[CES-107] Add private endpoints to Cosmos Account without altering DNS (

#1222)

src/domains/messages-common/01_network.tf

@@ -34,9 +34,43 @@ data "azurerm_subnet" "private_endpoints_subnet" {
   resource_group_name  = local.vnet_common_resource_group_name
 }
 
+data "azurerm_subnet" "pep_subnet_itn" {
+  name                 = "${local.project_itn}-pep-snet-01"
+  virtual_network_name = local.vnet_common_name_itn
+  resource_group_name  = local.vnet_common_resource_group_name_itn
+}
+
 data "azurerm_subnet" "azdoa_snet" {
   count                = var.enable_azdoa ? 1 : 0
   name                 = "azure-devops"
   virtual_network_name = local.vnet_common_name
   resource_group_name  = local.vnet_common_resource_group_name
 }
+
+resource "azurerm_private_endpoint" "cosno_reminder_itn" {
+  name                = "${local.project_itn}-msgs-reminder-cosno-pep-01"
+  location            = "italynorth"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  subnet_id           = data.azurerm_subnet.pep_subnet_itn.id
+
+  private_service_connection {
+    name                           = "${local.project_itn}-msgs-reminder-cosno-pep-01"
+    private_connection_resource_id = module.cosmosdb_account_mongodb_reminder.id
+    is_manual_connection           = false
+    subresource_names              = ["Sql"]
+  }
+}
+
+resource "azurerm_private_endpoint" "cosno_remote_content_itn" {
+  name                = "${local.project_itn}-msgs-remote-content-cosno-pep-01"
+  location            = "italynorth"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  subnet_id           = data.azurerm_subnet.pep_subnet_itn.id
+
+  private_service_connection {
+    name                           = "${local.project_itn}-msgs-remote-content-cosno-pep-01"
+    private_connection_resource_id = module.cosmosdb_account_mongodb_reminder.id
+    is_manual_connection           = false
+    subresource_names              = ["Sql"]
+  }
+}

src/domains/messages-common/03_database.tf

@@ -213,6 +213,7 @@ data "azurerm_key_vault_secret" "reminder_mysql_db_server_adm_username" {
   name         = "${local.product}-${var.domain}-REMINDER-MYSQL-DB-ADM-USERNAME"
   key_vault_id = module.key_vault.id
 }
+
 data "azurerm_key_vault_secret" "reminder_mysql_db_server_adm_password" {
   name         = "${local.product}-${var.domain}-REMINDER-MYSQL-DB-ADM-PASSWORD"
   key_vault_id = module.key_vault.id

src/domains/messages-common/99_locals.tf

@@ -1,13 +1,17 @@
 locals {
-  project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
-  product = "${var.prefix}-${var.env_short}"
+  project     = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
+  product     = "${var.prefix}-${var.env_short}"
+  project_itn = "${var.prefix}-${var.env_short}-itn"
 
   monitor_action_group_slack_name = "SlackPagoPA"
   monitor_action_group_email_name = "EmailPagoPA"
 
   vnet_common_name                = "${local.product}-vnet-common"
   vnet_common_resource_group_name = "${local.product}-rg-common"
 
+  vnet_common_name_itn                = "${local.project_itn}-common-vnet-01"
+  vnet_common_resource_group_name_itn = "${local.project_itn}-common-rg-01"
+
   acr_name                = replace("${local.product}commonacr", "-", "")
   acr_resource_group_name = "${local.product}-container-registry-rg"
 

src/domains/messages-common/README.md

@@ -76,6 +76,8 @@
 | [azurerm_mysql_flexible_database.reminder_mysql_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_flexible_database) | resource |
 | [azurerm_mysql_flexible_server.reminder_mysql_server](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_flexible_server) | resource |
 | [azurerm_mysql_flexible_server_configuration.max_connections](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_flexible_server_configuration) | resource |
+| [azurerm_private_endpoint.cosno_reminder_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
+| [azurerm_private_endpoint.cosno_remote_content_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_resource_group.app_messages_common_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.data_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.notifications_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -114,6 +116,7 @@
 | [azurerm_storage_account.api_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
+| [azurerm_subnet.pep_subnet_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 | [azurerm_user_assigned_identity.managed_identity_io_messages_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source |

src/domains/payments-common/01_network.tf

@@ -13,3 +13,23 @@ data "azurerm_subnet" "private_endpoints_subnet" {
   virtual_network_name = local.vnet_common_name
   resource_group_name  = local.vnet_common_resource_group_name
 }
+
+data "azurerm_subnet" "pep_subnet_itn" {
+  name                 = "${local.project_itn}-pep-snet-01"
+  virtual_network_name = local.vnet_common_name_itn
+  resource_group_name  = local.vnet_common_resource_group_name_itn
+}
+
+resource "azurerm_private_endpoint" "cosno_payments_itn" {
+  name                = "${local.project_itn}-msgs-payments-cosno-pep-01"
+  location            = "italynorth"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  subnet_id           = data.azurerm_subnet.pep_subnet_itn.id
+
+  private_service_connection {
+    name                           = "${local.project_itn}-msgs-payments-cosno-pep-01"
+    private_connection_resource_id = module.cosmosdb_account_mongodb.id
+    is_manual_connection           = false
+    subresource_names              = ["Sql"]
+  }
+}

src/domains/payments-common/99_locals.tf

@@ -1,6 +1,7 @@
 locals {
-  project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
-  product = "${var.prefix}-${var.env_short}"
+  project     = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
+  product     = "${var.prefix}-${var.env_short}"
+  project_itn = "${var.prefix}-${var.env_short}-itn"
 
   app_insights_ips_west_europe = [
     "51.144.56.96/28",
@@ -17,6 +18,9 @@ locals {
   vnet_common_name                = "${local.product}-vnet-common"
   vnet_common_resource_group_name = "${local.product}-rg-common"
 
+  vnet_common_name_itn                = "${local.project_itn}-common-vnet-01"
+  vnet_common_resource_group_name_itn = "${local.project_itn}-common-rg-01"
+
   acr_name                = replace("${local.product}commonacr", "-", "")
   acr_resource_group_name = "${local.product}-container-registry-rg"
 

src/domains/payments-common/README.md

@@ -32,6 +32,7 @@
 | [azurerm_key_vault_secret.appinsights_instrumentation_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.messages_io-p-messages-weu-prod01-evh_jaas-connection-string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.mongodb_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_private_endpoint.cosno_payments_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_resource_group.data_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
@@ -48,6 +49,7 @@
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_private_dns_zone.privatelink_mongo_cosmos_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
 | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_subnet.pep_subnet_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 | [azurerm_virtual_network.vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |