From 6ba73c3db1b1835bce3ede0da4f241cb0d88155b Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Fri, 4 Oct 2024 10:29:57 +0200 Subject: [PATCH 1/7] feat: add peps to appbackends downstream applications --- src/common/prod/locals.tf | 8 +- .../cgn/_modules/functions_apps/data.tf | 17 ++++ .../functions_apps/function_app_cgn.tf | 44 +++++++++ .../_modules/function_apps/data.tf | 17 ++++ .../function_apps/function_app_eucovidcert.tf | 44 +++++++++ src/domains/messages-app/01_network.tf | 18 ++++ .../messages-app/10_function_messages.tf | 46 ++++++++++ .../messages-app/10_function_messages_xl.tf | 90 +++++++++++++++++++ 8 files changed, 280 insertions(+), 4 deletions(-) diff --git a/src/common/prod/locals.tf b/src/common/prod/locals.tf index 30ecec028..6fffc4e49 100644 --- a/src/common/prod/locals.tf +++ b/src/common/prod/locals.tf @@ -68,14 +68,14 @@ locals { backend_hostnames = { app = [for key, value in data.azurerm_linux_function_app.function_profile : value.default_hostname] - app_messages = [for key, value in data.azurerm_linux_function_app.app_messages : value.default_hostname] + app_messages = [for key, value in data.azurerm_linux_function_app.app_messages : value.default_hostname] # NOPE assets_cdn = data.azurerm_linux_function_app.function_assets_cdn.default_hostname services_app_backend = data.azurerm_linux_function_app.services_app_backend_function_app.default_hostname lollipop = data.azurerm_linux_function_app.lollipop_function.default_hostname - eucovidcert = data.azurerm_linux_function_app.eucovidcert.default_hostname - cgn = data.azurerm_linux_function_app.function_cgn.default_hostname + eucovidcert = data.azurerm_linux_function_app.eucovidcert.default_hostname # NOPE ok + cgn = data.azurerm_linux_function_app.function_cgn.default_hostname # NOPE ok iosign = data.azurerm_linux_function_app.io_sign_user.default_hostname - cgnonboarding = "cgnonboardingportal-p-op.azurewebsites.net" + cgnonboarding = "cgnonboardingportal-p-op.azurewebsites.net" # NOPE trial_system_api = "ts-p-itn-api-func-01.azurewebsites.net" trial_system_apim = data.azurerm_api_management.trial_system.gateway_url iowallet = data.azurerm_linux_function_app.wallet_user.default_hostname diff --git a/src/domains/cgn/_modules/functions_apps/data.tf b/src/domains/cgn/_modules/functions_apps/data.tf index 4cef775f9..a1e509d22 100644 --- a/src/domains/cgn/_modules/functions_apps/data.tf +++ b/src/domains/cgn/_modules/functions_apps/data.tf @@ -27,6 +27,12 @@ data "azurerm_subnet" "snet_backendl2" { resource_group_name = local.resource_group_name_common } +data "azurerm_subnet" "snet_backendl3" { + name = "appbackendl3" + virtual_network_name = local.vnet_name_common + resource_group_name = local.resource_group_name_common +} + data "azurerm_subnet" "snet_backendli" { name = "appbackendli" virtual_network_name = local.vnet_name_common @@ -82,3 +88,14 @@ data "azurerm_monitor_action_group" "error_action_group" { name = "${replace("${var.project}", "-", "")}error" resource_group_name = local.resource_group_name_common } + +data "azurerm_subnet" "private_endpoints_subnet" { + name = "pendpoints" + virtual_network_name = local.vnet_name_common + resource_group_name = local.resource_group_name_common +} + +data "azurerm_private_dns_zone" "function_app" { + name = "privatelink.azurewebsites.net" + resource_group_name = local.resource_group_name_common +} \ No newline at end of file diff --git a/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf b/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf index 39024a609..735275f1d 100644 --- a/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf +++ b/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf @@ -40,6 +40,7 @@ module "function_cgn" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, + data.azurerm_subnet.snet_backendl3.id, data.azurerm_subnet.snet_backendli.id, data.azurerm_subnet.snet_apim_v2.id, ] @@ -89,9 +90,52 @@ module "function_cgn_staging_slot" { data.azurerm_subnet.snet_azdoa.id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, + data.azurerm_subnet.snet_backendl3.id, data.azurerm_subnet.snet_backendli.id, data.azurerm_subnet.snet_apim_v2.id, ] tags = var.tags } + +resource "azurerm_private_endpoint" "function_sites" { + name = "${var.project}-cgn-fn-pep" + location = var.location + resource_group_name = var.resource_group_name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = "${var.project}-cgn-fn-pep" + private_connection_resource_id = module.function_cgn.id + is_manual_connection = false + subresource_names = ["sites"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} + +resource "azurerm_private_endpoint" "staging_function_sites" { + name = "${var.project}-cgn-fn-staging-pep" + location = var.location + resource_group_name = var.resource_group_name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = "${var.project}-cgn-fn-pep" + private_connection_resource_id = module.function_cgn.id + is_manual_connection = false + subresource_names = ["sites-${module.function_cgn_staging_slot.name}"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} \ No newline at end of file diff --git a/src/domains/eucovidcert/_modules/function_apps/data.tf b/src/domains/eucovidcert/_modules/function_apps/data.tf index 2fe0f7f91..7dd57a8de 100644 --- a/src/domains/eucovidcert/_modules/function_apps/data.tf +++ b/src/domains/eucovidcert/_modules/function_apps/data.tf @@ -27,6 +27,12 @@ data "azurerm_subnet" "snet_backendl2" { resource_group_name = local.resource_group_name_common } +data "azurerm_subnet" "snet_backendl2" { + name = "appbackendl3" + virtual_network_name = local.vnet_name_common + resource_group_name = local.resource_group_name_common +} + data "azurerm_subnet" "snet_pblevtdispatcher" { name = "fnpblevtdispatcherout" virtual_network_name = local.vnet_name_common @@ -113,3 +119,14 @@ data "azurerm_monitor_action_group" "error_action_group" { name = "${replace("${var.project}", "-", "")}error" resource_group_name = local.resource_group_name_common } + +data "azurerm_subnet" "private_endpoints_subnet" { + name = "pendpoints" + virtual_network_name = local.vnet_name_common + resource_group_name = local.resource_group_name_common +} + +data "azurerm_private_dns_zone" "function_app" { + name = "privatelink.azurewebsites.net" + resource_group_name = local.resource_group_name_common +} \ No newline at end of file diff --git a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf index d6f0a96b0..7b137066a 100644 --- a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf +++ b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf @@ -38,6 +38,7 @@ module "function_eucovidcert" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, + data.azurerm_subnet.snet_backendl3.id, data.azurerm_subnet.snet_pblevtdispatcher.id, data.azurerm_subnet.snet_apim_v2.id, ] @@ -77,9 +78,52 @@ module "function_eucovidcert_staging_slot" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, + data.azurerm_subnet.snet_backendl3.id, data.azurerm_subnet.snet_pblevtdispatcher.id, data.azurerm_subnet.snet_apim_v2.id, ] tags = var.tags } + +resource "azurerm_private_endpoint" "function_sites" { + name = "${var.project}-eucovidcert-fn-pep" + location = var.location + resource_group_name = var.resource_group_name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = "${var.project}-eucovidcert-fn-pep" + private_connection_resource_id = module.function_eucovidcert.id + is_manual_connection = false + subresource_names = ["sites"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} + +resource "azurerm_private_endpoint" "staging_function_sites" { + name = "${var.project}-eucovidcert-fn-staging-pep" + location = var.location + resource_group_name = var.resource_group_name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = "${var.project}-eucovidcert-fn-pep" + private_connection_resource_id = module.function_eucovidcert.id + is_manual_connection = false + subresource_names = ["sites-${module.function_eucovidcert_staging_slot.name}"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} \ No newline at end of file diff --git a/src/domains/messages-app/01_network.tf b/src/domains/messages-app/01_network.tf index 93bce8f53..537e6d433 100644 --- a/src/domains/messages-app/01_network.tf +++ b/src/domains/messages-app/01_network.tf @@ -64,6 +64,12 @@ data "azurerm_subnet" "app_backendl2_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "app_backendl3_snet" { + name = "appbackendl3" + virtual_network_name = local.vnet_common_name + resource_group_name = local.vnet_common_resource_group_name +} + data "azurerm_subnet" "apim_snet" { name = "apimv2api" virtual_network_name = local.vnet_common_name @@ -86,3 +92,15 @@ data "azurerm_private_dns_zone" "privatelink_servicebus_windows_net" { name = "privatelink.servicebus.windows.net" resource_group_name = format("%s-evt-rg", local.product) } + + +data "azurerm_subnet" "private_endpoints_subnet" { + name = "pendpoints" + virtual_network_name = local.vnet_common_name + resource_group_name = local.vnet_common_resource_group_name +} + +data "azurerm_private_dns_zone" "function_app" { + name = "privatelink.azurewebsites.net" + resource_group_name = local.vnet_common_resource_group_name +} \ No newline at end of file diff --git a/src/domains/messages-app/10_function_messages.tf b/src/domains/messages-app/10_function_messages.tf index bd9681195..c972eb88b 100644 --- a/src/domains/messages-app/10_function_messages.tf +++ b/src/domains/messages-app/10_function_messages.tf @@ -167,6 +167,7 @@ module "app_messages_function" { module.app_messages_snet[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, + data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.apim_snet.id, ] @@ -220,6 +221,7 @@ module "app_messages_function_staging_slot" { module.app_messages_snet[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, + data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.azdoa_snet.id, ] @@ -691,3 +693,47 @@ resource "azurerm_monitor_autoscale_setting" "app_messages_function" { tags = var.tags } + +resource "azurerm_private_endpoint" "function_sites" { + count = var.app_messages_count + name = format("%s-app-messages-fn-pep-%d", local.product, count.index + 1) + location = azurerm_resource_group.app_messages_rg[count.index].location + resource_group_name = azurerm_resource_group.app_messages_rg[count.index].name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = format("%s-app-messages-fn-pep-%d", local.product, count.index + 1) + private_connection_resource_id = module.app_messages_function.id + is_manual_connection = false + subresource_names = ["sites"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} + +resource "azurerm_private_endpoint" "staging_function_sites" { + count = var.app_messages_count + name = format("%s-app-messages-fn-staging-pep-%d", local.product, count.index + 1) + location = azurerm_resource_group.app_messages_rg[count.index].location + resource_group_name = azurerm_resource_group.app_messages_rg[count.index].name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = format("%s-app-messages-fn-staging-pep-%d", local.product, count.index + 1) + private_connection_resource_id = module.app_messages_function.id + is_manual_connection = false + subresource_names = ["sites-${module.app_messages_function_staging_slot.name}"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} \ No newline at end of file diff --git a/src/domains/messages-app/10_function_messages_xl.tf b/src/domains/messages-app/10_function_messages_xl.tf index 7129219a3..15605dece 100644 --- a/src/domains/messages-app/10_function_messages_xl.tf +++ b/src/domains/messages-app/10_function_messages_xl.tf @@ -86,6 +86,7 @@ module "app_messages_function_xl" { module.app_messages_snet_xl[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, + data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.apim_snet.id, ] @@ -145,6 +146,7 @@ module "app_messages_function_staging_slot_xl" { module.app_messages_snet_xl[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, + data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.azdoa_snet.id, data.azurerm_subnet.github_snet.id, ] @@ -623,3 +625,91 @@ resource "azurerm_subnet_nat_gateway_association" "net_gateway_association_subne nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id subnet_id = module.app_messages_snet_xl[count.index].id } + +resource "azurerm_private_endpoint" "function_sites_xl" { + count = var.app_messages_count + name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) + location = azurerm_resource_group.app_messages_rg_xl.location + resource_group_name = azurerm_resource_group.app_messages_rg_xl.name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) + private_connection_resource_id = module.app_messages_function_xl.id + is_manual_connection = false + subresource_names = ["sites"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} + +resource "azurerm_private_endpoint" "staging_function_sites_xl" { + count = var.app_messages_count + name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) + location = azurerm_resource_group.app_messages_rg_xl.location + resource_group_name = azurerm_resource_group.app_messages_rg_xl.name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) + private_connection_resource_id = module.app_messages_function_xl.id + is_manual_connection = false + subresource_names = ["sites-${module.app_messages_function_staging_slot_xl.name}"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} + +resource "azurerm_private_endpoint" "function_sites_xl" { + count = var.app_messages_count + name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) + location = azurerm_resource_group.app_messages_rg_xl.location + resource_group_name = azurerm_resource_group.app_messages_rg_xl.name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) + private_connection_resource_id = module.app_messages_function_xl.id + is_manual_connection = false + subresource_names = ["sites"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} + +resource "azurerm_private_endpoint" "staging_function_sites_xl" { + count = var.app_messages_count + name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) + location = azurerm_resource_group.app_messages_rg_xl.location + resource_group_name = azurerm_resource_group.app_messages_rg_xl.name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) + private_connection_resource_id = module.app_messages_function_xl.id + is_manual_connection = false + subresource_names = ["sites-${module.app_messages_function_staging_slot_xl.name}"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] + } + + tags = var.tags +} \ No newline at end of file From 6e75347664f542a9e53ff0d937601d7a78ad8214 Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Fri, 4 Oct 2024 10:34:09 +0200 Subject: [PATCH 2/7] chore: ran precommit --- src/common/prod/locals.tf | 8 ++++---- src/domains/messages-app/10_function_messages.tf | 2 +- src/domains/messages-app/10_function_messages_xl.tf | 2 +- src/domains/messages-app/README.md | 6 ++++++ 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/common/prod/locals.tf b/src/common/prod/locals.tf index 6fffc4e49..30ecec028 100644 --- a/src/common/prod/locals.tf +++ b/src/common/prod/locals.tf @@ -68,14 +68,14 @@ locals { backend_hostnames = { app = [for key, value in data.azurerm_linux_function_app.function_profile : value.default_hostname] - app_messages = [for key, value in data.azurerm_linux_function_app.app_messages : value.default_hostname] # NOPE + app_messages = [for key, value in data.azurerm_linux_function_app.app_messages : value.default_hostname] assets_cdn = data.azurerm_linux_function_app.function_assets_cdn.default_hostname services_app_backend = data.azurerm_linux_function_app.services_app_backend_function_app.default_hostname lollipop = data.azurerm_linux_function_app.lollipop_function.default_hostname - eucovidcert = data.azurerm_linux_function_app.eucovidcert.default_hostname # NOPE ok - cgn = data.azurerm_linux_function_app.function_cgn.default_hostname # NOPE ok + eucovidcert = data.azurerm_linux_function_app.eucovidcert.default_hostname + cgn = data.azurerm_linux_function_app.function_cgn.default_hostname iosign = data.azurerm_linux_function_app.io_sign_user.default_hostname - cgnonboarding = "cgnonboardingportal-p-op.azurewebsites.net" # NOPE + cgnonboarding = "cgnonboardingportal-p-op.azurewebsites.net" trial_system_api = "ts-p-itn-api-func-01.azurewebsites.net" trial_system_apim = data.azurerm_api_management.trial_system.gateway_url iowallet = data.azurerm_linux_function_app.wallet_user.default_hostname diff --git a/src/domains/messages-app/10_function_messages.tf b/src/domains/messages-app/10_function_messages.tf index c972eb88b..cc35ac0af 100644 --- a/src/domains/messages-app/10_function_messages.tf +++ b/src/domains/messages-app/10_function_messages.tf @@ -717,7 +717,7 @@ resource "azurerm_private_endpoint" "function_sites" { } resource "azurerm_private_endpoint" "staging_function_sites" { - count = var.app_messages_count + count = var.app_messages_count name = format("%s-app-messages-fn-staging-pep-%d", local.product, count.index + 1) location = azurerm_resource_group.app_messages_rg[count.index].location resource_group_name = azurerm_resource_group.app_messages_rg[count.index].name diff --git a/src/domains/messages-app/10_function_messages_xl.tf b/src/domains/messages-app/10_function_messages_xl.tf index 15605dece..f19eea16b 100644 --- a/src/domains/messages-app/10_function_messages_xl.tf +++ b/src/domains/messages-app/10_function_messages_xl.tf @@ -693,7 +693,7 @@ resource "azurerm_private_endpoint" "function_sites_xl" { } resource "azurerm_private_endpoint" "staging_function_sites_xl" { - count = var.app_messages_count + count = var.app_messages_count name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) location = azurerm_resource_group.app_messages_rg_xl.location resource_group_name = azurerm_resource_group.app_messages_rg_xl.name diff --git a/src/domains/messages-app/README.md b/src/domains/messages-app/README.md index fca9e9c70..8369399d6 100644 --- a/src/domains/messages-app/README.md +++ b/src/domains/messages-app/README.md @@ -46,7 +46,11 @@ | [azurerm_monitor_autoscale_setting.push_notif_function](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource | | [azurerm_monitor_metric_alert.tls_cert_check](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource | | [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | +| [azurerm_private_endpoint.function_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.function_sites_xl](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_private_endpoint.services_storage_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.staging_function_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.staging_function_sites_xl](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_resource_group.app_messages_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.app_messages_rg_xl](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.backend_messages_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | @@ -95,6 +99,7 @@ | [azurerm_nat_gateway.nat_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/nat_gateway) | data source | | [azurerm_notification_hub.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/notification_hub) | data source | | [azurerm_notification_hub.common_partition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/notification_hub) | data source | +| [azurerm_private_dns_zone.function_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_documents_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | @@ -111,6 +116,7 @@ | [azurerm_subnet.apim_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.app_backendl3_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.github_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | From a6b3bfc71a1fa0cd370a9c90f4f54b8617c1c970 Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Fri, 4 Oct 2024 10:46:23 +0200 Subject: [PATCH 3/7] fix: data name in eucovidcert --- src/domains/eucovidcert/_modules/function_apps/data.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/domains/eucovidcert/_modules/function_apps/data.tf b/src/domains/eucovidcert/_modules/function_apps/data.tf index 7dd57a8de..1da4a064b 100644 --- a/src/domains/eucovidcert/_modules/function_apps/data.tf +++ b/src/domains/eucovidcert/_modules/function_apps/data.tf @@ -27,7 +27,7 @@ data "azurerm_subnet" "snet_backendl2" { resource_group_name = local.resource_group_name_common } -data "azurerm_subnet" "snet_backendl2" { +data "azurerm_subnet" "snet_backendl3" { name = "appbackendl3" virtual_network_name = local.vnet_name_common resource_group_name = local.resource_group_name_common From 0823707128a5bf84fe1dd218779c5335712bb0ec Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Fri, 4 Oct 2024 11:20:55 +0200 Subject: [PATCH 4/7] fix: remove peps for safer intervention --- .../functions_apps/function_app_cgn.tf | 4 +- src/domains/cgn/prod/locals.tf | 2 +- .../function_apps/function_app_eucovidcert.tf | 42 --------- .../messages-app/10_function_messages.tf | 44 ---------- .../messages-app/10_function_messages_xl.tf | 88 ------------------- 5 files changed, 3 insertions(+), 177 deletions(-) diff --git a/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf b/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf index 735275f1d..0fe525f58 100644 --- a/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf +++ b/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf @@ -40,9 +40,9 @@ module "function_cgn" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, - data.azurerm_subnet.snet_backendl3.id, data.azurerm_subnet.snet_backendli.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id ] sticky_app_setting_names = [ @@ -90,9 +90,9 @@ module "function_cgn_staging_slot" { data.azurerm_subnet.snet_azdoa.id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, - data.azurerm_subnet.snet_backendl3.id, data.azurerm_subnet.snet_backendli.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id, ] tags = var.tags diff --git a/src/domains/cgn/prod/locals.tf b/src/domains/cgn/prod/locals.tf index f0b60b087..68428aadb 100644 --- a/src/domains/cgn/prod/locals.tf +++ b/src/domains/cgn/prod/locals.tf @@ -4,7 +4,7 @@ locals { project = "${local.prefix}-${local.env_short}" location = "westeurope" - secondary_location = "northeurope" + secondary_location = "italynorth" tags = { CostCenter = "TS310 - PAGAMENTI & SERVIZI" diff --git a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf index 7b137066a..d3dfb130b 100644 --- a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf +++ b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf @@ -85,45 +85,3 @@ module "function_eucovidcert_staging_slot" { tags = var.tags } - -resource "azurerm_private_endpoint" "function_sites" { - name = "${var.project}-eucovidcert-fn-pep" - location = var.location - resource_group_name = var.resource_group_name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = "${var.project}-eucovidcert-fn-pep" - private_connection_resource_id = module.function_eucovidcert.id - is_manual_connection = false - subresource_names = ["sites"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags -} - -resource "azurerm_private_endpoint" "staging_function_sites" { - name = "${var.project}-eucovidcert-fn-staging-pep" - location = var.location - resource_group_name = var.resource_group_name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = "${var.project}-eucovidcert-fn-pep" - private_connection_resource_id = module.function_eucovidcert.id - is_manual_connection = false - subresource_names = ["sites-${module.function_eucovidcert_staging_slot.name}"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags -} \ No newline at end of file diff --git a/src/domains/messages-app/10_function_messages.tf b/src/domains/messages-app/10_function_messages.tf index cc35ac0af..ef819817b 100644 --- a/src/domains/messages-app/10_function_messages.tf +++ b/src/domains/messages-app/10_function_messages.tf @@ -693,47 +693,3 @@ resource "azurerm_monitor_autoscale_setting" "app_messages_function" { tags = var.tags } - -resource "azurerm_private_endpoint" "function_sites" { - count = var.app_messages_count - name = format("%s-app-messages-fn-pep-%d", local.product, count.index + 1) - location = azurerm_resource_group.app_messages_rg[count.index].location - resource_group_name = azurerm_resource_group.app_messages_rg[count.index].name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = format("%s-app-messages-fn-pep-%d", local.product, count.index + 1) - private_connection_resource_id = module.app_messages_function.id - is_manual_connection = false - subresource_names = ["sites"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags -} - -resource "azurerm_private_endpoint" "staging_function_sites" { - count = var.app_messages_count - name = format("%s-app-messages-fn-staging-pep-%d", local.product, count.index + 1) - location = azurerm_resource_group.app_messages_rg[count.index].location - resource_group_name = azurerm_resource_group.app_messages_rg[count.index].name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = format("%s-app-messages-fn-staging-pep-%d", local.product, count.index + 1) - private_connection_resource_id = module.app_messages_function.id - is_manual_connection = false - subresource_names = ["sites-${module.app_messages_function_staging_slot.name}"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags -} \ No newline at end of file diff --git a/src/domains/messages-app/10_function_messages_xl.tf b/src/domains/messages-app/10_function_messages_xl.tf index f19eea16b..bf82b9ec0 100644 --- a/src/domains/messages-app/10_function_messages_xl.tf +++ b/src/domains/messages-app/10_function_messages_xl.tf @@ -624,92 +624,4 @@ resource "azurerm_subnet_nat_gateway_association" "net_gateway_association_subne count = var.app_messages_count nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id subnet_id = module.app_messages_snet_xl[count.index].id -} - -resource "azurerm_private_endpoint" "function_sites_xl" { - count = var.app_messages_count - name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) - location = azurerm_resource_group.app_messages_rg_xl.location - resource_group_name = azurerm_resource_group.app_messages_rg_xl.name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) - private_connection_resource_id = module.app_messages_function_xl.id - is_manual_connection = false - subresource_names = ["sites"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags -} - -resource "azurerm_private_endpoint" "staging_function_sites_xl" { - count = var.app_messages_count - name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) - location = azurerm_resource_group.app_messages_rg_xl.location - resource_group_name = azurerm_resource_group.app_messages_rg_xl.name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) - private_connection_resource_id = module.app_messages_function_xl.id - is_manual_connection = false - subresource_names = ["sites-${module.app_messages_function_staging_slot_xl.name}"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags -} - -resource "azurerm_private_endpoint" "function_sites_xl" { - count = var.app_messages_count - name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) - location = azurerm_resource_group.app_messages_rg_xl.location - resource_group_name = azurerm_resource_group.app_messages_rg_xl.name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = format("%s-weu-com-citizen-func-pep-0%d", local.product, count.index + 1) - private_connection_resource_id = module.app_messages_function_xl.id - is_manual_connection = false - subresource_names = ["sites"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags -} - -resource "azurerm_private_endpoint" "staging_function_sites_xl" { - count = var.app_messages_count - name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) - location = azurerm_resource_group.app_messages_rg_xl.location - resource_group_name = azurerm_resource_group.app_messages_rg_xl.name - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - - private_service_connection { - name = format("%s-weu-com-citizen-func-staging-pep-0%d", local.product, count.index + 1) - private_connection_resource_id = module.app_messages_function_xl.id - is_manual_connection = false - subresource_names = ["sites-${module.app_messages_function_staging_slot_xl.name}"] - } - - private_dns_zone_group { - name = "private-dns-zone-group" - private_dns_zone_ids = [data.azurerm_private_dns_zone.function_app.id] - } - - tags = var.tags } \ No newline at end of file From a079b1f7360f8401be72e9ca3e9f2f90c7893d3b Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Fri, 4 Oct 2024 11:34:40 +0200 Subject: [PATCH 5/7] fix: removed peps --- .../eucovidcert/_modules/function_apps/data.tf | 17 ----------------- .../function_apps/function_app_eucovidcert.tf | 6 ++---- src/domains/messages-app/01_network.tf | 12 ------------ 3 files changed, 2 insertions(+), 33 deletions(-) diff --git a/src/domains/eucovidcert/_modules/function_apps/data.tf b/src/domains/eucovidcert/_modules/function_apps/data.tf index 1da4a064b..e0cc679ce 100644 --- a/src/domains/eucovidcert/_modules/function_apps/data.tf +++ b/src/domains/eucovidcert/_modules/function_apps/data.tf @@ -33,12 +33,6 @@ data "azurerm_subnet" "snet_backendl3" { resource_group_name = local.resource_group_name_common } -data "azurerm_subnet" "snet_pblevtdispatcher" { - name = "fnpblevtdispatcherout" - virtual_network_name = local.vnet_name_common - resource_group_name = local.resource_group_name_common -} - data "azurerm_linux_function_app" "function_services" { count = 2 name = "${var.project}-services-fn-${count.index + 1}" @@ -118,15 +112,4 @@ data "azurerm_key_vault_secret" "fn_eucovidcert_FNSERVICES_API_KEY" { data "azurerm_monitor_action_group" "error_action_group" { name = "${replace("${var.project}", "-", "")}error" resource_group_name = local.resource_group_name_common -} - -data "azurerm_subnet" "private_endpoints_subnet" { - name = "pendpoints" - virtual_network_name = local.vnet_name_common - resource_group_name = local.resource_group_name_common -} - -data "azurerm_private_dns_zone" "function_app" { - name = "privatelink.azurewebsites.net" - resource_group_name = local.resource_group_name_common } \ No newline at end of file diff --git a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf index d3dfb130b..e717bed04 100644 --- a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf +++ b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf @@ -38,9 +38,8 @@ module "function_eucovidcert" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, - data.azurerm_subnet.snet_backendl3.id, - data.azurerm_subnet.snet_pblevtdispatcher.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id ] tags = var.tags @@ -78,9 +77,8 @@ module "function_eucovidcert_staging_slot" { var.subnet_id, data.azurerm_subnet.snet_backendl1.id, data.azurerm_subnet.snet_backendl2.id, - data.azurerm_subnet.snet_backendl3.id, - data.azurerm_subnet.snet_pblevtdispatcher.id, data.azurerm_subnet.snet_apim_v2.id, + data.azurerm_subnet.snet_backendl3.id ] tags = var.tags diff --git a/src/domains/messages-app/01_network.tf b/src/domains/messages-app/01_network.tf index 537e6d433..5497bb69f 100644 --- a/src/domains/messages-app/01_network.tf +++ b/src/domains/messages-app/01_network.tf @@ -92,15 +92,3 @@ data "azurerm_private_dns_zone" "privatelink_servicebus_windows_net" { name = "privatelink.servicebus.windows.net" resource_group_name = format("%s-evt-rg", local.product) } - - -data "azurerm_subnet" "private_endpoints_subnet" { - name = "pendpoints" - virtual_network_name = local.vnet_common_name - resource_group_name = local.vnet_common_resource_group_name -} - -data "azurerm_private_dns_zone" "function_app" { - name = "privatelink.azurewebsites.net" - resource_group_name = local.vnet_common_resource_group_name -} \ No newline at end of file From 5ae6b3fb5ce5c8235d2dc5f1ee0cd7592ae07591 Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Fri, 4 Oct 2024 11:40:36 +0200 Subject: [PATCH 6/7] fix: move appbel3 to latest --- src/domains/messages-app/10_function_messages.tf | 4 ++-- src/domains/messages-app/10_function_messages_xl.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/domains/messages-app/10_function_messages.tf b/src/domains/messages-app/10_function_messages.tf index ef819817b..bfcfb0581 100644 --- a/src/domains/messages-app/10_function_messages.tf +++ b/src/domains/messages-app/10_function_messages.tf @@ -167,8 +167,8 @@ module "app_messages_function" { module.app_messages_snet[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, - data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.apim_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( @@ -221,8 +221,8 @@ module "app_messages_function_staging_slot" { module.app_messages_snet[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, - data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.azdoa_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( diff --git a/src/domains/messages-app/10_function_messages_xl.tf b/src/domains/messages-app/10_function_messages_xl.tf index bf82b9ec0..7b15a5d3f 100644 --- a/src/domains/messages-app/10_function_messages_xl.tf +++ b/src/domains/messages-app/10_function_messages_xl.tf @@ -86,8 +86,8 @@ module "app_messages_function_xl" { module.app_messages_snet_xl[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, - data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.apim_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( @@ -146,9 +146,9 @@ module "app_messages_function_staging_slot_xl" { module.app_messages_snet_xl[count.index].id, data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, - data.azurerm_subnet.app_backendl3_snet.id, data.azurerm_subnet.azdoa_snet.id, data.azurerm_subnet.github_snet.id, + data.azurerm_subnet.app_backendl3_snet.id ] allowed_ips = concat( From e9a49ca1b7368d6b617c5dfb13ba8f7265b99a0c Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Fri, 4 Oct 2024 11:47:37 +0200 Subject: [PATCH 7/7] docs: ran pre-commit --- src/domains/messages-app/README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/domains/messages-app/README.md b/src/domains/messages-app/README.md index 8369399d6..2a33730e0 100644 --- a/src/domains/messages-app/README.md +++ b/src/domains/messages-app/README.md @@ -46,11 +46,7 @@ | [azurerm_monitor_autoscale_setting.push_notif_function](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource | | [azurerm_monitor_metric_alert.tls_cert_check](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource | | [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | -| [azurerm_private_endpoint.function_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | -| [azurerm_private_endpoint.function_sites_xl](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_private_endpoint.services_storage_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | -| [azurerm_private_endpoint.staging_function_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | -| [azurerm_private_endpoint.staging_function_sites_xl](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_resource_group.app_messages_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.app_messages_rg_xl](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.backend_messages_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | @@ -99,7 +95,6 @@ | [azurerm_nat_gateway.nat_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/nat_gateway) | data source | | [azurerm_notification_hub.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/notification_hub) | data source | | [azurerm_notification_hub.common_partition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/notification_hub) | data source | -| [azurerm_private_dns_zone.function_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_documents_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |