Merge branch 'main' into ces-128-route-traffic-to-appbel3

src/common/_modules/application_gateway/data.tf

@@ -12,11 +12,16 @@ data "azurerm_linux_web_app" "appservice_continua" {
   resource_group_name = "${var.project}-continua-rg"
 }
 
-data "azurerm_linux_web_app" "session_manager" {
+data "azurerm_linux_web_app" "session_manager_03" {
   name                = "io-p-weu-session-manager-app-03"
   resource_group_name = "io-p-weu-session-manager-rg-01"
 }
 
+data "azurerm_linux_web_app" "session_manager_04" {
+  name                = "io-p-weu-session-manager-app-04"
+  resource_group_name = "io-p-weu-session-manager-rg-01"
+}
+
 data "azurerm_linux_web_app" "fims_op_app" {
   name                = "io-p-weu-fims-op-app-01"
   resource_group_name = "io-p-weu-fims-rg-01"
@@ -112,4 +117,4 @@ data "azurerm_key_vault_secret" "app_gw_mtls_header_name" {
 
 data "azuread_service_principal" "app_gw_uai_kvreader" {
   display_name = format("%s-uai-kvreader", var.project)
-}
+}

src/common/_modules/application_gateway/main.tf

@@ -48,7 +48,8 @@ module "app_gw" {
       port         = 443
       ip_addresses = null # with null value use fqdns
       fqdns = [
-        data.azurerm_linux_web_app.session_manager.default_hostname
+        data.azurerm_linux_web_app.session_manager_03.default_hostname,
+        data.azurerm_linux_web_app.session_manager_04.default_hostname
       ]
       probe                       = "/healthcheck"
       probe_name                  = "probe-session-manager-app"

src/common/_modules/cosmos_api/locals.tf

@@ -55,7 +55,7 @@ locals {
       partition_key_version = null
       default_ttl           = -1
       autoscale_settings = {
-        max_throughput = 67000
+        max_throughput = 200000
       }
     },
     {
@@ -72,7 +72,7 @@ locals {
       partition_key_version = null
       default_ttl           = -1
       autoscale_settings = {
-        max_throughput = 46000
+        max_throughput = 100000
       }
     },
     {
@@ -124,7 +124,7 @@ locals {
       partition_key_path    = "/fiscalCode"
       partition_key_version = null
       autoscale_settings = {
-        max_throughput = 48000
+        max_throughput = 100000
       }
     },
     {

src/common/prod/data.tf

@@ -88,7 +88,7 @@ data "azurerm_linux_function_app" "io_sign_user" {
 
 data "azurerm_linux_function_app" "wallet_user" {
   resource_group_name = "${local.project_itn}-wallet-rg-01"
-  name                = "${local.project_itn}-wallet-user-func-01"
+  name                = "${local.project_itn}-wallet-user-func-02"
 }
 
 data "azurerm_api_management" "trial_system" {

src/domains/cgn/_modules/functions_apps/data.tf

@@ -27,6 +27,12 @@ data "azurerm_subnet" "snet_backendl2" {
   resource_group_name  = local.resource_group_name_common
 }
 
+data "azurerm_subnet" "snet_backendl3" {
+  name                 = "appbackendl3"
+  virtual_network_name = local.vnet_name_common
+  resource_group_name  = local.resource_group_name_common
+}
+
 data "azurerm_subnet" "snet_backendli" {
   name                 = "appbackendli"
   virtual_network_name = local.vnet_name_common
@@ -82,3 +88,14 @@ data "azurerm_monitor_action_group" "error_action_group" {
   name                = "${replace("${var.project}", "-", "")}error"
   resource_group_name = local.resource_group_name_common
 }
+
+data "azurerm_subnet" "private_endpoints_subnet" {
+  name                 = "pendpoints"
+  virtual_network_name = local.vnet_name_common
+  resource_group_name  = local.resource_group_name_common
+}
+
+data "azurerm_private_dns_zone" "function_app" {
+  name                = "privatelink.azurewebsites.net"
+  resource_group_name = local.resource_group_name_common
+}

src/domains/cgn/_modules/functions_apps/function_app_cgn.tf

@@ -42,6 +42,7 @@ module "function_cgn" {
     data.azurerm_subnet.snet_backendl2.id,
     data.azurerm_subnet.snet_backendli.id,
     data.azurerm_subnet.snet_apim_v2.id,
+    data.azurerm_subnet.snet_backendl3.id
   ]
 
   sticky_app_setting_names = [
@@ -91,7 +92,50 @@ module "function_cgn_staging_slot" {
     data.azurerm_subnet.snet_backendl2.id,
     data.azurerm_subnet.snet_backendli.id,
     data.azurerm_subnet.snet_apim_v2.id,
+    data.azurerm_subnet.snet_backendl3.id,
   ]
 
   tags = var.tags
 }
+
+resource "azurerm_private_endpoint" "function_sites" {
+  name                = "${var.project}-cgn-fn-pep"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  subnet_id           = data.azurerm_subnet.private_endpoints_subnet.id
+
+  private_service_connection {
+    name                           = "${var.project}-cgn-fn-pep"
+    private_connection_resource_id = module.function_cgn.id
+    is_manual_connection           = false
+    subresource_names              = ["sites"]
+  }
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id]
+  }
+
+  tags = var.tags
+}
+
+resource "azurerm_private_endpoint" "staging_function_sites" {
+  name                = "${var.project}-cgn-fn-staging-pep"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  subnet_id           = data.azurerm_subnet.private_endpoints_subnet.id
+
+  private_service_connection {
+    name                           = "${var.project}-cgn-fn-pep"
+    private_connection_resource_id = module.function_cgn.id
+    is_manual_connection           = false
+    subresource_names              = ["sites-${module.function_cgn_staging_slot.name}"]
+  }
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id]
+  }
+
+  tags = var.tags
+}

src/domains/cgn/prod/locals.tf

@@ -4,7 +4,7 @@ locals {
   project   = "${local.prefix}-${local.env_short}"
 
   location           = "westeurope"
-  secondary_location = "northeurope"
+  secondary_location = "italynorth"
 
   tags = {
     CostCenter     = "TS310 - PAGAMENTI & SERVIZI"

src/domains/citizen-auth-app/01_network.tf

@@ -74,6 +74,12 @@ data "azurerm_subnet" "app_backend_l2_snet" {
   resource_group_name  = local.vnet_common_resource_group_name
 }
 
+data "azurerm_subnet" "app_backend_l3_snet" {
+  name                 = "appbackendl3"
+  virtual_network_name = local.vnet_common_name
+  resource_group_name  = local.vnet_common_resource_group_name
+}
+
 data "azurerm_subnet" "ioweb_profile_snet" {
   name                 = format("%s-ioweb-profile-snet", local.common_project)
   virtual_network_name = local.vnet_common_name

src/domains/citizen-auth-app/07_function_fast_login.tf

@@ -273,6 +273,7 @@ module "function_fast_login" {
     data.azurerm_subnet.app_backend_l2_snet.id,
     data.azurerm_subnet.ioweb_profile_snet.id,
     module.session_manager_snet.id,
+    data.azurerm_subnet.app_backend_l3_snet.id
   ]
 
   # Action groups for alerts
@@ -321,7 +322,8 @@ module "function_fast_login_staging_slot" {
     data.azurerm_subnet.azdoa_snet[0].id,
     data.azurerm_subnet.apim_v2_snet.id,
     data.azurerm_subnet.app_backend_l1_snet.id,
-    data.azurerm_subnet.app_backend_l2_snet.id
+    data.azurerm_subnet.app_backend_l2_snet.id,
+    data.azurerm_subnet.app_backend_l3_snet.id
   ]
 
   tags = var.tags

src/domains/citizen-auth-app/09_function_profile.tf

@@ -274,7 +274,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" {
 
         capacity = {
           default = 10
-          minimum = 3
+          minimum = 5
           maximum = 30
         }
       },
@@ -288,7 +288,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" {
 
         capacity = {
           default = 10
-          minimum = 3
+          minimum = 5
           maximum = 30
         }
       },
@@ -302,7 +302,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" {
 
         capacity = {
           default = 10
-          minimum = 4
+          minimum = 5
           maximum = 30
         }
       },
@@ -316,7 +316,7 @@ resource "azurerm_monitor_autoscale_setting" "function_profile" {
 
         capacity = {
           default = 10
-          minimum = 3
+          minimum = 5
           maximum = 30
         }
       }

src/domains/citizen-auth-app/README.md

@@ -154,6 +154,7 @@
 | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.app_backend_l1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.app_backend_l2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
+| [azurerm_subnet.app_backend_l3_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.appgateway_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.fims_op_app_snet_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |

src/domains/eucovidcert/_modules/function_apps/data.tf

@@ -27,8 +27,8 @@ data "azurerm_subnet" "snet_backendl2" {
   resource_group_name  = local.resource_group_name_common
 }
 
-data "azurerm_subnet" "snet_pblevtdispatcher" {
-  name                 = "fnpblevtdispatcherout"
+data "azurerm_subnet" "snet_backendl3" {
+  name                 = "appbackendl3"
   virtual_network_name = local.vnet_name_common
   resource_group_name  = local.resource_group_name_common
 }
@@ -112,4 +112,4 @@ data "azurerm_key_vault_secret" "fn_eucovidcert_FNSERVICES_API_KEY" {
 data "azurerm_monitor_action_group" "error_action_group" {
   name                = "${replace("${var.project}", "-", "")}error"
   resource_group_name = local.resource_group_name_common
-}
+}

src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf

@@ -38,8 +38,8 @@ module "function_eucovidcert" {
     var.subnet_id,
     data.azurerm_subnet.snet_backendl1.id,
     data.azurerm_subnet.snet_backendl2.id,
-    data.azurerm_subnet.snet_pblevtdispatcher.id,
     data.azurerm_subnet.snet_apim_v2.id,
+    data.azurerm_subnet.snet_backendl3.id
   ]
 
   tags = var.tags
@@ -77,8 +77,8 @@ module "function_eucovidcert_staging_slot" {
     var.subnet_id,
     data.azurerm_subnet.snet_backendl1.id,
     data.azurerm_subnet.snet_backendl2.id,
-    data.azurerm_subnet.snet_pblevtdispatcher.id,
     data.azurerm_subnet.snet_apim_v2.id,
+    data.azurerm_subnet.snet_backendl3.id
   ]
 
   tags = var.tags

src/domains/functions/data.tf

@@ -187,3 +187,9 @@ data "azurerm_subnet" "app_backendl2_snet" {
   resource_group_name  = local.rg_common_name
   virtual_network_name = local.vnet_common_name
 }
+
+data "azurerm_subnet" "app_backendl3_snet" {
+  name                 = "appbackendl3"
+  resource_group_name  = local.rg_common_name
+  virtual_network_name = local.vnet_common_name
+}

src/domains/functions/function_app.tf

@@ -239,6 +239,7 @@ module "function_app" {
     data.azurerm_subnet.app_backendli_snet.id,
     data.azurerm_subnet.ioweb_profile_snet.id,
     data.azurerm_subnet.session_manager_snet.id,
+    data.azurerm_subnet.app_backendl3_snet.id
   ]
 
   sticky_app_setting_names = concat([
@@ -291,6 +292,7 @@ module "function_app_staging_slot" {
     data.azurerm_subnet.app_backendl1_snet.id,
     data.azurerm_subnet.app_backendl2_snet.id,
     data.azurerm_subnet.app_backendli_snet.id,
+    data.azurerm_subnet.app_backendl3_snet.id
   ]
 
   tags = var.tags

src/domains/messages-app/01_network.tf

@@ -64,6 +64,12 @@ data "azurerm_subnet" "app_backendl2_snet" {
   resource_group_name  = local.vnet_common_resource_group_name
 }
 
+data "azurerm_subnet" "app_backendl3_snet" {
+  name                 = "appbackendl3"
+  virtual_network_name = local.vnet_common_name
+  resource_group_name  = local.vnet_common_resource_group_name
+}
+
 data "azurerm_subnet" "apim_snet" {
   name                 = "apimv2api"
   virtual_network_name = local.vnet_common_name
@@ -76,6 +82,12 @@ data "azurerm_subnet" "azdoa_snet" {
   resource_group_name  = local.vnet_common_resource_group_name
 }
 
+data "azurerm_subnet" "github_snet" {
+  name                 = "io-p-github-runner-snet"
+  virtual_network_name = local.vnet_common_name
+  resource_group_name  = local.vnet_common_resource_group_name
+}
+
 data "azurerm_private_dns_zone" "privatelink_servicebus_windows_net" {
   name                = "privatelink.servicebus.windows.net"
   resource_group_name = format("%s-evt-rg", local.product)

src/domains/messages-app/10_function_messages.tf

@@ -168,6 +168,7 @@ module "app_messages_function" {
     data.azurerm_subnet.app_backendl1_snet.id,
     data.azurerm_subnet.app_backendl2_snet.id,
     data.azurerm_subnet.apim_snet.id,
+    data.azurerm_subnet.app_backendl3_snet.id
   ]
 
   allowed_ips = concat(
@@ -221,6 +222,7 @@ module "app_messages_function_staging_slot" {
     data.azurerm_subnet.app_backendl1_snet.id,
     data.azurerm_subnet.app_backendl2_snet.id,
     data.azurerm_subnet.azdoa_snet.id,
+    data.azurerm_subnet.app_backendl3_snet.id
   ]
 
   allowed_ips = concat(