[CES-128] - Add backend l3 for wallet publication (#1199)

src/common/_modules/app_backend/app_settings.tf

@@ -1,5 +1,6 @@
 locals {
   app_settings_common = {
+    IS_APPBACKENDLI = var.is_li ? "true" : "false"
     # No downtime on slots swap
     WEBSITE_ADD_SITENAME_BINDINGS_IN_APPHOST_CONFIG = "1"
     WEBSITE_RUN_FROM_PACKAGE                        = "1"
@@ -29,6 +30,7 @@ locals {
     AUTHENTICATION_BASE_PATH = ""
 
     // FUNCTIONS
+    API_URL                     = "https://${var.backend_hostnames.app[1]}/api/v1"
     API_KEY                     = data.azurerm_key_vault_secret.app_backend_API_KEY.value
     CGN_API_URL                 = "https://${var.backend_hostnames.cgn}"
     CGN_API_KEY                 = data.azurerm_key_vault_secret.app_backend_CGN_API_KEY.value
@@ -38,7 +40,8 @@ locals {
     CGN_OPERATOR_SEARCH_API_KEY = data.azurerm_key_vault_secret.app_backend_CGN_OPERATOR_SEARCH_API_KEY_PROD.value
     EUCOVIDCERT_API_URL         = "https://${var.backend_hostnames.eucovidcert}/api/v1"
     EUCOVIDCERT_API_KEY         = data.azurerm_key_vault_secret.fn_eucovidcert_API_KEY_APPBACKEND.value
-    APP_MESSAGES_API_KEY        = data.azurerm_key_vault_secret.app_backend_APP_MESSAGES_API_KEY[(var.index - 1) % 2].value
+    APP_MESSAGES_API_URL        = "https://${var.backend_hostnames.app_messages[(var.index - 1) % local.app_messages_count]}/api/v1"
+    APP_MESSAGES_API_KEY        = data.azurerm_key_vault_secret.app_backend_APP_MESSAGES_API_KEY[(var.index - 1) % local.app_messages_count].value
     LOLLIPOP_API_URL            = "https://${var.backend_hostnames.lollipop}"
     LOLLIPOP_API_KEY            = data.azurerm_key_vault_secret.app_backend_LOLLIPOP_ITN_API_KEY.value
     TRIAL_SYSTEM_API_URL        = "https://${var.backend_hostnames.trial_system_api}" # PROD-TRIAL subscription

src/common/_modules/app_backend/data_kv.tf

@@ -71,13 +71,8 @@ data "azurerm_key_vault_secret" "app_backend_PECSERVER_ARUBA_TOKEN_SECRET" {
 }
 
 data "azurerm_key_vault_secret" "app_backend_APP_MESSAGES_API_KEY" {
-  count        = 2
-  name         = count.index % 2 == 0 ? "appbackend-APP-MESSAGES-API-KEY" : "appbackend-APP-MESSAGES-API-KEY-02"
-  key_vault_id = var.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "app_backend_APP_MESSAGES_API_KEY_02" {
-  name         = "appbackend-APP-MESSAGES-API-KEY-02"
+  count        = local.app_messages_count
+  name         = count.index % local.app_messages_count == 0 ? "appbackend-APP-MESSAGES-API-KEY" : format("appbackend-APP-MESSAGES-API-KEY-%02d", (count.index % local.app_messages_count) + 1)
   key_vault_id = var.key_vault_common.id
 }
 

src/common/_modules/app_backend/locals.tf

@@ -29,6 +29,9 @@ locals {
 
   citizen_auth_revoke_queue_name = "pubkeys-revoke-v2"
 
+  function_app_count = length(var.backend_hostnames.app)
+  app_messages_count = length(var.backend_hostnames.app_messages)
+
   nonstandard = {
     weu = {
       asp  = "${var.project}-plan-appappbackend${var.name}"

src/common/_modules/app_backend/variables.tf

@@ -186,6 +186,8 @@ variable "app_settings_override" {
 
 variable "backend_hostnames" {
   type = object({
+    app                  = list(string)
+    app_messages         = list(string)
     assets_cdn           = string
     services_app_backend = string
     lollipop             = string

src/common/prod/README.md

@@ -30,6 +30,7 @@
 | [azurerm_resource_group.github_runner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_api_management.trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+| [azurerm_linux_function_app.app_messages](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.eucovidcert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.function_assets_cdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
 | [azurerm_linux_function_app.function_cgn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |

src/common/prod/data.tf

@@ -55,6 +55,12 @@ data "azurerm_linux_function_app" "function_profile" {
   resource_group_name = "${local.project_itn}-profile-rg-0${count.index + 1}"
 }
 
+data "azurerm_linux_function_app" "app_messages" {
+  count               = local.app_messages_count
+  name                = "${local.project_weu_legacy}-app-messages-fn-${count.index + 1}"
+  resource_group_name = "${local.project_weu_legacy}-app-messages-rg-${count.index + 1}"
+}
+
 data "azurerm_linux_function_app" "services_app_backend_function_app" {
   resource_group_name = "${local.project_itn}-svc-rg-01"
   name                = "${local.project_itn}-svc-app-be-func-01"

src/common/prod/locals.tf

@@ -18,6 +18,7 @@ locals {
   core = data.terraform_remote_state.core.outputs
 
   function_profile_count = 2
+  app_messages_count     = 2
 
   # TODO: edit this block when resource groups module is implemented
   resource_groups = {
@@ -45,34 +46,19 @@ locals {
   }
 
   app_backends = {
-    l1 = {
+    1 = {
       cidr_subnet = ["10.0.152.0/24"]
-      app_settings_override = {
-        IS_APPBACKENDLI = "false"
-        // FUNCTIONS
-        API_URL              = "https://${data.azurerm_linux_function_app.function_profile[1].default_hostname}/api/v1"
-        APP_MESSAGES_API_URL = "https://io-p-app-messages-fn-1.azurewebsites.net/api/v1"
-      }
     },
-    l2 = {
+    2 = {
       cidr_subnet = ["10.0.153.0/24"]
-      app_settings_override = {
-        IS_APPBACKENDLI = "false"
-        // FUNCTIONS
-        API_URL              = "https://${data.azurerm_linux_function_app.function_profile[1].default_hostname}/api/v1"
-        APP_MESSAGES_API_URL = "https://io-p-app-messages-fn-2.azurewebsites.net/api/v1"
-      }
+    },
+    3 = {
+      cidr_subnet = ["10.0.156.0/24"]
     }
   }
 
   app_backendli = {
     cidr_subnet = ["10.0.154.0/24"]
-    app_settings_override = {
-      IS_APPBACKENDLI = "true"
-      // FUNCTIONS
-      API_URL              = "https://${data.azurerm_linux_function_app.function_profile[1].default_hostname}/api/v1"
-      APP_MESSAGES_API_URL = "https://io-p-app-messages-fn-1.azurewebsites.net/api/v1"
-    }
   }
 
   azdoa_snet_id = {
@@ -81,6 +67,8 @@ locals {
   }
 
   backend_hostnames = {
+    app                  = [for key, value in data.azurerm_linux_function_app.function_profile : value.default_hostname]
+    app_messages         = [for key, value in data.azurerm_linux_function_app.app_messages : value.default_hostname]
     assets_cdn           = data.azurerm_linux_function_app.function_assets_cdn.default_hostname
     services_app_backend = data.azurerm_linux_function_app.services_app_backend_function_app.default_hostname
     lollipop             = data.azurerm_linux_function_app.lollipop_function.default_hostname

src/common/prod/westeurope.tf

@@ -303,7 +303,8 @@ module "application_gateway_weu" {
 
   backend_hostnames = {
     firmaconio_selfcare_web_app = [data.azurerm_linux_web_app.firmaconio_selfcare_web_app.default_hostname]
-    app_backends                = [for appbe in module.app_backend_weu : appbe.default_hostname]
+    # app_backends                = [for appbe in module.app_backend_weu : appbe.default_hostname]
+    app_backends = [module.app_backend_weu["1"].default_hostname, module.app_backend_weu["2"].default_hostname]
   }
   certificates = {
     api                                  = "api-io-pagopa-it"
@@ -412,7 +413,7 @@ module "redis_weu" {
 }
 
 module "app_backend_weu" {
-  for_each = { for index, settings in local.app_backends : index => settings }
+  for_each = local.app_backends
   source   = "../_modules/app_backend"
 
   location                = "westeurope"
@@ -427,20 +428,19 @@ module "app_backend_weu" {
     azurerm_client_config = data.azurerm_client_config.current
   }
 
-  name  = each.key
-  index = index(values(local.app_backends), each.value) + 1
+  name  = "l${each.key}"
+  index = each.key
 
   vnet_common                = local.core.networking.weu.vnet_common
-  cidr_subnet                = local.app_backends[each.key].cidr_subnet
+  cidr_subnet                = each.value.cidr_subnet
   nat_gateways               = local.core.networking.weu.nat_gateways
   allowed_subnets            = concat(data.azurerm_subnet.services_snet.*.id, [module.application_gateway_weu.snet.id, module.apim_weu.snet.id])
   slot_allowed_subnets       = concat([local.azdoa_snet_id["weu"]], data.azurerm_subnet.services_snet.*.id, [module.application_gateway_weu.snet.id, module.apim_weu.snet.id])
   allowed_ips                = module.monitoring_weu.appi.reserved_ips
   slot_allowed_ips           = module.monitoring_weu.appi.reserved_ips
   apim_snet_address_prefixes = module.apim_weu.snet.address_prefixes
 
-  app_settings_override = each.value.app_settings_override
-  backend_hostnames     = local.backend_hostnames
+  backend_hostnames = local.backend_hostnames
 
   key_vault        = local.core.key_vault.weu.kv
   key_vault_common = local.core.key_vault.weu.kv_common
@@ -497,8 +497,7 @@ module "app_backend_li_weu" {
   slot_allowed_ips           = []
   apim_snet_address_prefixes = module.apim_weu.snet.address_prefixes
 
-  app_settings_override = local.app_backendli.app_settings_override
-  backend_hostnames     = local.backend_hostnames
+  backend_hostnames = local.backend_hostnames
 
   autoscale = {
     default = 10