diff --git a/.github/workflows/common_code_review.yaml b/.github/workflows/common_code_review.yaml index b63dc4cf3..77bb54127 100644 --- a/.github/workflows/common_code_review.yaml +++ b/.github/workflows/common_code_review.yaml @@ -1,11 +1,8 @@ name: PR - Common TF Validation # This pipeline starts automatically when a PR is opened. -# -# It is responsible for managing changes related solely to the NEW infrastructure. -# Therefore, it checks whether the changes have occurred only in the directories listed in "paths." -# -## NOTE: 'NEW infrastructure' refers to the new Terraform infrastructure located in the src/common/prod folder, which no longer requires the terraform.sh script to be applied. +## +# It is responsible for managing changes related to "common" infrastructure, on: workflow_dispatch: diff --git a/.github/workflows/common_deploy.yaml b/.github/workflows/common_deploy.yaml index 42205ce9c..58e0c1fe2 100644 --- a/.github/workflows/common_deploy.yaml +++ b/.github/workflows/common_deploy.yaml @@ -1,15 +1,12 @@ -name: PR - Common TF Apply +name: Release - Common TF Apply # This pipeline starts automatically when a PR is merged into 'main'. # -# It is responsible for managing changes related solely to the NEW infrastructure, -# ensuring that changes have occurred exclusively within the directories listed in "paths." -# -## NOTE: 'NEW infrastructure' refers to the new Terraform infrastructure located in the src/common/prod folder, which no longer requires the terraform.sh script to be applied. +# It is responsible for managing changes related to "common" infrastructure, # # This pipeline first executes a plan and then an apply, which must be approved by the team. -on: +on: workflow_dispatch: push: branches: diff --git a/.github/workflows/core_code_review.yaml b/.github/workflows/core_code_review.yaml index 530dbdd77..7ef6f979a 100644 --- a/.github/workflows/core_code_review.yaml +++ b/.github/workflows/core_code_review.yaml @@ -2,10 +2,7 @@ name: PR - Core TF Validation # This pipeline starts automatically when a PR is opened. # -# It is responsible for managing changes related solely to the NEW infrastructure. -# Therefore, it checks whether the changes have occurred only in the directories listed in "paths." -# -## NOTE: 'NEW infrastructure' refers to the new Terraform infrastructure located in the src/core/prod folder, which no longer requires the terraform.sh script to be applied. +# It is responsible for managing changes related to "core" infrastructure, on: workflow_dispatch: diff --git a/.github/workflows/core_code_review_weu.yaml b/.github/workflows/core_code_review_weu.yaml deleted file mode 100644 index 5ac5f08b5..000000000 --- a/.github/workflows/core_code_review_weu.yaml +++ /dev/null @@ -1,70 +0,0 @@ -name: WEU - Core TF Validation (PROD) - -# This pipeline starts automatically when a PR is opened. -# -# It is responsible for managing only the legacy part (West Europe), -# ensuring that changes have occurred exclusively within the directories listed in "paths." -# It ignores the folders related to the new infrastructure, indicated by the symbol '!', which denotes an excluded path. - -on: - workflow_dispatch: - pull_request: - types: - - opened - - edited - - synchronize - - reopened - - ready_for_review - paths: - - "src/core/**" - - ".github/workflows/core_code_review_weu.yaml" - - "!src/core/prod/**" - - "!src/core/_modules/**" - - "!.github/workflows/core_code_review.yaml" - -env: - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - ARM_USE_OIDC: true - ARM_USE_AZUREAD: true - ARM_STORAGE_USE_AZUREAD: true - DIR: src/core - AZURE_ENVIRONMENT: prod - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -jobs: - tf_plan: - name: Terraform Plan - runs-on: self-hosted - environment: prod-ci - concurrency: - group: ${{ github.workflow }}-ci - cancel-in-progress: true - permissions: - id-token: write - contents: read - pull-requests: write - - steps: - - name: Checkout - id: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Setup terraform - id: setup-version - # https://github.com/pagopa/terraform-install-action/commits/main - uses: pagopa/terraform-install-action@1f76f593176e58c423b88d72273a612ba7ba430b - - - name: Terraform plan - # from https://github.com/pagopa/terraform-plan-azure-action/commits/main - uses: pagopa/terraform-plan-azure-action@392aca28cbb33f5dc28215dfb72385e136fd813b - with: - client_id: ${{ env.ARM_CLIENT_ID }} - tenant_id: ${{ env.ARM_TENANT_ID }} - subscription_id: ${{ env.ARM_SUBSCRIPTION_ID }} - dir: ${{ env.DIR }} - azure_environment: ${{ env.AZURE_ENVIRONMENT }} \ No newline at end of file diff --git a/.github/workflows/core_deploy.yaml b/.github/workflows/core_deploy.yaml index 9a72df4ad..d515ba146 100644 --- a/.github/workflows/core_deploy.yaml +++ b/.github/workflows/core_deploy.yaml @@ -1,15 +1,12 @@ -name: PR - Core TF Apply +name: Release - Core TF Apply # This pipeline starts automatically when a PR is merged into 'main'. # -# It is responsible for managing changes related solely to the NEW infrastructure, -# ensuring that changes have occurred exclusively within the directories listed in "paths." -# -## NOTE: 'NEW infrastructure' refers to the new Terraform infrastructure located in the src/core/prod folder, which no longer requires the terraform.sh script to be applied. +# It is responsible for managing changes related to "core" infrastructure, # # This pipeline first executes a plan and then an apply, which must be approved by the team. -on: +on: workflow_dispatch: push: branches: diff --git a/.github/workflows/core_deploy_weu.yaml b/.github/workflows/core_deploy_weu.yaml deleted file mode 100644 index 5cb82ee8e..000000000 --- a/.github/workflows/core_deploy_weu.yaml +++ /dev/null @@ -1,151 +0,0 @@ -name: WEU - Core TF Apply (PROD) - -# This pipeline starts automatically when a PR is merged into 'main'. -# -# It is responsible for managing only the legacy part (West Europe), -# ensuring that changes have occurred exclusively within the directories listed in "paths." -# It ignores the folders related to the new mode, indicated by the symbol '!', which denotes an excluded path. -# -# This pipeline will use the terraform.sh script, which first executes a plan and then an apply, both of which must be approved by the team. - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - "src/core/**" - - ".github/workflows/core_deploy_weu.yaml" - - "!src/core/prod/**" - - "!src/core/_modules/**" - - "!.github/workflows/core_deploy.yaml" - -permissions: - id-token: write - contents: read - -concurrency: - group: ${{ github.workflow }}-cd - cancel-in-progress: true - -env: - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - ARM_USE_OIDC: true - ARM_USE_AZUREAD: true - ARM_STORAGE_USE_AZUREAD: true - DIR: src/core - AZURE_ENVIRONMENT: prod - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -jobs: - terraform_plan_job: - name: Terraform Plan - runs-on: self-hosted - environment: prod-ci - - steps: - - - name: Checkout - id: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Azure Login - id: az_login - uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 - with: - client-id: ${{ env.ARM_CLIENT_ID }} - tenant-id: ${{ env.ARM_TENANT_ID }} - subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} - - - name: Set Terraform Version - id: env_tf_version - run: | - echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT - - - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 - id: terraform_setup - name: Setup Terraform - with: - terraform_version: ${{ steps.env_tf_version.outputs.terraform_version}} - terraform_wrapper: true - - - name: Terraform plan - shell: bash - working-directory: ${{ env.DIR }} - env: - AZURE_ENVIRONMENT: prod - run: | - bash ./terraform.sh plan ${{ env.AZURE_ENVIRONMENT }} -lock-timeout=3000s -out=tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }} -input=false - - - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 - id: artifact_upload - name: Upload plans as artifacts - env: - AZURE_ENVIRONMENT: prod - with: - name: tfplan-output - if-no-files-found: error - path: | - **/tfplan-${{ env.AZURE_ENVIRONMENT }}-* - - outputs: - terraform_version: ${{ steps.env_tf_version.outputs.terraform_version}} - - terraform_apply_job: - name: Terraform Apply - runs-on: self-hosted - environment: prod-cd - needs: [terraform_plan_job] - - steps: - - - name: Checkout - id: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - fetch-depth: 0 - - - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 - id: artifact_download - name: Download plans as artifact - with: - name: tfplan-output - - - name: Azure Login - id: az_login - uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 - with: - client-id: ${{ env.ARM_CLIENT_ID }} - tenant-id: ${{ env.ARM_TENANT_ID }} - subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }} - - - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 - id: terraform_setup - name: Setup Terraform - with: - terraform_version: ${{ needs.terraform_plan_job.outputs.terraform_version }} - terraform_wrapper: true - - - name: Terraform init - id: terraform_init - shell: bash - working-directory: ${{ env.DIR }} - env: - AZURE_ENVIRONMENT: prod - run: | - bash ./terraform.sh init ${{ env.AZURE_ENVIRONMENT }} - - - name: Terraform apply - id: terraform_apply - shell: bash - working-directory: ${{ env.DIR }} - env: - AZURE_ENVIRONMENT: prod - run: | - terraform apply -lock-timeout=3000s -auto-approve -input=false tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }} \ No newline at end of file diff --git a/.github/workflows/legacy_apim_code_review.yaml b/.github/workflows/legacy_apim_code_review.yaml new file mode 100644 index 000000000..158ec8d92 --- /dev/null +++ b/.github/workflows/legacy_apim_code_review.yaml @@ -0,0 +1,27 @@ +name: PR - Legacy APIM TF Validation + +# This pipeline starts automatically when a PR is opened. +# +# It is responsible for managing only a couple of legacy API groups on APIM. + +on: + workflow_dispatch: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + - ready_for_review + paths: + - "src/legacy-apim/**" + - ".github/workflows/legacy_apim_code_review.yaml" + +jobs: + prod_legacy_apim_code_review: + uses: pagopa/dx/.github/workflows/infra_plan.yaml@main + name: Prod - Code Review + secrets: inherit + with: + environment: prod + base_path: src/legacy-apim diff --git a/.github/workflows/legacy_apim_deploy.yaml b/.github/workflows/legacy_apim_deploy.yaml new file mode 100644 index 000000000..ca7ed4209 --- /dev/null +++ b/.github/workflows/legacy_apim_deploy.yaml @@ -0,0 +1,26 @@ +name: Release - Legacy APIM TF Apply + +# This pipeline starts automatically when a PR is merged into 'main'. +# +# It is responsible for managing only a couple of legacy API groups on APIM. +# +# This pipeline will use the terraform.sh script, which first executes a plan and then an apply, +# where the latter must be approved by the team. + +on: + workflow_dispatch: + push: + branches: + - main + paths: + - "src/legacy-apim/**" + - ".github/workflows/legacy_apim_deploy.yaml" + +jobs: + prod_legacy_apim_deploy: + uses: pagopa/dx/.github/workflows/infra_apply.yaml@main + name: Prod - Code Deploy + secrets: inherit + with: + environment: prod + base_path: src/legacy-apim diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml index 8ea71ac3a..b7ba2352b 100644 --- a/.github/workflows/static_analysis.yml +++ b/.github/workflows/static_analysis.yml @@ -26,9 +26,6 @@ jobs: # map value with path to domain root and path to config entry point declare -A newmap - newmap[src/core]="." - newmap[src/.template-app]="." - newmap[src/.template-common]="." newmap[src/aks-platform]="." newmap[src/domains/cgn]="./prod" newmap[src/domains/selfcare]="./prod/westeurope" diff --git a/src/.template-app/.terraform.lock.hcl b/src/.template-app/.terraform.lock.hcl deleted file mode 100644 index 690471b58..000000000 --- a/src/.template-app/.terraform.lock.hcl +++ /dev/null @@ -1,117 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.33.0" - constraints = "<= 2.33.0" - hashes = [ - "h1:PDiZA9QpXCkaSuWu6jiCRcjVtKJETqjcOZq4I434zfE=", - "h1:QAQe2+WSqGnHYAVoA+NN4Oeuoqg5sXq3U9Qmj6S1P5M=", - "h1:XIvCW3Nl4bW1bc9f8jyGhft+fQjaed4yy/LFzDAeVJ8=", - "h1:Z28tjly5UfKOE+HL/oALxCPhmCuBwUgZ4uaYt68VR3M=", - "zh:0602d03d7d7e38819f78dc377e64f365427496edf1065bfbb113e3921ab1c34e", - "zh:08843838f4fe146084592472648d4ea7191931eabe042a96c3b3c6eaf8ddfb43", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:26a0d8a186e3b47ea0b7217a8e420b03fda59b7a680bb3ea52cf7d3e6d965ef3", - "zh:352a1cacaacd39e796de15a52d192ab0e6eb98dd36b5fbf8ebddd37e6dafa4ac", - "zh:3702ad4c534e67e2e07b060bfe5e6edc244c59c911906c8b15b96e7fecb0ff2c", - "zh:93b5248d26bdd44845b2ab051a2168c7edad788ae9836f62ea5fb632fd59d7ea", - "zh:a7b880155f4a67b52a5bfe78de33dc55254ef80006234f00e36aaf6533b1de4a", - "zh:a7cf0829364127c9bca26ec01ea3d66988b43987b2d26a3290487d1fc0da50eb", - "zh:b1f82b0d30af733b36a2f849799e0b1ed6a72888fa32a438c829c4e5cff88e20", - "zh:b6c2b23770852de8f56b549579c2f5a82afd84a9ca0616d53a25d48488f7aaf0", - "zh:d87dfbdfe8ab9d3a2e33f210333d40f211ea7d33bfa671063e6807c6ddd85a52", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.40.0" - constraints = ">= 3.30.0, <= 3.40.0" - hashes = [ - "h1:/Jbhw/zNAsDYDoASaG6w+0KZyay9BkUVOpR8b7m0CsA=", - "h1:7Vfig36efXmcsWQSZwdB+bqZLtoZ/RyytY9lXHx9Fic=", - "h1:VpRitAMc2wjUH/2jCz9MtZZd83UFxwTCamjRvIh/Nvg=", - "h1:dSM3nwscFP/OmH5Kr5FGao+9DjIXUEECnbMtWdrQOdg=", - "zh:00fa6dc05bf2643c6a3c741edb7d88263698086835a8a613f1d7bd76d1b918fd", - "zh:0da9b788e773272a7aa9d59bd9e3d5842edd4acc8c3895bea469e66dc14205a0", - "zh:25a8c39d1f042fc7c83ba9dd745c3569ea9e577fadb57563a575fb115ac2b9f1", - "zh:4423666dbeae8bc22c6e8898ffbb88745681dc27668ca9104b665dd7f3d7292c", - "zh:78c07308e7407b558d15737a98fb5eaf15529d297fc3798de6a7d61e0466e2e3", - "zh:894aca7e6f4f331ee8eb51957a180dc03d399d2b1727e0d7842e9b3f022a8c6a", - "zh:bb0e620c2161b4c4892a6f50b1c4c69ed70f66bb5e92543a03d79d0e4b1d9441", - "zh:c7d8e6a791159ca63b30908c9efe72ab65f60d64b30f0c1eb5a64972f4994844", - "zh:d04c11bfd346c1ac34d16bbdca70b23b006e822f6beb236b85375e8343888eb4", - "zh:f4edea9660327c7c70a823d786fd1b1c1b186c8759770447f63da72f23e1a73c", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f986e268949cf445ff53a66af48a87c6f6dba5964e8a5b1dc0ea02afabdd71f7", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.8.0" - constraints = "2.8.0" - hashes = [ - "h1:SAwW8iYsXVDhCs8UL5ElzfN6iP3q3tdObPwJiTpCkKI=", - "h1:U0w0mUT0SwZCR0poGNSxGaZJKWcOiu4GerpGztYBiMM=", - "h1:a98mBNghv9odh5PVmgdXapgyYJmO/ncAWkwLWdXLuY4=", - "h1:abRryu69lsIGXctqjMVoaKqi74eE12Vzd2FLpds1/PI=", - "zh:1e42d1a04c07d4006844e477ca32b5f45b04f6525dbbbe00b6be6e6ec5a11c54", - "zh:2f87187cb48ccfb18d12e2c4332e7e822923b659e7339b954b7db78aff91529f", - "zh:391fe49b4d2dc07bc717248a3fc6952189cfc49c596c514ad72a29c9a9f9d575", - "zh:89272048e1e63f3edc3e83dfddd5a9fd4bd2a4ead104e67de1e14319294dedf1", - "zh:a5a057c3435a854389ce8a1d98a54aaa7cbab68aca7baa436a605897aa70ff7e", - "zh:b1098e53e1a8a3afcd325ecd0328662156b3d9c3d80948f19ba3a4eb870cee2b", - "zh:b676f949e8274a2b6c3fa41f5428ea597125579c7b93bb50bb73a5e295a7a447", - "zh:cdf7e9460f28c2dbfe49a79a5022bd0d474ff18120d340738aa35456ba77ebca", - "zh:e24b59b4ed1c593facbf8051ec58550917991e2e017f3085dac5fb902d9908cb", - "zh:e3b5e1f5543cac9d9031a028f1c1be4858fb80fae69f181f21e9465e366ebfa2", - "zh:e9fddc0bcdb28503078456f0088851d45451600d229975fd9990ee92c7489a10", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.17.0" - constraints = "2.17.0" - hashes = [ - "h1:Dq/EHg8mKP9wDDTJx5CzZ+w44wutIZJGfQLrAIznAqY=", - "h1:I1L2R+OPgGSh+P6uBSycvvoyRIey/FqMwSvlJ9ccw0o=", - "h1:Nu0bV0ehFE3aiAl8+qxBCxi8u+dfjvvhoQOW30rFGPo=", - "h1:p2sgF62c2svJSKuImL3/zq/SSPOZFyd4Vj7K0UF2VrQ=", - "zh:1cbafea8c404195d8ad2490d75dbeebef131563d3e38dec87231ceb3923a3012", - "zh:26d9584423ee77e607999b082de7d9dc3e937934aa83341e0832e7253caf4f51", - "zh:333527fc15fb43bbf1898a2f058598c596468a01d88c415627bb617878dc4d4d", - "zh:391b8c80e3115af485977d6e949d7260b7fc0b641089b884256bfd36a7077db2", - "zh:4d18ba55247486181759d60195777945bcd68e17ccd980820ca18e8a8b94aeb5", - "zh:607ae94d85d1c1ed3845bd71095daadea4b2468e16f57fa05c98eab0de6b14ae", - "zh:95c6cf22f8ef14e7a4f85e33cff5d6f11056c7880041b71d425d1b5ebbe246e7", - "zh:b077edcedb46a313b461ac1e49317872063b3871f2acbe1a50498612cefff387", - "zh:c6a7891683e44148b0c928fd4748b7abac727266ab551d679015f5fe8b72d1e6", - "zh:e5cebfdf873770c37a4304362003d3fea8d6c2fd819663ad121bc65bb81e4738", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:feb19269e7c0de473ad412b37818b48da0cc91e5c93dd4c77a72676ca97a16b1", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "<= 3.2.1" - hashes = [ - "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", - "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", - ] -} diff --git a/src/.template-app/00_azuread.tf b/src/.template-app/00_azuread.tf deleted file mode 100644 index bfffd3a8b..000000000 --- a/src/.template-app/00_azuread.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Azure AD -data "azuread_group" "adgroup_admin" { - display_name = format("%s-adgroup-admin", local.product) -} - -data "azuread_group" "adgroup_developers" { - display_name = format("%s-adgroup-developers", local.product) -} - -data "azuread_group" "adgroup_externals" { - display_name = format("%s-adgroup-externals", local.product) -} - -data "azuread_group" "adgroup_security" { - display_name = format("%s-adgroup-security", local.product) -} diff --git a/src/.template-app/01_aks.tf b/src/.template-app/01_aks.tf deleted file mode 100644 index 78dbc6c0f..000000000 --- a/src/.template-app/01_aks.tf +++ /dev/null @@ -1,13 +0,0 @@ -data "azurerm_kubernetes_cluster" "aks" { - name = local.aks_name - resource_group_name = local.aks_resource_group_name -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "aks_apiserver_url" { - name = "${local.aks_name}-apiserver-url" - value = "https://${data.azurerm_kubernetes_cluster.aks.private_fqdn}:443" - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} diff --git a/src/.template-app/01_monitor.tf b/src/.template-app/01_monitor.tf deleted file mode 100644 index acb5a2549..000000000 --- a/src/.template-app/01_monitor.tf +++ /dev/null @@ -1,28 +0,0 @@ -data "azurerm_log_analytics_workspace" "log_analytics" { - name = var.log_analytics_workspace_name - resource_group_name = var.log_analytics_workspace_resource_group_name -} - -data "azurerm_application_insights" "application_insights" { - name = var.application_insights_name - resource_group_name = var.monitor_resource_group_name -} - -data "azurerm_resource_group" "monitor_rg" { - name = var.monitor_resource_group_name -} - -data "azurerm_monitor_action_group" "slack" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_slack_name -} - -data "azurerm_monitor_action_group" "email" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_email_name -} - -data "azurerm_monitor_action_group" "error_action_group" { - resource_group_name = var.monitor_resource_group_name - name = "${var.prefix}${var.env_short}error" -} diff --git a/src/.template-app/01_network.tf b/src/.template-app/01_network.tf deleted file mode 100644 index 96b42ff13..000000000 --- a/src/.template-app/01_network.tf +++ /dev/null @@ -1,53 +0,0 @@ -data "azurerm_virtual_network" "vnet" { - name = local.vnet_name - resource_group_name = local.vnet_resource_group_name -} - -data "azurerm_virtual_network" "vnet_common" { - name = local.vnet_common_name - resource_group_name = local.vnet_common_resource_group_name -} - -data "azurerm_private_dns_zone" "internal" { - name = local.internal_dns_zone_name - resource_group_name = local.internal_dns_zone_resource_group_name -} - -data "azurerm_private_dns_zone" "privatelink_blob_core_windows_net" { - name = "privatelink.blob.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_queue_core_windows_net" { - name = "privatelink.queue.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_file_core_windows_net" { - name = "privatelink.file.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_table_core_windows_net" { - name = "privatelink.table.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_documents_azure_com" { - name = "privatelink.documents.azure.com" - resource_group_name = format("%s-rg-common", local.product) -} - -resource "azurerm_private_dns_a_record" "ingress" { - name = local.ingress_hostname - zone_name = data.azurerm_private_dns_zone.internal.name - resource_group_name = local.internal_dns_zone_resource_group_name - ttl = 3600 - records = [var.ingress_load_balancer_ip] -} - -data "azurerm_subnet" "private_endpoints_subnet" { - name = "pendpoints" - virtual_network_name = local.vnet_common_name - resource_group_name = local.vnet_common_resource_group_name -} diff --git a/src/.template-app/02_namespace.tf b/src/.template-app/02_namespace.tf deleted file mode 100644 index 7449fb5df..000000000 --- a/src/.template-app/02_namespace.tf +++ /dev/null @@ -1,95 +0,0 @@ -resource "kubernetes_namespace" "namespace" { - metadata { - name = var.domain - } -} - -module "pod_identity" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//kubernetes_pod_identity?ref=v4.1.3" - - resource_group_name = local.aks_resource_group_name - location = var.location - tenant_id = data.azurerm_subscription.current.tenant_id - cluster_name = local.aks_name - - identity_name = "${var.domain}-pod-identity" - namespace = kubernetes_namespace.namespace.metadata[0].name - key_vault_id = data.azurerm_key_vault.kv.id - - secret_permissions = ["Get"] -} - -resource "helm_release" "reloader" { - name = "reloader" - repository = "https://stakater.github.io/stakater-charts" - chart = "reloader" - version = var.reloader_helm.chart_version - namespace = kubernetes_namespace.namespace.metadata[0].name - - set { - name = "reloader.watchGlobally" - value = "false" - } - set { - name = "reloader.deployment.image.name" - value = var.reloader_helm.image_name - } - set { - name = "reloader.deployment.image.tag" - value = var.reloader_helm.image_tag - } -} - -resource "helm_release" "tls_cert_check" { - name = "tls-cert-check" - chart = "microservice-chart" - repository = "https://pagopa.github.io/aks-microservice-chart-blueprint" - version = var.tls_cert_check_helm.chart_version - namespace = kubernetes_namespace.namespace.metadata[0].name - - values = [ - "${templatefile("${path.module}/templates/tls-cert.yaml.tpl", - { - namespace = var.domain - image_name = var.tls_cert_check_helm.image_name - image_tag = var.tls_cert_check_helm.image_tag - website_site_name = "tls-cert-check-${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - time_trigger = "*/1 * * * *" - function_name = "${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - region = var.location_string - expiration_delta_in_days = "7" - host = "${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - appinsights_instrumentationkey = "appinsights-connection-string" - keyvault_name = data.azurerm_key_vault.kv.name - keyvault_tenantid = data.azurerm_client_config.current.tenant_id - })}", - ] -} - -resource "azurerm_monitor_metric_alert" "tls_cert_check" { - name = "tls-cert-check-${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - resource_group_name = data.azurerm_resource_group.monitor_rg.name - scopes = [data.azurerm_application_insights.application_insights.id] - description = "Whenever the average availabilityresults/availabilitypercentage is less than 100%" - severity = 0 - frequency = "PT5M" - auto_mitigate = false - - criteria { - metric_namespace = "microsoft.insights/components" - metric_name = "availabilityResults/availabilityPercentage" - aggregation = "Average" - operator = "LessThan" - threshold = 50 - - dimension { - name = "availabilityResult/name" - operator = "Include" - values = ["${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it"] - } - } - - action { - action_group_id = data.azurerm_monitor_action_group.error_action_group.id - } -} diff --git a/src/.template-app/02_security.tf b/src/.template-app/02_security.tf deleted file mode 100644 index 31ed9ca52..000000000 --- a/src/.template-app/02_security.tf +++ /dev/null @@ -1,4 +0,0 @@ -data "azurerm_key_vault" "kv" { - name = "${local.product}-${var.domain}-kv" - resource_group_name = "${local.product}-${var.domain}-sec-rg" -} diff --git a/src/.template-app/03_serviceaccounts_azure_devops.tf b/src/.template-app/03_serviceaccounts_azure_devops.tf deleted file mode 100644 index bd14e5d77..000000000 --- a/src/.template-app/03_serviceaccounts_azure_devops.tf +++ /dev/null @@ -1,63 +0,0 @@ -resource "kubernetes_namespace" "namespace_system" { - metadata { - name = "${var.domain}-system" - } -} - -resource "kubernetes_service_account" "azure_devops" { - metadata { - name = "azure-devops" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } - automount_service_account_token = false -} - -data "kubernetes_secret" "azure_devops_secret" { - metadata { - name = kubernetes_service_account.azure_devops.default_secret_name - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } - binary_data = { - "ca.crt" = "" - "token" = "" - } -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "azure_devops_sa_token" { - depends_on = [kubernetes_service_account.azure_devops] - name = "${local.aks_name}-azure-devops-sa-token" - value = data.kubernetes_secret.azure_devops_secret.binary_data["token"] # base64 value - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "azure_devops_sa_cacrt" { - depends_on = [kubernetes_service_account.azure_devops] - name = "${local.aks_name}-azure-devops-sa-cacrt" - value = data.kubernetes_secret.azure_devops_secret.binary_data["ca.crt"] # base64 value - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -#-------------------------------------------------------------------------------------------------- - -resource "kubernetes_role_binding" "deployer_binding" { - metadata { - name = "deployer-binding" - namespace = kubernetes_namespace.namespace.metadata[0].name - } - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "cluster-deployer" - } - subject { - kind = "ServiceAccount" - name = "azure-devops" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } -} diff --git a/src/.template-app/05_resource_group.tf b/src/.template-app/05_resource_group.tf deleted file mode 100644 index 5aaaddf6e..000000000 --- a/src/.template-app/05_resource_group.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "azurerm_resource_group" "data_process_rg" { - name = "${local.project}-data-process-rg" - location = var.location - - tags = var.tags -} diff --git a/src/.template-app/99_locals.tf b/src/.template-app/99_locals.tf deleted file mode 100644 index 6f2d88fa1..000000000 --- a/src/.template-app/99_locals.tf +++ /dev/null @@ -1,23 +0,0 @@ -locals { - project = "${var.prefix}-${var.env_short}-${var.domain}-${var.location_short}-${var.instance}" - product = "${var.prefix}-${var.env_short}" - - monitor_action_group_slack_name = "SlackPagoPA" - monitor_action_group_email_name = "EmailPagoPA" - - vnet_name = "${local.product}-${var.location_short}-${var.instance}-vnet" - vnet_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-vnet-rg" - - vnet_common_name = "${local.product}-vnet-common" - vnet_common_resource_group_name = "${local.product}-rg-common" - - ingress_hostname = "${var.location_short}${var.instance}.${var.domain}" - internal_dns_zone_name = "internal.${var.prefix}.pagopa.it" - internal_dns_zone_resource_group_name = "${local.product}-rg-internal" - - acr_name = replace("${local.product}commonacr", "-", "") - acr_resource_group_name = "${local.product}-container-registry-rg" - - aks_name = "${local.product}-${var.location_short}-${var.instance}-aks" - aks_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg" -} diff --git a/src/.template-app/99_main.tf b/src/.template-app/99_main.tf deleted file mode 100644 index afd878af8..000000000 --- a/src/.template-app/99_main.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "<= 3.40.0" - } - azuread = { - source = "hashicorp/azuread" - version = "<= 2.33.0" - } - null = { - source = "hashicorp/null" - version = "<= 3.2.1" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "= 2.17.0" - } - helm = { - source = "hashicorp/helm" - version = "= 2.8.0" - } - } - - backend "azurerm" {} -} - -provider "azurerm" { - features { - key_vault { - purge_soft_delete_on_destroy = false - } - } -} - -data "azurerm_subscription" "current" {} - -data "azurerm_client_config" "current" {} - -provider "kubernetes" { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" -} - -provider "helm" { - kubernetes { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" - } -} diff --git a/src/.template-app/99_variables.tf b/src/.template-app/99_variables.tf deleted file mode 100644 index b444e8b3a..000000000 --- a/src/.template-app/99_variables.tf +++ /dev/null @@ -1,125 +0,0 @@ -# general - -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) < 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of wue, neu" -} - -variable "location_string" { - type = string - description = "One of West Europe, North Europe" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "lock_enable" { - type = bool - default = false - description = "Apply locks to block accedentaly deletions." -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -### External resources - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} - -variable "log_analytics_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace." -} - -variable "log_analytics_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace is located in." -} - -variable "application_insights_name" { - type = string - description = "Specifies the name of the Application Insights." -} - -### Aks - -variable "k8s_kube_config_path_prefix" { - type = string - default = "~/.kube" -} - -variable "ingress_load_balancer_ip" { - type = string -} - -variable "reloader_helm" { - type = object({ - chart_version = string, - image_name = string, - image_tag = string - }) - description = "reloader helm chart configuration" -} - -variable "tls_cert_check_helm" { - type = object({ - chart_version = string, - image_name = string, - image_tag = string - }) - description = "tls cert helm chart configuration" -} diff --git a/src/.template-app/README.md b/src/.template-app/README.md deleted file mode 100644 index 06f8da39a..000000000 --- a/src/.template-app/README.md +++ /dev/null @@ -1,86 +0,0 @@ - - -## Requirements - -| Name | Version | -|------|---------| -| [azuread](#requirement\_azuread) | <= 2.33.0 | -| [azurerm](#requirement\_azurerm) | <= 3.40.0 | -| [helm](#requirement\_helm) | = 2.8.0 | -| [kubernetes](#requirement\_kubernetes) | = 2.17.0 | -| [null](#requirement\_null) | <= 3.2.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [pod\_identity](#module\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3//kubernetes_pod_identity | v4.1.3 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.azure_devops_sa_cacrt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.azure_devops_sa_token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_monitor_metric_alert.tls_cert_check](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource | -| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | -| [azurerm_resource_group.data_process_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | -| [helm_release.tls_cert_check](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | -| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource | -| [kubernetes_namespace.namespace_system](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource | -| [kubernetes_role_binding.deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/role_binding) | resource | -| [kubernetes_service_account.azure_devops](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/service_account) | resource | -| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_kubernetes_cluster.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source | -| [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | -| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_documents_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_file_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_queue_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_table_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | -| [azurerm_virtual_network.vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | -| [kubernetes_secret.azure_devops_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/secret) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_insights\_name](#input\_application\_insights\_name) | Specifies the name of the Application Insights. | `string` | n/a | yes | -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | -| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | -| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | -| [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | -| [location\_string](#input\_location\_string) | One of West Europe, North Europe | `string` | n/a | yes | -| [lock\_enable](#input\_lock\_enable) | Apply locks to block accedentaly deletions. | `bool` | `false` | no | -| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | -| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | -| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | -| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [reloader\_helm](#input\_reloader\_helm) | reloader helm chart configuration |
object({| n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` |
chart_version = string,
image_name = string,
image_tag = string
})
{| no | -| [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration |
"CreatedBy": "Terraform"
}
object({| n/a | yes | - -## Outputs - -No outputs. - diff --git a/src/.template-app/env/weu-beta/backend.ini b/src/.template-app/env/weu-beta/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/.template-app/env/weu-beta/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/.template-app/env/weu-beta/backend.tfvars b/src/.template-app/env/weu-beta/backend.tfvars deleted file mode 100644 index b1e17e9b1..000000000 --- a/src/.template-app/env/weu-beta/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.template-app-weu-beta.tfstate" diff --git a/src/.template-app/env/weu-beta/terraform.tfvars b/src/.template-app/env/weu-beta/terraform.tfvars deleted file mode 100644 index 1820788c9..000000000 --- a/src/.template-app/env/weu-beta/terraform.tfvars +++ /dev/null @@ -1,44 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "template" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "beta" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/template" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "1.21.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### Aks - -ingress_load_balancer_ip = "10.10.0.254" diff --git a/src/.template-app/env/weu-prod01/backend.ini b/src/.template-app/env/weu-prod01/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/.template-app/env/weu-prod01/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/.template-app/env/weu-prod01/backend.tfvars b/src/.template-app/env/weu-prod01/backend.tfvars deleted file mode 100644 index 7ad3cb598..000000000 --- a/src/.template-app/env/weu-prod01/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.template-app-weu-prod01.tfstate" diff --git a/src/.template-app/env/weu-prod01/terraform.tfvars b/src/.template-app/env/weu-prod01/terraform.tfvars deleted file mode 100644 index b8f413029..000000000 --- a/src/.template-app/env/weu-prod01/terraform.tfvars +++ /dev/null @@ -1,44 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "template" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "prod01" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/template" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "1.21.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### Aks - -ingress_load_balancer_ip = "10.11.0.254" diff --git a/src/.template-app/env/weu-prod02/backend.ini b/src/.template-app/env/weu-prod02/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/.template-app/env/weu-prod02/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/.template-app/env/weu-prod02/backend.tfvars b/src/.template-app/env/weu-prod02/backend.tfvars deleted file mode 100644 index 49d70aead..000000000 --- a/src/.template-app/env/weu-prod02/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.template-app-weu-prod02.tfstate" diff --git a/src/.template-app/env/weu-prod02/terraform.tfvars b/src/.template-app/env/weu-prod02/terraform.tfvars deleted file mode 100644 index 6d8dd5461..000000000 --- a/src/.template-app/env/weu-prod02/terraform.tfvars +++ /dev/null @@ -1,44 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "template" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "prod02" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/template" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v0.0.118" - image_name = "stakater/reloader" - image_tag = "v0.0.118@sha256:2d423cab8d0e83d1428ebc70c5c5cafc44bd92a597bff94007f93cddaa607b02" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "1.21.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### Aks - -ingress_load_balancer_ip = "10.12.100.250" diff --git a/src/.template-app/templates/tls-cert.yaml.tpl b/src/.template-app/templates/tls-cert.yaml.tpl deleted file mode 100644 index c05ff866b..000000000 --- a/src/.template-app/templates/tls-cert.yaml.tpl +++ /dev/null @@ -1,56 +0,0 @@ -namespace: '${namespace}' - -image: - repository: '${image_name}' - tag: '${image_tag}' - -ingress: - create: false - -service: - create: false - -readinessProbe: - httpGet: - port: 8080 - -livenessProbe: - httpGet: - port: 8080 - -resources: - requests: - memory: '96Mi' - cpu: '10m' - limits: - memory: '128Mi' - cpu: '50m' - -envConfig: - WEBSITE_SITE_NAME: '${website_site_name}' - FUNCTION_WORKER_RUNTIME: 'dotnet' - TIME_TRIGGER: '${time_trigger}' - FunctionName: '${function_name}' - Region: '${region}' - ExpirationDeltaInDays: '${expiration_delta_in_days}' - Host: 'https://${host}' - AzureWebJobsStorage: "UseDevelopmentStorage=true" - -envSecret: - APPINSIGHTS_INSTRUMENTATIONKEY: '${appinsights_instrumentationkey}' - -keyvault: - name: '${keyvault_name}' - tenantId: '${keyvault_tenantid}' - -sidecars: - - name: azurite - securityContext: - allowPrivilegeEscalation: false - image: mcr.microsoft.com/azure-storage/azurite:3.18.0@sha256:fbd99a4aa4259827081ff9e5cd133a531f20fa2d1d010891fd474d5798f15d7a - ports: - - containerPort: 10000 - resources: - limits: - memory: 100Mi - cpu: 20m diff --git a/src/.template-app/terraform.sh b/src/.template-app/terraform.sh deleted file mode 100755 index 8e90bb419..000000000 --- a/src/.template-app/terraform.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -set -e - -action=$1 -env=$2 -shift 2 -other=$@ - -if [ -z "$action" ]; then - echo "Missed action: init, apply, plan" - exit 0 -fi - -if [ -z "$env" ]; then - echo "env should be: dev, uat or prod." - exit 0 -fi - -source "./env/$env/backend.ini" -az account set -s "${subscription}" - -if [ "$action" = "force-unlock" ]; then - echo "🧠terraform INIT in env: ${env}" - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" $other - warn_message="You are about to unlock Terraform's remote state. - This is a dangerous task you want to be aware of before going on. - This operation won't affect your infrastructure directly. - However, please note that you may lose pieces of information about partially-applied configurations. - - Please refer to the official Terraform documentation about the command: - https://developer.hashicorp.com/terraform/cli/commands/force-unlock" - printf "\n\e[33m%s\e[0m\n\n" "$warn_message" - - read -r -p "Please enter the LOCK ID: " lock_id - terraform force-unlock "$lock_id" - - exit 0 # this line prevents the script to go on -fi - -if echo "init plan apply refresh import output state taint destroy" | grep -w $action > /dev/null; then - if [ $action = "init" ]; then - terraform $action -reconfigure -backend-config="./env/$env/backend.tfvars" $other - elif [ $action = "output" ] || [ $action = "state" ] || [ $action = "taint" ]; then - # init terraform backend - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform $action $other - else - # init terraform backend - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform $action -var-file="./env/$env/terraform.tfvars" $other - fi -else - echo "Action not allowed." - exit 1 -fi diff --git a/src/.template-common/.terraform.lock.hcl b/src/.template-common/.terraform.lock.hcl deleted file mode 100644 index 3cabe466a..000000000 --- a/src/.template-common/.terraform.lock.hcl +++ /dev/null @@ -1,71 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.33.0" - constraints = "<= 2.33.0" - hashes = [ - "h1:PDiZA9QpXCkaSuWu6jiCRcjVtKJETqjcOZq4I434zfE=", - "h1:QAQe2+WSqGnHYAVoA+NN4Oeuoqg5sXq3U9Qmj6S1P5M=", - "h1:XIvCW3Nl4bW1bc9f8jyGhft+fQjaed4yy/LFzDAeVJ8=", - "h1:Z28tjly5UfKOE+HL/oALxCPhmCuBwUgZ4uaYt68VR3M=", - "zh:0602d03d7d7e38819f78dc377e64f365427496edf1065bfbb113e3921ab1c34e", - "zh:08843838f4fe146084592472648d4ea7191931eabe042a96c3b3c6eaf8ddfb43", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:26a0d8a186e3b47ea0b7217a8e420b03fda59b7a680bb3ea52cf7d3e6d965ef3", - "zh:352a1cacaacd39e796de15a52d192ab0e6eb98dd36b5fbf8ebddd37e6dafa4ac", - "zh:3702ad4c534e67e2e07b060bfe5e6edc244c59c911906c8b15b96e7fecb0ff2c", - "zh:93b5248d26bdd44845b2ab051a2168c7edad788ae9836f62ea5fb632fd59d7ea", - "zh:a7b880155f4a67b52a5bfe78de33dc55254ef80006234f00e36aaf6533b1de4a", - "zh:a7cf0829364127c9bca26ec01ea3d66988b43987b2d26a3290487d1fc0da50eb", - "zh:b1f82b0d30af733b36a2f849799e0b1ed6a72888fa32a438c829c4e5cff88e20", - "zh:b6c2b23770852de8f56b549579c2f5a82afd84a9ca0616d53a25d48488f7aaf0", - "zh:d87dfbdfe8ab9d3a2e33f210333d40f211ea7d33bfa671063e6807c6ddd85a52", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.40.0" - constraints = ">= 3.30.0, <= 3.40.0" - hashes = [ - "h1:/Jbhw/zNAsDYDoASaG6w+0KZyay9BkUVOpR8b7m0CsA=", - "h1:7Vfig36efXmcsWQSZwdB+bqZLtoZ/RyytY9lXHx9Fic=", - "h1:VpRitAMc2wjUH/2jCz9MtZZd83UFxwTCamjRvIh/Nvg=", - "h1:dSM3nwscFP/OmH5Kr5FGao+9DjIXUEECnbMtWdrQOdg=", - "zh:00fa6dc05bf2643c6a3c741edb7d88263698086835a8a613f1d7bd76d1b918fd", - "zh:0da9b788e773272a7aa9d59bd9e3d5842edd4acc8c3895bea469e66dc14205a0", - "zh:25a8c39d1f042fc7c83ba9dd745c3569ea9e577fadb57563a575fb115ac2b9f1", - "zh:4423666dbeae8bc22c6e8898ffbb88745681dc27668ca9104b665dd7f3d7292c", - "zh:78c07308e7407b558d15737a98fb5eaf15529d297fc3798de6a7d61e0466e2e3", - "zh:894aca7e6f4f331ee8eb51957a180dc03d399d2b1727e0d7842e9b3f022a8c6a", - "zh:bb0e620c2161b4c4892a6f50b1c4c69ed70f66bb5e92543a03d79d0e4b1d9441", - "zh:c7d8e6a791159ca63b30908c9efe72ab65f60d64b30f0c1eb5a64972f4994844", - "zh:d04c11bfd346c1ac34d16bbdca70b23b006e822f6beb236b85375e8343888eb4", - "zh:f4edea9660327c7c70a823d786fd1b1c1b186c8759770447f63da72f23e1a73c", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f986e268949cf445ff53a66af48a87c6f6dba5964e8a5b1dc0ea02afabdd71f7", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "<= 3.2.1" - hashes = [ - "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", - "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", - ] -} diff --git a/src/.template-common/00_azuread.tf b/src/.template-common/00_azuread.tf deleted file mode 100644 index bfffd3a8b..000000000 --- a/src/.template-common/00_azuread.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Azure AD -data "azuread_group" "adgroup_admin" { - display_name = format("%s-adgroup-admin", local.product) -} - -data "azuread_group" "adgroup_developers" { - display_name = format("%s-adgroup-developers", local.product) -} - -data "azuread_group" "adgroup_externals" { - display_name = format("%s-adgroup-externals", local.product) -} - -data "azuread_group" "adgroup_security" { - display_name = format("%s-adgroup-security", local.product) -} diff --git a/src/.template-common/01_monitor.tf b/src/.template-common/01_monitor.tf deleted file mode 100644 index 473495075..000000000 --- a/src/.template-common/01_monitor.tf +++ /dev/null @@ -1,41 +0,0 @@ -data "azurerm_log_analytics_workspace" "log_analytics" { - name = var.log_analytics_workspace_name - resource_group_name = var.log_analytics_workspace_resource_group_name -} - -data "azurerm_application_insights" "application_insights" { - name = var.application_insights_name - resource_group_name = var.monitor_resource_group_name -} - -data "azurerm_resource_group" "monitor_rg" { - name = var.monitor_resource_group_name -} - -data "azurerm_monitor_action_group" "slack" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_slack_name -} - -data "azurerm_monitor_action_group" "email" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_email_name -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "appinsights_instrumentation_key" { - name = "appinsights-instrumentation-key" - value = data.azurerm_application_insights.application_insights.instrumentation_key - content_type = "only instrumentation key" - - key_vault_id = module.key_vault.id -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "appinsights_connection_string" { - name = "appinsights-connection-string" - value = data.azurerm_application_insights.application_insights.connection_string - content_type = "full connection string, example InstrumentationKey=XXXXX" - - key_vault_id = module.key_vault.id -} diff --git a/src/.template-common/01_network.tf b/src/.template-common/01_network.tf deleted file mode 100644 index d63bb289c..000000000 --- a/src/.template-common/01_network.tf +++ /dev/null @@ -1,4 +0,0 @@ -data "azurerm_virtual_network" "vnet_common" { - name = local.vnet_common_name - resource_group_name = local.vnet_common_resource_group_name -} diff --git a/src/.template-common/02_security.tf b/src/.template-common/02_security.tf deleted file mode 100644 index d92eefd3a..000000000 --- a/src/.template-common/02_security.tf +++ /dev/null @@ -1,44 +0,0 @@ -resource "azurerm_resource_group" "sec_rg" { - name = "${local.product}-${var.domain}-sec-rg" - location = var.location - - tags = var.tags -} - -module "key_vault" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v4.1.3" - - name = "${local.product}-${var.domain}-kv" - location = azurerm_resource_group.sec_rg.location - resource_group_name = azurerm_resource_group.sec_rg.name - tenant_id = data.azurerm_client_config.current.tenant_id - soft_delete_retention_days = 90 - - tags = var.tags -} - -## adgroup_admin group policy ## -resource "azurerm_key_vault_access_policy" "adgroup_admin" { - key_vault_id = module.key_vault.id - - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_group.adgroup_admin.object_id - - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", ] - secret_permissions = ["Get", "List", "Set", "Delete", "Restore", "Recover", ] - storage_permissions = [] - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Recover", ] -} - -## adgroup_developers group policy ## -resource "azurerm_key_vault_access_policy" "adgroup_developers" { - key_vault_id = module.key_vault.id - - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_group.adgroup_developers.object_id - - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", ] - secret_permissions = ["Get", "List", "Set", "Delete", "Restore", "Recover", ] - storage_permissions = [] - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Recover", ] -} diff --git a/src/.template-common/99_locals.tf b/src/.template-common/99_locals.tf deleted file mode 100644 index c928766e8..000000000 --- a/src/.template-common/99_locals.tf +++ /dev/null @@ -1,13 +0,0 @@ -locals { - project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" - product = "${var.prefix}-${var.env_short}" - - monitor_action_group_slack_name = "SlackPagoPA" - monitor_action_group_email_name = "EmailPagoPA" - - vnet_common_name = "${local.product}-vnet-common" - vnet_common_resource_group_name = "${local.product}-rg-common" - - acr_name = replace("${local.product}commonacr", "-", "") - acr_resource_group_name = "${local.product}-container-registry-rg" -} diff --git a/src/.template-common/99_main.tf b/src/.template-common/99_main.tf deleted file mode 100644 index 07e5da8b6..000000000 --- a/src/.template-common/99_main.tf +++ /dev/null @@ -1,30 +0,0 @@ -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "<= 3.40.0" - } - azuread = { - source = "hashicorp/azuread" - version = "<= 2.33.0" - } - null = { - source = "hashicorp/null" - version = "<= 3.2.1" - } - } - - backend "azurerm" {} -} - -provider "azurerm" { - features { - key_vault { - purge_soft_delete_on_destroy = false - } - } -} - -data "azurerm_subscription" "current" {} - -data "azurerm_client_config" "current" {} diff --git a/src/.template-common/99_variables.tf b/src/.template-common/99_variables.tf deleted file mode 100644 index beb1b1087..000000000 --- a/src/.template-common/99_variables.tf +++ /dev/null @@ -1,85 +0,0 @@ -# general - -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) < 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of wue, neu" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -### External resources - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} - -variable "log_analytics_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace." -} - -variable "log_analytics_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace is located in." -} - -variable "application_insights_name" { - type = string - description = "Specifies the name of the Application Insights." -} diff --git a/src/.template-common/README.md b/src/.template-common/README.md deleted file mode 100644 index 8a359e487..000000000 --- a/src/.template-common/README.md +++ /dev/null @@ -1,59 +0,0 @@ - - -## Requirements - -| Name | Version | -|------|---------| -| [azuread](#requirement\_azuread) | <= 2.33.0 | -| [azurerm](#requirement\_azurerm) | <= 3.40.0 | -| [null](#requirement\_null) | <= 3.2.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v4.1.3 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_key_vault_access_policy.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_secret.appinsights_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.appinsights_instrumentation_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | -| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_virtual_network.vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_insights\_name](#input\_application\_insights\_name) | Specifies the name of the Application Insights. | `string` | n/a | yes | -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | -| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | -| [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | -| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | -| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | -| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | -| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` |
chart_version = string,
image_name = string,
image_tag = string
})
{| no | - -## Outputs - -No outputs. - diff --git a/src/.template-common/env/prod/backend.ini b/src/.template-common/env/prod/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/.template-common/env/prod/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/.template-common/env/prod/backend.tfvars b/src/.template-common/env/prod/backend.tfvars deleted file mode 100644 index 1d2033ad9..000000000 --- a/src/.template-common/env/prod/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.template-common-prod.tfstate" diff --git a/src/.template-common/env/prod/terraform.tfvars b/src/.template-common/env/prod/terraform.tfvars deleted file mode 100644 index 449b5199b..000000000 --- a/src/.template-common/env/prod/terraform.tfvars +++ /dev/null @@ -1,22 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "template" -location = "westeurope" -location_short = "weu" -instance = "common" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/template-common" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" diff --git a/src/.template-common/terraform.sh b/src/.template-common/terraform.sh deleted file mode 100755 index 8e90bb419..000000000 --- a/src/.template-common/terraform.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -set -e - -action=$1 -env=$2 -shift 2 -other=$@ - -if [ -z "$action" ]; then - echo "Missed action: init, apply, plan" - exit 0 -fi - -if [ -z "$env" ]; then - echo "env should be: dev, uat or prod." - exit 0 -fi - -source "./env/$env/backend.ini" -az account set -s "${subscription}" - -if [ "$action" = "force-unlock" ]; then - echo "🧠terraform INIT in env: ${env}" - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" $other - warn_message="You are about to unlock Terraform's remote state. - This is a dangerous task you want to be aware of before going on. - This operation won't affect your infrastructure directly. - However, please note that you may lose pieces of information about partially-applied configurations. - - Please refer to the official Terraform documentation about the command: - https://developer.hashicorp.com/terraform/cli/commands/force-unlock" - printf "\n\e[33m%s\e[0m\n\n" "$warn_message" - - read -r -p "Please enter the LOCK ID: " lock_id - terraform force-unlock "$lock_id" - - exit 0 # this line prevents the script to go on -fi - -if echo "init plan apply refresh import output state taint destroy" | grep -w $action > /dev/null; then - if [ $action = "init" ]; then - terraform $action -reconfigure -backend-config="./env/$env/backend.tfvars" $other - elif [ $action = "output" ] || [ $action = "state" ] || [ $action = "taint" ]; then - # init terraform backend - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform $action $other - else - # init terraform backend - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform $action -var-file="./env/$env/terraform.tfvars" $other - fi -else - echo "Action not allowed." - exit 1 -fi diff --git a/src/common/prod/README.md b/src/common/prod/README.md index c7fb705d2..9e23aa051 100644 --- a/src/common/prod/README.md +++ b/src/common/prod/README.md @@ -42,6 +42,7 @@ | [azurerm_subnet.admin_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.cosmos_api_allowed](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.functions_fast_login_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.itn_auth_fast_login_func_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.itn_msgs_sending_func_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.services_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_virtual_network.weu_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | diff --git a/src/common/prod/data.tf b/src/common/prod/data.tf index 049174af0..bfe3aeff3 100644 --- a/src/common/prod/data.tf +++ b/src/common/prod/data.tf @@ -103,6 +103,12 @@ data "azurerm_subnet" "admin_snet" { virtual_network_name = local.core.networking.weu.vnet_common.name } +data "azurerm_subnet" "itn_auth_fast_login_func_snet" { + name = "${local.project_itn}-citizen-auth-fast-login-snet-01" + resource_group_name = local.core.networking.itn.vnet_common.resource_group_name + virtual_network_name = local.core.networking.itn.vnet_common.name +} + data "azurerm_subnet" "functions_fast_login_snet" { name = "${local.project_weu}-fast-login-snet" resource_group_name = local.core.networking.weu.vnet_common.resource_group_name diff --git a/src/common/prod/westeurope.tf b/src/common/prod/westeurope.tf index 4728c9a72..adcfea10c 100644 --- a/src/common/prod/westeurope.tf +++ b/src/common/prod/westeurope.tf @@ -493,6 +493,7 @@ module "app_backend_li_weu" { [ data.azurerm_subnet.admin_snet.id, data.azurerm_subnet.functions_fast_login_snet.id, + data.azurerm_subnet.itn_auth_fast_login_func_snet.id, data.azurerm_subnet.itn_msgs_sending_func_snet.id ]) slot_allowed_subnets = concat([local.azdoa_snet_id["weu"]], data.azurerm_subnet.services_snet.*.id, [data.azurerm_subnet.admin_snet.id]) diff --git a/src/core/.terraform.lock.hcl b/src/core/.terraform.lock.hcl deleted file mode 100644 index e5094b6ee..000000000 --- a/src/core/.terraform.lock.hcl +++ /dev/null @@ -1,163 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/azure/azapi" { - version = "1.9.0" - constraints = "<= 1.9.0" - hashes = [ - "h1:Ow1rr5fYBGSkplH/kcXeWz9y2wA81BnhZ7vTBzJfAAg=", - "h1:shpEoqcAbf+p6AvspiYO1YrX//8l1LV/owEcQpujWHw=", - "h1:yIJQVdnmGZdvS3yrw0M8ke9KiB/c0tjZ7KUXC46Hjx0=", - "h1:zaLH2Owmj61RX2G1Cy6VDy8Ttfzx+lDsSCyiu5cXkm4=", - "zh:349569471fbf387feaaf8b88da1690669e201147c342f905e5eb03df42b3cf87", - "zh:54346d5fb78cbad3eb7cfd96e1dd7ce4f78666cabaaccfec6ee9437476330018", - "zh:64b799da915ea3a9a58ac7a926c6a31c59fd0d911687804d8e815eda88c5580b", - "zh:9336ed9e112555e0fda8af6be9ba21478e30117d79ba662233311d9560d2b7c6", - "zh:a8aace9897b28ea0b2dbd7a3be3df033e158af40412c9c7670be0956f216ed7e", - "zh:ab23df7de700d9e785009a4ca9ceb38ae1ab894a13f5788847f15d018556f415", - "zh:b4f13f0b13560a67d427c71c85246f8920f98987120341830071df4535842053", - "zh:e58377bf36d8a14d28178a002657865ee17446182dac03525fd43435e41a1b5c", - "zh:ea5db4acc6413fd0fe6b35981e58cdc9850f5f3118031cc3d2581de511aee6aa", - "zh:f0b32c06c6bd4e4af2c02a62be07b947766aeeb09289a03f21aba16c2fd3c60f", - "zh:f1518e766a90c257d7eb36d360dafaf311593a4a9352ff8db0bcfe0ed8cf45ae", - "zh:fa89e84cff0776b5b61ff27049b1d8ed52040bd58c81c4628890d644a6fb2989", - ] -} - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.33.0" - constraints = "<= 2.33.0" - hashes = [ - "h1:PDiZA9QpXCkaSuWu6jiCRcjVtKJETqjcOZq4I434zfE=", - "h1:QAQe2+WSqGnHYAVoA+NN4Oeuoqg5sXq3U9Qmj6S1P5M=", - "h1:XIvCW3Nl4bW1bc9f8jyGhft+fQjaed4yy/LFzDAeVJ8=", - "h1:Z28tjly5UfKOE+HL/oALxCPhmCuBwUgZ4uaYt68VR3M=", - "zh:0602d03d7d7e38819f78dc377e64f365427496edf1065bfbb113e3921ab1c34e", - "zh:08843838f4fe146084592472648d4ea7191931eabe042a96c3b3c6eaf8ddfb43", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:26a0d8a186e3b47ea0b7217a8e420b03fda59b7a680bb3ea52cf7d3e6d965ef3", - "zh:352a1cacaacd39e796de15a52d192ab0e6eb98dd36b5fbf8ebddd37e6dafa4ac", - "zh:3702ad4c534e67e2e07b060bfe5e6edc244c59c911906c8b15b96e7fecb0ff2c", - "zh:93b5248d26bdd44845b2ab051a2168c7edad788ae9836f62ea5fb632fd59d7ea", - "zh:a7b880155f4a67b52a5bfe78de33dc55254ef80006234f00e36aaf6533b1de4a", - "zh:a7cf0829364127c9bca26ec01ea3d66988b43987b2d26a3290487d1fc0da50eb", - "zh:b1f82b0d30af733b36a2f849799e0b1ed6a72888fa32a438c829c4e5cff88e20", - "zh:b6c2b23770852de8f56b549579c2f5a82afd84a9ca0616d53a25d48488f7aaf0", - "zh:d87dfbdfe8ab9d3a2e33f210333d40f211ea7d33bfa671063e6807c6ddd85a52", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.110.0" - constraints = "~> 3.30, ~> 3.76, != 3.97.0, != 3.97.1, <= 3.110.0" - hashes = [ - "h1:4QrrAcbVTUzX2xQIywvAZeM+lrCgcFbFGoADvTAXdhk=", - "h1:EY+IRabj+4NJ3tqB4kVg7dTjoTdwOMHUhIvIoddgRTI=", - "h1:ice1q9zU8gIFSpCvuO7NBvod/zV5FPoZHhaHvXlETss=", - "h1:uxeKsqfI9LjvYkcMCiFwlDpQzZvrB83pVJIoG9s4t54=", - "zh:1a1fe9e1a4c08453f249352d135349f7a06f2973dbb839375c7b802523a87351", - "zh:25a9ddeb9b0e1d974aa45ecd67e3f7b8ee333565f0fd99e02b588acf55c46664", - "zh:3ef3f6ed554348b10a645342110baa7d5a4932857e66f20b2b258f9c1af57b0b", - "zh:443e05f7510de0992d7fd4912d2aa3ef477cf186e7c2796bbb699ea12e531b86", - "zh:815444b71a70e79a2c96995bb1970a860d9ce160e11d07c7e61dd284f9b9de8e", - "zh:839d6bc2344e64f0ae8c39c2fd76bedd86c96c3ea22d827492f797b114cb761a", - "zh:922ec196b32c2fe8cff13a58ebfd75929f3a500cf8730aa80d72e0074f00b7cd", - "zh:a818559d9d389b0d6d27bc2c9cea7b97c27451bd9a49f4e86d2221613b459e09", - "zh:e90979a9f2574a368c5857a19bbfa43718cfd4ba12cc3dff9f7ce8f782160d1b", - "zh:f1321caa0a77e7ffb68384b3e35d285fa0fa6c2a8202d2a37d8c321367060ac7", - "zh:f3ae86bf1cb82923595d389db220fd2039cb5fd3720d754abd5c06b6c705ac2c", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.3.0" - constraints = "<= 2.3.0" - hashes = [ - "h1:+l9ZTDGmGdwnuYI5ftUjwP8UgoLw4f4V9xoCzal4LW0=", - "h1:7y8CXQKtfyvrMCSWgCkCclNN9L161u6jO1dEGVaB5RQ=", - "h1:QIfFmZI8Z9pjil7ikM17xG4+9B5+hCMlyA2HBeOLvq0=", - "h1:U+DbBqKnXSIqC2z7qIko2dy8w6wwuZd89orPvfeqHk0=", - "zh:1f1920b3f78c31c6b69cdfe1e016a959667c0e2d01934e1a084b94d5a02cd9d2", - "zh:550a3cdae0ddb350942624e7b2e8b31d28bc15c20511553432413b1f38f4b214", - "zh:68d1d9ccbfce2ce56b28a23b22833a5369d4c719d6d75d50e101a8a8dbe33b9b", - "zh:6ae3ad6d865a906920c313ec2f413d080efe32c230aca711fd106b4cb9022ced", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a0f413d50f54124057ae3dcd9353a797b84e91dc34bcf85c34a06f8aef1f9b12", - "zh:a2ac6d4088ceddcd73d88505e18b8226a6e008bff967b9e2d04254ef71b4ac6b", - "zh:a851010672e5218bdd4c4ea1822706c9025ef813a03da716d647dd6f8e2cffb0", - "zh:aa797561755041ef2fad99ee9ffc12b5e724e246bb019b21d7409afc2ece3232", - "zh:c6afa960a20d776f54bb1fc260cd13ead17280ebd87f05b9abcaa841ed29d289", - "zh:df0975e86b30bb89717b8c8d6d4690b21db66de06e79e6d6cfda769f3304afe6", - "zh:f0d3cc3da72135efdbe8f4cfbfb0f2f7174827887990a5545e6db1981f0d3a7c", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "<= 3.2.1" - hashes = [ - "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", - "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.4.3" - constraints = "<= 3.4.3" - hashes = [ - "h1:hXUPrH8igYBhatzatkp80RCeeUJGu9lQFDyKemOlsTo=", - "h1:saZR+mhthL0OZl4SyHXZraxyaBNVMxiZzks78nWcZ2o=", - "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=", - "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", - "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", - "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", - "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", - "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", - "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", - "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", - "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", - "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", - "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", - "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" - constraints = "<= 4.0.4" - hashes = [ - "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", - "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", - "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=", - "h1:rKKMyIEBZwR+8j6Tx3PwqBrStuH+J+pxcbCR5XN8WAw=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/src/core/99_locals.tf b/src/core/99_locals.tf deleted file mode 100644 index 7b6d2a526..000000000 --- a/src/core/99_locals.tf +++ /dev/null @@ -1,40 +0,0 @@ -locals { - project = "${var.prefix}-${var.env_short}" - - app_insights_ips_west_europe = [ - "51.144.56.96/28", - "51.144.56.112/28", - "51.144.56.128/28", - "51.144.56.144/28", - "51.144.56.160/28", - "51.144.56.176/28", - ] - - aks_ips = [ - // aks beta - "51.124.16.195/32", - // aks prod01 - "51.105.109.140/32" - ] - - # windows standatd. It can be different in linux service plan. - cet_time_zone_win = "Central Europe Standard Time" - - # Azure production subscription name - subscription = "PROD-IO" - - # APIM - apim_hostname_api_app_internal = format("api-app.internal.%s.%s", var.dns_zone_io, var.external_domain) - apim_hostname_api_internal = "api-internal.io.italia.it" # !warning, change only when you are sure that all endpoint call with the new endpoint: "api.internal.io.pagopa.it" todo change in format("api.internal.%s.%s", var.dns_zone_io, var.external_domain) - - - io-p-messages-weu-prod01-evh-ns = { - hostname = "io-p-messages-weu-prod01-evh-ns.servicebus.windows.net" - port = "9093" - } - - io-p-evh-ns = { - hostname = "io-p-evh-ns.servicebus.windows.net" - port = "9093" - } -} diff --git a/src/core/99_main.tf b/src/core/99_main.tf deleted file mode 100644 index c8bc30018..000000000 --- a/src/core/99_main.tf +++ /dev/null @@ -1,52 +0,0 @@ -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "<= 3.110.0" - } - azuread = { - source = "hashicorp/azuread" - version = "<= 2.33.0" - } - tls = { - source = "hashicorp/tls" - version = "<= 4.0.4" - } - local = { - source = "hashicorp/local" - version = "<= 2.3.0" - } - null = { - source = "hashicorp/null" - version = "<= 3.2.1" - } - random = { - source = "hashicorp/random" - version = "<= 3.4.3" - } - azapi = { - source = "azure/azapi" - version = "<= 1.9.0" - } - } - - backend "azurerm" {} -} - -provider "azurerm" { - features {} -} - -provider "azapi" { -} - -data "azurerm_subscription" "current" {} - -data "azurerm_client_config" "current" {} - -provider "azurerm" { - alias = "prod-trial" - subscription_id = "a2124115-ba74-462f-832a-9192cbd03649" - - features {} -} \ No newline at end of file diff --git a/src/core/99_variables.tf b/src/core/99_variables.tf deleted file mode 100644 index fae7dccf3..000000000 --- a/src/core/99_variables.tf +++ /dev/null @@ -1,568 +0,0 @@ -# general - -variable "prefix" { - type = string - default = "io" - validation { - condition = ( - length(var.prefix) < 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) <= 1 - ) - error_message = "Max length is 1 chars." - } -} - -variable "location" { - type = string - default = "westeurope" -} - -variable "location_in" { - type = string - default = "italynorth" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of weu, neu" -} - -variable "lock_enable" { - type = bool - default = false - description = "Apply locks to block accedentaly deletions." -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -## Monitor -variable "law_sku" { - type = string - description = "Sku of the Log Analytics Workspace" - default = "PerGB2018" -} - -variable "law_retention_in_days" { - type = number - description = "The workspace data retention in days" - default = 90 -} - -variable "law_daily_quota_gb" { - type = number - description = "The workspace daily quota for ingestion in GB." - default = -1 -} - -# DNS -variable "dns_default_ttl_sec" { - type = number - description = "value" - default = 3600 -} - -variable "external_domain" { - type = string - default = "pagopa.it" - description = "Domain for delegation" -} - -variable "dns_zone_io" { - type = string - default = null - description = "The dns subdomain." -} - -variable "dns_zone_io_selfcare" { - type = string - default = null - description = "The dns subdomain." -} - -variable "dns_zone_firmaconio_selfcare" { - type = string - default = null - description = "The dns subdomain." -} - -# azure devops -variable "azdo_sp_tls_cert_enabled" { - type = string - description = "Enable Azure DevOps connection for TLS cert management" - default = false -} - -variable "enable_azdoa" { - type = bool - description = "Enable Azure DevOps agent." -} - -variable "azdoa_image_name" { - type = string - description = "Azure DevOps Agent image name" -} - -variable "cidr_subnet_azdoa" { - type = list(string) - description = "Azure DevOps agent network address space." -} - -variable "enable_iac_pipeline" { - type = bool - description = "If true create the key vault policy to allow used by azure devops iac pipelines." - default = false -} - -## Monitor -variable "log_analytics_workspace_name" { - type = string - description = "The common Log Analytics Workspace name" - default = "" -} - -variable "application_insights_name" { - type = string - description = "The common Application Insights name" - default = "" -} - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} - -variable "log_analytics_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace is located in." -} - - -## - -# -# Network -# -variable "common_rg" { - type = string - description = "Common Virtual network resource group name." - default = "" -} - -variable "vnet_name" { - type = string - description = "Common Virtual network resource name." - default = "" -} - -variable "ddos_protection_plan" { - type = object({ - id = string - enable = bool - }) - default = null -} - -variable "cidr_common_in_vnet" { - type = list(string) - description = "Common Italy North Virtual network cidr." -} - -variable "cidr_common_vnet" { - type = list(string) - description = "Common Virtual network cidr." -} - -variable "cidr_weu_beta_vnet" { - type = list(string) - description = "Beta Virtual network cidr." -} - -variable "cidr_weu_prod01_vnet" { - type = list(string) - description = "Prod01 Virtual network cidr." -} - -variable "cidr_weu_prod02_vnet" { - type = list(string) - description = "Prod02 Virtual network cidr." -} - -## Subnet CIRDS -variable "cidr_subnet_redis_common" { - type = list(string) - description = "Redis common network address space." -} - -variable "cidr_subnet_eventhub" { - type = list(string) - description = "Eventhub network address space." -} - -variable "cidr_subnet_fnelt" { - type = list(string) - description = "function-elt network address space." -} - -variable "cidr_subnet_appgateway" { - type = list(string) - description = "Application gateway address space." -} - -variable "cidr_subnet_apim" { - type = list(string) - description = "Old Api Management address space." -} - -variable "cidr_subnet_apim_v2" { - type = list(string) - description = "Api Management V2 address space." -} - -variable "cidr_subnet_vpn" { - type = list(string) - description = "VPN network address space." -} - -variable "cidr_subnet_dnsforwarder" { - type = list(string) - description = "DNS Forwarder network address space." -} - -variable "cidr_subnet_selfcare_be" { - type = list(string) - description = "Selfcare IO frontend storage address space." -} - -variable "cidr_subnet_devportalservicedata_db_server" { - type = list(string) - description = "Space address for DevPortal Service Data PostgresSQL" -} - -variable "cidr_subnet_appbackendl1" { - type = list(string) - description = "App backend l1 address space." -} - -variable "cidr_subnet_appbackendl2" { - type = list(string) - description = "App backend l2 address space." -} - -variable "cidr_subnet_appbackendli" { - type = list(string) - description = "App backend li address space." -} - -variable "cidr_subnet_shared_1" { - type = list(string) -} - -variable "cidr_subnet_pendpoints" { - type = list(string) - description = "Private Endpoints address space." -} - -variable "cidr_subnet_fnlollipop" { - type = list(string) - description = "Function Lollipop address space." -} - -variable "cidr_subnet_fnfastlogin" { - type = list(string) - description = "Function Fast Login address space." -} - -## REDIS COMMON ## -variable "redis_common" { - type = object({ - capacity = number - shard_count = number - family = string - sku_name = string - public_network_access_enabled = bool - rdb_backup_enabled = bool - rdb_backup_frequency = number - rdb_backup_max_snapshot_count = number - redis_version = string - }) - description = "Redis Common configuration" -} - -## VPN ## -variable "vpn_sku" { - type = string - default = "VpnGw1" - description = "VPN Gateway SKU" -} - -variable "vpn_pip_sku" { - type = string - default = "Basic" - description = "VPN GW PIP SKU" -} - -## Apim -variable "apim_publisher_name" { - type = string -} - -variable "apim_v2_sku" { - type = string -} - -variable "apim_autoscale" { - type = object( - { - enabled = bool - default_instances = number - minimum_instances = number - maximum_instances = number - scale_out_capacity_percentage = number - scale_out_time_window = string - scale_out_value = string - scale_out_cooldown = string - scale_in_capacity_percentage = number - scale_in_time_window = string - scale_in_value = string - scale_in_cooldown = string - } - ) - description = "Configure Apim autoscale on capacity metric" -} - -variable "apim_alerts_enabled" { - type = bool - description = "Enable alerts" - default = true -} -## - -## Redis cache -variable "redis_apim_capacity" { - type = number - default = 1 -} - -variable "redis_apim_sku_name" { - type = string - default = "Standard" -} - -variable "redis_apim_family" { - type = string - default = "C" -} - -variable "cidr_subnet_redis_apim" { - type = list(string) - description = "Redis network address space." - default = [] -} -## - -# app backend - -variable "app_backend_names" { - description = "App backend instance names" - type = list(string) - default = [] -} - -variable "app_backend_plan_sku_tier" { - description = "App backend app plan sku tier" - type = string - default = "PremiumV3" -} - -variable "app_backend_plan_sku_size" { - description = "App backend app plan sku size" - type = string - default = "P1v3" -} - -variable "app_backend_autoscale_minimum" { - type = number - description = "The minimum number of instances for this resource." - default = 2 -} - -variable "app_backend_autoscale_maximum" { - type = number - description = "The maximum number of instances for this resource." - default = 30 -} - -variable "app_backend_autoscale_default" { - type = number - description = "The number of instances that are available for scaling if metrics are not available for evaluation." - default = 10 -} - -# selfcare -variable "selfcare_external_hostname" { - description = "Selfcare external hostname" - type = string - default = "selfcare.pagopa.it" -} - -variable "selfcare_plan_sku_tier" { - description = "Selfcare app plan sku tier" - type = string - default = "PremiumV3" -} - -variable "selfcare_plan_sku_size" { - description = "Selfcare app plan sku size" - type = string - default = "P1v3" -} - -variable "selfcare_plan_sku_capacity" { - description = "Selfcare app plan capacity" - type = number - default = 1 -} - - -## - -# PN Service Id -variable "pn_service_id" { - type = string - description = "The Service ID of PN service" - default = "01G40DWQGKY5GRWSNM4303VNRP" -} - -variable "pn_remote_config_id" { - type = string - description = "The Remote Content Config ID of PN service" - default = "01HMVMHCZZ8D0VTFWMRHBM5D6F" -} - -# PN Test Endpoint -variable "pn_test_endpoint" { - type = string - description = "The endpoint of PN (test env)" -} - -# io-sign service Id -variable "io_sign_service_id" { - type = string - description = "The Service ID of io-sign service" - default = "01GQQZ9HF5GAPRVKJM1VDAVFHM" -} - -variable "io_sign_remote_config_id" { - type = string - description = "The Remote Content Config ID of io-sign service" - default = "01HMVMDTHXCESMZ72NA701EKGQ" -} - -variable "io_wallet_trial_id" { - type = string - description = "The trial ID of io-wallet trial" - default = "01J2GN4TA8FB6DPTAX3T3YD6M1" -} - -# io-receipt service -variable "io_receipt_service_id" { - type = string - description = "The Service ID of io-receipt service" -} - -variable "io_receipt_remote_config_id" { - type = string - description = "The Remote Content Config ID of io-receipt service" - default = "01HMVM9W74RWH93NT1EYNKKNNR" -} - -variable "io_receipt_service_url" { - type = string - description = "The endpoint of Receipt Service (prod env)" -} - -variable "io_receipt_service_test_id" { - type = string - description = "The Service ID of io-receipt service" -} - -variable "io_receipt_remote_config_test_id" { - type = string - description = "The Remote Content Config ID of io-receipt service" - default = "01HMVMCDD3JFYTPKT4ZN4WQ73B" -} - -variable "io_receipt_service_test_url" { - type = string - description = "The endpoint of Receipt Service (test env)" -} - -# Third Party Mock - -variable "third_party_mock_service_id" { - type = string - description = "The Service ID of the Third Party Mock service" - default = "01GQQDPM127KFGG6T3660D5TXD" -} - -variable "third_party_mock_remote_config_id" { - type = string - description = "The Remote Content Config ID of the Third Party Mock service" - default = "01HMVM4N4XFJ8VBR1FXYFZ9QFB" -} - -# Citizen auth - -variable "citizen_auth_domain" { - type = string - default = "citizen-auth" -} - -variable "citizen_auth_product" { - type = string - description = "Use product name from citizen_auth domain locals" - default = "io-p" -} - -variable "citizen_auth_revoke_queue_name" { - type = string - description = "Use queue storage name from citizen_auth domain storage" - default = "pubkeys-revoke-v2" -} - -variable "citizen_auth_assertion_storage_name" { - type = string - description = "Use storage name from citizen_auth domain" - default = "lollipop-assertions-st" -} - -# Functions -variable "function_services_count" { - type = number - default = 2 -} - -variable "function_app_count" { - type = number - default = 2 -} diff --git a/src/core/README.md b/src/core/README.md deleted file mode 100644 index 1232ce82b..000000000 --- a/src/core/README.md +++ /dev/null @@ -1,163 +0,0 @@ - - -## Requirements - -| Name | Version | -|------|---------| -| [azapi](#requirement\_azapi) | <= 1.9.0 | -| [azuread](#requirement\_azuread) | <= 2.33.0 | -| [azurerm](#requirement\_azurerm) | <= 3.110.0 | -| [local](#requirement\_local) | <= 2.3.0 | -| [null](#requirement\_null) | <= 3.2.1 | -| [random](#requirement\_random) | <= 3.4.3 | -| [tls](#requirement\_tls) | <= 4.0.4 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [api\_v2\_services](#module\_api\_v2\_services) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_app\_api\_v1](#module\_apim\_v2\_io\_backend\_app\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_auth\_api\_v1](#module\_apim\_v2\_io\_backend\_auth\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_bpd\_api\_v1](#module\_apim\_v2\_io\_backend\_bpd\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_cgn\_api\_v1](#module\_apim\_v2\_io\_backend\_cgn\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_eucovidcert\_api\_v1](#module\_apim\_v2\_io\_backend\_eucovidcert\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_mitvoucher\_api\_v1](#module\_apim\_v2\_io\_backend\_mitvoucher\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_myportal\_api\_v1](#module\_apim\_v2\_io\_backend\_myportal\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_notifications\_api\_v1](#module\_apim\_v2\_io\_backend\_notifications\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_pagopa\_api\_v1](#module\_apim\_v2\_io\_backend\_pagopa\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_product](#module\_apim\_v2\_io\_backend\_product) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 | -| [apim\_v2\_io\_backend\_public\_api\_v1](#module\_apim\_v2\_io\_backend\_public\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_io\_backend\_session\_api\_v1](#module\_apim\_v2\_io\_backend\_session\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 | -| [apim\_v2\_product\_services](#module\_apim\_v2\_product\_services) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_api_management_api_operation_policy.submit_message_for_user_policy_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource | -| [azurerm_api_management_api_operation_policy.submit_message_for_user_with_fiscalcode_in_body_policy_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource | -| [azurerm_api_management_api_version_set.io_backend_app_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_auth_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_bpd_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_cgn_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_eucovidcert_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_mitvoucher_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_myportal_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_notifications_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_pagopa_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_public_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_api_version_set.io_backend_session_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_named_value.api_gad_client_certificate_verified_header_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | -| [azurerm_api_management_named_value.io_fn3_eucovidcert_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | -| [azurerm_api_management_named_value.io_fn3_eucovidcert_url_alt_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | -| [azurerm_api_management_named_value.io_fn3_services_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | -| [azurerm_api_management_named_value.io_fn3_services_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | -| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_key_vault.key_vault_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault_secret.api_gad_client_certificate_verified_header_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.io_fn3_eucovidcert_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.io_fn3_services_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_resource_group.rg_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [apim\_alerts\_enabled](#input\_apim\_alerts\_enabled) | Enable alerts | `bool` | `true` | no | -| [apim\_autoscale](#input\_apim\_autoscale) | Configure Apim autoscale on capacity metric |
"CreatedBy": "Terraform"
}
object(| n/a | yes | -| [apim\_publisher\_name](#input\_apim\_publisher\_name) | # Apim | `string` | n/a | yes | -| [apim\_v2\_sku](#input\_apim\_v2\_sku) | n/a | `string` | n/a | yes | -| [app\_backend\_autoscale\_default](#input\_app\_backend\_autoscale\_default) | The number of instances that are available for scaling if metrics are not available for evaluation. | `number` | `10` | no | -| [app\_backend\_autoscale\_maximum](#input\_app\_backend\_autoscale\_maximum) | The maximum number of instances for this resource. | `number` | `30` | no | -| [app\_backend\_autoscale\_minimum](#input\_app\_backend\_autoscale\_minimum) | The minimum number of instances for this resource. | `number` | `2` | no | -| [app\_backend\_names](#input\_app\_backend\_names) | App backend instance names | `list(string)` | `[]` | no | -| [app\_backend\_plan\_sku\_size](#input\_app\_backend\_plan\_sku\_size) | App backend app plan sku size | `string` | `"P1v3"` | no | -| [app\_backend\_plan\_sku\_tier](#input\_app\_backend\_plan\_sku\_tier) | App backend app plan sku tier | `string` | `"PremiumV3"` | no | -| [application\_insights\_name](#input\_application\_insights\_name) | The common Application Insights name | `string` | `""` | no | -| [azdo\_sp\_tls\_cert\_enabled](#input\_azdo\_sp\_tls\_cert\_enabled) | Enable Azure DevOps connection for TLS cert management | `string` | `false` | no | -| [azdoa\_image\_name](#input\_azdoa\_image\_name) | Azure DevOps Agent image name | `string` | n/a | yes | -| [cidr\_common\_in\_vnet](#input\_cidr\_common\_in\_vnet) | Common Italy North Virtual network cidr. | `list(string)` | n/a | yes | -| [cidr\_common\_vnet](#input\_cidr\_common\_vnet) | Common Virtual network cidr. | `list(string)` | n/a | yes | -| [cidr\_subnet\_apim](#input\_cidr\_subnet\_apim) | Old Api Management address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_apim\_v2](#input\_cidr\_subnet\_apim\_v2) | Api Management V2 address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_appbackendl1](#input\_cidr\_subnet\_appbackendl1) | App backend l1 address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_appbackendl2](#input\_cidr\_subnet\_appbackendl2) | App backend l2 address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_appbackendli](#input\_cidr\_subnet\_appbackendli) | App backend li address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_appgateway](#input\_cidr\_subnet\_appgateway) | Application gateway address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_azdoa](#input\_cidr\_subnet\_azdoa) | Azure DevOps agent network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_devportalservicedata\_db\_server](#input\_cidr\_subnet\_devportalservicedata\_db\_server) | Space address for DevPortal Service Data PostgresSQL | `list(string)` | n/a | yes | -| [cidr\_subnet\_dnsforwarder](#input\_cidr\_subnet\_dnsforwarder) | DNS Forwarder network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_eventhub](#input\_cidr\_subnet\_eventhub) | Eventhub network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_fnelt](#input\_cidr\_subnet\_fnelt) | function-elt network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_fnfastlogin](#input\_cidr\_subnet\_fnfastlogin) | Function Fast Login address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_fnlollipop](#input\_cidr\_subnet\_fnlollipop) | Function Lollipop address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_pendpoints](#input\_cidr\_subnet\_pendpoints) | Private Endpoints address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_redis\_apim](#input\_cidr\_subnet\_redis\_apim) | Redis network address space. | `list(string)` | `[]` | no | -| [cidr\_subnet\_redis\_common](#input\_cidr\_subnet\_redis\_common) | Redis common network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_selfcare\_be](#input\_cidr\_subnet\_selfcare\_be) | Selfcare IO frontend storage address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_shared\_1](#input\_cidr\_subnet\_shared\_1) | n/a | `list(string)` | n/a | yes | -| [cidr\_subnet\_vpn](#input\_cidr\_subnet\_vpn) | VPN network address space. | `list(string)` | n/a | yes | -| [cidr\_weu\_beta\_vnet](#input\_cidr\_weu\_beta\_vnet) | Beta Virtual network cidr. | `list(string)` | n/a | yes | -| [cidr\_weu\_prod01\_vnet](#input\_cidr\_weu\_prod01\_vnet) | Prod01 Virtual network cidr. | `list(string)` | n/a | yes | -| [cidr\_weu\_prod02\_vnet](#input\_cidr\_weu\_prod02\_vnet) | Prod02 Virtual network cidr. | `list(string)` | n/a | yes | -| [citizen\_auth\_assertion\_storage\_name](#input\_citizen\_auth\_assertion\_storage\_name) | Use storage name from citizen\_auth domain | `string` | `"lollipop-assertions-st"` | no | -| [citizen\_auth\_domain](#input\_citizen\_auth\_domain) | n/a | `string` | `"citizen-auth"` | no | -| [citizen\_auth\_product](#input\_citizen\_auth\_product) | Use product name from citizen\_auth domain locals | `string` | `"io-p"` | no | -| [citizen\_auth\_revoke\_queue\_name](#input\_citizen\_auth\_revoke\_queue\_name) | Use queue storage name from citizen\_auth domain storage | `string` | `"pubkeys-revoke-v2"` | no | -| [common\_rg](#input\_common\_rg) | Common Virtual network resource group name. | `string` | `""` | no | -| [ddos\_protection\_plan](#input\_ddos\_protection\_plan) | n/a |
{
enabled = bool
default_instances = number
minimum_instances = number
maximum_instances = number
scale_out_capacity_percentage = number
scale_out_time_window = string
scale_out_value = string
scale_out_cooldown = string
scale_in_capacity_percentage = number
scale_in_time_window = string
scale_in_value = string
scale_in_cooldown = string
}
)
object({| `null` | no | -| [dns\_default\_ttl\_sec](#input\_dns\_default\_ttl\_sec) | value | `number` | `3600` | no | -| [dns\_zone\_firmaconio\_selfcare](#input\_dns\_zone\_firmaconio\_selfcare) | The dns subdomain. | `string` | `null` | no | -| [dns\_zone\_io](#input\_dns\_zone\_io) | The dns subdomain. | `string` | `null` | no | -| [dns\_zone\_io\_selfcare](#input\_dns\_zone\_io\_selfcare) | The dns subdomain. | `string` | `null` | no | -| [enable\_azdoa](#input\_enable\_azdoa) | Enable Azure DevOps agent. | `bool` | n/a | yes | -| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `"pagopa.it"` | no | -| [function\_app\_count](#input\_function\_app\_count) | n/a | `number` | `2` | no | -| [function\_services\_count](#input\_function\_services\_count) | Functions | `number` | `2` | no | -| [io\_receipt\_remote\_config\_id](#input\_io\_receipt\_remote\_config\_id) | The Remote Content Config ID of io-receipt service | `string` | `"01HMVM9W74RWH93NT1EYNKKNNR"` | no | -| [io\_receipt\_remote\_config\_test\_id](#input\_io\_receipt\_remote\_config\_test\_id) | The Remote Content Config ID of io-receipt service | `string` | `"01HMVMCDD3JFYTPKT4ZN4WQ73B"` | no | -| [io\_receipt\_service\_id](#input\_io\_receipt\_service\_id) | The Service ID of io-receipt service | `string` | n/a | yes | -| [io\_receipt\_service\_test\_id](#input\_io\_receipt\_service\_test\_id) | The Service ID of io-receipt service | `string` | n/a | yes | -| [io\_receipt\_service\_test\_url](#input\_io\_receipt\_service\_test\_url) | The endpoint of Receipt Service (test env) | `string` | n/a | yes | -| [io\_receipt\_service\_url](#input\_io\_receipt\_service\_url) | The endpoint of Receipt Service (prod env) | `string` | n/a | yes | -| [io\_sign\_remote\_config\_id](#input\_io\_sign\_remote\_config\_id) | The Remote Content Config ID of io-sign service | `string` | `"01HMVMDTHXCESMZ72NA701EKGQ"` | no | -| [io\_sign\_service\_id](#input\_io\_sign\_service\_id) | The Service ID of io-sign service | `string` | `"01GQQZ9HF5GAPRVKJM1VDAVFHM"` | no | -| [io\_wallet\_trial\_id](#input\_io\_wallet\_trial\_id) | The trial ID of io-wallet trial | `string` | `"01J2GN4TA8FB6DPTAX3T3YD6M1"` | no | -| [law\_daily\_quota\_gb](#input\_law\_daily\_quota\_gb) | The workspace daily quota for ingestion in GB. | `number` | `-1` | no | -| [law\_retention\_in\_days](#input\_law\_retention\_in\_days) | The workspace data retention in days | `number` | `90` | no | -| [law\_sku](#input\_law\_sku) | Sku of the Log Analytics Workspace | `string` | `"PerGB2018"` | no | -| [location](#input\_location) | n/a | `string` | `"westeurope"` | no | -| [location\_in](#input\_location\_in) | n/a | `string` | `"italynorth"` | no | -| [location\_short](#input\_location\_short) | One of weu, neu | `string` | n/a | yes | -| [lock\_enable](#input\_lock\_enable) | Apply locks to block accedentaly deletions. | `bool` | `false` | no | -| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | The common Log Analytics Workspace name | `string` | `""` | no | -| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | -| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | -| [pn\_remote\_config\_id](#input\_pn\_remote\_config\_id) | The Remote Content Config ID of PN service | `string` | `"01HMVMHCZZ8D0VTFWMRHBM5D6F"` | no | -| [pn\_service\_id](#input\_pn\_service\_id) | The Service ID of PN service | `string` | `"01G40DWQGKY5GRWSNM4303VNRP"` | no | -| [pn\_test\_endpoint](#input\_pn\_test\_endpoint) | The endpoint of PN (test env) | `string` | n/a | yes | -| [prefix](#input\_prefix) | n/a | `string` | `"io"` | no | -| [redis\_apim\_capacity](#input\_redis\_apim\_capacity) | # Redis cache | `number` | `1` | no | -| [redis\_apim\_family](#input\_redis\_apim\_family) | n/a | `string` | `"C"` | no | -| [redis\_apim\_sku\_name](#input\_redis\_apim\_sku\_name) | n/a | `string` | `"Standard"` | no | -| [redis\_common](#input\_redis\_common) | Redis Common configuration |
id = string
enable = bool
})
object({| n/a | yes | -| [selfcare\_external\_hostname](#input\_selfcare\_external\_hostname) | Selfcare external hostname | `string` | `"selfcare.pagopa.it"` | no | -| [selfcare\_plan\_sku\_capacity](#input\_selfcare\_plan\_sku\_capacity) | Selfcare app plan capacity | `number` | `1` | no | -| [selfcare\_plan\_sku\_size](#input\_selfcare\_plan\_sku\_size) | Selfcare app plan sku size | `string` | `"P1v3"` | no | -| [selfcare\_plan\_sku\_tier](#input\_selfcare\_plan\_sku\_tier) | Selfcare app plan sku tier | `string` | `"PremiumV3"` | no | -| [tags](#input\_tags) | n/a | `map(any)` |
capacity = number
shard_count = number
family = string
sku_name = string
public_network_access_enabled = bool
rdb_backup_enabled = bool
rdb_backup_frequency = number
rdb_backup_max_snapshot_count = number
redis_version = string
})
{| no | -| [third\_party\_mock\_remote\_config\_id](#input\_third\_party\_mock\_remote\_config\_id) | The Remote Content Config ID of the Third Party Mock service | `string` | `"01HMVM4N4XFJ8VBR1FXYFZ9QFB"` | no | -| [third\_party\_mock\_service\_id](#input\_third\_party\_mock\_service\_id) | The Service ID of the Third Party Mock service | `string` | `"01GQQDPM127KFGG6T3660D5TXD"` | no | -| [vnet\_name](#input\_vnet\_name) | Common Virtual network resource name. | `string` | `""` | no | -| [vpn\_pip\_sku](#input\_vpn\_pip\_sku) | VPN GW PIP SKU | `string` | `"Basic"` | no | -| [vpn\_sku](#input\_vpn\_sku) | VPN Gateway SKU | `string` | `"VpnGw1"` | no | - -## Outputs - -No outputs. - diff --git a/src/core/env/prod/backend.ini b/src/core/env/prod/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/core/env/prod/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/core/env/prod/backend.tfvars b/src/core/env/prod/backend.tfvars deleted file mode 100644 index 5d7f8e030..000000000 --- a/src/core/env/prod/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.core-prod.tfstate" diff --git a/src/core/env/prod/terraform.tfvars b/src/core/env/prod/terraform.tfvars deleted file mode 100644 index a43636930..000000000 --- a/src/core/env/prod/terraform.tfvars +++ /dev/null @@ -1,452 +0,0 @@ -env_short = "p" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -location = "westeurope" -location_short = "weu" - -# dns -external_domain = "pagopa.it" -dns_zone_io = "io" -dns_zone_io_selfcare = "io.selfcare" -dns_zone_firmaconio_selfcare = "firmaconio.selfcare" - -lock_enable = true - -common_rg = "io-p-rg-common" - -# networking -vnet_name = "io-p-vnet-common" -ddos_protection_plan = { - id = "/subscriptions/0da48c97-355f-4050-a520-f11a18b8be90/resourceGroups/sec-p-ddos/providers/Microsoft.Network/ddosProtectionPlans/sec-p-ddos-protection" - enable = true -} -cidr_common_vnet = ["10.0.0.0/16"] -cidr_common_in_vnet = ["10.20.0.0/16"] -cidr_weu_beta_vnet = ["10.10.0.0/16"] -cidr_weu_prod01_vnet = ["10.11.0.0/16"] -cidr_weu_prod02_vnet = ["10.12.0.0/16"] -# check free subnet on azure portal io-p-vnet-common -> subnets -cidr_subnet_eventhub = ["10.0.10.0/24"] -cidr_subnet_fnelt = ["10.0.11.0/24"] -cidr_subnet_appgateway = ["10.0.13.0/24"] -cidr_subnet_redis_apim = ["10.0.14.0/24"] -cidr_subnet_fnadmin = ["10.0.15.0/26"] -cidr_subnet_shared_1 = ["10.0.16.0/26"] -cidr_subnet_fnlollipop = ["10.0.17.0/26"] -cidr_subnet_fnfastlogin = ["10.0.17.128/26"] -cidr_subnet_apim = ["10.0.101.0/24"] -cidr_subnet_apim_v2 = ["10.0.100.0/24"] -cidr_subnet_fncdnassets = ["10.0.131.0/24"] -cidr_subnet_app = ["10.0.132.0/26", "10.0.132.64/26"] -cidr_subnet_app_async = ["10.0.132.128/26"] -cidr_subnet_vpn = ["10.0.133.0/24"] -cidr_subnet_selfcare_be = ["10.0.137.0/24"] -cidr_subnet_devportalservicedata_db_server = ["10.0.138.0/24"] -cidr_subnet_services = ["10.0.139.0/26", "10.0.139.64/26"] -# new push notif is related to messages domain ############### -############################################################## -cidr_subnet_appbackendl1 = ["10.0.152.0/24"] -cidr_subnet_appbackendl2 = ["10.0.153.0/24"] -cidr_subnet_appbackendli = ["10.0.154.0/24"] -cidr_subnet_redis_common = ["10.0.200.0/24"] -cidr_subnet_pendpoints = ["10.0.240.0/23"] -cidr_subnet_azdoa = ["10.0.250.0/24"] -cidr_subnet_dnsforwarder = ["10.0.252.8/29"] - -# just for reminder: declared in https://github.com/pagopa/io-infra/blob/main/src/domains/ioweb-app/env/weu-prod01/terraform.tfvars -# subnet for ioweb_profile -> cidr_subnet_fniowebprofile = ["10.0.117.0/24"] - -## REDIS COMMON ## -redis_common = { - capacity = 2 - shard_count = 4 - family = "P" - sku_name = "Premium" - public_network_access_enabled = true - rdb_backup_enabled = true - rdb_backup_frequency = 60 - rdb_backup_max_snapshot_count = 1 - redis_version = "6" -} - -# apim -apim_publisher_name = "IO" -apim_v2_sku = "Premium_2" -apim_autoscale = { - enabled = true - default_instances = 5 - minimum_instances = 4 - maximum_instances = 6 - scale_out_capacity_percentage = 50 - scale_out_time_window = "PT3M" - scale_out_value = "1" - scale_out_cooldown = "PT5M" - scale_in_capacity_percentage = 20 - scale_in_time_window = "PT5M" - scale_in_value = "1" - scale_in_cooldown = "PT5M" -} - -# azure devops -azdo_sp_tls_cert_enabled = true -enable_azdoa = true -enable_iac_pipeline = true -azdoa_image_name = "azdo-agent-ubuntu2204-image-v2" -## - -## Monitor -log_analytics_workspace_name = "io-p-law-common" -application_insights_name = "io-p-ai-common" -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -## - -## Event hub -ehns_sku_name = "Standard" -ehns_capacity = 5 -ehns_auto_inflate_enabled = true -ehns_maximum_throughput_units = 5 -ehns_zone_redundant = true -ehns_alerts_enabled = true - -ehns_ip_rules = [ - { - ip_mask = "18.192.147.151", # PDND - action = "Allow" - }, - { - ip_mask = "18.159.227.69", # PDND - action = "Allow" - }, - { - ip_mask = "3.126.198.129", # PDND - action = "Allow" - } -] - -ehns_metric_alerts = { - no_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "No transactions received from acquirer in the last 24h" - operator = "LessThanOrEqual" - threshold = 1000 - frequency = "PT1H" - window_size = "P1D" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = ["rtd-trx"] - } - ], - }, - active_connections = { - aggregation = "Average" - metric_name = "ActiveConnections" - description = null - operator = "LessThanOrEqual" - threshold = 0 - frequency = "PT5M" - window_size = "PT15M" - dimension = [], - }, - error_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately" - operator = "GreaterThan" - threshold = 0 - frequency = "PT5M" - window_size = "PT30M" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = ["bpd-trx-error", - "rtd-trx-error"] - } - ], - }, -} - -# Functions App -function_app_kind = "Linux" -function_app_sku_tier = "PremiumV3" -function_app_sku_size = "P1v3" -function_app_autoscale_minimum = 2 -function_app_autoscale_maximum = 30 -function_app_autoscale_default = 10 - -# Functions Services -function_services_kind = "Linux" -function_services_sku_tier = "PremiumV3" -function_services_sku_size = "P1v3" -function_services_autoscale_minimum = 1 -function_services_autoscale_maximum = 30 -function_services_autoscale_default = 10 - -# Functions App Async -function_app_async_kind = "Linux" -function_app_async_sku_tier = "PremiumV3" -function_app_async_sku_size = "P1v3" -function_app_async_autoscale_minimum = 3 # 2 instance to achieve redundancy and failover -function_app_async_autoscale_maximum = 30 -function_app_async_autoscale_default = 10 - -# Functions Admin -function_admin_kind = "Linux" -function_admin_sku_tier = "PremiumV3" -function_admin_sku_size = "P1v3" -function_admin_autoscale_minimum = 1 -function_admin_autoscale_maximum = 3 -function_admin_autoscale_default = 1 - -# Functions shared -plan_shared_1_kind = "Linux" -plan_shared_1_sku_tier = "PremiumV3" -plan_shared_1_sku_size = "P1v3" -function_public_autoscale_minimum = 1 -function_public_autoscale_maximum = 30 -function_public_autoscale_default = 10 - -app_backend_autoscale_default = 10 -app_backend_autoscale_minimum = 2 -app_backend_autoscale_maximum = 30 - -# Function CDN Assets -function_assets_cdn_kind = "Linux" -function_assets_cdn_sku_tier = "PremiumV3" -function_assets_cdn_sku_size = "P1v3" -function_assets_cdn_autoscale_minimum = 1 -function_assets_cdn_autoscale_maximum = 5 -function_assets_cdn_autoscale_default = 1 - -# App Continua DynamicLynk - -eventhubs = [ - { - name = "io-cosmosdb-services" - partitions = 5 - message_retention = 7 - consumers = [] - keys = [ - { - name = "io-fn-elt" - listen = false - send = true - manage = false - }, - { - name = "pdnd" - listen = true - send = false - manage = false - } - ] - }, - { - name = "io-cosmosdb-profiles" - partitions = 5 - message_retention = 7 - consumers = [] - keys = [ - { - name = "io-fn-elt" - listen = false - send = true - manage = false - }, - { - name = "pdnd" - listen = true - send = false - manage = false - } - ] - }, - { - name = "import-command" - partitions = 2 - message_retention = 7 - consumers = [] - keys = [ - { - name = "ops" - listen = false - send = true - manage = false - }, - { - name = "io-fn-elt" - listen = true - send = false - manage = false - } - ] - }, - { - name = "io-cosmosdb-message-status" - partitions = 32 - message_retention = 7 - consumers = ["io-messages"] - keys = [ - { - name = "io-cdc" - listen = false - send = true - manage = false - }, - { - name = "io-messages" - listen = true - send = false - manage = false - } - ] - }, - { - name = "pdnd-io-cosmosdb-messages" - partitions = 30 - message_retention = 7 - consumers = [] - keys = [ - { - name = "io-fn-elt" - listen = false - send = true - manage = false - }, - { - name = "pdnd" - listen = true - send = false - manage = false - } - ] - }, - { - name = "pdnd-io-cosmosdb-message-status" - partitions = 30 - message_retention = 7 - consumers = [] - keys = [ - { - name = "io-fn-elt" - listen = false - send = true - manage = false - }, - { - name = "pdnd" - listen = true - send = false - manage = false - } - ] - }, - { - name = "pdnd-io-cosmosdb-service-preferences" - partitions = 30 - message_retention = 7 - consumers = [] - keys = [ - { - name = "io-fn-elt" - listen = false - send = true - manage = false - }, - { - name = "pdnd" - listen = true - send = false - manage = false - } - ] - }, - { - name = "pdnd-io-cosmosdb-profiles" - partitions = 30 - message_retention = 7 - consumers = [] - keys = [ - { - name = "io-fn-elt" - listen = false - send = true - manage = false - }, - { - name = "pdnd" - listen = true - send = false - manage = false - } - ] - }, - { - name = "pdnd-io-cosmosdb-notification-status" - partitions = 30 - message_retention = 7 - consumers = [] - keys = [ - { - name = "io-fn-elt" - listen = false - send = true - manage = false - }, - { - name = "pdnd" - listen = true - send = false - manage = false - } - ] - }, - { - name = "io-cosmosdb-message-status-for-view" - partitions = 32 - message_retention = 7 - consumers = ["io-messages"] - keys = [ - { - name = "io-cdc" - listen = false - send = true - manage = false - }, - { - name = "io-messages" - listen = true - send = false - manage = false - } - ] - } -] - -# PN Service Id -pn_service_id = "01G40DWQGKY5GRWSNM4303VNRP" - -# PN Test Endpoint -pn_test_endpoint = "https://api-io.uat.notifichedigitali.it" - -# RECEIPT SERVICE -io_receipt_service_id = "01HD63674XJ1R6XCNHH24PCRR2" -io_receipt_service_url = "https://api.platform.pagopa.it/receipts/service/v1" -io_receipt_service_test_id = "01H4ZJ62C1CPGJ0PX8Q1BP7FAB" -io_receipt_service_test_url = "https://api.uat.platform.pagopa.it/receipts/service/v1" - -# TP Mock Service Id -third_party_mock_service_id = "01GQQDPM127KFGG6T3660D5TXD" - -app_backend_names = ["appbackendl1", "appbackendl2", "appbackendli"] diff --git a/src/core/terraform.sh b/src/core/terraform.sh deleted file mode 100755 index afa31880b..000000000 --- a/src/core/terraform.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -set -e - -action=$1 -env=$2 -shift 2 -other=$@ - -subscription="MOCK_VALUE" - -if [ -z "$action" ]; then - echo "Missed action: init, apply, plan" - exit 0 -fi - -if [ -z "$env" ]; then - echo "env should be: dev, uat or prod." - exit 0 -fi - -# shellcheck source=/dev/null -source "./env/$env/backend.ini" - -az account set -s "${subscription}" - -if [ "$action" = "force-unlock" ]; then - echo "🧠terraform INIT in env: ${env}" - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" $other - warn_message="You are about to unlock Terraform's remote state. - This is a dangerous task you want to be aware of before going on. - This operation won't affect your infrastructure directly. - However, please note that you may lose pieces of information about partially-applied configurations. - - Please refer to the official Terraform documentation about the command: - https://developer.hashicorp.com/terraform/cli/commands/force-unlock" - printf "\n\e[33m%s\e[0m\n\n" "$warn_message" - - read -r -p "Please enter the LOCK ID: " lock_id - terraform force-unlock "$lock_id" - - exit 0 # this line prevents the script to go on -fi - -if echo "init plan apply refresh import output state taint destroy" | grep -w "$action" > /dev/null; then - if [ "$action" = "init" ]; then - echo "🧠terraform INIT in env: ${env}" - terraform "$action" -reconfigure -backend-config="./env/$env/backend.tfvars" $other - elif [ "$action" = "output" ] || [ "$action" = "state" ] || [ "$action" = "taint" ]; then - # init terraform backend - echo "🧠terraform (output|state|taint) launched with action: ${action} in env: ${env}" - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform "$action" $other - else - # init terraform backend - echo "🧠terraform launched with action: ${action} in env: ${env}" - - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform "$action" -var-file="./env/$env/terraform.tfvars" $other - fi -else - echo "Action not allowed." - exit 1 -fi diff --git a/src/domains/citizen-auth-app/08_session_manager.tf b/src/domains/citizen-auth-app/08_session_manager.tf index dc3c4719e..88167c9e6 100644 --- a/src/domains/citizen-auth-app/08_session_manager.tf +++ b/src/domains/citizen-auth-app/08_session_manager.tf @@ -137,7 +137,7 @@ locals { # Functions Fast Login config FAST_LOGIN_API_KEY = data.azurerm_key_vault_secret.functions_fast_login_api_key.value - FAST_LOGIN_API_URL = var.fastlogin_enabled ? "https://${module.function_fast_login[0].default_hostname}" : "" + FAST_LOGIN_API_URL = var.fastlogin_enabled ? "https://${module.function_fast_login_itn.default_hostname}" : "" # Functions Lollipop config LOLLIPOP_API_BASE_PATH = "/api/v1" diff --git a/src/domains/citizen-auth-common/03_apim_v2.tf b/src/domains/citizen-auth-common/03_apim_v2.tf index 88be30f33..2dadd61ba 100644 --- a/src/domains/citizen-auth-common/03_apim_v2.tf +++ b/src/domains/citizen-auth-common/03_apim_v2.tf @@ -236,11 +236,11 @@ data "azurerm_key_vault_secret" "functions_fast_login_api_key" { key_vault_id = module.key_vault.id } -resource "azurerm_api_management_named_value" "io_fn_weu_fast_login_operation_key_v2" { - name = "io-fn-weu-fast-login-operation-key" +resource "azurerm_api_management_named_value" "io_fn_itn_fast_login_operation_key_v2" { + name = "io-fn-itn-fast-login-operation-key" api_management_name = data.azurerm_api_management.apim_v2_api.name resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name - display_name = "io-fn-weu-fast-login-operation-key" + display_name = "io-fn-itn-fast-login-operation-key" value = data.azurerm_key_vault_secret.functions_fast_login_api_key.value secret = "true" } diff --git a/src/domains/citizen-auth-common/99_locals.tf b/src/domains/citizen-auth-common/99_locals.tf index d31c32793..e5d5cabc7 100644 --- a/src/domains/citizen-auth-common/99_locals.tf +++ b/src/domains/citizen-auth-common/99_locals.tf @@ -20,8 +20,8 @@ locals { fast_login_backend_url = "https://%s/api/v1" # Fast Login references refers to src/domains/citizen-auth-app/07_functions_fast_login.tf - fn_fast_login_name = "${local.product}-weu-fast-login-fn" - fn_fast_login_resource_group_name = "${local.product}-weu-fast-login-rg" + fn_fast_login_name = "${local.common_project_itn}-auth-lv-fn-01" + fn_fast_login_resource_group_name = "${local.common_project_itn}-fast-login-rg-01" } # Region ITN diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md index f4cc20a34..8b805821a 100644 --- a/src/domains/citizen-auth-common/README.md +++ b/src/domains/citizen-auth-common/README.md @@ -39,9 +39,9 @@ | [azurerm_api_management_group_user.pagopa_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource | | [azurerm_api_management_group_user.pagopa_operation_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource | | [azurerm_api_management_named_value.api_fast_login_operation_group_name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_named_value.io_fn_itn_fast_login_operation_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | | [azurerm_api_management_named_value.io_fn_itn_lollipop_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | | [azurerm_api_management_named_value.io_fn_itn_lollipop_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | -| [azurerm_api_management_named_value.io_fn_weu_fast_login_operation_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | | [azurerm_api_management_subscription.pagopa_fastlogin_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | | [azurerm_api_management_subscription.pagopa_operation_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | | [azurerm_api_management_subscription.pagopa_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | diff --git a/src/domains/citizen-auth-common/api/fast_login/v1/policy.xml b/src/domains/citizen-auth-common/api/fast_login/v1/policy.xml index 98b878514..3fed4b92e 100644 --- a/src/domains/citizen-auth-common/api/fast_login/v1/policy.xml +++ b/src/domains/citizen-auth-common/api/fast_login/v1/policy.xml @@ -2,7 +2,7 @@
"CreatedBy": "Terraform"
}