data.value
+    key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
   }
 
   ssl_policy {

appgateways/appgw-qdc-qs/main.tfold

@@ -1,444 +0,0 @@
-locals {
-    appgw_hostname              = "${var.appgw_hostname}.${var.domain}"
-    appgw_name                  = "qmi-appgw-qdc-qs"
-    
-    # Qlik Sense
-    backend_address_pool_qs     = "${var.appgw_hostname}-qs-bp"
-    http_setting_name_443       = "${var.appgw_hostname}-http-setting"
-    listener_name_http          = "${var.appgw_hostname}-http"
-    listener_name_https         = "${var.appgw_hostname}-https"
-    qs_probe_name               = "${var.appgw_hostname}-probe"
-    request_routing_rule_https  = "${var.appgw_hostname}-https-rule"
-    request_routing_rule_http   = "${var.appgw_hostname}-http-rule"
-    redirect_configuration_80   = "${var.appgw_hostname}-80redirect"
-
-    # NPrinting
-    http_setting_name_4993      = "${var.appgw_hostname}-4993-setting"
-    http_setting_name_4994      = "${var.appgw_hostname}-4994-setting"
-    listener_name_4993          = "${var.appgw_hostname}-4993"
-    listener_name_4994         = "${var.appgw_hostname}-4994"
-    request_routing_rule_4993   = "${var.appgw_hostname}-4993-rule"
-    request_routing_rule_4994   = "${var.appgw_hostname}-4994-rule"
-
-
-    # QIB
-    http_setting_name_4435      = "${var.appgw_hostname}-4435-setting"
-    qs_probe_name_4435          = "${var.appgw_hostname}-probe-4435"
-    listener_name_4435          = "${var.appgw_hostname}-4435"
-    request_routing_rule_4435   = "${var.appgw_hostname}-4435-rule"
-
-
-    # QDC
-    backend_address_pool_qdc    = "${var.appgw_hostname}-qdc-bp"
-    http_setting_name_8443      = "${var.appgw_hostname}-8443-setting"
-    qdc_probe_name              = "${var.appgw_hostname}-qdcprobe"
-    listener_name_8080          = "${var.appgw_hostname}-8080"
-    listener_name_8443          = "${var.appgw_hostname}-8443"
-    request_routing_rule_8443   = "${var.appgw_hostname}-8443-rule"
-    request_routing_rule_8080   = "${var.appgw_hostname}-8080-rule"
-    redirect_configuration_8080 = "${var.appgw_hostname}-8080redirect"
-    
-}
-
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-
-data "azurerm_key_vault_secret" "cert-data" {
-  name         = "star-qmi-qlikpoc-com-data"
-  key_vault_id = var.key_vault_id
-}
-
-resource "azurerm_public_ip" "appgw-ip" {
-
-  name                = "${local.appgw_name}-ip-${var.provision_id}"
-  resource_group_name = var.app_gw_rg
-  sku                 = "Standard"
-  location            = var.location
-  allocation_method   = "Static"
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-  
-}
-
-resource "azurerm_application_gateway" "qmi-app-gw" {
-
-  name                = "${local.appgw_name}-${var.provision_id}"
-  resource_group_name = var.app_gw_rg
-  location            = var.location
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-
-  sku {
-    name     = "WAF_v2"
-    tier     = "WAF_v2"
-    capacity = 1
-  }
-
-  gateway_ip_configuration {
-    name      = "app-gw-subnet"
-    subnet_id = var.app_gw_subnet
-  }
-
-  waf_configuration {
-    enabled               = true
-    firewall_mode         = "Prevention"
-    rule_set_type         = "OWASP"
-    rule_set_version      = "3.0"
-    file_upload_limit_mb  = "500"
-
-    exclusion {
-      match_variable          = "RequestCookieNames"
-      selector_match_operator = "Equals"
-      selector                = "qvla_invite"
-    }
-
-    exclusion {
-      match_variable          = "RequestCookieNames"
-      selector_match_operator = "Contains"
-      selector                = "parsely"
-    }
-
-    exclusion {
-      match_variable          = "RequestCookieNames"
-      selector_match_operator = "Contains"
-      selector                = "mixpanel"
-    }
-
-    exclusion {
-      match_variable          = "RequestCookieNames"
-      selector_match_operator = "Contains"
-      selector                = "optimizely"
-    }
-
-    exclusion {
-      match_variable          = "RequestArgNames"
-      selector_match_operator = "Equals"
-      selector                = "reloadUri"
-    }
-
-    exclusion {
-      match_variable          = "RequestCookieNames"
-      selector_match_operator = "Contains"
-      selector                = "NPWEBCONSOLE"
-    }
-
-    exclusion {
-      match_variable          = "RequestCookieNames"
-      selector_match_operator = "Contains"
-      selector                = "NPNEWSSTAND"
-    }
-
-    exclusion {
-      match_variable          = "RequestCookieNames"
-      selector_match_operator = "Contains"
-      selector                = "Vizlib"
-    }
-
-    # This is needed for NPrinting
-    /*disabled_rule_group {
-      rule_group_name = "REQUEST-920-PROTOCOL-ENFORCEMENT"
-      rules           = ["920270", "920271"]
-    }*/
-
-  }
-
-  # Qlik Sense fe ports
-  frontend_port {
-    name = "443"
-    port = 443
-  }
-  frontend_port {
-    name = "80"
-    port = 80
-  }
-
-  # NPrinting fe ports
-  frontend_port {
-    name = "4993"
-    port = 4993
-  }
-  frontend_port {
-    name = "4994"
-    port = 4994
-  }
-
-  # QIB fe ports
-  frontend_port {
-    name = "4435"
-    port = 4435
-  }
-
-  # QDC fe ports
-  frontend_port {
-    name = "8443"
-    port = 8443
-  }
-  frontend_port {
-    name = "8080"
-    port = 8080
-  }
-
-  frontend_ip_configuration {
-    name                 = "app-gw-front-end-ip-config"
-    public_ip_address_id = azurerm_public_ip.appgw-ip.id
-  }
-
-  ssl_certificate {
-    name          = var.cert_name
-    password      = data.azurerm_key_vault_secret.cert-password.value
-    data          = data.azurerm_key_vault_secret.cert-data.value
-  }
-
-  ssl_policy {
-    policy_type = "Predefined"
-    policy_name = "AppGwSslPolicy20170401"
-  }
-
-
-  # Backend pool for QS, QIB and NP
-  backend_address_pool {
-    name = local.backend_address_pool_qs
-  }
-
-  # Backend pool for QDC
-  backend_address_pool {
-    name = local.backend_address_pool_qdc
-  }
-
-
-  # Qlik Sense
-  backend_http_settings {
-    name                  = local.http_setting_name_443
-    cookie_based_affinity = "Disabled"
-    port                  = 443
-    protocol              = "Https"
-    request_timeout       = 7600
-    probe_name            = local.qs_probe_name
-  }
-
-  # NPrinting
-  backend_http_settings {
-    name                  = local.http_setting_name_4993
-    cookie_based_affinity = "Disabled"
-    port                  = 4993
-    protocol              = "Https"
-    request_timeout       = 7600
-    probe_name            = local.qs_probe_name
-  }
-  backend_http_settings {
-    name                  = local.http_setting_name_4994
-    cookie_based_affinity = "Disabled"
-    port                  = 4994
-    protocol              = "Https"
-    request_timeout       = 7600
-    probe_name            = local.qs_probe_name
-  }
-
-  # QIB
-  backend_http_settings {
-    name                  = local.http_setting_name_4435
-    cookie_based_affinity = "Disabled"
-    port                  = 4435
-    protocol              = "Https"
-    request_timeout       = 7600
-    probe_name            = local.qs_probe_name_4435
-  }
-
-  # QDC
-  backend_http_settings {
-    name                  = local.http_setting_name_8443
-    cookie_based_affinity = "Disabled"
-    port                  = 8080
-    protocol              = "Http"
-    request_timeout       = 7600
-    probe_name            = local.qdc_probe_name
-  }
-
-  # QS Prob
-  probe {
-    name                = local.qs_probe_name
-    protocol            = "Https"
-    host                = local.appgw_hostname
-    interval            = 30
-    path                = "/"
-    timeout             = 30
-    unhealthy_threshold = 3
-  }
-
-  # QDC Prob
-  probe {
-    name                = local.qdc_probe_name
-    protocol            = "Http"
-    host                = local.appgw_hostname
-    interval            = 30
-    path                = "/qdc"
-    timeout             = 30
-    unhealthy_threshold = 3
-  }
-
-  # QIB Probe
-  probe {
-    name                = local.qs_probe_name_4435
-    protocol            = "Https"
-    host                = local.appgw_hostname
-    interval            = 30
-    path                = "/"
-    timeout             = 30
-    unhealthy_threshold = 3
-
-    match {
-      status_code       = ["200-401"]
-    }
-  }
-
-  # Qlik Sense listener
-  http_listener {
-    name                           = local.listener_name_https
-    host_name                      = local.appgw_hostname
-    ssl_certificate_name           = var.cert_name
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "443"
-    protocol                       = "Https"
-
-  }
-  http_listener {
-    name                           = local.listener_name_http
-    host_name                      = local.appgw_hostname
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "80"
-    protocol                       = "Http"
-  }
-
-  # NPrinting listeners
-  http_listener {
-    name                           = local.listener_name_4993
-    ssl_certificate_name           = var.cert_name
-    host_name                      = local.appgw_hostname
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "4993"
-    protocol                       = "Https"
-  }
-  http_listener {
-    name                           = local.listener_name_4994
-    ssl_certificate_name           = var.cert_name
-    host_name                      = local.appgw_hostname
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "4994"
-    protocol                       = "Https"
-  }
-
-  # QIB listener
-  http_listener {
-    name                           = local.listener_name_4435
-    ssl_certificate_name           = var.cert_name
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "4435"
-    protocol                       = "Https"
-   
-  }
-
-  # QDC listeners
-  http_listener {
-    name                           = local.listener_name_8443
-    ssl_certificate_name           = var.cert_name
-    host_name                      = local.appgw_hostname
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "8443"
-    protocol                       = "Https"
-
-  }
-  http_listener {
-    name                           = local.listener_name_8080
-    host_name                      = local.appgw_hostname
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "8080"
-    protocol                       = "Http"
-  }
-
-  # Qlik Sense routing rules
-  request_routing_rule {
-    name                       = local.request_routing_rule_https
-    rule_type                  = "Basic"
-    http_listener_name         = local.listener_name_https
-    backend_address_pool_name  = local.backend_address_pool_qs
-    backend_http_settings_name = local.http_setting_name_443
-  }
-
-
-  # QDC routing rules
-  request_routing_rule {
-    name                       = local.request_routing_rule_8443
-    rule_type                  = "Basic"
-    http_listener_name         = local.listener_name_8443
-    backend_address_pool_name  = local.backend_address_pool_qdc
-    backend_http_settings_name = local.http_setting_name_8443
-  }
-
-  # NPrinting routing rules
-  request_routing_rule {
-    name                       = local.request_routing_rule_4993
-    rule_type                  = "Basic"
-    http_listener_name         = local.listener_name_4993
-    backend_address_pool_name  = local.backend_address_pool_qs
-    backend_http_settings_name = local.http_setting_name_4993
-  }
-  request_routing_rule {
-    name                       = local.request_routing_rule_4994
-    rule_type                  = "Basic"
-    http_listener_name         = local.listener_name_4994
-    backend_address_pool_name  = local.backend_address_pool_qs
-    backend_http_settings_name = local.http_setting_name_4994
-  }
-
-  # QIB routing rule
-  request_routing_rule {
-    name                       = local.request_routing_rule_4435
-    rule_type                  = "Basic"
-    http_listener_name         = local.listener_name_4435
-    backend_address_pool_name  = local.backend_address_pool_qs
-    backend_http_settings_name = local.http_setting_name_4435
-  }
-  
-
-  # Redirect QS 80 to 443
-  redirect_configuration {
-    name                 = local.redirect_configuration_80
-    target_listener_name = local.listener_name_https
-    redirect_type        = "Permanent"
-    include_path         = true
-    include_query_string = true
-  }
-  request_routing_rule {
-    name                        = local.request_routing_rule_http
-    rule_type                   = "Basic"
-    http_listener_name          = local.listener_name_http
-    redirect_configuration_name = local.redirect_configuration_80
-  }
-
-  # Redirect QDC 8080 to 8443
-  redirect_configuration {
-    name                 = local.redirect_configuration_8080
-    target_listener_name = local.listener_name_8443
-    redirect_type        = "Permanent"
-    include_path         = true
-    include_query_string = true
-  }
-  request_routing_rule {
-    name                        = local.request_routing_rule_8080
-    rule_type                   = "Basic"
-    http_listener_name          = local.listener_name_8080
-    redirect_configuration_name = local.redirect_configuration_8080
-  }
-
-}

appgateways/appgw-qdc-qs/outputs.tf

@@ -11,9 +11,9 @@ output "appgw_public_ip" {
 }
 
 output "appgw_backend_address_pool_0_id" {
-  value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
+  value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
 }
 
 output "appgw_backend_address_pool_1_id" {
-  value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[1].id
+  value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).1.id
 }

appgateways/appgw-qdc/main.tf

@@ -11,14 +11,8 @@ locals {
     
 }
 
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-
-data "azurerm_key_vault_secret" "cert-data" {
-  name         = "star-qmi-qlikpoc-com-data"
+data "azurerm_key_vault_certificate" "qmi-cert" {
+  name         = "star-qmi-qlikpoc-com-cert"
   key_vault_id = var.key_vault_id
 }
 
@@ -43,6 +37,11 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
   resource_group_name = var.app_gw_rg
   location            = var.location
 
+  identity {
+    type = "UserAssigned"
+    identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
+  }
+
   tags = {
     Deployment = "QMI PoC"
     "Cost Center" = "3100"
@@ -80,8 +79,7 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
 
   ssl_certificate {
     name     = var.cert_name
-    password = data.azurerm_key_vault_secret.cert-password.value
-    data     = data.azurerm_key_vault_secret.cert-data.value
+    key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
   }
 
   ssl_policy {

appgateways/appgw-qdc/main.tf_old

@@ -1,167 +0,0 @@
-
-locals {
-    appgw_hostname              = "${var.appgw_hostname}.${var.domain}"
-    appgw_name                  = "qmi-appgw-qdc"
-
-    backend_address_pool_qdc    = "${var.appgw_hostname}-qdc-bp"
-    http_setting_name_8443      = "${var.appgw_hostname}-8443-setting"
-    qdc_probe_name              = "${var.appgw_hostname}-qdcprobe"
-    listener_name_8080          = "${var.appgw_hostname}-8080"
-    listener_name_8443          = "${var.appgw_hostname}-8443"
-    request_routing_rule_https  = "${var.appgw_hostname}-https-rule"
-    request_routing_rule_8443   = "${var.appgw_hostname}-8443-rule"
-    redirect_configuration_8080 = "${var.appgw_hostname}-8080redirect"
-    request_routing_rule_8080   = "${var.appgw_hostname}-8080-rule"
-    
-}
-
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-
-data "azurerm_key_vault_secret" "cert-data" {
-  name         = "star-qmi-qlikpoc-com-data"
-  key_vault_id = var.key_vault_id
-}
-
-resource "azurerm_public_ip" "appgw-ip" {
-
-  name                = "${local.appgw_name}-ip-${var.provision_id}"
-  resource_group_name = var.app_gw_rg
-  sku                 = "Standard"
-  location            = var.location
-  allocation_method   = "Static"
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-}
-
-resource "azurerm_application_gateway" "qmi-app-gw" {
-
-  name                = "${local.appgw_name}-${var.provision_id}"
-  resource_group_name = var.app_gw_rg
-  location            = var.location
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-
-  sku {
-    name     = "WAF_v2"
-    tier     = "WAF_v2"
-    capacity = 1
-  }
-
-  waf_configuration {
-    enabled          = true
-    firewall_mode    = "Prevention"
-    rule_set_type    = "OWASP"
-    rule_set_version = "3.0"
-
-  }
-
-  gateway_ip_configuration {
-    name      = "app-gw-subnet"
-    subnet_id = var.app_gw_subnet
-  }
-
-  frontend_port {
-    name = "8443"
-    port = 8443
-  }
-
-  frontend_port {
-    name = "8080"
-    port = 8080
-  }
-
-  frontend_ip_configuration {
-    name                 = "app-gw-front-end-ip-config"
-    public_ip_address_id = azurerm_public_ip.appgw-ip.id
-  }
-
-  ssl_certificate {
-    name     = var.cert_name
-    password = data.azurerm_key_vault_secret.cert-password.value
-    data     = data.azurerm_key_vault_secret.cert-data.value
-  }
-
-  ssl_policy {
-    policy_type = "Predefined"
-    policy_name = "AppGwSslPolicy20170401"
-  }
-
-  backend_address_pool {
-    name = local.backend_address_pool_qdc
-  }
-
-  backend_http_settings {
-    name                  = local.http_setting_name_8443
-    cookie_based_affinity = "Disabled"
-    port                  = 8080
-    protocol              = "Http"
-    request_timeout       = 7600
-    probe_name            = local.qdc_probe_name
-  }
-
-  probe {
-    name                = local.qdc_probe_name
-    protocol            = "Http"
-    host                = local.appgw_hostname
-    interval            = 30
-    path                = "/qdc"
-    timeout             = 30
-    unhealthy_threshold = 3
-  }
-
-  http_listener {
-    name                           = local.listener_name_8443
-    ssl_certificate_name           = var.cert_name
-    host_name                      = local.appgw_hostname
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "8443"
-    protocol                       = "Https"
-
-  }
-
-  http_listener {
-    name                           = local.listener_name_8080
-    host_name                      = local.appgw_hostname
-    frontend_ip_configuration_name = "app-gw-front-end-ip-config"
-    frontend_port_name             = "8080"
-    protocol                       = "Http"
-  }
-
-
-  request_routing_rule {
-    name                       = local.request_routing_rule_8443
-    rule_type                  = "Basic"
-    http_listener_name         = local.listener_name_8443
-    backend_address_pool_name  = local.backend_address_pool_qdc
-    backend_http_settings_name = local.http_setting_name_8443
-  }
-
-
-  redirect_configuration {
-    name                 = local.redirect_configuration_8080
-    target_listener_name = local.listener_name_8443
-    redirect_type        = "Permanent"
-    include_path         = true
-    include_query_string = true
-  }
-
-  request_routing_rule {
-    name                        = local.request_routing_rule_8080
-    rule_type                   = "Basic"
-    http_listener_name          = local.listener_name_8080
-    redirect_configuration_name = local.redirect_configuration_8080
-
-  }
-}

appgateways/appgw-qdc/outputs.tf

@@ -11,6 +11,6 @@ output "appgw_public_ip" {
 }
 
 output "appgw_backend_address_pool_0_id" {
-  value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
+  value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
 }
 

appgateways/appgw-qs/main.tf

@@ -35,14 +35,8 @@ locals {
     
 }
 
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-
-data "azurerm_key_vault_secret" "cert-data" {
-  name         = "star-qmi-qlikpoc-com-data"
+data "azurerm_key_vault_certificate" "qmi-cert" {
+  name         = "star-qmi-qlikpoc-com-cert"
   key_vault_id = var.key_vault_id
 }
 
@@ -67,6 +61,11 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
   resource_group_name = var.app_gw_rg
   location            = var.location
 
+  identity {
+    type = "UserAssigned"
+    identity_ids = ["/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/AppGW_RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/QMIMainIDY"]
+  }
+
   tags = {
     Deployment = "QMI PoC"
     "Cost Center" = "3100"
@@ -186,8 +185,7 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
 
   ssl_certificate {
     name          = var.cert_name
-    password      = data.azurerm_key_vault_secret.cert-password.value
-    data          = data.azurerm_key_vault_secret.cert-data.value
+    key_vault_secret_id = data.azurerm_key_vault_certificate.qmi-cert.secret_id
   }
 
   ssl_policy {
@@ -272,6 +270,7 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
     unhealthy_threshold = 3
 
     match {
+      body              = null
       status_code       = ["200-401"]
     }
   }

appgateways/appgw-qs/outputs.tf

@@ -11,5 +11,5 @@ output "appgw_public_ip" {
 }
 
 output "appgw_backend_address_pool_0_id" {
-  value = azurerm_application_gateway.qmi-app-gw.backend_address_pool[0].id
+  value = tolist(azurerm_application_gateway.qmi-app-gw.backend_address_pool).0.id
 }

archived/vm-fromsnapshot-win/main.tf

@@ -1,169 +0,0 @@
-resource "random_id" "randomMachineId" {
-    keepers = {
-        # Generate a new ID only when a new resource group is defined
-        resource_group = var.resource_group_name
-    }
-    
-    byte_length = 2
-}
-
-resource "random_password" "password" {
-  length = 16
-  special = true
-  override_special = "_!@"
-  upper = true
-  lower = true
-  min_lower = 2
-  min_upper = 2
-  min_special = 2
-}
-
-locals {
-  virtual_machine_name = (var.virtual_machine_name != null)? var.virtual_machine_name :  "${var.prefix}-${random_id.randomMachineId.hex}"
-  admin_username = var.admin_username
-  admin_password = random_password.password.result
-  notrename = (var.notrename != null)? "-NotApply" : ""
-  storage_account_id = var.location == "westeurope"? "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Storage/storageAccounts/machinesnapshotsweu" : "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.Storage/storageAccounts/machinesnapshots"
-}
-
-resource "azurerm_managed_disk" "copy" {
-  
-  name                  = "Disk-${var.prefix}-${random_id.randomMachineId.hex}"
-  location              = var.location
-  resource_group_name   = var.resource_group_name
-  storage_account_type  = "Premium_LRS"
-  create_option         = "Import"
-  storage_account_id    = local.storage_account_id
-  source_uri            = var.snapshot_id
-  
-  disk_size_gb          = var.disk_size_gb
-
-  tags = {
-    "Deployment" = "QMI PoC"
-    "Cost Center" = "3100"
-    "QMI_user" = var.user_id != null? var.user_id : null
-  }
-}
-
-module "qmi-nic" {
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
-  
-  prefix = local.virtual_machine_name
-  location = var.location
-  subnet_id = var.subnet_id
-  
-  resource_group_name = var.resource_group_name
-  user_id = var.user_id
-}
-
-resource "azurerm_virtual_machine" "vm" {
-  name                  = local.virtual_machine_name
-  location              = var.location
-  resource_group_name   = var.resource_group_name
-  network_interface_ids = [ module.qmi-nic.id ]
-  vm_size               = var.vm_type
-
-
-  storage_os_disk {
-    name              = azurerm_managed_disk.copy.name
-    os_type           = "Windows"
-    managed_disk_id   = azurerm_managed_disk.copy.id
-    managed_disk_type = "Premium_LRS"
-    create_option     = "Attach"
-  }
-
-  os_profile_windows_config {
-    
-    provision_vm_agent        = true
-    enable_automatic_upgrades = false
-
-    winrm {
-      protocol = "http"
-    }
-  }
-
-  identity {
-    type = "SystemAssigned"
-  }
-
-  /*os_profile {
-    computer_name = local.virtual_machine_name
-    admin_username = local.admin_username
-  }*/
-
-  tags = {
-    "Deployment" = "QMI PoC"
-    "Cost Center" = "3100"
-    "ProvId"  = var.provId != null? var.provId : null
-    "QMI_user" = var.user_id != null? var.user_id : null
-    "24x7" = var.is_24x7 == true? "" : null
-    "ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
-    "StartupTime": var.is_24x7 == false? var.startupTime : null
-  }
-
-}
-
-resource "null_resource" "post-vm-fromsnapshot-win" {
-  
-  count = var.initial_password != null? 1 : 0
-
-  depends_on = [
-    azurerm_virtual_machine.vm
-  ]
-
-  provisioner "file" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = local.admin_username
-      password = var.initial_password
-      port     = 5985
-      https    = false
-      timeout  = "10m"
-    }
-    source      = "${path.module}/scripts"
-    destination = "C:/tmp/provision"
-  }
-
-
-  provisioner "remote-exec" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = local.admin_username
-      password = var.initial_password
-      port     = 5985
-      https    = false
-      timeout  = "10m"
-    }
-
-    inline = [
-      "powershell.exe -File C:/tmp/provision/bootstrap.ps1",
-      "powershell.exe -File C:/tmp/provision/password.ps1 -Username ${local.admin_username} -Pass ${local.admin_password}"
-    ]
-  }
-
-  # Rename Computer
-  provisioner "remote-exec" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = local.admin_username
-      password = local.admin_password
-      port     = 5985
-      https    = false
-      timeout  = "10m"
-    }
-
-    inline = [
-      "powershell.exe -File C:/tmp/provision/RenameComputer.ps1 -NewName ${local.virtual_machine_name} ${local.notrename}" 
-    ]
-
-    on_failure = continue
-  }
-
-  provisioner "local-exec" {
-    command = "sleep 30"
-  }
-
-}

archived/vm-fromsnapshot-win/scripts/RenameComputer.ps1

@@ -1,14 +0,0 @@
-
-Param(
-    [string] $NewName,
-    [switch] $NotApply = $False 
-)
-
-
-
-if ($NotApply){
-    Write-Host "Not renaming machine"
-} else {
-    Write-Host "Machine is going to be renamed as $NewName"
-    Rename-Computer -NewName $NewName -PassThru -Force -Restart 
-}

archived/vm-fromsnapshot-win/scripts/password.ps1

@@ -1,12 +0,0 @@
-Param(
-    [string] $Username,
-    [string] $Pass
-)
-
-Import-Module "Carbon"
-
-$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
-$cred = New-Object System.Management.Automation.PSCredential ($Username, $secpasswd)
-
-Install-User -Credential $cred 
-Write-Log "Done! Setting new password to user $Username"

archived/vm-fromsnapshot-win/scripts/q-user-setup.ps1

@@ -1,29 +0,0 @@
-Write-Log "Starting q-user-setup.ps1"
-
-Trap {
-	Write-Log -Message $_.Exception.Message -Severity "Error"
-  	Break
-}
-
-### Install Carbon PowerShell Module
-Write-Log -Message "Installing carbon"
-choco install carbon -y | Out-Null
-Import-Module "Carbon"
-
-### create Qlik User
-Write-Log -Message "Creating Qlik account"
-$cred = New-MyCredential -user "Qlik" -pass "Qlik1234"
-Install-User -Credential $cred
-
-### Grant Remote Admin Rights to Qlik User
-Write-Log -Message "Granting Qlik account Remote Interactive Logon Right"
-Grant-Privilege -Identity $env:COMPUTERNAME\qlik -Privilege SeRemoteInteractiveLogonRight
-
-Write-Log -Message "Adding Qlik user to Remote Desktop Users"
-Add-GroupMember -Name 'Remote Desktop Users' -Member $env:COMPUTERNAME\qlik
-
-Write-Log -Message "Adding Qlik user to local Administrators"
-Add-GroupMember -Name 'Administrators' -Member $env:COMPUTERNAME\qlik
-
-$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control"
-Set-ItemProperty $regPath -Name "ServicesPipeTimeout" -Type DWord -Value 180000

archived/vm-fromsnapshot-win/scripts/qdc/Restart-ServiceDispatcher.ps1

@@ -1,4 +0,0 @@
-Import-Module Qlik-Cli
-
-Write-Log -Message "Restart Qlik ServiceDistpacher..."
-Restart-Service QlikSenseServiceDispatcher -Force

archived/vm-fromsnapshot-win/scripts/qdc/qdc-scenario-config.ps1

@@ -1,11 +0,0 @@
-# Shared variables here
-Write-Log -Message "Setting shared variables for scenario"
-
-# Dec 2019
-#$PROXY_ARTIFACTS = "https://d7ipctdjxxii4.cloudfront.net/others/qdc/qdc-dec-2019/qdc_proxy_artifacts.zip"
-
-# April 2020
-#$PROXY_ARTIFACTS = "https://da3hntz84uekx.cloudfront.net/QlikDataCatalyst/4.5/0/_MSI/qdc_proxy_artifacts.zip"
-
-# June 2020
-$PROXY_ARTIFACTS = "https://da3hntz84uekx.cloudfront.net/QlikDataCatalyst/4.6/0/_MSI/qdc_proxy_artifacts.zip"

archived/vm-fromsnapshot-win/scripts/qdc/qdc-setup-sept20.ps1

@@ -1,100 +0,0 @@
-Param(
-    [string] $QDC_HOST = "QMI-QDC-SN"
-)
-
-function New-Credential($u,$p) {
-    $secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
-    return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
-}
-
-Write-Log -Message "Setting up QDC pre-requisites in Qlik Sense"
-
-Import-Module Qlik-Cli
-
-### Connect to the Qlik Sense Repository Service with Qlik-Cli
-do {write-log -Message "Connecting to Qlik Sense Repository..."; start-sleep 15} 
-While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
-
-### Add the Qlik local user to Qlik Sense
-$json = (@{userId = "qlik-data-catalyst";
-            userDirectory = "QLIK-EXTERNAL-SERVICE";
-            name = "qlik-data-catalyst";
-        } | ConvertTo-Json -Compress -Depth 10 )
-Write-Log -Message "Adding Qlik Service user."
-try {
-    Invoke-QlikPost "/qrs/user" $json | Out-Null
-} catch {
-    Write-Log -Message $_.Exception.Message -Severity "Error"
-}
-try {
-    Write-Log -Message "Set 'qlik-data-catalyst' as AuditAdmin"
-    Update-QlikUser -id $(Get-QlikUser -filter "name eq 'qlik-data-catalyst'").id -roles AuditAdmin | Out-Null
-} catch {
-    Write-Log -Message $_.Exception.Message -Severity "Error"
-}
-
-# C:\QVDs SMB FOLDER
-Write-Log -Message "Creating 'C:\QVDs' folder and set SMB"
-New-Item "C:\QVDs" -type directory | Out-Null
-New-SMBShare -Name "qvds" -Path "C:\QVDs" | Out-Null 
-Grant-SmbShareAccess -Name qvds -AccountName Everyone -AccessRight Change -Force | Out-Null
-
-
-# certs needed for qdc
-Write-Log -Message "SMB Qlik Sense certificates folder" 
-New-SMBShare -Name "certs" -Path "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates" | Out-Null
-Grant-SmbShareAccess -Name certs -AccountName Everyone -AccessRight Read -Force | Out-Null
-
-
-Write-Log -Message "Creating 'QVD Catalog' tag"
-New-QlikTag -name "QVD Catalog" | Out-Null
-
-
-# create podium user
-Import-Module "Carbon"
-Write-Log -Message "Adding 'podium' user to Windows system"
-$cred = New-Credential "podium" "Qlik1234"
-Install-User -Credential $cred | Out-Null
-
-
-Write-Log -Message "Creating Qlik Sense data connection for C:\QVDs"
-# ---- Workaround qlik-cli QS April 2020
-# Qlik CLI New-QlikDataConnection fails with only 1 tag, that's why I create and use FakeTag too.
-New-QlikTag -name "FakeTag" | Out-Null
-$qvdsDC = New-QlikDataConnection -connectionstring "\\$($env:COMPUTERNAME)\qvds" -name "QVDs" -tags "QVD Catalog","FakeTag" -type "folder"
-# ----
-
-Write-Log -Message "Grant access to all user to this connection"
-New-QlikRule -name "QVDs allow to all" -comment "Allow QVDs Connection to all users" -category "Security" -resourceFilter  "DataConnection_$($qvdsDC.id)" -actions 23 -rule '((user.name like "*"))' | Out-Null
-
-
-Write-Log -Message "Setting firewall rules for QDC"
-New-NetFirewallRule -DisplayName "QDC QVD Metadata" -Action allow -LocalPort 7007 -Protocol TCP | Out-Null
-New-NetFirewallRule -DisplayName "pub2qlik" -Action allow -LocalPort 4243,4747 -Protocol TCP | Out-Null
-
-
-Write-Log -Message "Creating 'podium_dist' postgres connection"
-$cred = New-Credential "postgres" "postgres"
-$podiumDistDC = New-QlikDataConnection -connectionstring "'CUSTOM CONNECT TO `"provider=QvOdbcConnectorPackage.exe;driver=postgres;host=$QDC_HOST;port=5432;db=podium_dist;SSLMode=prefer;UseSystemTrustStore=false;ByteaAsLongVarBinary=0;TextAsLongVarchar=0;UseUnicode=1;FetchTSWTZasTimestamp=1;MaxVarcharSize=262144;UseDeclareFetch=1;Fetch=200;EnableTableTypes=1;MoneyAsDecimal=1;QueryTimeout=30;`"" `
- -name podium_dist  -type 'QvOdbcConnectorPackage.exe' -Credential $cred 
-
-Write-Log -Message "Grant access to all user to this connection"
-New-QlikRule -name "Podium_Dist allow to all" -comment "Allow Podium_Dist Connection to all users" -category "Security" -resourceFilter  "DataConnection_$($podiumDistDC.id)" -actions 23 -rule '((user.name like "*"))' | Out-Null
-
-
-Write-Log "Copy Sample QVDs into C:/QVDs folder"
-Copy-Item $PSScriptRoot\*.qvd C:\QVDs
-
-$x=1
-$files = Get-ChildItem C:\QVDs\*.qvd|sort LastWriteTime
-foreach ($file in $files) #{ echo $file }
-{
-
-    if ($x -lt 3) {
-        Set-ItemProperty -Path $file -Name LastWriteTime -Value (get-date) 
-        sleep 2
-    }
-    $x= $x +1
-}
-
-Write-Log "QDC Config Completed."

archived/vm-fromsnapshot-win/scripts/qdc/qdc-setup.ps1

@@ -1,150 +0,0 @@
-Param(
-    [string] $QDC_HOST = "QMI-QDC-SN",
-    [string] $QDC_PUBLIC_HOST
-)
-
-function New-Credential($u,$p) {
-    $secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
-    return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
-}
-
-Write-Log -Message "Setting up QDC pre-requisites in Qlik Sense"
-
-Import-Module Qlik-Cli
-
-### Connect to the Qlik Sense Repository Service with Qlik-Cli
-do {write-log -Message "Connecting to Qlik Sense Repository..."; start-sleep 15} 
-While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
-
-#-----------
-
-# Load variables
-. $PSScriptRoot\qdc-scenario-config.ps1
-
-Write-Log -Message "Creating QDC virtual proxy"
-$jwtcert = Get-Content -raw 'C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\server.pem'
-New-QlikVirtualProxy -description "Qlik Data Catalyst" -sessionCookieHeaderName "X-Qlik-QDC-Session" -authenticationMethod JWT `
-  -prefix qdc -loadBalancingServerNodes $(Get-QlikNode -filter "name eq 'Central'").id `
-  -jwtAttributeUserDirectory "[QLIK-EXTERNAL-SERVICE]" -jwtAttributeUserId "name" -jwtPublicKeyCertificate $jwtcert -websocketCrossOriginWhiteList $QDC_PUBLIC_HOST | Out-Null
-
-Add-QlikProxy -ProxyId $(Get-QlikProxy -filter "serverNodeConfiguration.hostName eq '$($env:COMPUTERNAME)'").id -VirtualProxyId $(Get-QlikVirtualProxy -filter "description eq 'Qlik Data Catalyst'").id | Out-Null
-
-Start-Sleep -s 10
-
-Write-Log -Message "Downloading qdc_proxy_artifacts - This will create 'qlik-data-catalyst' qliksense user"
-Write-Log -Message "PROXY_ARTIFACTS = $PROXY_ARTIFACTS"
-
-$ENV:PATH += ";C:\Program Files\Qlik\Sense\ServiceDispatcher\Node"
-cd $env:TEMP
-(New-Object System.Net.WebClient).DownloadFile($PROXY_ARTIFACTS, "$env:TEMP\qdc_proxy_artifacts.zip")
-#Invoke-WebRequest -UseBasicParsing -OutFile qdc_proxy_artifacts.zip -Uri $PROXY_ARTIFACTS
-Expand-Archive .\qdc_proxy_artifacts.zip .
-cd qs-virtual-proxy
-(Get-Content .\check-proxy.js).replace("ducks-sense1.ad.podiumdata.net", "$($env:COMPUTERNAME)") | Set-Content .\check-proxy.js
-Copy-Item "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates\qdc.jwt" .
-
-ls
-
-Get-QlikUser
-
-node .\check-proxy.js
-
-Get-QlikUser -filter "name eq 'qlik-data-catalyst'"
-
-Write-Log -Message "Waiting 20 secs"
-Start-Sleep -s 20
-
-Write-Log -Message "Set 'qlik-data-catalyst' as AuditAdmin"
-Update-QlikUser -id $(Get-QlikUser -filter "name eq 'qlik-data-catalyst'").id -roles AuditAdmin | Out-Null
-
-Write-Log -Message "Creating security rule for access by QLIK-EXTERNAL-SERVICE"
-New-QlikRule -Name "Security rule for access by QLIK-EXTERNAL-SERVICE" -resourceFilter "DataConnection_*,App_*" `
--actions 2 -rule '((user.userDirectory="QLIK-EXTERNAL-SERVICE"))' -rulecontext both -category Security | Out-Null
-
-
-Write-Log -Message "Adding qvd-mock to service dispatcher"
-$dir = pwd
-cd  "C:\Program Files\Qlik\Sense"
-Expand-Archive $dir\qvd-mock.zip .
-Copy-Item $dir\qvd-mock.json  "C:\Program Files\Qlik\Sense\BrokerService\service-configs\"
-
-$mock=@"
-
-[qvd-mock]
-Identity=Qlik.qvd-mock
-DisplayName=QVD Mock
-ExePath=Node\node.exe
-Script=..\qvd-mock\server.js        
-"@
-
-Add-Content "C:\Program Files\Qlik\Sense\ServiceDispatcher\services.conf" $mock
-
-Restart-Service QlikSenseServiceDispatcher
-
-Write-Log -Message "Creating 'QVD Catalog' tag"
-New-QlikTag -name "QVD Catalog" | Out-Null
-
-Write-Log -Message "Creating 'c:\QVDs' folder and set SMB"
-New-Item "C:\QVDs" -type directory | Out-Null
-New-SMBShare -Name "qvds" -Path "C:\QVDs" | Out-Null 
-Grant-SmbShareAccess -Name qvds -AccountName Everyone -AccessRight Change -Force | Out-Null
-
-Write-Log -Message "Creating Qlik Sense data connection for C:\QVDs"
-# ---- Workaround qlik-cli QS April 2020
-# Qlik CLI New-QlikDataConnection fails with only 1 tag, that's why I create and use FakeTag too.
-New-QlikTag -name "FakeTag" | Out-Null
-$qvdsDC = New-QlikDataConnection -connectionstring "\\$($env:COMPUTERNAME)\qvds" -name "QVDs" -tags "QVD Catalog","FakeTag" -type "folder"
-# ----
-
-Write-Log -Message "Grant access to all user to this connection"
-New-QlikRule -name "QVDs allow to all" -comment "Allow QVDs Connection to all users" -category "Security" -resourceFilter  "DataConnection_$($qvdsDC.id)" -actions 23 -rule '((user.name like "*"))' | Out-Null
-
-
-Write-Log -Message "Setting firewall rules for QDC"
-New-NetFirewallRule -DisplayName "QDC QVD Metadata" -Action allow -LocalPort 7007 -Protocol TCP | Out-Null
-New-NetFirewallRule -DisplayName "pub2qlik" -Action allow -LocalPort 4243,4747 -Protocol TCP | Out-Null
-
-# certs needed for qdc
-Write-Log -Message "SMB Qlik Sense certificates folder" 
-New-SMBShare -Name "certs" -Path "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates" | Out-Null
-Grant-SmbShareAccess -Name certs -AccountName Everyone -AccessRight Read -Force | Out-Null
-
-
-# create podium user
-Import-Module "Carbon"
-Write-Log -Message "Adding 'podium' user to Windows system"
-$cred = New-Credential "podium" "Qlik1234"
-Install-User -Credential $cred | Out-Null
-
-#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert}  | Connect-Qlik -Username $env:COMPUTERNAME\podium -Computername $env:COMPUTERNAME
-#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert} | Connect-Qlik -Computername $env:COMPUTERNAME
-#Update-QlikUser -id $(Get-QlikUser -filter "name eq 'podium'").id -roles RootAdmin
-
-#gci cert:\CurrentUser\My | where {$_.issuer -eq $cert}  | Connect-Qlik -Username $env:COMPUTERNAME\podium -Computername $env:COMPUTERNAME
-
-Write-Log -Message "Creating 'podium_dist' postgres connection"
-$cred = New-Credential "postgres" "postgres"
-$podiumDistDC = New-QlikDataConnection -connectionstring "'CUSTOM CONNECT TO `"provider=QvOdbcConnectorPackage.exe;driver=postgres;host=$QDC_HOST;port=5432;db=podium_dist;SSLMode=prefer;UseSystemTrustStore=false;ByteaAsLongVarBinary=0;TextAsLongVarchar=0;UseUnicode=1;FetchTSWTZasTimestamp=1;MaxVarcharSize=262144;UseDeclareFetch=1;Fetch=200;EnableTableTypes=1;MoneyAsDecimal=1;QueryTimeout=30;`"" `
- -name podium_dist  -type 'QvOdbcConnectorPackage.exe' -Credential $cred 
-
-Write-Log -Message "Grant access to all user to this connection"
-New-QlikRule -name "Podium_Dist allow to all" -comment "Allow Podium_Dist Connection to all users" -category "Security" -resourceFilter  "DataConnection_$($podiumDistDC.id)" -actions 23 -rule '((user.name like "*"))' | Out-Null
-
-
-
- Write-Log "Copy Sample QVDs into C:/QVDs folder"
-Copy-Item $PSScriptRoot\*.qvd C:\QVDs
-
-$x=1
-$files = Get-ChildItem C:\QVDs\*.qvd|sort LastWriteTime
-foreach ($file in $files) #{ echo $file }
-{
-
-    if ($x -lt 3) {
-        Set-ItemProperty -Path $file -Name LastWriteTime -Value (get-date) 
-        sleep 2
-    }
-    $x= $x +1
-}
-
-Write-Log "QDC Config Completed."

archived/vm-fromsnapshot-win/scripts/qliksense/bootstrap-qs.ps1

@@ -1,131 +0,0 @@
-Param(
-    [string] $ModuleName = "vm-qs"
-)
-
-Write-Log "Resize Partition C to max size"
-$size = Get-PartitionSupportedSize -DriveLetter C
-Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null
-
-
-# Helper Functions
-# ----------------
-function New-Credential($u,$p) {
-    $secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
-    return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
-}
-
-REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
-
-#Write-Log "Deleting old certificates files..."
-#Get-ChildItem "$($env:ProgramData)\Qlik\Sense\Repository\Exported Certificates\" | Remove-Item -Recurse
-
-
-Set-Service -Name "QlikLoggingService" -StartupType Automatic
-Set-Service -Name "QlikSenseServiceDispatcher" -StartupType Automatic
-Set-Service -Name "QlikSenseProxyService" -StartupType Automatic
-Set-Service -Name "QlikSenseEngineService"  -StartupType Automatic
-Set-Service -Name "QlikSensePrintingService"  -StartupType Automatic
-Set-Service -Name "QlikSenseSchedulerService"  -StartupType Automatic
-Set-Service -Name "QlikSenseRepositoryService"  -StartupType Automatic
-Set-Service -Name "QlikSenseRepositoryDatabase"  -StartupType Automatic
-
-
-Write-Log "Starting QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher..."
-Start-Service QlikSenseRepositoryDatabase
-Start-Service QlikSenseServiceDispatcher
-
-#Delete certificates
-Write-Log "Deleting old certificates from keyStore..."
-$Certs = Get-ChildItem cert:"CurrentUser\My"
-$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
-$Certs = Get-ChildItem cert:"LocalMachine\My"
-$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
-$Certs = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' -or $_.Subject -match 'QMI-E2E' }
-$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
-
-Write-Log "Setting new hostname ($($env:computername)) in to Host.cfg file..."
-$enchostname = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($env:computername)"))
-Set-Content -Path C:\ProgramData\Qlik\Sense\Host.cfg -Value $enchostname
-
-Write-Log "Bootstraping Qlik Sense ..."
-Write-Log "Executing ... Repository.exe -bootstrap -standalone -restorehostname"
-$waiting=20
-if ( $env:USERNAME -eq "qservice" ) {
-    $waiting=50
-    Write-Log "The user executing this script is already 'qservice'"
-    Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
-
-} else {
-    Write-Log "The user executing this script is NOT 'qservice'"
-    $cred = New-Credential "qservice" "Qlik1234"
-    Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
-}
-
-$waiting=50
-Write-Log "Waiting $waiting secs ..."
-Start-Sleep -s $waiting
-
-Write-Log "Restarting Service Dispatcher"
-Restart-Service QlikSenseServiceDispatcher -Force
-
-Start-Sleep -s 20
-
-Write-Log "New Certs: CurrentUser\My"
-Get-ChildItem cert:"CurrentUser\My"
-Write-Log "New Certs: LocalMachine\My"
-Get-ChildItem cert:"LocalMachine\My"
-Write-Log "New Certs: LocalMachine\Root"
-Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
-$NewCerts = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
-
-if ($NewCerts) {
-    Write-Log "Restarting all Qlik Sense services"
-    Restart-Service QlikSenseServiceDispatcher -Force
-    Restart-Service QlikLoggingService -Force
-    Restart-Service QlikSenseRepositoryService -Force
-    Restart-Service QlikSenseProxyService -Force
-    Restart-Service QlikSenseEngineService -Force
-    Restart-Service QlikSenseSchedulerService -Force 
-    Restart-Service QlikSensePrintingService -Force 
-
-    if ( $ModuleName -ne "vm-qs" ) {
-        Start-Sleep -s 20
-        Write-Log "Recovering Qlik Sense users"
-        Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/c $PSScriptRoot\qs-reset-users.bat'"
-        Restart-Service QlikSenseRepositoryService -Force
-    }
-
-} else {
-    Write-Error "Error: Qlik Sense Certs not recreated!"
-    throw "Error: Qlik Sense Certs not recreated!"
-}
-
-#### Recreate QS desktop shortcuts
-Write-Log "Recreate QS desktop shortcuts"
-$sourcepath="C:\Users\Public\Desktop\Qlik Management Console.lnk"
-$destination="C:\Users\Public\Desktop\Qlik Management Console2.lnk"
-Copy-Item $sourcepath $destination  ## Get the lnk we want to use as a template
-Remove-Item -Path $sourcepath -Force
-$shell = New-Object -COM WScript.Shell
-$shortcut = $shell.CreateShortcut($destination)  ## Open the lnk
-$shortcut.TargetPath = "https://$env:computername/qmc"  ## Make changes
-$shortcut.Save()  ## Save
-Rename-Item -Path $destination -NewName "Qlik Management Console.lnk"
-
-$sourcepath="C:\Users\Public\Desktop\Qlik Sense Hub.lnk"
-$destination="C:\Users\Public\Desktop\Qlik Sense Hub2.lnk"
-Copy-Item $sourcepath $destination  ## Get the lnk we want to use as a template
-Remove-Item -Path $sourcepath -Force
-$shell = New-Object -COM WScript.Shell
-$shortcut = $shell.CreateShortcut($destination)  ## Open the lnk
-$shortcut.TargetPath = "https://$env:computername/hub"  ## Make changes
-$shortcut.Save()  ## Save
-Rename-Item -Path $destination -NewName "Qlik Sense Hub.lnk"
-####
-
-REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f
-
-
-
-
-

archived/vm-fromsnapshot-win/scripts/qliksense/qs-post-cfg.ps1

@@ -1,185 +0,0 @@
-<#
-Module:             qs-post-cfg
-Author:             Clint Carr
-Modified by:        -
-Modification History:
-- Fixed connect as user logic (qlik-cli change)
-- Added logic to accomodate for Professional/Analyzer or User licenses 
-- Added a loop into the Connect-Qlik statement to remove an abort error
-- Added Logging
-- Added comments
-- Error checking
-- Modified service connection for Qlik Sense from endless loop to a set number of attempts.
-- Added a service restart at the end of the Central Node (seems to resolve an issue with April 2018)
-last updated:       10/18/2019
-Intent: Configure the Qlik Sense environment with applications and Security Rules.
-#>
-
-Param(
-    [string] $Hostname,
-    [string] $CertPwd,
-    [string] $QlikUserPwd
-
-)
-
-Import-Module Qlik-Cli
-Import-Module "Carbon"
-
-# Helper Functions
-# ----------------
-function New-Credential($u,$p) {
-    $secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
-    return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
-}
-
-Write-Log -Message "Creating Qlik account"
-$cred = New-Credential "Qlik" $QlikUserPwd
-Install-User -Credential $cred
-
-
-Write-Log -Message "Starting qs-post-cfg.ps1"
-
-### Waiting for Qlik Sense installation to complete
-#-----------
-Function restartQse
-{
-    Write-Log "Checking Engine Service has started..."
-    $qse = get-service QlikSenseEngineService
-    write-log -Message "The engine is currently $($qse.Status)"
-    if ($qse.Status -eq "Stopped") {
-        Write-Log -Message "Starting Qlik Sense Engine and waiting 120 seconds" -Severity "Warn"; 
-        Start-Service QlikSenseEngineService ; 
-        Restart-Service QlikSenseServiceDispatcher; 
-        start-sleep -s 120
-    }
-    write-log -Message "The engine is currently $($qse.Status)"
-}
-
-Function connQSR
-{
-    $i = 1
-    $statusCode = 0
-    while ($statusCode -ne 200 -and $i -le 10) 
-        { 
-            try {$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode }
-            catch
-                {
-                    $i++
-                    write-log -Message "QSR on $env:COMPUTERNAME not responding attempt $i of 10..." -Severity "Warn"
-                    start-sleep -s 20 
-                }
-        } 
-}
-
-Function restartServices
-{
-    write-log -Message "Restarting Qlik Sense Services on $env:COMPUTERNAME" -Severity "Warn"
-    Restart-Service QlikSenseRepositoryDatabase -Force
-    Restart-Service QlikLoggingService -Force
-    Restart-Service QlikSenseServiceDispatcher -Force
-    Restart-Service QlikSenseRepositoryService -Force
-    Restart-Service QlikSenseProxyService -Force
-    Restart-Service QlikSenseEngineService -Force
-    Restart-Service QlikSensePrintingService -Force
-    Restart-Service QlikSenseSchedulerService -Force
-}
-
-Function qlikSenseUserAccess
-{
-    $userAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
-    $licenseId = Invoke-QlikPost "/qrs/License/UserAccessGroup" $userAccessGroup
-    $systemRuleJson = (@{
-        name = "Grant Everyone a token";
-        category = "License";
-        rule = '((user.name like "*"))';
-        type = "Custom";
-        resourceFilter = "License.UserAccessGroup_" + $licenseId.id;
-        actions = 1;
-        ruleContext = "QlikSenseOnly";
-        disabled = $false;
-        comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
-    Write-Log -Message "Adding user license rule to grant Everyone Tokens."
-    try {
-        Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
-    } catch {
-        Write-Log -Message $_.Exception.Message -Severity "Error"
-    }
-}
-
-Function qlikSenseProfessionalAccess
-{
-    $professionalAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
-    $licenseId = Invoke-QlikPost "/qrs/License/ProfessionalAccessGroup" $professionalAccessGroup
-    $systemRuleJson = (@{
-        name = "Grant Everyone Professional Access";
-        category = "License";
-        rule = '((user.name like "*"))';
-        type = "Custom";
-        resourceFilter = "License.ProfessionalAccessGroup_" + $licenseId.id;
-        actions = 1;
-        ruleContext = "QlikSenseOnly";
-        disabled = $false;
-        comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
-    Write-Log -Message "Adding user license rule to grant Everyone access as Professional."
-    try {
-        Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
-    } catch {
-        Write-Log -Message $_.Exception.Message -Severity "Error"
-    }
-}
-
-#-----------
-write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
-start-sleep -s 60
-
-    
-### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
-connQSR
-$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
-if ($statusCode -ne 200)
-    { 
-        Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
-        restartServices
-        Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
-        start-sleep -s 45
-        connQSR
-    }
-
-$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
-if ($statusCode -ne 200) { 
-        Write-Log -Message "Provisioning failed" -Severity "Error"
-        Exit 
-}
-Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
-Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"
-
-restartQse
-
-### Connect to the Qlik Sense Repository Service with Qlik-Cli
-do {write-log -Message "Connecting to Qlik Sense Repository"; start-sleep 15} 
-While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
-
-
-### Enabling HTTP
-#Write-Log -Message "Enabling HTTP access on Central Node proxy"
-#try {
-#    Get-QlikProxy -filter "serverNodeConfiguration.Name eq 'Central'" | Update-QlikProxy -AllowHttp 1  | Out-Null
-#} catch {
-#    Write-Log -Message $_.Exception.Message -Severity "Error"
-#}
-#Start-Sleep -s 10
-
-### Install qlik-poc_com certificate
-Write-Log -Message "Install 'qmi.qlik-poc.com' certificate, set thumbsprint and whitelist domain in QS central virtual proxy"
-try {
-    $secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
-    $sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
-    Update-QlikProxy -SslBrowserCertificateThumbprint $sslCert.Thumbprint -id (Get-QlikProxy).id | Out-Null
-    Start-Sleep -s 10
-    Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials | Out-Null
-    Update-QlikVirtualProxy -id (Get-QlikVirtualProxy -filter "description eq 'Central Proxy (Default)'").id -websocketCrossOriginWhiteList $Hostname | Out-Null
-    Start-Sleep -s 10
-} catch {
-    Write-Log -Message $_.Exception.Message -Severity "Error"
-}
-

archived/vm-fromsnapshot-win/scripts/qliksense/qs-reset-users.bat

@@ -1,10 +0,0 @@
-@echo off
-set host_name=localhost
-set owner_name=postgres 
-set PGPASSWORD=Qlik1234
-
-C: && cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" && psql -p 4432 -U %owner_name% -d QSR --command "UPDATE public.\"Users\" SET \"UserDirectory\" = '%COMPUTERNAME%', \"RolesString\" = 'RootAdmin' WHERE \"UserDirectory\" != 'INTERNAL';"
-psql -p 4432 -U %owner_name% -d QSR --command "SELECT * FROM public.\"Users\" WHERE \"RolesString\" = 'RootAdmin';"
-
-cd "C:\provision"
-@echo off

archived/vm-fromsnapshot-win/scripts/winrm.ps1

@@ -1,30 +0,0 @@
-Write-Host "Delete any existing WinRM listeners"
-winrm delete winrm/config/listener?Address=*+Transport=HTTP  2>$Null
-#winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
-
-Write-Host "Create a new WinRM listener and configure"
-winrm create winrm/config/listener?Address=*+Transport=HTTP
-#winrm set winrm/config/winrs "@{MaxMemoryPerShellMB=`"0`"}"
-winrm set winrm/config "@{MaxTimeoutms=`"1800000`"}"
-winrm set winrm/config/service "@{AllowUnencrypted=`"true`"}"
-#winrm set winrm/config/service "@{MaxConcurrentOperationsPerUser=`"12000`"}"
-winrm set winrm/config/service/auth "@{Basic=`"true`"}"
-winrm set winrm/config/client/auth "@{Basic=`"true`"}"
-
-Write-Host "Configure UAC to allow privilege elevation in remote shells"
-$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
-$Setting = 'LocalAccountTokenFilterPolicy'
-Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
-
-#Write-Host "turn off PowerShell execution policy restrictions"
-#Set-ExecutionPolicy -ExecutionPolicy Unrestricted
-
-
-Write-Host "Configure and restart the WinRM Service; Enable the required firewall exception"
-net stop winrm
-net start winrm
-#Stop-Service -Name WinRM
-#Set-Service -Name WinRM -StartupType Automatic
-netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
-#Start-Service -Name WinRM
-

archived/vm-fromsnapshot-win/variables.tf

@@ -1,67 +0,0 @@
-
-variable "prefix" {
-  default = "QMI"
-}
-
-variable "subnet_id" {
-}
-
-variable "location" {
-}
-
-variable "snapshot_id" {
-}
-
-variable "resource_group_name" {
-}
-
-variable "vm_type" {
-  default = "Standard_D4s_v3"
-}
-
-variable "managed_disk_type" {
-  default = "Premium_LRS"
-}
-
-variable "disk_size_gb" {
-  default = "128"
-}
-
-variable "admin_username" {
-  default = "scdemoadmin"
-}
-
-variable "initial_password" {
-  default = null
-}
-
-variable "virtual_machine_name" {
-  default = null
-}
-
-variable "user_id" {
-  default = null
-}
-
-variable "provId" {
-  default = null
-}
-
-variable "is_24x7"{
-  type = bool
-  default = null
-}
-
-variable "shutdownTime"{
-  default = null
-}
-
-variable "startupTime"{
-  default = null
-}
-
-variable "notrename" {
-  default = null
-}
-
-

archived/vm-fromsnapshot/main.tf

@@ -1,148 +0,0 @@
-resource "random_id" "randomMachineId" {
-    keepers = {
-        # Generate a new ID only when a new resource group is defined
-        resource_group = var.resource_group_name
-    }
-    
-    byte_length = 2
-}
-
-resource "random_password" "password" {
-  length = 16
-  special = true
-  override_special = "_!@"
-  upper = true
-  lower = true
-  min_lower = 2
-  min_upper = 2
-  min_special = 2
-}
-
-locals {
-  virtual_machine_name = (var.virtual_machine_name != null)? var.virtual_machine_name :  "${var.prefix}-${random_id.randomMachineId.hex}"
-  admin_username = var.admin_username
-  admin_password = random_password.password.result
-  notrename = (var.notrename != null)? "-NotApply" : ""
-}
-
-resource "azurerm_managed_disk" "copy" {
-  
-  name = "Disk-${var.prefix}-${random_id.randomMachineId.hex}"
-  location = var.location
-  resource_group_name = var.resource_group_name
-  storage_account_type = "Premium_LRS"
-  create_option = "Copy"
-  source_resource_id = var.snapshot_id
-  disk_size_gb = var.disk_size_gb
-
-  tags = {
-    "Deployment" = "QMI PoC"
-    "Cost Center" = "3100"
-    "QMI_user" = var.user_id != null? var.user_id : null
-  }
-}
-
-module "qmi-nic" {
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
-  
-  prefix = local.virtual_machine_name
-  location = var.location
-  subnet_id = var.subnet_id
-  
-  resource_group_name = var.resource_group_name
-  user_id = var.user_id
-}
-
-resource "azurerm_virtual_machine" "vm" {
-  name                  = local.virtual_machine_name
-  location              = var.location
-  resource_group_name   = var.resource_group_name
-  network_interface_ids = [ module.qmi-nic.id ]
-  vm_size               = var.vm_type
-
-
-  storage_os_disk {
-    name              = azurerm_managed_disk.copy.name
-    os_type           = "Windows"
-    managed_disk_id   = azurerm_managed_disk.copy.id
-    managed_disk_type = "Premium_LRS"
-    create_option     = "Attach"
-  }
-
-  os_profile_windows_config {
-    
-    provision_vm_agent        = true
-    enable_automatic_upgrades = false
-
-    winrm {
-      protocol = "http"
-    }
-  }
-
-  /*os_profile {
-    computer_name = local.virtual_machine_name
-    admin_username = local.admin_username
-  }*/
-
-  tags = {
-    "Deployment" = "QMI PoC"
-    "Cost Center" = "3100"
-    "ProvId"  = var.provId != null? var.provId : null
-    "QMI_user" = var.user_id != null? var.user_id : null
-    "24x7" = var.is_24x7 == true? "" : null
-    "ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
-    "StartupTime": var.is_24x7 == false? var.startupTime : null
-  }
-  
-  provisioner "file" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = local.admin_username
-      password = var.initial_password
-      port     = 5985
-      https    = false
-      timeout  = "10m"
-    }
-    source      = "${path.module}/scripts"
-    destination = "C:/tmp/provision"
-  }
-
-
-  provisioner "remote-exec" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = local.admin_username
-      password = var.initial_password
-      port     = 5985
-      https    = false
-      timeout  = "10m"
-    }
-
-    inline = [
-      "powershell.exe -File C:/tmp/provision/bootstrap.ps1",
-      "powershell.exe -File C:/tmp/provision/password.ps1 -Username ${local.admin_username} -Pass ${local.admin_password}"
-    ]
-  }
-
-  # Rename Computer
-  provisioner "remote-exec" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = local.admin_username
-      password = local.admin_password
-      port     = 5985
-      https    = false
-      timeout  = "10m"
-    }
-
-    inline = [
-      "powershell.exe -File C:/tmp/provision/RenameComputer.ps1 -NewName ${local.virtual_machine_name} ${local.notrename}" 
-    ]
-
-    on_failure = continue
-  }
-
-}

archived/vm-fromsnapshot/scripts/RenameComputer.ps1

@@ -1,14 +0,0 @@
-
-Param(
-    [string] $NewName,
-    [switch] $NotApply = $False 
-)
-
-
-
-if ($NotApply){
-    Write-Host "Not renaming machine"
-} else {
-    Write-Host "Machine is going to be renamed as $NewName"
-    Rename-Computer -NewName $NewName -Force -Restart
-}

archived/vm-fromsnapshot/scripts/bootstrap.ps1

@@ -1,30 +0,0 @@
-
-New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI -force | Out-Null
-Copy-Item $PSScriptRoot\qmiCLI.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiCLI\qmiCLI.psm1 | Out-Null
-Import-Module qmiCLI.psm1 | Out-Null
-
-#Importing Utils module
-New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils -force | Out-Null
-Copy-Item $PSScriptRoot\qmiUtils.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\qmiUtils\qmiUtils.psm1 | Out-Null
-Import-Module qmiUtils.psm1 | Out-Null
-
-Write-Log "Scripts locations is: $PSScriptRoot"
-
-#Install Chocolatey
-#Write-Log "Install Chocolatey"
-#Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
-
-### Disable Password policy
-secedit /export /cfg c:\secpol.cfg  | Out-Null
-(Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg  | Out-Null
-secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY | Out-Null
-rm -force c:\secpol.cfg -confirm:$false  | Out-Null
-
-#Write-Log "Resize Partition C to max size"
-#$size = Get-PartitionSupportedSize -DriveLetter C
-#Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null
-
-
-
-
-

archived/vm-fromsnapshot/scripts/password.ps1

@@ -1,12 +0,0 @@
-Param(
-    [string] $Username,
-    [string] $Pass
-)
-
-Import-Module "Carbon"
-
-$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
-$cred = New-Object System.Management.Automation.PSCredential ($Username, $secpasswd)
-
-Install-User -Credential $cred 
-Write-Log "Done! Setting new password to user $Username"

archived/vm-fromsnapshot/scripts/qmiCLI.psm1

@@ -1,189 +0,0 @@
-<#
-Module:             QlikCLI
-Author:             Clint Carr
-                    Byron Ainsworth
-
-Modified by:        -
-last updated:       10/10/2017
-
-Modification History:
- - 
-
-Intent: Provide prepackaged commands to facilitate common QMI activities
-
-Dependencies: 
- - 
-
-#>
-
-function Write-Log
-{
-    param (
-        [Parameter(Mandatory)]
-        [string]$Message,
-        [Parameter()]
-        [ValidateSet('Info','Warn','Error')]
-        [string]$Severity = 'Info'
-    )
-    
-    $line = [pscustomobject]@{
-        'DateTime' = (Get-Date)
-        'Severity' = $Severity
-        'Message' = $Message
-        
-    }
-    Write-Host "$($line.DateTime) [$($line.Severity)]: $($line.Message)"
-    $line | Export-Csv -Path c:\provision\QMIProvision.log -Append -NoTypeInformation
-}
-
-Function Backup-QMIAppsSerial
-{
-  param (
-    [Parameter()]
-    [string]$Source = 'c:\QlikShare\apps\',
-    [Parameter()]
-    [string]$Destination = '\\VBOXSVR\shared-content\apps'
-  )
-
-  Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
-
-  ### Get Apps
-  Write-Log -Message "Identifying eligible local Qlik Sense Apps" -Severity 'Info'
-  $arrApps = Get-QlikApp | ? {$_.stream.name -ne 'monitoring apps'}
-  Write-Log -Message "Qlik Sense Apps identified: $($arrApps.Count)" -Severity 'Info'
-
-  Foreach($objApp in $arrApps){
-    If($objApp.Published -eq $True){
-        If(Test-Path -Path $($Destination + '\' + $objApp.stream.name)){ 
-        }
-        else{
-          Write-Log -Message "Identified new stream $($objApp.stream.name). Creating central stream repository" -Severity 'Info'
-          New-Item -ItemType Directory -Path $($Destination + '\' + $objApp.stream.name) -Force
-        }
-        $objApp | Export-QlikApp -filename $($Destination + '\' + $($objApp.stream.name) + '\' +$objApp.name + '.qvf')
-        Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
-    }else{
-      $objApp | Export-QlikApp -filename $($Destination + '\' + $objApp.name + '.qvf')
-      Write-Log -Message "Qlik Sense Apps exported: $($objApp.Name)" -Severity 'Info'
-    }
-  }
-
-  Write-Log -Message "Concluding export process for local Qlik Sense Apps repository" -Severity 'Info'
-
-}
-
-Function Backup-QMIApps
-{
-  param (
-    [Parameter()]
-    [string]$Source = 'c:\QlikShare\apps\',
-    [Parameter()]
-    [string]$Destination = '\\VBOXSVR\shared-content\apps'
-  )
-
-  Write-Log -Message "Commencing export process for local Qlik Sense Apps repository" -Severity 'Info'
-
-}
-
-Function Backup-QMIExtensions
-{
-  param (
-    [Parameter()]
-    [string]$Source = 'C:\QlikShare\StaticContent\Extensions\',
-    [Parameter()]
-    [string]$Destination = '\\VBOXSVR\shared-content\extensions'
-  )
-
-  Write-Log -Message "Commencing export process for Extensions to from local $env:computername to central shared-content repository" -Severity 'Info'
-
-  ## Verify source directory exists
-  If (Test-Path $Source){
-    Write-Log -Message "Confirmed local Extensions repository exists" -Severity 'Info'
-
-    Try
-    {
-      $arrExtensions = Get-ChildItem -Path $Source | ? {$_.Name -notlike "idevio*"}
-      foreach($objExtension in $arrExtensions){
-        Compress-Archive -Path $objExtension.FullName -DestinationPath $($Destination + '\' + $objExtension.name + '.zip' ) -CompressionLevel 'Optimal' -Force
-      }
-
-      #$arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
-      Write-Log -Message "Concluding export process for Extensions repository" -Severity 'Info'
-    }
-    Catch
-    {
-      $_.Exception.Message
-      $_.Exception.ItemName
-      Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
-    }
-
-  }else{
-    Write-Log -Message "Local Extensions repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
-    Exit
-  }
-
-}
- 
-Function Backup-QMIReferenceData
-{
-  param (
-    [Parameter()]
-    [string]$Source = 'c:\QlikShare\ReferenceData\',
-    [Parameter()]
-    [string]$Destination = '\\VBOXSVR\shared-content\ReferenceData'
-  )
-
-  Write-Log -Message "Commencing export process for ReferenceData to from local $env:computername to central shared-content repository" -Severity 'Info'
-
-  ## Verify source directory exists
-  If (Test-Path $Source){
-    Write-Log -Message "Confirmed local ReferenceData repository exists" -Severity 'Info'
-
-    Try
-    {
-      $arrObjects = Get-ChildItem -Path $Source
-      $arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
-      Write-Log -Message "Concluding export process for ReferenceData repository" -Severity 'Info'
-    }
-    Catch
-    {
-      Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
-    }
-
-  }else{
-    Write-Log -Message "Local ReferenceData repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
-    Exit
-  }
-}
-
-Function Backup-QMIContentLibraries
-{
-  param (
-    [Parameter()]
-    [string]$Source = 'C:\QlikShare\StaticContent\Content\',
-    [Parameter()]
-    [string]$Destination = '\\VBOXSVR\shared-content\ContentLibrary'
-  )
-
-  Write-Log -Message "Commencing export process for ContentLibraries to from local $env:computername to central shared-content repository" -Severity 'Info'
-
-  ## Verify source directory exists
-  If (Test-Path $Source){
-    Write-Log -Message "Confirmed local ContentLibraries repository exists" -Severity 'Info'
-
-    Try
-    {
-      $arrObjects = Get-ChildItem -Path $Source
-      $arrObjects | Copy-Item -Destination $Destination -Recurse -Force -Verbose
-      Write-Log -Message "Concluding export process for ContentLibraries repository" -Severity 'Info'
-    }
-    Catch
-    {
-      Write-Log -Message "Something went wrong with the file transfer. Confirm shared-content is available at $Destination" -Severity 'Error'
-    }
-    
-  }else{
-    Write-Log -Message "Local ContentLibraries repository does not exist. If you have placed your local repository in a location other than $Source you can leverage the Source argument to override" -Severity 'Error'
-    Exit
-  }
-}

archived/vm-fromsnapshot/scripts/qmiUtils.psm1

@@ -1,92 +0,0 @@
-<#
-Module:             UtilsQMI
-Author:             Manuel Romero
-                    Clint Car
-
-Modified by:        -
-last updated:       11/10/2017
-
-Modification History:
- -
-
-Intent: One place for common functions across modules we don't want in qmiCLI
-
-Dependencies:
- -
-#>
-
-Function New-MyCredential 
-{
-    param (
-        [string] $user,
-        [string] $pass
-    )
-
-    PROCESS {
-        $secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
-        return New-Object System.Management.Automation.PSCredential ($user, $secpasswd)
-    }
-}
-
-Function CreateOdagLink
-{
-    param (
-        [string]$odagLinkName,
-        [string]$selectionAppName,
-        [string]$detailsAppName,
-        [string]$sheet2OpenName,
-        [string]$odagLinkExpression,
-        [int]$rowsLimit,
-        [int]$appsLimit,
-        [string]$retentionTime,
-        [string]$sheetEmbedName
-    )
-
-
-    PROCESS {
-
-        Trap {
-            Write-Log -Message "Error in function CreateOdagLink" -Severity "Error"
-            Write-Log -Message $_.Exception.Message -Severity "Error"
-            Break
-        }
-
-        Write-Log -Message "Installing NodeJs"
-        cinst nodejs.install --version 6.4.0  | Out-Null
-
-        if ( -Not (Test-Path C:\OdagEnigma) ) {
-            Write-Log -Message "Unzipping Node EnigmaJS"
-            Expand-Archive -LiteralPath C:\installation\EnigmaModule.zip -DestinationPath C:\OdagEnigma -Force  | Out-Null
-        }
-
-        # Create ODAG Link
-        Write-Log -Message "Adding ODAG Link"
-        #$rawOutput = $true
-        $detailApp = $(Get-QlikApp -filter "name eq '$detailsAppName'").id
-        $selectionApp = $(Get-QlikApp -filter "name eq '$selectionAppName'").id
-        $sheetID = $(Invoke-QlikGet "/qrs/app/object" -filter "name eq '$sheet2OpenName' and objectType eq 'sheet'").engineObjectId
-        $data = (@{"name"=$odagLinkName;
-            "templateApp"=$detailApp;
-            "rowEstExpr"=$odagLinkExpression;
-            "properties"=@{
-                "rowEstRange"=@(@{"context"="*";"highBound"=$rowsLimit});
-                "genAppLimit"=@(@{"context"="User_*";"limit"=$appsLimit});
-                "appRetentionTime"=@(@{"context"="User_*";"retentionTime"=$retentionTime});
-                "targetSheet"=@(@{"context"="User_*";"sheetId"=$sheetID})};
-            "selectionApp"=$selectionApp}) | ConvertTo-Json -Compress -Depth 10
-
-        $result = $(Invoke-QlikPost "/api/odag/v1/links" $data)
-        $odagLinkRef = $result.objectDef.id
-
-
-        Write-Log -Message "ODAG link added $odagLinkRef"
-
-        $sheetSelectionID = $(invoke-qlikget "/qrs/app/object" -filter "name eq '$sheetEmbedName' and objectType eq 'sheet'").engineObjectId
-
-
-        # EnigmaJS to attach this link to apps and sheet using APIs
-        C:\OdagEnigma\run.bat $odagLinkRef $odagLinkName $sheetSelectionID $selectionAppName $detailsAppName
-
-        return $odagLinkRef
-    }
-}

archived/vm-qs-np/main.tf

@@ -1,154 +0,0 @@
-resource "random_id" "randomMachineId" {
-    keepers = {
-        # Generate a new ID only when a new resource group is defined
-        resource_group = var.resource_group_name
-    }
-    
-    byte_length = 2
-}
-
-resource "random_password" "password" {
-  length = 16
-  special = true
-  override_special = "_!@"
-  upper = true
-  lower = true
-  min_lower = 2
-  min_upper = 2
-  min_special = 2
-}
-
-resource "random_password" "qlikpassword" {
-  length = 16
-  special = true
-  override_special = "_!@"
-  upper = true
-  lower = true
-  min_lower = 2
-  min_upper = 2
-  min_special = 2
-}
-
-locals {
-  virtual_machine_name = "${var.prefix}-${random_id.randomMachineId.hex}"
-  admin_username = var.admin_username
-  admin_password = random_password.password.result
-}
-
-
-data "azurerm_key_vault_secret" "cert-password" {
-  name         = "star-qmi-qlikpoc-com-password"
-  key_vault_id = var.key_vault_id
-}
-
-data "azurerm_key_vault_secret" "sensorsettings" {
-  name         = "carbonblack-sensorsettings"
-  key_vault_id = var.key_vault_id
-}
-
-module "qmi-nic" {
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//qmi-nic"
-  
-  prefix = local.virtual_machine_name
-  location = var.location
-  subnet_id = var.subnet_id
-  
-  resource_group_name = var.resource_group_name
-  user_id = var.user_id
-}
-
-resource "azurerm_virtual_machine" "vm" {
-  name                  = local.virtual_machine_name
-  location              = var.location
-  resource_group_name   = var.resource_group_name
-  network_interface_ids = [module.qmi-nic.id]
-  vm_size               = var.vm_type
-
-  delete_os_disk_on_termination = true
-  delete_data_disks_on_termination = true
-
-  storage_image_reference {
-      id = var.image_reference
-  }
-
-  storage_os_disk {
-    name              = "${local.virtual_machine_name}-osdisk"
-    caching           = "ReadWrite"
-    create_option     = "FromImage"
-    managed_disk_type = var.managed_disk_type
-    disk_size_gb      = var.disk_size_gb
-  }
-
-  os_profile {
-    computer_name  = local.virtual_machine_name
-    admin_username = local.admin_username
-    admin_password = local.admin_password
-  }
-
-  os_profile_windows_config {
-    
-    provision_vm_agent        = true
-    enable_automatic_upgrades = false
-
-    winrm {
-      protocol = "http"
-    }
-  }
-
-  provisioner "file" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = local.admin_username
-      password = local.admin_password
-      port     = 5985
-      https    = false
-      timeout  = "3m"
-    }
-    source      = "${path.module}/scripts"
-    destination = "C:/provision"
-  }
-
-  provisioner "remote-exec" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = "qservice"
-      password = "Qlik1234"
-      port     = 5985
-      https    = false
-      timeout  = "3m"
-    }
-
-    inline = [
-      "powershell.exe -File C:/provision/resethostname.ps1"
-    ]
-  }
-
-  provisioner "remote-exec" {
-    connection {
-      type     = "winrm"
-      host     = module.qmi-nic.private_ip_address
-      user     = "qservice"
-      password = "Qlik1234"
-      port     = 5985
-      https    = false
-      timeout  = "3m"
-    }
-
-    inline = [
-      "powershell.exe -File C:/provision/qs-post-cfg.ps1 -Hostname ${var.resource_group_name}.qmi.qlik-poc.com -CertPwd ${data.azurerm_key_vault_secret.cert-password.value} -QlikUserPwd ${random_password.qlikpassword.result}",
-      "powershell.exe -File C:/provision/np-post.ps1"
-    ]
-  }
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    "ProvId"  = var.provId != null? var.provId : null
-    "QMI_user" = var.user_id != null? var.user_id : null
-    "24x7" = var.is_24x7 == true? "" : null
-    "ShutdownTime": var.is_24x7 == false? var.shutdownTime : null
-    "StartupTime": var.is_24x7 == false? var.startupTime : null
-  }
-}

archived/vm-qs-np/scripts/carbonblack.ps1

@@ -1,16 +0,0 @@
-Param(
-    [string] $SensorSettings
-)
-
-Write-Log -Message "Installing and configuring Carbon Black"
-
-New-Item C:\provision\sensorsettings.ini | Out-Null
-Set-Content C:\provision\sensorsettings.ini $SensorSettings | Out-Null
-(Get-Content C:\provision\sensorsettings.ini) -replace ' ',"`r`n" | Set-Content C:\provision\sensorsettings.ini -Force
-
-C:\provision\CarbonBlackClientSetup.exe /S
-
-Write-Log -Message "Carbon Black is configure!"
-
-
-

archived/vm-qs-np/scripts/np-post.ps1

@@ -1,27 +0,0 @@
-Function restartNPServices
-{
-    write-log -Message "Starting NPrinting Services on $env:COMPUTERNAME"
-
-    Set-Service -Name QlikNPrintingEngine -StartupType Automatic
-    Set-Service -Name QlikNPrintingWebEngine -StartupType Automatic
-    Set-Service -Name QlikNPrintingScheduler -StartupType Automatic
-    Set-Service -Name QlikNPrintingMessagingService  -StartupType Automatic
-    Set-Service -Name QlikNPrintingRepoService  -StartupType Automatic
-    Set-Service -Name QlikNPrintingLicenseService  -StartupType Automatic
-
-    Start-Service -InputObject QlikNPrintingRepoService  -ErrorAction SilentlyContinue
-    Start-Service -InputObject QlikNPrintingMessagingService  -ErrorAction SilentlyContinue
-    Start-Service -InputObject QlikNPrintingWebEngine  -ErrorAction SilentlyContinue
-    Start-Service -InputObject QlikNPrintingEngine  -ErrorAction SilentlyContinue
-    Start-Service -InputObject QlikNPrintingScheduler  -ErrorAction SilentlyContinue
-    Start-Service -InputObject QlikNPrintingLicenseService -ErrorAction SilentlyContinue
-}
-
-Write-Log -Message "Exporting new certificates"
-Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Windows"
-Export-QlikCertificate -machineNames "localhost" -includeSecretsKey -exportFormat "Pem"
-
-
-Copy-Item "C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\localhost\client.pfx" -Destination "C:\Program Files\NPrintingServer\Settings\SenseCertificates" -Force
-
-restartNPServices

archived/vm-qs-np/scripts/qs-post-cfg.ps1

@@ -1,172 +0,0 @@
-<#
-Module:             qs-post-cfg
-Author:             Clint Carr
-Modified by:        -
-Modification History:
-- Fixed connect as user logic (qlik-cli change)
-- Added logic to accomodate for Professional/Analyzer or User licenses 
-- Added a loop into the Connect-Qlik statement to remove an abort error
-- Added Logging
-- Added comments
-- Error checking
-- Modified service connection for Qlik Sense from endless loop to a set number of attempts.
-- Added a service restart at the end of the Central Node (seems to resolve an issue with April 2018)
-last updated:       10/18/2019
-Intent: Configure the Qlik Sense environment with applications and Security Rules.
-#>
-
-Param(
-    [string] $Hostname,
-    [string] $CertPwd,
-    [string] $QlikUserPwd
-
-)
-
-Import-Module Qlik-Cli
-Import-Module "Carbon"
-
-# Helper Functions
-# ----------------
-function New-Credential($u,$p) {
-    $secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
-    return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
-}
-
-Write-Log -Message "Creating Qlik account"
-$cred = New-Credential "Qlik" $QlikUserPwd
-Install-User -Credential $cred
-
-Write-Log -Message "Starting qs-post-cfg.ps1"
-
-### Waiting for Qlik Sense installation to complete
-#-----------
-Function restartQse
-{
-    Write-Log "Checking Engine Service has started..."
-    $qse = get-service QlikSenseEngineService
-    write-log -Message "The engine is currently $($qse.Status)"
-    if ($qse.Status -eq "Stopped") {
-        Write-Log -Message "Starting Qlik Sense Engine and waiting 120 seconds" -Severity "Warn"; 
-        Start-Service QlikSenseEngineService ; 
-        Restart-Service QlikSenseServiceDispatcher; 
-        start-sleep -s 120
-    }
-    write-log -Message "The engine is currently $($qse.Status)"
-}
-
-Function connQSR
-{
-    $i = 1
-    $statusCode = 0
-    while ($statusCode -ne 200 -and $i -le 10) 
-        { 
-            try {$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode }
-            catch
-                {
-                    $i++
-                    write-log -Message "QSR on $env:COMPUTERNAME not responding attempt $i of 10..." -Severity "Warn"
-                    start-sleep -s 20 
-                }
-        } 
-}
-
-Function restartServices
-{
-    write-log -Message "Restarting Qlik Sense Services on $env:COMPUTERNAME" -Severity "Warn"
-    Restart-Service QlikSenseRepositoryDatabase -Force
-    Restart-Service QlikLoggingService -Force
-    Restart-Service QlikSenseServiceDispatcher -Force
-    Restart-Service QlikSenseRepositoryService -Force
-    Restart-Service QlikSenseProxyService -Force
-    Restart-Service QlikSenseEngineService -Force
-    Restart-Service QlikSensePrintingService -Force
-    Restart-Service QlikSenseSchedulerService -Force
-}
-
-Function qlikSenseUserAccess
-{
-    $userAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
-    $licenseId = Invoke-QlikPost "/qrs/License/UserAccessGroup" $userAccessGroup
-    $systemRuleJson = (@{
-        name = "Grant Everyone a token";
-        category = "License";
-        rule = '((user.name like "*"))';
-        type = "Custom";
-        resourceFilter = "License.UserAccessGroup_" + $licenseId.id;
-        actions = 1;
-        ruleContext = "QlikSenseOnly";
-        disabled = $false;
-        comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
-    Write-Log -Message "Adding user license rule to grant Everyone Tokens."
-    try {
-        Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
-    } catch {
-        Write-Log -Message $_.Exception.Message -Severity "Error"
-    }
-}
-
-Function qlikSenseProfessionalAccess
-{
-    $professionalAccessGroup = (@{name = "License Everyone";} | ConvertTo-Json -Compress -Depth 10)
-    $licenseId = Invoke-QlikPost "/qrs/License/ProfessionalAccessGroup" $professionalAccessGroup
-    $systemRuleJson = (@{
-        name = "Grant Everyone Professional Access";
-        category = "License";
-        rule = '((user.name like "*"))';
-        type = "Custom";
-        resourceFilter = "License.ProfessionalAccessGroup_" + $licenseId.id;
-        actions = 1;
-        ruleContext = "QlikSenseOnly";
-        disabled = $false;
-        comment = "Rule to set up automatic user access";} | ConvertTo-Json -Compress -Depth 10)
-    Write-Log -Message "Adding user license rule to grant Everyone access as Professional."
-    try {
-        Invoke-QlikPost "/qrs/SystemRule" $systemRuleJson | Out-Null
-    } catch {
-        Write-Log -Message $_.Exception.Message -Severity "Error"
-    }
-}
-
-#-----------
-write-log -Message "Waiting 1 minute for Qlik Sense installation to complete"
-start-sleep -s 60
-
-    
-### wait for Qlik Sense Proxy service to respond with an HTTP 200 status before proceeding
-connQSR
-$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
-if ($statusCode -ne 200)
-    { 
-        Write-Log -Message "Waiting 25 seconds before next pass" -Severity "Warn"
-        restartServices
-        Write-Log -Message "Waiting 45 seconds for Services to ensure they are ready" -Severity "Warn"
-        start-sleep -s 45
-        connQSR
-    }
-
-$statusCode = (Invoke-WebRequest https://$($env:COMPUTERNAME)/qps/user -UseBasicParsing).statusCode
-if ($statusCode -ne 200) { 
-        Write-Log -Message "Provisioning failed" -Severity "Error"
-        Exit 
-}
-Write-Log -Message "Qlik Sense Proxy responding on $env:COMPUTERNAME, status code: $statusCode"
-Write-Log -Message "Connecting to Qlik Sense Repository Service on $env:COMPUTERNAME"
-
-restartQse
-
-### Connect to the Qlik Sense Repository Service with Qlik-Cli
-do {write-log -Message "Connecting to Qlik Sense Repository"; start-sleep 15} 
-While( (Connect-Qlik $($env:COMPUTERNAME) -TrustAllCerts -UseDefaultCredentials -ErrorAction SilentlyContinue).length -eq 0 )
-
-
-### Install qlik-poc_com certificate
-Write-Log -Message "Install qlik-poc_com certificate"
-try {
-    $secpasswd = ConvertTo-SecureString $CertPwd -AsPlainText -Force
-    $sslCert=Import-PfxCertificate -FilePath C:/provision/wildcard_qmi_qlik-poc_com.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $secpasswd
-    Update-QlikProxy -SslBrowserCertificateThumbprint $sslCert.Thumbprint -id (Get-QlikProxy).id | Out-Null
-    Start-Sleep -s 10
-    Update-QlikVirtualProxy -id (Get-QlikVirtualProxy -filter "description eq 'Central Proxy (Default)'").id -websocketCrossOriginWhiteList $Hostname | Out-Null
-} catch {
-    Write-Log -Message $_.Exception.Message -Severity "Error"
-}

archived/vm-qs-np/scripts/resethostname.ps1

@@ -1,97 +0,0 @@
-Write-Log "Resize Partition C to max size"
-$size = Get-PartitionSupportedSize -DriveLetter C
-Resize-Partition -DriveLetter C -Size $size.SizeMax
-
-# Helper Functions
-# ----------------
-function New-Credential($u,$p) {
-    $secpasswd = ConvertTo-SecureString $p -AsPlainText -Force
-    return New-Object System.Management.Automation.PSCredential ($u, $secpasswd)
-}
-$cred = New-Credential "qservice" "Qlik1234"
-#import-module "Carbon"
-
-REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
-
-
-Set-Service -Name "QlikLoggingService" -StartupType Automatic
-Set-Service -Name "QlikSenseServiceDispatcher" -StartupType Automatic
-Set-Service -Name "QlikSenseProxyService" -StartupType Automatic
-Set-Service -Name "QlikSenseEngineService"  -StartupType Automatic
-Set-Service -Name "QlikSensePrintingService"  -StartupType Automatic
-Set-Service -Name "QlikSenseSchedulerService"  -StartupType Automatic
-Set-Service -Name "QlikSenseRepositoryService"  -StartupType Automatic
-Set-Service -Name "QlikSenseRepositoryDatabase"  -StartupType Automatic
-
-
-Write-Log "Starting QlikSenseRepositoryDatabase and QlikSenseServiceDispatcher"
-Start-Service QlikSenseRepositoryDatabase
-Start-Service QlikSenseServiceDispatcher
-
-#Delete certificates
-Write-Log "Deleting old certificates"
-#Get-ChildItem "$($env:ProgramData)\Qlik\Sense\Repository\Exported Certificates\" | Remove-Item -Recurse
-$Certs = Get-ChildItem cert:"CurrentUser\My" | Where-Object { $_.Subject -match 'QlikClient' }
-$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
-$Certs = Get-ChildItem cert:"LocalMachine\My" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' }
-$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
-$Certs = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'GEN-QS' -or $_.Subject -match 'QMI-QS' }
-$Certs | ForEach-Object{Remove-Item -path $_.PSPath -recurse -Force}
-
-Write-Log "Setting new hostname to Host.cfg file"
-Write-Log $($env:computername)
-$enchostname = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$($env:computername)"))
-Set-Content -Path C:\ProgramData\Qlik\Sense\Host.cfg -Value $enchostname
-
-Write-Log "Recreating Qlik Sense certificates"
-# AS if qservice user
-Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
-
-#From PS
-#Start-Process -FilePath "C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe" -ArgumentList "/bootstrap /standalone /restorehostname" -Verb runAs
-
-#qs
-#Start-Process powershell.exe -Credential $cred -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/k C:\PROGRA~1\Qlik\Sense\Repository\Repository.exe -bootstrap -standalone -restorehostname'"
-
-$waiting=50
-Write-Log "Waiting $waiting secs ..."
-Start-Sleep -s $waiting
-
-#- Wait 10 seconds
-Write-Log "Restarting Service Dispatcher"
-#- Restart Service Dispacher
-Restart-Service QlikSenseServiceDispatcher -Force
-#- Restart rest of the services
-
-
-Start-Sleep -s 20
-
-Write-Log "New Certs: CurrentUser\My"
-Get-ChildItem cert:"CurrentUser\My"
-Write-Log "New Certs: LocalMachine\My"
-Get-ChildItem cert:"LocalMachine\My"
-Write-Log "New Certs: LocalMachine\Root"
-Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
-$NewCerts = Get-ChildItem cert:"LocalMachine\Root" | Where-Object { $_.Subject -match 'QMI' }
-
-if ($NewCerts) {
-    Write-Log "Restarting all Qlik Sense services"
-    Restart-Service QlikSenseServiceDispatcher -Force
-    Restart-Service QlikLoggingService -Force
-    Restart-Service QlikSenseRepositoryService -Force
-    Restart-Service QlikSenseProxyService -Force
-    Restart-Service QlikSenseEngineService -Force
-    Restart-Service QlikSenseSchedulerService -Force 
-    Restart-Service QlikSensePrintingService -Force 
-
-    Start-Sleep -s 20
-    Write-Log "Recovering Qlik Sense users"
-    Start-Process powershell.exe -ArgumentList "Start-Process cmd.exe -Verb runAs -ArgumentList '/c C:\provision\updatedir.bat'"
-    Restart-Service QlikSenseRepositoryService -Force
-
-} else {
-    Write-Error "Error: Qlik Sense Certs not recreated!"
-    throw "Error: Qlik Sense Certs not recreated!"
-}
-
-REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f

archived/vm-qs-np/scripts/updatedir.bat

@@ -1,10 +0,0 @@
-@echo off
-set host_name=localhost
-set owner_name=postgres 
-set PGPASSWORD=Qlik1234
-
-C: && cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" && psql -p 4432 -U %owner_name% -d QSR --command "UPDATE public.\"Users\" SET \"UserDirectory\" = '%COMPUTERNAME%', \"RolesString\" = 'RootAdmin' WHERE \"UserDirectory\" != 'INTERNAL';"
-psql -p 4432 -U %owner_name% -d QSR --command "SELECT * FROM public.\"Users\" WHERE \"RolesString\" = 'RootAdmin';"
-
-cd "C:\provision"
-@echo off

aws-credentials/main.tf

@@ -0,0 +1,19 @@
+terraform {
+    required_version = ">= 0.13"
+}
+
+provider "azurerm" {    
+    features {}
+    subscription_id = var.subscription_id
+    use_msi = true
+}
+
+data "azurerm_key_vault_secret" "qmi-aws-access-key" {
+  name         = "qmi-aws-access-key"
+  key_vault_id = var.key_vault_id
+}
+
+data "azurerm_key_vault_secret" "qmi-aws-access-secret" {
+  name         = "qmi-aws-access-secret"
+  key_vault_id = var.key_vault_id
+}

aws-credentials/output.tf

@@ -0,0 +1,7 @@
+output "qmi-aws-access-key" {
+    value = data.azurerm_key_vault_secret.qmi-aws-access-key.value
+}
+
+output "qmi-aws-access-secret" {
+    value = data.azurerm_key_vault_secret.qmi-aws-access-secret.value
+}

aws-credentials/variables.tf

@@ -0,0 +1,7 @@
+variable "subscription_id" {
+    default = "62ebff8f-c40b-41be-9239-252d6c0c8ad9"
+}
+
+variable "key_vault_id" {
+    default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-Machines/providers/Microsoft.KeyVault/vaults/qmisecrets"
+}

compose-install/main.tf

@@ -14,7 +14,8 @@ data "azurerm_key_vault_secret" "cert-password" {
 }
 
 locals {
-  composeLicense = (var.c_version == "c4dw")? data.azurerm_key_vault_secret.c4dw.value : data.azurerm_key_vault_secret.compose-license.value
+  composeLicense = (var.c_version == "c4dw")? nonsensitive(data.azurerm_key_vault_secret.c4dw.value) : nonsensitive(data.azurerm_key_vault_secret.compose-license.value)
+  cert_password = nonsensitive(data.azurerm_key_vault_secret.cert-password.value)
 }
 
 # Install and configure Compose
@@ -30,7 +31,7 @@ resource "null_resource" "install" {
       https    = false
       timeout  = "30m"
     }
-    source      = "${path.module}/scripts"
+    source      = "${path.module}/main"
     destination = "C:/provision/compose-install"
   }
 
@@ -46,10 +47,11 @@ resource "null_resource" "install" {
     }
 
     inline = [
+      "powershell.exe -File C:/provision/compose-install/prep-files.ps1",
       "powershell.exe -File C:/provision/compose-install/di-compose-getBinary.ps1 -url ${var.download_url}",
       "powershell.exe -File C:/provision/compose-install/di-compose-install.ps1 -url ${var.download_url} -version ${var.c_version}",
       "powershell.exe -File C:/provision/compose-install/di-compose-setlicense.ps1 -composeLicense \"${local.composeLicense}\" -version ${var.c_version}",
-      "powershell.exe -File C:/provision/compose-install/di-compose-installQMICertificate.ps1 -CertPwd ${data.azurerm_key_vault_secret.cert-password.value} -version ${var.c_version}",
+      "powershell.exe -File C:/provision/compose-install/di-compose-installQMICertificate.ps1 -CertPwd \"${local.cert_password}\" -version ${var.c_version}",
     ]
 
   }

compose-install/main/prep-files.ps1

@@ -0,0 +1,30 @@
+
+Param(
+    [string] $repo="qmi-cloud-tf-modules",
+    [string] $branch="master",
+    [string] $scenario="compose-install",
+    [string] $path="scripts"    
+)
+
+$pathIs="$scenario/$path"
+
+$DownloadUrl="https://gitlab.com/qmi/$repo/-/archive/$branch/$repo-$branch.zip?path=$pathIs"
+
+Write-Host "--- Boostrap# Downloading repository files ($DownloadUrl) from branch ($branch)..."
+
+New-Item -ItemType Directory -Force -Path C:\Temp | Out-Null
+
+$ProgressPreference = 'SilentlyContinue'
+
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+(New-Object System.Net.WebClient).DownloadFile($DownloadUrl, "C:\Temp\$scenario.zip") 
+
+Expand-Archive "C:\Temp\$scenario.zip" -DestinationPath "C:\Temp" -Force
+
+New-Item -ItemType Directory -Force -Path C:\Provision | Out-Null
+New-Item -ItemType Directory -Force -Path C:\Provision\compose-install | Out-Null
+
+Copy-Item -Path "C:\Temp\$repo-$branch-$scenario-scripts\$scenario\$path\*" -Destination "C:\Provision\compose-install" -Recurse -Force
+
+Remove-Item "C:\Temp\$repo-$branch-$scenario-scripts" -Recurse
+Remove-Item "C:\Temp\$scenario.zip" -Recurse

compose-install/output.tf

@@ -0,0 +1,7 @@
+output "finished" {
+    value = true
+
+    depends_on = [
+      null_resource.install
+    ]
+}

compose-install/scripts/Compose_install_2021.2.0.iss

@@ -0,0 +1,25 @@
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
+Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
+Count=5
+Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0
+Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
+Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
+Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcomeMaint-0]
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-MessageBox-0]
+Result=6
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
+Result=1
+bOpt1=0
+bOpt2=0
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicense2Rtf-0]
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
+szDir=C:\Program Files\Qlik\Compose\
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
+Result=1
+

compose-install/scripts/Compose_install_2021.8.0.iss

@@ -0,0 +1,20 @@
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
+Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
+Count=5
+Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0
+Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
+Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
+Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0]
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
+szDir=C:\Program Files\Qlik\Compose\
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
+Result=1
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
+Result=1
+bOpt1=0
+bOpt2=0

compose-install/scripts/Compose_install_c4dw.iss

@@ -1,20 +1,20 @@
-[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-DlgOrder]
-Dlg0={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdWelcome-0
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-DlgOrder]
+Dlg0={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0
 Count=5
-Dlg1={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdLicense2Rtf-0
-Dlg2={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdAskDestPath-0
-Dlg3={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdStartCopy-0
-Dlg4={AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdFinish-0
-[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdWelcome-0]
+Dlg1={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0
+Dlg2={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0
+Dlg3={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0
+Dlg4={CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdWelcome-0]
 Result=1
-[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdLicense2Rtf-0]
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdLicenseAgreement-0]
 Result=1
-[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdAskDestPath-0]
-szDir=C:\Program Files\Attunity\Compose for Data Warehouses\
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdAskDestPath-0]
+szDir=C:\Program Files\Qlik\Compose\
 Result=1
-[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdStartCopy-0]
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdStartCopy-0]
 Result=1
-[{AE6E976D-5485-4F2E-87CC-39CBEF87E47D}-SdFinish-0]
+[{CC3EB4FA-1694-4961-93E6-D7F0DA630806}-SdFinish-0]
 Result=1
 bOpt1=0
 bOpt2=0

compose-install/scripts/di-compose-install.ps1

@@ -22,10 +22,11 @@ Write-Host "Binary Path $($bin)"
 Write-Host "Starting di-c4dw-install.ps1"
 $issFile = "Compose_install.iss"
 
-if ( $version -eq "c4dw" ) {
-    $issFile = "Compose_install_c4dw.iss"   
+if ( $version -ne "gen2" ) {
+    $issFile = "Compose_install_$version.iss" 
 }
 
+
 Write-Host $bin\$fileName
 
 If ((Test-Path $bin\$fileName))

compose-install/scripts/di-compose-installQMICertificate.ps1

@@ -11,18 +11,18 @@ try {
     $thumb=$($sslCert.Thumbprint)
     Write-Host "Set SSL qmi_qlik-poc_com for Compose"
     
-    if ( $version -eq "gen2" ) {
-        Stop-Service QlikCompose
-        Start-Process -FilePath "C:\Program Files\Qlik\Compose\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
-        netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
-
-        Start-Service QlikCompose
-    } else {
+    if ( $version -eq "c4dw" ) {
         Stop-Service AttunityComposeForDataWarehouses
         Start-Process -FilePath "C:\Program Files\Attunity\Compose for Data Warehouses\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
         netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
 
         Start-Service AttunityComposeForDataWarehouses
+    } else {
+        Stop-Service QlikCompose
+        Start-Process -FilePath "C:\Program Files\Qlik\Compose\bin\ComposeCtl.exe" -ArgumentList "certificate clean" -Wait -NoNewWindow
+        netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'
+
+        Start-Service QlikCompose
         
     }
 

compose-install/scripts/di-compose-setlicense.ps1

@@ -25,11 +25,20 @@ if ( $version -eq "c4dw" ) {
 }
 $bin = $bin -replace ' ','` '
 
-Write-Host "Connect to Compose"
+$cmd = "$($bin)ComposeCli.exe connect"
+Write-Host "Connect to Compose: $($cmd)"
 $cmd = "$($bin)ComposeCli.exe connect"
 Invoke-Expression $cmd
 
-Write-Host "Apply Compose License"
-$cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
+Start-Sleep 5
+
+if ( $version -eq "2021.8.0" ) {
+    $cmd = "$($bin)ComposeCli.exe register_license --infile $PSScriptRoot\compose-license.txt"
+} else {
+    $cmd = "$($bin)ComposeCli.exe register_license --req @$PSScriptRoot\compose-license.txt"
+}
+Write-Host "Apply Compose License: $($cmd)"
 Invoke-Expression $cmd
 
+Start-Sleep 5
+

compose-install/variables.tf

@@ -11,7 +11,8 @@ variable "vm_admin_password" {
 }
 
 variable "download_url" {
-   default = "https://da3hntz84uekx.cloudfront.net/QlikReplicate/7.0.0/5/_MSI/AttunityReplicate_7.0.0.514_X64.zip"
+   //default = "https://da3hntz84uekx.cloudfront.net/QlikCompose/2021.8.0/139/_MSI/Qlik_Compose_2021.8.0.139.zip"
+   default = "https://github.com/qlik-download/compose/releases/download/v2021.8.0.465/Qlik_Compose_2021.8.0.465.zip"
 }
 
 variable "key_vault_id" {
@@ -21,4 +22,8 @@ variable "key_vault_id" {
 variable "c_version" {
   default     = "gen2"
   description = "'c4dw' or 'gen2'"
+}
+
+variable "trigger_done" {
+  default = null
 }

databases/aws-kinesis/main.tf

@@ -0,0 +1,118 @@
+
+terraform {
+
+  required_version = ">= 0.13"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.69.0"
+    }
+  }
+}
+
+locals {
+  myRegex = "/[^[:alpha:]]/"
+  splitLower = split(" ", lower(var.user_id))
+  np0 = replace(element(local.splitLower,0), local.myRegex, "")
+  np1 = replace(element(local.splitLower,1), local.myRegex, "")
+  container_n1 = substr(local.np0, 0, 3)
+  container_n2 = substr(local.np1, 0, 1)
+  container_n3 = substr(strrev(local.np1), 0, 1)
+  
+  scnamelower = "${local.container_n1}${local.container_n2}${local.container_n3}"
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+    ProvID   = var.provision_id
+    Name     = "qmi-${var.provision_id}"
+  }
+
+}
+
+resource "aws_kinesis_stream" "attrep_apply_exceptions" {
+
+  name             = "${local.scnamelower}.attrep_apply_exceptions"
+  shard_count      = 1
+
+  /*stream_mode_details {
+    stream_mode = "PROVISIONED"
+  }*/
+
+  tags = local.tags
+}
+
+resource "aws_kinesis_stream" "semployees" {
+
+  name             = "${local.scnamelower}.EMPLOYEES"
+  shard_count      = 3
+
+  /*stream_mode_details {
+    stream_mode = "PROVISIONED"
+  }*/
+
+  tags = local.tags
+}
+
+resource "aws_kinesis_stream" "sjobs" {
+
+  name             = "${local.scnamelower}.JOBS"
+  shard_count      = 3
+
+  /*stream_mode_details {
+    stream_mode = "PROVISIONED"
+  }*/
+
+  tags = local.tags
+}
+
+resource "aws_kinesis_stream" "metadata" {
+
+  name             = "${local.scnamelower}.metadata"
+  shard_count      = 1
+
+  /*stream_mode_details {
+    stream_mode = "PROVISIONED"
+  }*/
+
+  tags = local.tags
+}
+
+module "iam_user" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
+
+
+  version = "~> 3.0"
+
+  name          = "qmi-user-${var.provision_id}"
+  force_destroy = true
+
+  create_iam_user_login_profile = false
+  #pgp_key = "keybase:test"
+
+  password_reset_required = false
+
+  tags = local.tags
+
+}
+
+resource "aws_iam_user_policy" "kinesis_pol" {
+    
+  name = "kinesis_policy_${module.iam_user.this_iam_user_name}"
+  user = module.iam_user.this_iam_user_name
+
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  policy = jsonencode({
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "kinesis:*",
+            "Resource": "*"
+        }
+    ]
+  })
+}

databases/aws-kinesis/output.tf

@@ -0,0 +1,27 @@
+output "arn_metadata" {
+  value = aws_kinesis_stream.metadata.arn
+} 
+
+output "arn_employees" {
+  value = aws_kinesis_stream.semployees.arn
+}
+
+output "arn_jobs" {
+  value = aws_kinesis_stream.sjobs.arn
+}
+
+output "arn_attrep_apply_exceptions" {
+  value = aws_kinesis_stream.attrep_apply_exceptions.arn
+}
+
+output "iam_name" {
+  value = module.iam_user.this_iam_user_name
+}
+
+output "iam_access_key" {
+  value = module.iam_user.this_iam_access_key_id
+}
+
+output "iam_access_secret" {
+  value = module.iam_user.this_iam_access_key_secret
+}

databases/aws-kinesis/variables.tf

@@ -0,0 +1,10 @@
+variable "region" {
+  default = "us-east-1"
+}
+
+variable "provision_id" {
+  
+}
+
+variable "user_id" {
+}

databases/aws-rds/main.tf

@@ -10,17 +10,6 @@ terraform {
   }
 }
 
-provider "aws" {
-
-  region     = var.region
-  access_key = var.aws_provider_access_key
-  secret_key = var.aws_provider_access_secret
-
-  alias = "myaws"
-
-}
-
-
 locals {
   provid5              = substr(var.provision_id, 0, 5)
   aurora               = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false
@@ -28,26 +17,26 @@ locals {
   subnet_ids           = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
   port                 = (var.engine == "oracle-se2") ? "1521" : (var.engine == "postgres") ? "5432" : (var.engine == "aurora-postgresql") ? "5432" : (var.engine == "sqlserver-ex") ? "1433" : "3306"
   name                 = (var.engine == "sqlserver-ex") ? null : (var.engine == "oracle-se2") ? "ora${local.provid5}" : "qmi${var.provision_id}"
-  license              = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : "license-included"
-  engine_version       = (var.engine == "oracle-se2") ? "engine_version=19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "12.6" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5" #mariaDB
-  major_engine_version = (var.engine == "oracle-se2") ? "19.0" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5"                                                                                    #mariaDB
-  family               = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5"              #mariaDB
+  license              = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : (var.engine == "postgres") ? "postgresql-license" : (var.engine == "mysql") ? "general-public-license" : "license-included"
+  engine_version       = (var.engine == "oracle-se2") ? "19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "12.6" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5"   #mariaDB
+  major_engine_version = (var.engine == "oracle-se2") ? "19" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5"                                                                         #mariaDB
+  family               = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5" #mariaDB
   tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
     QMI_user = var.user_id
     ProvID   = var.provision_id
+    Name     = "qmi-${var.provision_id}"
   }
 }
 
 
 module "security_group" {
+  
   # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 4.3"
 
-  providers = {
-    aws = aws.myaws
-  }
-
   name        = "${var.provision_id}-SG"
   description = "${var.provision_id}-SG"
   vpc_id      = local.vpc_id
@@ -55,7 +44,45 @@ module "security_group" {
 
   # ingress
 
-  ingress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
+  ingress_cidr_blocks = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32",
+    #QAA
+    "54.216.156.88/32",
+    "3.248.156.131/32",
+    "52.213.44.55/32",
+    "18.235.133.252/32",
+    "3.217.244.242/32",
+    "18.214.8.201/32",
+    "54.206.158.27/32",
+    "3.104.137.20/32",
+    "3.24.52.178/32",
+    "54.169.84.213/32",
+    "13.213.173.37/32",
+    "13.213.113.162/32"
+  ]
 
   ingress_with_cidr_blocks = [
     {
@@ -69,7 +96,45 @@ module "security_group" {
 
   # egress
 
-  egress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]
+  egress_cidr_blocks = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32",
+    #QAA
+    "54.216.156.88/32",
+    "3.248.156.131/32",
+    "52.213.44.55/32",
+    "18.235.133.252/32",
+    "3.217.244.242/32",
+    "18.214.8.201/32",
+    "54.206.158.27/32",
+    "3.104.137.20/32",
+    "3.24.52.178/32",
+    "54.169.84.213/32",
+    "13.213.173.37/32",
+    "13.213.113.162/32"
+  ]
 
   egress_with_cidr_blocks = [
     {
@@ -88,11 +153,7 @@ module "common_rds_instance" {
   source  = "terraform-aws-modules/rds/aws"
   version = "~> 3.3"
 
-  count = local.aurora ? 0 : 1
-
-  providers = {
-    aws = aws.myaws
-  }
+  count = local.aurora? 0 : 1
 
   identifier = "${var.engine}${var.provision_id}"
 
@@ -131,11 +192,7 @@ module "aurora_rds_instance" {
   source  = "terraform-aws-modules/rds-aurora/aws"
   version = "~> 5.2"
 
-  count = local.aurora ? 1 : 0
-
-  providers = {
-    aws = aws.myaws
-  }
+  count = local.aurora? 1 : 0
 
   name           = local.name
   engine         = var.engine

databases/aws-rds/output.tf

@@ -1,21 +1,23 @@
  output "db_username" {
   description = "The master username for the database"
-  value       = local.aurora ? module.aurora_rds_instance[0].rds_cluster_master_username : module.common_rds_instance[0].db_instance_username
-  sensitive   = true
+  value       = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].rds_cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username)
 } 
 
  output "db_instance_password" {
   description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)"
-  value       = local.aurora ? module.aurora_rds_instance[0].rds_cluster_master_password : module.common_rds_instance[0].db_instance_password
-  sensitive   = true
+  value       = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].rds_cluster_master_password) : nonsensitive(module.common_rds_instance[0].db_instance_password)
 }
 
  output "db_instance_port" {
   description = "The database port"
-  value       = local.aurora ? module.aurora_rds_instance[0].rds_cluster_port : module.common_rds_instance[0].db_instance_port
+  value       = (local.aurora)? module.aurora_rds_instance[0].rds_cluster_port : module.common_rds_instance[0].db_instance_port
 }
 
 output "db_instance_endpoint" {
   description = "The connection endpoint"
-  value       = local.aurora ? module.aurora_rds_instance[0].rds_cluster_instance_endpoint : module.common_rds_instance[0].db_instance_endpoint
+  value       = (local.aurora)? module.aurora_rds_instance[0].rds_cluster_endpoint : module.common_rds_instance[0].db_instance_endpoint
+}
+
+output "db_instance_name" {
+  value       = local.name
 }

databases/aws-rds/variables.tf

@@ -1,9 +1,3 @@
-variable "aws_provider_access_key" {
-}
-
-variable "aws_provider_access_secret" {
-}
-
 variable "region" {
   default = "us-east-1"
 }

databases/aws-redshift/main.tf

@@ -0,0 +1,193 @@
+terraform {
+
+  required_version = ">= 0.14"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.49.0"
+    }
+  }
+}
+
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!"
+  min_numeric = 1
+  upper = true
+  lower = true
+  number = true
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+locals {
+  provid5              = substr(var.provision_id, 0, 5)
+  vpc_id               = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
+  subnet_ids           = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
+  port                 = "5439"
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+    ProvID   = var.provision_id
+    Name     = "qmi-${var.provision_id}"
+  }
+}
+
+module "security_group" {
+  # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 4.3"
+
+  name        = "${var.provision_id}-SG"
+  description = "${var.provision_id}-SG"
+  vpc_id      = local.vpc_id
+
+
+  # ingress
+
+  ingress_cidr_blocks = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32",
+    #QAA
+    "54.216.156.88/32",
+    "3.248.156.131/32",
+    "52.213.44.55/32",
+    "18.235.133.252/32",
+    "3.217.244.242/32",
+    "18.214.8.201/32",
+    "54.206.158.27/32",
+    "3.104.137.20/32",
+    "3.24.52.178/32",
+    "54.169.84.213/32",
+    "13.213.173.37/32",
+    "13.213.113.162/32"
+  ]
+
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = local.port
+      to_port     = local.port
+      protocol    = "tcp"
+      description = "Redshift"
+
+    },
+  ]
+
+  # egress
+
+  egress_cidr_blocks = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32",
+    #QAA
+    "54.216.156.88/32",
+    "3.248.156.131/32",
+    "52.213.44.55/32",
+    "18.235.133.252/32",
+    "3.217.244.242/32",
+    "18.214.8.201/32",
+    "54.206.158.27/32",
+    "3.104.137.20/32",
+    "3.24.52.178/32",
+    "54.169.84.213/32",
+    "13.213.173.37/32",
+    "13.213.113.162/32"
+  ]
+
+  
+  egress_with_cidr_blocks = [
+    {
+      from_port   = local.port
+      to_port     = local.port
+      protocol    = "tcp"
+      description = "Redshift"
+
+    },
+  ]
+
+  tags = local.tags
+}
+
+module "redshift" {
+
+  source  = "terraform-aws-modules/redshift/aws"
+  version = "~> 3.0"
+
+  cluster_identifier      = "qmi-${var.provision_id}"
+  cluster_node_type       = "dc2.large" #"dc1.large"
+  cluster_number_of_nodes = 1
+
+  cluster_database_name   = var.cluster_database_name
+  cluster_master_username = var.cluster_master_username
+  cluster_master_password = random_password.password.result
+
+  # Group parameters
+  #wlm_json_configuration = "[{\"query_concurrency\": 5}]"
+
+  # DB Subnet Group Inputs
+  subnets = local.subnet_ids
+  vpc_security_group_ids = [module.security_group.security_group_id]
+  publicly_accessible = true
+
+  # IAM Roles
+  #cluster_iam_roles = ["arn:aws:iam::225367859851:role/developer"]
+
+  tags = local.tags
+
+}
+
+module "qmi-s3-bucket" {
+
+  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//s3-bucket?ref=dev2"
+  
+  provision_id                  = var.provision_id
+  region                        = var.region
+  user_id                       = var.user_id
+}

databases/aws-redshift/outputs.tf

@@ -0,0 +1,47 @@
+output "redshift_cluster_id" {
+  description = "The availability zone of the RDS instance"
+  value       = module.redshift.redshift_cluster_id
+}
+
+output "redshift_cluster_endpoint" {
+  description = "Redshift endpoint"
+  value       = module.redshift.redshift_cluster_endpoint
+}
+
+output "redshift_cluster_hostname" {
+  description = "Redshift hostname"
+  value       = module.redshift.redshift_cluster_hostname
+}
+
+output "redshift_cluster_port" {
+  description = "Redshift port"
+  value       = module.redshift.redshift_cluster_port
+}
+
+output "redshift_cluster_database_name" {
+    value = module.redshift.redshift_cluster_database_name
+}
+
+output "redshift_cluster_master_username" {
+    value = var.cluster_master_username
+}
+
+output "redshift_cluster_master_password" {
+    value = nonsensitive(random_password.password.result)
+}
+
+output "s3_bucket_name" {
+  value = module.qmi-s3-bucket.bucket.s3_bucket_id
+}
+
+output "s3_bucket_region" {
+  value = module.qmi-s3-bucket.bucket.s3_bucket_region
+}
+
+output "s3_iam_user_access_key" {
+  value = module.qmi-s3-bucket.iam_access_key
+}
+
+output "s3_iam_user_access_secret" {
+  value = module.qmi-s3-bucket.iam_access_secret
+}

databases/aws-redshift/variables.tf

@@ -0,0 +1,42 @@
+variable "region" {
+  default = "us-east-1"
+}
+
+variable "provision_id" {
+  
+}
+
+variable "user_id" {
+}
+
+variable "vpc_id_ap" {
+  default = "vpc-22ee2844"
+}
+
+variable "vpc_id_eu" {
+  default = "vpc-73f0500a"
+}
+
+variable "vpc_id_us" {
+  default = "vpc-c079f5bd"
+}
+
+variable "subnet_ids_ap" {
+  default = ["subnet-658aec3c", "subnet-e030eba8", "subnet-94309bf2"]
+}
+
+variable "subnet_ids_eu" {
+  default = ["subnet-4d441b17", "subnet-95c22fde", "subnet-70938116"]
+}
+
+variable "subnet_ids_us" {
+  default = ["subnet-4d26552b", "subnet-0414685b", "subnet-c97f7c84", "subnet-7f695c71", "subnet-96acd2b7", "subnet-88ab2cb9"]
+}
+
+variable "cluster_database_name" {
+    default = "qmi_rs_db"
+}
+
+variable "cluster_master_username" {
+    default = "qmi"
+}

databases/azure-eventhub/main.tf

@@ -0,0 +1,71 @@
+locals {
+  myRegex = "/[^[:alpha:]]/"
+  splitLower = split(" ", lower(var.user_id))
+  np0 = replace(element(local.splitLower,0), local.myRegex, "")
+  np1 = replace(element(local.splitLower,1), local.myRegex, "")
+  container_n1 = substr(local.np0, 0, 3)
+  container_n2 = substr(local.np1, 0, 1)
+  container_n3 = substr(strrev(local.np1), 0, 1)
+  
+  scnamelower = "${local.container_n1}${local.container_n2}${local.container_n3}"
+
+}
+
+
+resource "azurerm_eventhub_namespace" "ehbnamespace" {
+  name                  = "qlik${local.scnamelower}ns"
+  location              = var.location
+  resource_group_name   = var.resource_group_name
+  sku                   = "Standard"
+  capacity              = 1
+  auto_inflate_enabled  = true
+  maximum_throughput_units = 2
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+
+  network_rulesets {
+      
+      default_action = "Deny"
+      trusted_service_access_enabled = true
+      
+      virtual_network_rule {
+          subnet_id = var.subnet_id
+      }
+  }
+}
+
+resource "azurerm_eventhub" "attrep_apply_exceptions" {
+  name                = "attrep_apply_exceptions"
+  namespace_name      = azurerm_eventhub_namespace.ehbnamespace.name
+  resource_group_name = var.resource_group_name
+  partition_count     = 1
+  message_retention   = 1
+}
+
+resource "azurerm_eventhub" "hr_employees" {
+  name                = "hr.employees"
+  namespace_name      = azurerm_eventhub_namespace.ehbnamespace.name
+  resource_group_name = var.resource_group_name
+  partition_count     = 1
+  message_retention   = 1
+}
+
+resource "azurerm_eventhub" "hr_jobs" {
+  name                = "hr.jobs"
+  namespace_name      = azurerm_eventhub_namespace.ehbnamespace.name
+  resource_group_name = var.resource_group_name
+  partition_count     = 1
+  message_retention   = 1
+}
+
+resource "azurerm_eventhub" "metadatahub" {
+  name                = "metadatahub"
+  namespace_name      = azurerm_eventhub_namespace.ehbnamespace.name
+  resource_group_name = var.resource_group_name
+  partition_count     = 1
+  message_retention   = 1
+}

databases/azure-eventhub/outputs.tf

@@ -0,0 +1,12 @@
+output "default_primary_connection_string" {
+  value = azurerm_eventhub_namespace.ehbnamespace.default_primary_connection_string
+}
+
+output "default_primary_key" {
+  value = azurerm_eventhub_namespace.ehbnamespace.default_primary_key
+}
+
+output "namespace_name" {
+  value = "qlik${local.scnamelower}ns"
+}
+

databases/azure-eventhub/variables.tf

@@ -1,20 +1,20 @@
 variable "resource_group_name" {
+  type = string
 }
 
-variable "location" {
-
+variable "provision_id" {
+  type = string
 }
 
 variable "subnet_id" {
 
 }
 
+variable "location" {
+  type = string
+  default = "EAST US"
+}
+
 variable "user_id" {
-    
-}
-
-variable "administrator_login" {
-}
-
-variable "administrator_login_password" {
+  type = string
 }

databases/azure-rds-flexmysql/main.tf

@@ -0,0 +1,60 @@
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_numeric = 2
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+resource "azurerm_mysql_flexible_server" "mysql-server" {
+  name = "qmi-mysql-${var.provision_id}"
+  location = var.location
+  resource_group_name = var.resource_group_name
+ 
+  administrator_login = var.admin_login
+  administrator_password = random_password.password.result
+
+  storage {
+    size_gb = var.mysql-storage
+  }
+
+  backup_retention_days  = 7
+  sku_name = var.mysql-sku-name
+  version = var.mysql-version
+
+  geo_redundant_backup_enabled = false
+  //public_network_access_enabled = true
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+}
+
+resource "azurerm_mysql_flexible_database" "example" {
+  name                = "QlikDB"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql-server.name
+  charset             = "utf8"
+  collation           = "utf8_unicode_ci"
+}
+
+resource "azurerm_mysql_flexible_server_configuration" "example" {
+  name                = "binlog_row_image"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql-server.name
+  value               = "full"
+}
+
+resource "azurerm_mysql_flexible_server_firewall_rule" "all-azure-services" {
+  name                = "AllAzureServices"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql-server.name
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "0.0.0.0"
+}

databases/azure-rds-flexmysql/output.tf

@@ -0,0 +1,11 @@
+output "db_server_fqdn" {
+  value = azurerm_mysql_flexible_server.mysql-server.fqdn
+}
+
+output "root_username" {
+  value = var.admin_login
+}
+
+output "root_username_password" {
+  value = nonsensitive(random_password.password.result)
+}

databases/azure-rds-flexmysql/variables.tf

@@ -0,0 +1,39 @@
+variable "resource_group_name" {
+
+}
+
+variable "provision_id" {
+  type = string
+  description = "(optional) describe your variable"
+}
+
+variable "location" {
+  type = string
+  description = "(optional) describe your variable"
+  default = "EAST US"
+}
+
+variable "user_id" {
+}
+
+variable "admin_login" {
+  type = string
+  description = "Login to authenticate to MySQL Server"
+  default = "qmi"
+}
+
+variable "mysql-version" {
+  type = string
+  description = "MySQL Server version to deploy"
+  default = "5.7"
+}
+variable "mysql-sku-name" {
+  type = string
+  description = "MySQL SKU Name"
+  default = "GP_Standard_D2ds_v4"
+}
+variable "mysql-storage" {
+  type = string
+  description = "MySQL Storage in MB"
+  default = "20"
+  }

databases/azure-rds-flexpostgres/main.tf

@@ -0,0 +1,61 @@
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_numeric = 2
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+resource "azurerm_postgresql_flexible_server" "postgresql-server" {
+  name = "qmi-postgresql-${var.provision_id}"
+  location = var.location
+  resource_group_name = var.resource_group_name
+
+  version                = var.postgresql-version
+ 
+  administrator_login    = var.admin_login
+  administrator_password = random_password.password.result
+
+  storage_mb = var.postgresql-storage
+  sku_name   = var.postgresql-sku-name
+
+  geo_redundant_backup_enabled = false
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+
+}
+
+resource "azurerm_postgresql_flexible_server_configuration" "conf1" {
+  name      = "wal_level"
+  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
+  value     = "logical"
+}
+
+resource "azurerm_postgresql_flexible_server_configuration" "conf2" {
+  name      = "log_statement"
+  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
+  value     = "all"
+}
+
+resource "azurerm_postgresql_flexible_server_database" "postgresql-db" {
+  name      = "QlikPostgresqlDB"
+  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
+  collation = "en_US.utf8"
+  charset   = "utf8"
+}
+
+
+resource "azurerm_postgresql_flexible_server_firewall_rule" "all-azure-services" {
+  name                = "AllAzureServices"
+  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "0.0.0.0"
+}

databases/azure-rds-flexpostgres/output.tf

@@ -0,0 +1,11 @@
+output "db_server_fqdn" {
+  value = azurerm_postgresql_flexible_server.postgresql-server.fqdn
+}
+
+output "root_username" {
+  value = var.admin_login
+}
+
+output "root_username_password" {
+  value = nonsensitive(random_password.password.result)
+}

databases/azure-rds-flexpostgres/variables.tf

@@ -0,0 +1,41 @@
+variable "resource_group_name" {
+
+}
+
+variable "provision_id" {
+  type = string
+  description = "(optional) describe your variable"
+}
+
+variable "location" {
+  type = string
+  description = "(optional) describe your variable"
+  default = "EAST US"
+}
+
+
+variable "admin_login" {
+  type = string
+  description = "Login to authenticate to PostgreSQL Server"
+  default = "qmi"
+}
+
+variable "postgresql-version" {
+  type        = string
+  description = "PostgreSQL Server version to deploy"
+  default     = "12"
+}
+variable "postgresql-sku-name" {
+  type        = string
+  description = "PostgreSQL SKU Name"
+  default     = "GP_Standard_D2s_v3"
+}
+variable "postgresql-storage" {
+  type        = string
+  description = "PostgreSQL Storage in MB"
+  default     = "32768"
+}
+
+variable "user_id" {
+
+}

databases/azure-rds-mssql/main.tf

@@ -0,0 +1,292 @@
+resource "random_id" "randomServerId" {
+    keepers = {
+        # Generate a new ID only when a new resource group is defined
+        resource_group = var.resource_group_name
+    }
+    
+    byte_length = 2
+}
+
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_numeric = 2
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+locals {
+  sql_administrator_login_password = var.sql_administrator_login_password != null? var.sql_administrator_login_password : random_password.password.result
+  provision_id = var.provision_id != null? var.provision_id : random_id.randomServerId.hex
+}
+
+resource "azurerm_mssql_server" "sqlserver" {
+ name                         = "sqlserver-${local.provision_id}"
+  resource_group_name          = var.resource_group_name
+  location                     = var.location
+  version                      = "12.0"
+  administrator_login          = var.sql_administrator_login
+  administrator_login_password = local.sql_administrator_login_password
+  minimum_tls_version          = "1.2"
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+resource "azurerm_mssql_firewall_rule" "all-azure-services" {
+  name                = "AllAzureServices"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "0.0.0.0"
+}
+
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-ITG-rule1" {
+  name                = "ITG"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "188.65.156.32"
+  end_ip_address      = "188.65.156.47"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-ITG-rule2" {
+  name                = "ITG1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "212.73.252.96"
+  end_ip_address      = "212.73.252.103"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-kfar_saba-rule1" {
+  name                = "Kfar_Saba"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "194.90.96.176"
+  end_ip_address      = "194.90.96.183"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-kfar_saba-rule2" {
+  name                = "Kfar_Saba1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "213.57.84.160"
+  end_ip_address      = "213.57.84.167"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-Peak_10-rule1" {
+  name                = "Peak_10"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "4.4.97.104"
+  end_ip_address      = "4.4.97.111"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-Peak_10-rule2" {
+  name                = "Peak_101"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "206.196.17.32"
+  end_ip_address      = "206.196.17.63"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-Bangalore-rule1" {
+  name                = "Bangalore"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "14.98.59.168"
+  end_ip_address      = "14.98.59.175"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-Bangalore-rule2" {
+  name                = "Bangalore1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "182.74.33.8"
+  end_ip_address      = "182.74.33.15"
+}
+
+# QCS
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSUS1" {
+  name                = "QCSUS1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "18.205.71.36"
+  end_ip_address      = "18.205.71.36"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSUS2" {
+  name                = "QCSUS2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "18.232.32.199"
+  end_ip_address      = "18.232.32.199"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSUS3" {
+  name                = "QCSUS3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "34.237.68.254"
+  end_ip_address      = "34.237.68.254"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSEU1" {
+  name                = "QCSEU1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "34.247.21.179"
+  end_ip_address      = "34.247.21.179"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSEU2" {
+  name                = "QCSEU2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "52.31.212.214"
+  end_ip_address      = "52.31.212.214"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCS3" {
+  name                = "QCSEU3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "54.154.95.18"
+  end_ip_address      = "54.154.95.18"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSAPAC1" {
+  name                = "QCSAPAC1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "13.210.43.241"
+  end_ip_address      = "13.210.43.241"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSAPAC2" {
+  name                = "QCSAPAC2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "13.236.104.42"
+  end_ip_address      = "13.236.104.42"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSAPAC3" {
+  name                = "QCSAPAC3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "13.236.206.172"
+  end_ip_address      = "13.236.206.172"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSSingapore1" {
+  name                = "QCSSingapore1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "18.138.163.172"
+  end_ip_address      = "18.138.163.172"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSSingapore2" {
+  name                = "QCSSingapore2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "18.142.157.182"
+  end_ip_address      = "18.142.157.182"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QCSSingapore3" {
+  name                = "QCSSingapore3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "54.179.13.251"
+  end_ip_address      = "54.179.13.251"
+}
+
+resource "azurerm_mssql_virtual_network_rule" "sqlvnetrule" {
+  name                = "sql-vnet-rule-${local.provision_id}"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  subnet_id           = var.subnet_id
+}
+
+# QAA
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAeu1" {
+  name                = "QAAeu1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "54.216.156.88"
+  end_ip_address      = "54.216.156.88"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAeu2" {
+  name                = "QAAeu2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "3.248.156.131"
+  end_ip_address      = "3.248.156.131"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAeu3" {
+  name                = "QAAeu3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "52.213.44.55"
+  end_ip_address      = "52.213.44.55"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAus1" {
+  name                = "QAAus1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "18.235.133.252"
+  end_ip_address      = "18.235.133.252"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAus2" {
+  name                = "QAAus2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "3.217.244.242"
+  end_ip_address      = "3.217.244.242"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAus3" {
+  name                = "QAAus3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "18.214.8.201"
+  end_ip_address      = "18.214.8.201"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAapac1" {
+  name                = "QAAapac1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "54.206.158.27"
+  end_ip_address      = "54.206.158.27"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAapac2" {
+  name                = "QAAapac2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "3.104.137.20"
+  end_ip_address      = "3.104.137.20"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAapac3" {
+  name                = "QAAapac3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "3.24.52.178"
+  end_ip_address      = "3.24.52.178"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAsing1" {
+  name                = "QAAsing1"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "54.169.84.213"
+  end_ip_address      = "54.169.84.213"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAsing2" {
+  name                = "QAAsing2"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "13.213.173.37"
+  end_ip_address      = "13.213.173.37"
+}
+resource "azurerm_mssql_firewall_rule" "azuresql-fw-QAAsing3" {
+  name                = "QAAsing3"
+  server_id           = azurerm_mssql_server.sqlserver.id
+  start_ip_address    = "13.213.113.162"
+  end_ip_address      = "13.213.113.162"
+}
+
+resource "azurerm_mssql_database" "db" {
+  name           = "demoDB"
+  server_id      = azurerm_mssql_server.sqlserver.id
+  create_mode    = "Default"
+ 
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+}
+
+# FOR QDI scenario
+resource "azurerm_mssql_database" "dbname_source" {
+  name           = "source"
+  server_id      = azurerm_mssql_server.sqlserver.id
+  create_mode    = "Default"
+ 
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+}
+
+resource "azurerm_mssql_database" "dbname_target" {
+  name           = "target"
+  server_id      = azurerm_mssql_server.sqlserver.id
+  create_mode    = "Default"
+ 
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+}

databases/azure-rds-mssql/outputs.tf

@@ -0,0 +1,29 @@
+output "sqlserver_id" {
+    value = azurerm_mssql_server.sqlserver.id
+}
+
+output "sqlserver_name" {
+    value = azurerm_mssql_server.sqlserver.name
+}
+
+output "sqlserver_fully_qualified_domain_name" {
+    value = azurerm_mssql_server.sqlserver.fully_qualified_domain_name
+}
+
+output "dbname" {
+    value = azurerm_mssql_database.db.name
+}
+
+output "administrator_login" {
+    value = var.sql_administrator_login
+}
+
+output "administrator_login_password" {
+    value = nonsensitive(local.sql_administrator_login_password)
+}
+
+output "principal_id" {
+  value = azurerm_mssql_server.sqlserver.identity.0.principal_id
+}
+
+

databases/azure-rds-mssql/variables.tf

@@ -5,6 +5,10 @@ variable "location" {
 
 }
 
+variable "provision_id" {
+    default = null
+}
+
 variable "subnet_id" {
 
 }
@@ -18,5 +22,5 @@ variable "sql_administrator_login" {
 }
 
 variable "sql_administrator_login_password" {
-    default = "Attunity123123123"
+    default = null
 }

databases/azure-rds-mysql/main.tf

@@ -0,0 +1,295 @@
+
+/*resource "azurerm_resource_group" "mysql-rg" {
+  name     = "mysql-${var.provision_id}"
+  location = var.location
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+}*/
+
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_numeric = 2
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+resource "azurerm_mysql_server" "mysql-server" {
+  name = "qmi-mysql-${var.provision_id}"
+  location = var.location
+  resource_group_name = var.resource_group_name
+ 
+  administrator_login = var.admin_login
+  administrator_login_password = random_password.password.result
+  
+  sku_name = var.mysql-sku-name
+  version = var.mysql-version
+ 
+  storage_mb = var.mysql-storage
+  auto_grow_enabled = true
+  
+  backup_retention_days = 7
+  geo_redundant_backup_enabled = false
+  public_network_access_enabled = true
+  ssl_enforcement_enabled = false
+  ssl_minimal_tls_version_enforced  = "TLSEnforcementDisabled"
+
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+
+}
+
+resource "azurerm_mysql_database" "mysql-db" {
+  name                = "QlikDB"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  charset             = "utf8"
+  collation           = "utf8_unicode_ci"
+}
+
+resource "azurerm_mysql_firewall_rule" "all-azure-services" {
+  name                = "AllAzureServices"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "0.0.0.0"
+}
+
+resource "azurerm_mysql_firewall_rule" "mysql-fw-ITG-rule1" {
+  name                = "ITG"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "188.65.156.32"
+  end_ip_address      = "188.65.156.47"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-ITG-rule2" {
+  name                = "ITG1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "212.73.252.96"
+  end_ip_address      = "212.73.252.103"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-kfar_saba-rule1" {
+  name                = "Kfar_Saba"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "194.90.96.176"
+  end_ip_address      = "194.90.96.183"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-kfar_saba-rule2" {
+  name                = "Kfar_Saba1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "213.57.84.160"
+  end_ip_address      = "213.57.84.167"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-Peak_10-rule1" {
+  name                = "Peak_10"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "4.4.97.104"
+  end_ip_address      = "4.4.97.111"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-Peak_10-rule2" {
+  name                = "Peak_101"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "206.196.17.32"
+  end_ip_address      = "206.196.17.63"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-Bangalore-rule1" {
+  name                = "Bangalore"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "14.98.59.168"
+  end_ip_address      = "14.98.59.175"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-Bangalore-rule2" {
+  name                = "Bangalore1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "182.74.33.8"
+  end_ip_address      = "182.74.33.15"
+}
+
+# QCS
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSUS1" {
+  name                = "QCSUS1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "18.205.71.36"
+  end_ip_address      = "18.205.71.36"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSUS2" {
+  name                = "QCSUS2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "18.232.32.199"
+  end_ip_address      = "18.232.32.199"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSUS3" {
+  name                = "QCSUS3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "34.237.68.254"
+  end_ip_address      = "34.237.68.254"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSEU1" {
+  name                = "QCSEU1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "34.247.21.179"
+  end_ip_address      = "34.247.21.179"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSEU2" {
+  name                = "QCSEU2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "52.31.212.214"
+  end_ip_address      = "52.31.212.214"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCS3" {
+  name                = "QCSEU3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "54.154.95.18"
+  end_ip_address      = "54.154.95.18"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSAPAC1" {
+  name                = "QCSAPAC1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "13.210.43.241"
+  end_ip_address      = "13.210.43.241"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSAPAC2" {
+  name                = "QCSAPAC2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "13.236.104.42"
+  end_ip_address      = "13.236.104.42"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSAPAC3" {
+  name                = "QCSAPAC3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "13.236.206.172"
+  end_ip_address      = "13.236.206.172"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSSingapore1" {
+  name                = "QCSSingapore1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "18.138.163.172"
+  end_ip_address      = "18.138.163.172"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSSingapore2" {
+  name                = "QCSSingapore2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "18.142.157.182"
+  end_ip_address      = "18.142.157.182"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QCSSingapore3" {
+  name                = "QCSSingapore3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "54.179.13.251"
+  end_ip_address      = "54.179.13.251"
+}
+
+# QAA
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAeu1" {
+  name                = "QAAeu1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "54.216.156.88"
+  end_ip_address      = "54.216.156.88"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAeu2" {
+  name                = "QAAeu2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "3.248.156.131"
+  end_ip_address      = "3.248.156.131"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAeu3" {
+  name                = "QAAeu3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "52.213.44.55"
+  end_ip_address      = "52.213.44.55"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAus1" {
+  name                = "QAAus1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "18.235.133.252"
+  end_ip_address      = "18.235.133.252"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAus2" {
+  name                = "QAAus2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "3.217.244.242"
+  end_ip_address      = "3.217.244.242"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAus3" {
+  name                = "QAAus3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "18.214.8.201"
+  end_ip_address      = "18.214.8.201"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAapac1" {
+  name                = "QAAapac1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "54.206.158.27"
+  end_ip_address      = "54.206.158.27"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAapac2" {
+  name                = "QAAapac2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "3.104.137.20"
+  end_ip_address      = "3.104.137.20"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAapac3" {
+  name                = "QAAapac3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "3.24.52.178"
+  end_ip_address      = "3.24.52.178"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAsing1" {
+  name                = "QAAsing1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "54.169.84.213"
+  end_ip_address      = "54.169.84.213"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAsing2" {
+  name                = "QAAsing2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "13.213.173.37"
+  end_ip_address      = "13.213.173.37"
+}
+resource "azurerm_mysql_firewall_rule" "mysql-fw-QAAsing3" {
+  name                = "QAAsing3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_server.mysql-server.name
+  start_ip_address    = "13.213.113.162"
+  end_ip_address      = "13.213.113.162"
+}

databases/azure-rds-mysql/output.tf

@@ -0,0 +1,11 @@
+output "db_server_fqdn" {
+  value = azurerm_mysql_server.mysql-server.fqdn
+}
+
+output "root_username" {
+  value = "${var.admin_login}@qmi-mysql-${var.provision_id}"
+}
+
+output "root_username_password" {
+  value = nonsensitive(random_password.password.result)
+}

databases/azure-rds-mysql/variables.tf

@@ -0,0 +1,39 @@
+variable "resource_group_name" {
+
+}
+
+variable "provision_id" {
+  type = string
+  description = "(optional) describe your variable"
+}
+
+variable "location" {
+  type = string
+  description = "(optional) describe your variable"
+  default = "EAST US"
+}
+
+variable "user_id" {
+}
+
+variable "admin_login" {
+  type = string
+  description = "Login to authenticate to MySQL Server"
+  default = "qmi"
+}
+
+variable "mysql-version" {
+  type = string
+  description = "MySQL Server version to deploy"
+  default = "5.7"
+}
+variable "mysql-sku-name" {
+  type = string
+  description = "MySQL SKU Name"
+  default = "GP_Gen5_8"
+}
+variable "mysql-storage" {
+  type = string
+  description = "MySQL Storage in MB"
+  default = "5120"
+  }

databases/azure-rds-postgres/main.tf

@@ -0,0 +1,287 @@
+resource "random_password" "password" {
+  length = 16
+  special = true
+  override_special = "_!@"
+  upper = true
+  lower = true
+  min_numeric = 2
+  min_lower = 2
+  min_upper = 2
+  min_special = 2
+}
+
+
+resource "azurerm_postgresql_server" "postgresql-server" {
+  name = "qmi-postgresql-${var.provision_id}"
+  location = var.location
+  resource_group_name = var.resource_group_name
+ 
+  administrator_login          = var.admin_login
+  administrator_login_password = random_password.password.result
+ 
+  sku_name = var.postgresql-sku-name
+  version  = var.postgresql-version
+ 
+  storage_mb        = var.postgresql-storage
+  auto_grow_enabled = true
+  
+  backup_retention_days        = 7
+  geo_redundant_backup_enabled = false
+  public_network_access_enabled     = true
+  ssl_enforcement_enabled           = false
+  ssl_minimal_tls_version_enforced  = "TLSEnforcementDisabled"
+
+    tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+
+
+}
+
+resource "azurerm_postgresql_database" "postgresql-db" {
+  name                = "QlikPostgresqlDB"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  charset             = "utf8"
+  collation           = "English_United States.1252"
+}
+
+
+resource "azurerm_postgresql_firewall_rule" "all-azure-services" {
+  name                = "AllAzureServices"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "0.0.0.0"
+}
+
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-ITG-rule1" {
+  name                = "ITG"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "188.65.156.32"
+  end_ip_address      = "188.65.156.47"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-ITG-rule2" {
+  name                = "ITG1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "212.73.252.96"
+  end_ip_address      = "212.73.252.103"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-kfar_saba-rule1" {
+  name                = "Kfar_Saba"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "194.90.96.176"
+  end_ip_address      = "194.90.96.183"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-kfar_saba-rule2" {
+  name                = "Kfar_Saba1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "213.57.84.160"
+  end_ip_address      = "213.57.84.167"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-Peak_10-rule1" {
+  name                = "Peak_10"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "4.4.97.104"
+  end_ip_address      = "4.4.97.111"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-Peak_10-rule2" {
+  name                = "Peak_101"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "206.196.17.32"
+  end_ip_address      = "206.196.17.63"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-Bangalore-rule1" {
+  name                = "Bangalore"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "14.98.59.168"
+  end_ip_address      = "14.98.59.175"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-Bangalore-rule2" {
+  name                = "Bangalore1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "182.74.33.8"
+  end_ip_address      = "182.74.33.15"
+}
+
+#QCS
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSUS1" {
+  name                = "QCSUS1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "18.205.71.36"
+  end_ip_address      = "18.205.71.36"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSUS2" {
+  name                = "QCSUS2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "18.232.32.199"
+  end_ip_address      = "18.232.32.199"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSUS3" {
+  name                = "QCSUS3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "34.237.68.254"
+  end_ip_address      = "34.237.68.254"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSEU1" {
+  name                = "QCSEU1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "34.247.21.179"
+  end_ip_address      = "34.247.21.179"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSEU2" {
+  name                = "QCSEU2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "52.31.212.214"
+  end_ip_address      = "52.31.212.214"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCS3" {
+  name                = "QCSEU3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "54.154.95.18"
+  end_ip_address      = "54.154.95.18"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSAPAC1" {
+  name                = "QCSAPAC1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "13.210.43.241"
+  end_ip_address      = "13.210.43.241"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSAPAC2" {
+  name                = "QCSAPAC2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "13.236.104.42"
+  end_ip_address      = "13.236.104.42"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSAPAC3" {
+  name                = "QCSAPAC3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "13.236.206.172"
+  end_ip_address      = "13.236.206.172"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSSingapore1" {
+  name                = "QCSSingapore1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "18.138.163.172"
+  end_ip_address      = "18.138.163.172"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSSingapore2" {
+  name                = "QCSSingapore2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "18.142.157.182"
+  end_ip_address      = "18.142.157.182"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QCSSingapore3" {
+  name                = "QCSSingapore3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "54.179.13.251"
+  end_ip_address      = "54.179.13.251"
+}
+
+# QAA
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAeu1" {
+  name                = "QAAeu1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "54.216.156.88"
+  end_ip_address      = "54.216.156.88"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAeu2" {
+  name                = "QAAeu2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "3.248.156.131"
+  end_ip_address      = "3.248.156.131"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAeu3" {
+  name                = "QAAeu3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "52.213.44.55"
+  end_ip_address      = "52.213.44.55"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAus1" {
+  name                = "QAAus1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "18.235.133.252"
+  end_ip_address      = "18.235.133.252"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAus2" {
+  name                = "QAAus2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "3.217.244.242"
+  end_ip_address      = "3.217.244.242"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAus3" {
+  name                = "QAAus3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "18.214.8.201"
+  end_ip_address      = "18.214.8.201"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAapac1" {
+  name                = "QAAapac1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "54.206.158.27"
+  end_ip_address      = "54.206.158.27"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAapac2" {
+  name                = "QAAapac2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "3.104.137.20"
+  end_ip_address      = "3.104.137.20"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAapac3" {
+  name                = "QAAapac3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "3.24.52.178"
+  end_ip_address      = "3.24.52.178"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAsing1" {
+  name                = "QAAsing1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "54.169.84.213"
+  end_ip_address      = "54.169.84.213"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAsing2" {
+  name                = "QAAsing2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "13.213.173.37"
+  end_ip_address      = "13.213.173.37"
+}
+resource "azurerm_postgresql_firewall_rule" "postgresql-fw-QAAsing3" {
+  name                = "QAAsing3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_postgresql_server.postgresql-server.name
+  start_ip_address    = "13.213.113.162"
+  end_ip_address      = "13.213.113.162"
+}

databases/azure-rds-postgres/output.tf

@@ -0,0 +1,15 @@
+/*output "postgresql_server" {
+  value = azurerm_postgresql_server.postgresql-server
+}*/
+
+output "db_server_fqdn" {
+  value = azurerm_postgresql_server.postgresql-server.fqdn
+}
+
+output "root_username" {
+  value = "${var.admin_login}@qmi-postgresql-${var.provision_id}"
+}
+
+output "root_username_password" {
+  value = nonsensitive(random_password.password.result)
+}

databases/azure-rds-postgres/variables.tf

@@ -0,0 +1,41 @@
+variable "resource_group_name" {
+
+}
+
+variable "provision_id" {
+  type = string
+  description = "(optional) describe your variable"
+}
+
+variable "location" {
+  type = string
+  description = "(optional) describe your variable"
+  default = "EAST US"
+}
+
+
+variable "admin_login" {
+  type = string
+  description = "Login to authenticate to PostgreSQL Server"
+  default = "qmi"
+}
+
+variable "postgresql-version" {
+  type        = string
+  description = "PostgreSQL Server version to deploy"
+  default     = "11"
+}
+variable "postgresql-sku-name" {
+  type        = string
+  description = "PostgreSQL SKU Name"
+  default     = "GP_Gen5_8"
+}
+variable "postgresql-storage" {
+  type        = string
+  description = "PostgreSQL Storage in MB"
+  default     = "5120"
+}
+
+variable "user_id" {
+
+}

databases/azuresql/main.tf

@@ -1,49 +0,0 @@
-resource "random_id" "randomServerId" {
-    keepers = {
-        # Generate a new ID only when a new resource group is defined
-        resource_group = var.resource_group_name
-    }
-    
-    byte_length = 2
-}
-
-resource "azurerm_sql_server" "sqlserver" {
-  name                         = "sqlserver-${random_id.randomServerId.hex}"
-  resource_group_name          = var.resource_group_name
-  location                     = var.location
-  version                      = "12.0"
-  administrator_login          = var.sql_administrator_login
-  administrator_login_password = var.sql_administrator_login_password
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-
-  identity {
-    type = "SystemAssigned"
-  }
-}
-
-resource "azurerm_sql_virtual_network_rule" "sqlvnetrule" {
-  name                = "sql-vnet-rule-${random_id.randomServerId.hex}"
-  resource_group_name = var.resource_group_name
-  server_name         = azurerm_sql_server.sqlserver.name
-  subnet_id           = var.subnet_id
-}
-
-resource "azurerm_sql_database" "db" {
-  name                  = "demoDB"
-  resource_group_name   = var.resource_group_name
-  location              = var.location
-  server_name           = azurerm_sql_server.sqlserver.name
-  create_mode           = "Default"
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-
-}

databases/azuresql/outputs.tf

@@ -1,29 +0,0 @@
-output "sqlserver_id" {
-    value = azurerm_sql_server.sqlserver.id
-}
-
-output "sqlserver_name" {
-    value = "qliksyn-${random_id.randomServerId.hex}"
-}
-
-output "sqlserver_fully_qualified_domain_name" {
-    value = azurerm_sql_server.sqlserver.fully_qualified_domain_name
-}
-
-output "dbname" {
-    value = azurerm_sql_database.db.name
-}
-
-output "administrator_login" {
-    value = var.sql_administrator_login
-}
-
-output "administrator_login_password" {
-    value = var.sql_administrator_login_password
-}
-
-output "principal_id" {
-  value = azurerm_sql_server.sqlserver.identity.0.principal_id
-}
-
-

databases/dbricks/main.tf

@@ -1,21 +1,34 @@
 terraform {
 
-  required_version = ">= 0.13"
+  required_version = ">= 0.14"
 
   required_providers {
     databricks = {
-      source = "databrickslabs/databricks"
+      source = "databricks/databricks"
       version = ">= 0.3.0"
     }
   }
 }
 
+locals {
+  myRegex = "/[^[:alpha:]]/"
+  splitLower = split(" ", lower(var.user_id))
+  np0 = replace(element(local.splitLower,0), local.myRegex, "")
+  np1 = replace(element(local.splitLower,1), local.myRegex, "")
+  c_n1 = substr(local.np0, 0, 3)
+  c_n2 = substr(local.np1, 0, 1)
+  c_n3 = substr(strrev(local.np1), 0, 1)
+  
+  cluster_name = var.cluster_name != null? var.cluster_name : "${local.c_n1}${local.c_n2}${local.c_n3}"
+
+}
+
 resource "azurerm_databricks_workspace" "dbricksws" {
 
   count = var.enabled == true? 1 : 0
 
   location                      = var.location
-  name                          = "${var.cluster_name}-qlikdbricks-ws"
+  name                          = "${local.cluster_name}-qlikdbricks-ws"
   resource_group_name           = var.resource_group_name
   sku                           = "standard"
 
@@ -41,10 +54,58 @@ provider "databricks" {
 
   azure_workspace_resource_id = var.enabled == true? azurerm_databricks_workspace.dbricksws[0].id : null
   azure_client_id             = var.enabled == true? "9b4761fd-4823-4f9d-ab3a-a95af38e7c29" : null
-  azure_client_secret         = var.enabled == true? "akj0Wb9ALe7Q_23RN63~J2EmZW~Lr5Yfl-" : null
+  azure_client_secret         = var.enabled == true? "FWH7Q~ByC.U5zNh0BaIDdK_poyxoy4SxW8hi1" : null
   azure_tenant_id             = var.enabled == true? "c21eeb5f-f5a6-44e8-a997-124f2f7a497c" : null
 }
 
+/*resource "databricks_workspace_conf" "this" {
+
+  count = var.enabled == true? 1 : 0
+  
+  provider = databricks.mws
+
+  custom_config = {
+    "enableIpAccessLists" : true
+  }
+}
+
+resource "databricks_ip_access_list" "allowed-list" {
+
+  count = var.enabled == true? 1 : 0
+
+  provider = databricks.mws
+
+  label     = "allow_in"
+  list_type = "ALLOW"
+  ip_addresses = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32"
+  ]
+
+}*/
+
 
 resource "databricks_user" "me" {
   provider = databricks.mws
@@ -72,15 +133,15 @@ resource "databricks_token" "pat" {
   lifetime_seconds = 8640000
 }
 
-/*resource "databricks_cluster" "dbrickscluster" {
+resource "databricks_cluster" "dbrickscluster" {
   provider = databricks.mws
-  count = var.enabled == true? 1 : 0
+  count = (var.enabled == true && var.create_cluster == true)? 1 : 0
 
   depends_on = [
     azurerm_role_assignment.contributor-dbricks
   ]
 
-  cluster_name  = "cluster-${var.cluster_name}"
+  cluster_name  = "cluster-${local.cluster_name}"
   spark_version = "7.3.x-scala2.12"
   node_type_id  = "Standard_DS3_v2"
 
@@ -102,4 +163,4 @@ resource "databricks_token" "pat" {
   }
 
   autotermination_minutes = 120
-}*/
+}

databases/dbricks/outputs.tf

@@ -3,5 +3,9 @@ output "databricks_workspace_url" {
 }
 
 output "databricks_token" {
-    value = var.enabled? databricks_token.pat[0].token_value : null
+    value = var.enabled? nonsensitive(databricks_token.pat[0].token_value) : null
+}
+
+output "cluster_name" {
+    value = "cluster-${local.cluster_name}"
 }

databases/dbricks/varaibles.tf

@@ -1,11 +1,13 @@
 variable "location" {
-
+    default = "East US"
 }
 
 variable "resource_group_name" {
 
 }
+
 variable "cluster_name" {
+    default = null
 }
 
 variable "storage_account_name" {
@@ -21,9 +23,14 @@ variable "user_email" {
 }
 
 variable "app_registration_principal_id" {
-
+    description = "tpm"
+    default = "163a72e3-8ce3-4e33-baae-954383f87e3e"
 }
 
 variable "enabled" {
     default = false
+}
+
+variable "create_cluster" {
+    default = false
 }

databases/synapse-ws/firewall.tf

@@ -0,0 +1,156 @@
+resource "azurerm_synapse_firewall_rule" "azureservices" {
+  name                 = "AllowAllWindowsAzureIps"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  // https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_firewall_rule
+  start_ip_address     = "0.0.0.0"
+  end_ip_address       = "0.0.0.0"
+}
+
+resource "azurerm_synapse_firewall_rule" "fw-a-rule1" {
+  name                = "a1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "52.249.189.38"
+  end_ip_address      = "52.249.189.38"
+}
+
+resource "azurerm_synapse_firewall_rule" "fw-a-rule2" {
+  name                = "a2"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "13.67.39.86"
+  end_ip_address      = "13.67.39.86"
+}
+
+resource "azurerm_synapse_firewall_rule" "fw-a-rule3" {
+  name                = "a3"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "20.67.110.207"
+  end_ip_address      = "20.67.110.207"
+}
+
+resource "azurerm_synapse_firewall_rule" "fw-ITG-rule1" {
+  name                = "ITG"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "188.65.156.32"
+  end_ip_address      = "188.65.156.47"
+}
+resource "azurerm_synapse_firewall_rule" "fw-ITG-rule2" {
+  name                = "ITG1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "212.73.252.96"
+  end_ip_address      = "212.73.252.103"
+}
+resource "azurerm_synapse_firewall_rule" "fw-kfar_saba-rule1" {
+  name                = "Kfar_Saba"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "194.90.96.176"
+  end_ip_address      = "194.90.96.183"
+}
+resource "azurerm_synapse_firewall_rule" "fw-kfar_saba-rule2" {
+  name                = "Kfar_Saba1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "213.57.84.160"
+  end_ip_address      = "213.57.84.167"
+}
+resource "azurerm_synapse_firewall_rule" "fw-Peak_10-rule1" {
+  name                = "Peak_10"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "4.4.97.104"
+  end_ip_address      = "4.4.97.111"
+}
+resource "azurerm_synapse_firewall_rule" "fw-Peak_10-rule2" {
+  name                = "Peak_101"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "206.196.17.32"
+  end_ip_address      = "206.196.17.63"
+}
+resource "azurerm_synapse_firewall_rule" "fw-Bangalore-rule1" {
+  name                = "Bangalore"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "14.98.59.168"
+  end_ip_address      = "14.98.59.175"
+}
+resource "azurerm_synapse_firewall_rule" "fw-Bangalore-rule2" {
+  name                = "Bangalore1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "182.74.33.8"
+  end_ip_address      = "182.74.33.15"
+}
+
+# QCS US
+resource "azurerm_synapse_firewall_rule" "qcs_us_1" {
+  name                = "QCS_US_1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "18.205.71.36"
+  end_ip_address      = "18.205.71.36"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_us_2" {
+  name                = "QCS_US_2"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "18.232.32.199"
+  end_ip_address      = "18.232.32.199"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_us_3" {
+  name                = "QCS_US_3"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "34.237.68.254"
+  end_ip_address      = "34.237.68.254"
+}
+
+# QCS EU
+resource "azurerm_synapse_firewall_rule" "qcs_eu_1" {
+  name                = "QCS_EU_1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "34.247.21.179"
+  end_ip_address      = "34.247.21.179"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_eu_2" {
+  name                = "QCS_EU_2"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "52.31.212.214"
+  end_ip_address      = "52.31.212.214"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_eu_3" {
+  name                = "QCS_EU_3"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "54.154.95.18"
+  end_ip_address      = "54.154.95.18"
+}
+# QCS AP
+resource "azurerm_synapse_firewall_rule" "qcs_ap_1" {
+  name                = "QCS_AP_1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "13.210.43.241"
+  end_ip_address      = "13.210.43.241"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_ap_2" {
+  name                = "QCS_AP_2"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "13.236.104.42"
+  end_ip_address      = "13.236.104.42"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_ap_3" {
+  name                = "QCS_AP_3"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "13.236.206.172"
+  end_ip_address      = "13.236.206.172"
+}
+
+# QCS SINGAPORE
+resource "azurerm_synapse_firewall_rule" "qcs_sp_1" {
+  name                = "QCS_SP_1"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "18.138.163.172"
+  end_ip_address      = "18.138.163.172"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_sp_2" {
+  name                = "QCS_SP_2"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "18.142.157.182"
+  end_ip_address      = "18.142.157.182"
+}
+resource "azurerm_synapse_firewall_rule" "qcs_sp_3" {
+  name                = "QCS_SP_3"
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  start_ip_address    = "54.179.13.251"
+  end_ip_address      = "54.179.13.251"
+}

databases/synapse-ws/main.tf

@@ -1,9 +1,12 @@
 locals {
+  myRegex = "/[^[:alpha:]]/"
   container_name1 = split(" ", lower(var.user_id))
-  container_namePart1 = substr(element(local.container_name1,0), 0, 3)
-  container_namePart2 = substr(element(local.container_name1,1), 0, 1)
-  container_namePart3 = substr(strrev(element(local.container_name1,1)), 0, 1)
-  container_name = "${local.container_namePart1}${local.container_namePart2}${local.container_namePart3}"
+  np0 = replace(element(local.container_name1,0), local.myRegex, "")
+  np1 = replace(element(local.container_name1,1), local.myRegex, "")
+  container_n1 = substr(local.np0, 0, 3)
+  container_n2 = substr(local.np1, 0, 1)
+  container_n3 = substr(strrev(local.np1), 0, 1)
+  container_name = "${local.container_n1}${local.container_n2}${local.container_n3}"
   container_name_upper = upper(local.container_name)
 
 }
@@ -30,6 +33,10 @@ resource "azurerm_synapse_workspace" "synapsews" {
   sql_administrator_login              = var.sql_administrator_login
   sql_administrator_login_password     = var.sql_administrator_login_password
 
+  identity {
+    type = "SystemAssigned"
+  }
+
   tags = {
     Deployment = "QMI PoC"
     "Cost Center" = "3100"
@@ -39,19 +46,12 @@ resource "azurerm_synapse_workspace" "synapsews" {
 
 }
 
-resource "azurerm_synapse_firewall_rule" "azureservices" {
-  name                 = "AllowAllWindowsAzureIps"
-  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
-  // https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_firewall_rule
-  start_ip_address     = "0.0.0.0"
-  end_ip_address       = "0.0.0.0"
-}
-
 resource "azurerm_synapse_sql_pool" "db" {
   name                 = "${local.container_name_upper}DEMOPOOL"
   synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
   sku_name             = var.pool_sku_name
   create_mode          = "Default"
+  
 
   tags = {
     Deployment = "QMI PoC"
@@ -62,3 +62,62 @@ resource "azurerm_synapse_sql_pool" "db" {
 
 }
 
+resource "azurerm_synapse_role_assignment" "sqladministrator_aor" {
+  
+  depends_on = [
+      azurerm_synapse_firewall_rule.azureservices
+      /*,
+      azurerm_synapse_firewall_rule.fw-a-rule1,
+      azurerm_synapse_firewall_rule.fw-a-rule2,
+      azurerm_synapse_firewall_rule.fw-a-rule3,
+      azurerm_synapse_firewall_rule.fw-ITG-rule1,
+      azurerm_synapse_firewall_rule.fw-ITG-rule2,
+      azurerm_synapse_firewall_rule.fw-kfar_saba-rule1,
+      azurerm_synapse_firewall_rule.fw-kfar_saba-rule2,
+      azurerm_synapse_firewall_rule.fw-Peak_10-rule1,
+      azurerm_synapse_firewall_rule.fw-Peak_10-rule2,
+      azurerm_synapse_firewall_rule.fw-Bangalore-rule1,
+      azurerm_synapse_firewall_rule.fw-Bangalore-rule2*/
+  ]
+
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  role_name            = "Synapse Administrator"
+  principal_id         = "c583b5aa-2844-4baf-b8bf-b6a1ae0b1520" 
+
+}
+
+resource "azurerm_synapse_role_assignment" "sqladministrator" {
+  
+  count = (var.user_oid != null && var.user_oid != "c583b5aa-2844-4baf-b8bf-b6a1ae0b1520") ? 1 : 0
+
+  depends_on = [
+      azurerm_synapse_firewall_rule.azureservices/*,
+      azurerm_synapse_firewall_rule.fw-a-rule1,
+      azurerm_synapse_firewall_rule.fw-a-rule2,
+      azurerm_synapse_firewall_rule.fw-a-rule3,
+      azurerm_synapse_firewall_rule.fw-ITG-rule1,
+      azurerm_synapse_firewall_rule.fw-ITG-rule2,
+      azurerm_synapse_firewall_rule.fw-kfar_saba-rule1,
+      azurerm_synapse_firewall_rule.fw-kfar_saba-rule2,
+      azurerm_synapse_firewall_rule.fw-Peak_10-rule1,
+      azurerm_synapse_firewall_rule.fw-Peak_10-rule2,
+      azurerm_synapse_firewall_rule.fw-Bangalore-rule1,
+      azurerm_synapse_firewall_rule.fw-Bangalore-rule2*/
+  ]
+
+  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
+  role_name            = "Synapse Administrator"
+  principal_id         = var.user_oid != null? var.user_oid : "c583b5aa-2844-4baf-b8bf-b6a1ae0b1520" 
+
+}
+
+resource "azurerm_role_assignment" "role-user-reader-for-synapse" {
+
+  count = (var.user_oid != null && var.user_oid != "c583b5aa-2844-4baf-b8bf-b6a1ae0b1520") ? 1 : 0
+
+  scope                = azurerm_synapse_workspace.synapsews.id
+  role_definition_name = "Reader"
+  principal_id         = var.user_oid
+
+}
+

databases/synapse-ws/outputs.tf

@@ -23,7 +23,7 @@ output "administrator_login" {
 }
 
 output "administrator_login_password" {
-    value = var.sql_administrator_login_password
+    value = nonsensitive(var.sql_administrator_login_password)
 }
 
 output "principal_id" {

databases/synapse-ws/variables.tf

@@ -20,6 +20,10 @@ variable "user_id" {
     default = null
 }
 
+variable "user_oid" {
+    default = null
+}
+
 variable "sql_administrator_login" {
     default = "scdemoadmin"
 }

databases/synapse/main.tf

@@ -1,116 +0,0 @@
-locals {
-  container_name1 = split(" ", lower(var.user_id))
-  container_namePart1 = substr(element(local.container_name1,0), 0, 3)
-  container_namePart2 = substr(element(local.container_name1,1), 0, 1)
-  container_namePart3 = substr(strrev(element(local.container_name1,1)), 0, 1)
-  container_name = "${local.container_namePart1}${local.container_namePart2}${local.container_namePart3}"
-  container_name_upper = upper(local.container_name)
-
-}
-
-resource "random_id" "randomServerId" {
-    keepers = {
-        # Generate a new ID only when a new resource group is defined
-        resource_group = var.resource_group_name
-    }
-    
-    byte_length = 2
-}
-
-/*resource "azurerm_storage_account" "sasql" {
-  name                     = "saccountsql${random_id.randomServerId.hex}"
-  resource_group_name      = var.resource_group_name
-  location                 = var.location
-  account_tier             = "Standard"
-  account_replication_type = "LRS"
-}*/
-
-resource "azurerm_sql_server" "synapse" {
-  name                         = "qliksyn-${random_id.randomServerId.hex}"
-  resource_group_name          = var.resource_group_name
-  location                     = var.location
-  version                      = "12.0"
-  administrator_login          = var.administrator_login
-  administrator_login_password = var.administrator_login_password
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-
-  identity {
-    type = "SystemAssigned"
-  }
-}
-
-/*resource "azurerm_mssql_server_extended_auditing_policy" "auditing_policy_server" {
-  server_id                               = azurerm_sql_server.synapse.id
-  storage_endpoint                        = azurerm_storage_account.sasql.primary_blob_endpoint
-  storage_account_access_key              = azurerm_storage_account.sasql.primary_access_key
-  storage_account_access_key_is_secondary = false
-  retention_in_days                       = 6
-}*/
-
-resource "azurerm_sql_virtual_network_rule" "sqlvnetrule" {
-  name                = "sql-vnet-rule-${random_id.randomServerId.hex}"
-  resource_group_name = var.resource_group_name
-  server_name         = azurerm_sql_server.synapse.name
-  subnet_id           = var.subnet_id
-}
-
-resource "azurerm_sql_database" "db" {
-  name                  = "${local.container_name_upper}DEMOPOOL"
-  resource_group_name   = var.resource_group_name
-  location              = var.location
-  server_name           = azurerm_sql_server.synapse.name
-  create_mode           = "Default"
-  edition               = "DataWarehouse"
-  collation             = "SQL_LATIN1_GENERAL_CP1_CI_AS"
-  max_size_bytes        = 268435456000  
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-    ADAAutomation = "SQLDWSuspend"
-  }
-
-}
-
-resource "azurerm_sql_database" "db2" {
-  name                  = "demoDB"
-  resource_group_name   = var.resource_group_name
-  location              = var.location
-  server_name           = azurerm_sql_server.synapse.name
-  create_mode           = "Default"
-
-  tags = {
-    Deployment = "QMI PoC"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-  }
-
-}
-
-/*resource "azurerm_mssql_database_extended_auditing_policy" "auditing_policy_db" {
-  database_id                             = azurerm_sql_database.db.id
-  storage_endpoint                        = azurerm_storage_account.sasql.primary_blob_endpoint
-  storage_account_access_key              = azurerm_storage_account.sasql.primary_access_key
-  storage_account_access_key_is_secondary = false
-  retention_in_days                       = 6
-}*/
-
-
-/*resource "azurerm_storage_account_network_rules" "sasynapsenetrules" {
-
-  depends_on = [azurerm_mssql_database_extended_auditing_policy.auditing_policy_db]
-  
-  resource_group_name  = var.resource_group_name
-  storage_account_name = azurerm_storage_account.sasql.name
-
-  default_action             = "Deny"
-  ip_rules                   = ["52.170.21.101", "206.196.17.36", "188.65.156.34"]
-  virtual_network_subnet_ids = [var.subnet_id]
-  bypass                     = ["AzureServices", "Metrics"]
-}*/

databases/synapse/outputs.tf

@@ -1,33 +0,0 @@
-output "sqlserver_id" {
-    value = azurerm_sql_server.synapse.id
-}
-
-output "sqlserver_name" {
-    value = "qliksyn-${random_id.randomServerId.hex}"
-}
-
-output "sqlserver_fully_qualified_domain_name" {
-    value = azurerm_sql_server.synapse.fully_qualified_domain_name
-}
-
-output "dbname" {
-    value = azurerm_sql_database.db.name
-}
-
-output "dbname2" {
-    value = azurerm_sql_database.db2.name
-}
-
-output "administrator_login" {
-    value = var.administrator_login
-}
-
-output "administrator_login_password" {
-    value = var.administrator_login_password 
-}
-
-output "principal_id" {
-  value = azurerm_sql_server.synapse.identity.0.principal_id
-}
-
-

linux-common/centos/common/falcon.sh

@@ -2,10 +2,19 @@
 
 BASEDIR=$(dirname "$0")
 
+
+centos_ver=`rpm --eval %{centos_ver}`
+binary='falcon-sensor-5.29.0-9403.el7.x86_64.rpm'
+if [ $centos_ver -eq '8' ]; then
+    binary='falcon-sensor-5.27.0-9104.el8.x86_64.rpm'
+fi
+echo $binary
+
+
 echo "Installing CrowdStrike falcon agent"
 echo "CID=$1"
 if ! rpm -qa | grep -qw falcon-sensor; then
-    sudo yum install $BASEDIR/falcon-sensor-5.29.0-9403.el7.x86_64.rpm -y
+    sudo yum install $BASEDIR/$binary -y
 fi
 sudo /opt/CrowdStrike/falconctl -s -f --cid=$1
 sudo systemctl start falcon-sensor 

linux-common/centos/common/tenable.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+BASEDIR=$(dirname "$0")
+
+echo "Installing Tenable Nessus Agent..."
+KEY=$1
+echo "KEY=$KEY"
+
+sudo yum install $BASEDIR/NessusAgent-10.2.0-es7.x86_64.rpm -y
+
+echo "Linking Tenable Nessus Agent..."
+sudo /bin/systemctl start nessusagent.service
+sudo /opt/nessus_agent/sbin/nessuscli agent link --key=$KEY --groups="Qlik IT Cloud Agents" --host=cloud.tenable.com --port=443
+
+sudo /opt/nessus_agent/sbin/nessuscli agent status

linux-common/main.tf

@@ -3,7 +3,17 @@ data "azurerm_key_vault_secret" "cid" {
   key_vault_id = var.key_vault_id
 }
 
-resource "null_resource" "post-centos-vm" {
+data "azurerm_key_vault_secret" "tenable-key" {
+  name         = "tenable-key"
+  key_vault_id = var.key_vault_id
+}
+
+locals {
+  falcon_id     = nonsensitive(data.azurerm_key_vault_secret.cid.value)
+  tenable_key   = nonsensitive(data.azurerm_key_vault_secret.tenable-key.value)
+}
+
+resource "null_resource" "post-linux-vm" {
     
     provisioner "file" {
         connection {
@@ -15,7 +25,7 @@ resource "null_resource" "post-centos-vm" {
             #private_key = "${file("~/.ssh/id_rsa")}"   
         }
         source      = "${path.module}/${var.os_type}/common"
-        destination = "~"
+        destination = "/home/${var.admin_username}"
     }
 
     provisioner "remote-exec" {
@@ -30,8 +40,9 @@ resource "null_resource" "post-centos-vm" {
 
         inline = [
             "echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
-            "sudo /home/${var.admin_username}/common/falcon.sh '${data.azurerm_key_vault_secret.cid.value}'",
-            "sudo /home/${var.admin_username}/common/resizedisk.sh"
+            "sudo /home/${var.admin_username}/common/falcon.sh '${local.falcon_id}'",
+            "sudo /home/${var.admin_username}/common/resizedisk.sh",
+            "sudo /home/${var.admin_username}/common/tenable.sh '${local.tenable_key}'",
         ]
     }
 }