From 1b269d6e874ac12430defa76d37f3660cb0a8fd3 Mon Sep 17 00:00:00 2001 From: Andrea Grillo Date: Thu, 28 Mar 2024 13:19:04 +0100 Subject: [PATCH] [EC-232] Remove all FIMS resources (#905) --- src/core/99_variables.tf | 5 - src/core/README.md | 1 - src/core/env/prod/terraform.tfvars | 1 - src/domains/citizen-auth-app/04_fims.tf | 285 ------------------ src/domains/citizen-auth-app/99_variables.tf | 42 --- src/domains/citizen-auth-app/README.md | 17 -- .../env/weu-beta/terraform.tfvars | 1 - .../env/weu-prod01/terraform.tfvars | 10 - src/domains/citizen-auth-common/03_apim_v2.tf | 98 ------ .../citizen-auth-common/05_database.tf | 191 ------------ .../citizen-auth-common/99_variables.tf | 14 - src/domains/citizen-auth-common/README.md | 13 - .../env/prod/terraform.tfvars | 36 +-- 13 files changed, 8 insertions(+), 706 deletions(-) delete mode 100644 src/domains/citizen-auth-app/04_fims.tf diff --git a/src/core/99_variables.tf b/src/core/99_variables.tf index ebc032e02..bc3cb31b6 100644 --- a/src/core/99_variables.tf +++ b/src/core/99_variables.tf @@ -337,11 +337,6 @@ variable "cidr_subnet_fnfastlogin" { description = "Function Fast Login address space." } -variable "cidr_subnet_fims" { - type = list(string) - description = "FIMS app service address space." -} - ## REDIS COMMON ## variable "redis_common" { type = object({ diff --git a/src/core/README.md b/src/core/README.md index 65a88fd09..4658a54d6 100644 --- a/src/core/README.md +++ b/src/core/README.md @@ -536,7 +536,6 @@ | [cidr\_subnet\_devportalservicedata\_db\_server](#input\_cidr\_subnet\_devportalservicedata\_db\_server) | Space address for DevPortal Service Data PostgresSQL | `list(string)` | n/a | yes | | [cidr\_subnet\_dnsforwarder](#input\_cidr\_subnet\_dnsforwarder) | DNS Forwarder network address space. | `list(string)` | n/a | yes | | [cidr\_subnet\_eventhub](#input\_cidr\_subnet\_eventhub) | Eventhub network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_fims](#input\_cidr\_subnet\_fims) | FIMS app service address space. | `list(string)` | n/a | yes | | [cidr\_subnet\_fnadmin](#input\_cidr\_subnet\_fnadmin) | Function Admin address space. | `list(string)` | n/a | yes | | [cidr\_subnet\_fncdnassets](#input\_cidr\_subnet\_fncdnassets) | Fn assets address space. | `list(string)` | n/a | yes | | [cidr\_subnet\_fnelt](#input\_cidr\_subnet\_fnelt) | function-elt network address space. | `list(string)` | n/a | yes | diff --git a/src/core/env/prod/terraform.tfvars b/src/core/env/prod/terraform.tfvars index 87c8bdc45..b8316f1d5 100644 --- a/src/core/env/prod/terraform.tfvars +++ b/src/core/env/prod/terraform.tfvars @@ -44,7 +44,6 @@ cidr_subnet_shared_1 = ["10.0.16.0/26"] cidr_subnet_fnlollipop = ["10.0.17.0/26"] cidr_subnet_continua = ["10.0.17.64/26"] cidr_subnet_fnfastlogin = ["10.0.17.128/26"] -cidr_subnet_fims = ["10.0.18.0/26"] cidr_subnet_apim = ["10.0.101.0/24"] cidr_subnet_apim_v2 = ["10.0.100.0/24"] cidr_subnet_fnmessagescqrs = ["10.0.129.0/24"] diff --git a/src/domains/citizen-auth-app/04_fims.tf b/src/domains/citizen-auth-app/04_fims.tf deleted file mode 100644 index f5174fa0f..000000000 --- a/src/domains/citizen-auth-app/04_fims.tf +++ /dev/null @@ -1,285 +0,0 @@ -resource "azurerm_resource_group" "fims_rg" { - count = var.fims_enabled ? 1 : 0 - name = format("%s-fims-rg", local.common_project) - location = var.location - tags = var.tags -} - -data "azurerm_cosmosdb_account" "cosmos_fims" { - name = "io-p-citizen-auth-fims-account" - resource_group_name = "io-p-citizen-auth-data-rg" -} - -data "azurerm_key_vault_secret" "jwk_primary_key_fims" { - name = "io-p-fims-jwk-primary-key" - key_vault_id = data.azurerm_key_vault.kv.id -} -data "azurerm_key_vault_secret" "cookies_key_fims" { - name = "io-p-fims-cookies-key" - key_vault_id = data.azurerm_key_vault.kv.id -} - -locals { - fims = { - app_command_line = "npm run start" - - app_settings_common = { - # No downtime on slots swap - WEBSITE_ADD_SITENAME_BINDINGS_IN_APPHOST_CONFIG = "1" - WEBSITE_RUN_FROM_PACKAGE = "1" - WEBSITE_DNS_SERVER = "168.63.129.16" - WEBSITE_HEALTHCHECK_MAXPINGFAILURES = "3" - PORT = "3000" - JWK_PRIMARY = data.azurerm_key_vault_secret.jwk_primary_key_fims.value - - APPINSIGHTS_INSTRUMENTATIONKEY = data.azurerm_application_insights.application_insights.instrumentation_key - - // ENVIRONMENT - NODE_ENV = "production" - - FETCH_KEEPALIVE_ENABLED = "true" - // see https://github.com/MicrosoftDocs/azure-docs/issues/29600#issuecomment-607990556 - // and https://docs.microsoft.com/it-it/azure/app-service/app-service-web-nodejs-best-practices-and-troubleshoot-guide#scenarios-and-recommendationstroubleshooting - // FETCH_KEEPALIVE_SOCKET_ACTIVE_TTL should not exceed 120000 (app service socket timeout) - FETCH_KEEPALIVE_SOCKET_ACTIVE_TTL = "110000" - // (FETCH_KEEPALIVE_MAX_SOCKETS * number_of_node_processes) should not exceed 160 (max sockets per VM) - FETCH_KEEPALIVE_MAX_SOCKETS = "128" - FETCH_KEEPALIVE_MAX_FREE_SOCKETS = "10" - FETCH_KEEPALIVE_FREE_SOCKET_TIMEOUT = "30000" - FETCH_KEEPALIVE_TIMEOUT = "60000" - - EXPRESS_SERVER_HOSTNAME = "0.0.0.0" - LOG_LEVEL = "debug" - APPLICATION_NAME = "io-openid-provider" - IO_BACKEND_BASE_URL = "https://api-app.io.pagopa.it" - VERSION = "0.0.1" - COSMOSDB_NAME = "fims" - COSMOSDB_URI = data.azurerm_cosmosdb_account.cosmos_fims.endpoint - COSMOSDB_KEY = data.azurerm_cosmosdb_account.cosmos_fims.primary_key - COSMOSDB_CONNECTION_STRING = format("AccountEndpoint=%s;AccountKey=%s;", data.azurerm_cosmosdb_account.cosmos_fims.endpoint, data.azurerm_cosmosdb_account.cosmos_fims.primary_key) - AUTHENTICATION_COOKIE_KEY = "X-IO-FIMS-Token" - GRANT_TTL_IN_SECONDS = "86400" - ISSUER = "https://io-p-citizen-auth-weu-prod01-app-fims.azurewebsites.net" - COOKIES_KEY = data.azurerm_key_vault_secret.cookies_key_fims.value - ENABLE_FEATURE_REMEMBER_GRANT = "true", - APPINSIGHTS_SAMPLING_PERCENTAGE = 100, - DEFAULT_REQUEST_TIMEOUT_MS = 10000, - ENABLE_PROXY = "true" - } - } -} - -data "azurerm_nat_gateway" "nat_gateway" { - name = "io-p-natgw" - resource_group_name = "io-p-rg-common" -} - -module "fims_snet" { - count = var.fims_enabled ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v4.1.15" - name = "fims" - address_prefixes = var.cidr_subnet_fims - resource_group_name = data.azurerm_virtual_network.vnet_common.resource_group_name - virtual_network_name = data.azurerm_virtual_network.vnet_common.name - private_endpoint_network_policies_enabled = true - - service_endpoints = [ - "Microsoft.Web", - ] - - delegation = { - name = "default" - service_delegation = { - name = "Microsoft.Web/serverFarms" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] - } - } -} - -resource "azurerm_subnet_nat_gateway_association" "fims_snet" { - count = var.fims_enabled ? 1 : 0 - nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id - subnet_id = module.fims_snet[0].id -} - -module "appservice_fims" { - count = var.fims_enabled ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15" - - # App service plan - plan_type = "internal" - plan_name = format("%s-plan-fims", local.project) - plan_reserved = true # Mandatory for Linux plan - plan_kind = "Linux" - plan_sku_tier = var.fims_plan_sku_tier - plan_sku_size = var.fims_plan_sku_size - - # App service - name = format("%s-app-fims", local.project) - resource_group_name = azurerm_resource_group.fims_rg[0].name - location = azurerm_resource_group.fims_rg[0].location - - always_on = true - linux_fx_version = "NODE|18-lts" - app_command_line = local.fims.app_command_line - health_check_path = "/info" - - app_settings = local.fims.app_settings_common - - allowed_subnets = [ - data.azurerm_subnet.appgateway_snet.id, - data.azurerm_subnet.apim_v2_snet.id, - ] - - allowed_ips = concat( - [], - ) - - subnet_id = module.fims_snet[0].id - vnet_integration = true - - tags = var.tags -} - -module "appservice_fims_slot_staging" { - count = var.fims_enabled ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot?ref=v4.1.15" - - # App service plan - app_service_plan_id = module.appservice_fims[0].plan_id - app_service_id = module.appservice_fims[0].id - app_service_name = module.appservice_fims[0].name - - # App service - name = "staging" - resource_group_name = azurerm_resource_group.fims_rg[0].name - location = azurerm_resource_group.fims_rg[0].location - - always_on = true - linux_fx_version = "NODE|18-lts" - app_command_line = local.fims.app_command_line - health_check_path = "/info" - - app_settings = local.fims.app_settings_common - - allowed_subnets = [ - data.azurerm_subnet.azdoa_snet[0].id, - data.azurerm_subnet.appgateway_snet.id, - data.azurerm_subnet.apim_v2_snet.id, - ] - - allowed_ips = concat( - [], - ) - - subnet_id = module.fims_snet[0].id - vnet_integration = true - - tags = var.tags -} - -resource "azurerm_monitor_autoscale_setting" "appservice_fims" { - count = var.fims_enabled ? 1 : 0 - name = format("%s-autoscale", module.appservice_fims[0].name) - resource_group_name = azurerm_resource_group.fims_rg[0].name - location = azurerm_resource_group.fims_rg[0].location - target_resource_id = module.appservice_fims[0].plan_id - - profile { - name = "default" - - capacity { - default = var.fims_autoscale_default - minimum = var.fims_autoscale_minimum - maximum = var.fims_autoscale_maximum - } - - rule { - metric_trigger { - metric_name = "Requests" - metric_resource_id = module.appservice_fims[0].id - metric_namespace = "microsoft.web/sites" - time_grain = "PT1M" - statistic = "Average" - time_window = "PT5M" - time_aggregation = "Average" - operator = "GreaterThan" - threshold = 4000 - divide_by_instance_count = false - } - - scale_action { - direction = "Increase" - type = "ChangeCount" - value = "2" - cooldown = "PT5M" - } - } - - rule { - metric_trigger { - metric_name = "CpuPercentage" - metric_resource_id = module.appservice_fims[0].plan_id - metric_namespace = "microsoft.web/serverfarms" - time_grain = "PT1M" - statistic = "Average" - time_window = "PT5M" - time_aggregation = "Average" - operator = "GreaterThan" - threshold = 50 - divide_by_instance_count = false - } - - scale_action { - direction = "Increase" - type = "ChangeCount" - value = "2" - cooldown = "PT5M" - } - } - - rule { - metric_trigger { - metric_name = "Requests" - metric_resource_id = module.appservice_fims[0].id - metric_namespace = "microsoft.web/sites" - time_grain = "PT1M" - statistic = "Average" - time_window = "PT5M" - time_aggregation = "Average" - operator = "LessThan" - threshold = 1000 - divide_by_instance_count = false - } - - scale_action { - direction = "Decrease" - type = "ChangeCount" - value = "1" - cooldown = "PT1H" - } - } - - rule { - metric_trigger { - metric_name = "CpuPercentage" - metric_resource_id = module.appservice_fims[0].plan_id - metric_namespace = "microsoft.web/serverfarms" - time_grain = "PT1M" - statistic = "Average" - time_window = "PT5M" - time_aggregation = "Average" - operator = "LessThan" - threshold = 10 - divide_by_instance_count = false - } - - scale_action { - direction = "Decrease" - type = "ChangeCount" - value = "1" - cooldown = "PT1H" - } - } - } -} diff --git a/src/domains/citizen-auth-app/99_variables.tf b/src/domains/citizen-auth-app/99_variables.tf index 5a634afc3..16721f0cc 100644 --- a/src/domains/citizen-auth-app/99_variables.tf +++ b/src/domains/citizen-auth-app/99_variables.tf @@ -79,12 +79,6 @@ variable "fastlogin_enabled" { description = "Fast login LC creation flag" } -variable "fims_enabled" { - type = bool - default = false - description = "FIMS creation flag" -} - ### External resources variable "monitor_resource_group_name" { @@ -223,39 +217,3 @@ variable "function_fastlogin_autoscale_default" { default = 1 } -# FIMS App Service -variable "cidr_subnet_fims" { - type = list(string) - description = "App service FIMS address space." -} - - -variable "fims_plan_sku_tier" { - type = string - description = "App service plan sku tier" - default = null -} - -variable "fims_plan_sku_size" { - type = string - description = "App service plan sku size" - default = null -} - -variable "fims_autoscale_minimum" { - type = number - description = "The minimum number of instances for this resource." - default = 1 -} - -variable "fims_autoscale_maximum" { - type = number - description = "The maximum number of instances for this resource." - default = 3 -} - -variable "fims_autoscale_default" { - type = number - description = "The number of instances that are available for scaling if metrics are not available for evaluation." - default = 1 -} diff --git a/src/domains/citizen-auth-app/README.md b/src/domains/citizen-auth-app/README.md index 85616a1d5..66ae4ac99 100644 --- a/src/domains/citizen-auth-app/README.md +++ b/src/domains/citizen-auth-app/README.md @@ -14,10 +14,7 @@ | Name | Source | Version | |------|--------|---------| -| [appservice\_fims](#module\_appservice\_fims) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v4.1.15 | -| [appservice\_fims\_slot\_staging](#module\_appservice\_fims\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v4.1.15 | | [fast\_login\_snet](#module\_fast\_login\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.19.1 | -| [fims\_snet](#module\_fims\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.15 | | [function\_fast\_login](#module\_function\_fast\_login) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app | v6.19.1 | | [function\_fast\_login\_staging\_slot](#module\_function\_fast\_login\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v6.19.1 | | [function\_lollipop](#module\_function\_lollipop) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app | v5.2.0 | @@ -28,15 +25,12 @@ | Name | Type | |------|------| -| [azurerm_monitor_autoscale_setting.appservice_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource | | [azurerm_monitor_autoscale_setting.function_fast_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource | | [azurerm_monitor_autoscale_setting.function_lollipop](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource | | [azurerm_monitor_scheduled_query_rules_alert_v2.alert_function_lollipop_HandlePubKeyRevoke_failure](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert_v2) | resource | | [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | | [azurerm_resource_group.fast_login_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.fims_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.lollipop_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_subnet_nat_gateway_association.fims_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource | | [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | | [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | | [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | @@ -45,21 +39,17 @@ | [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | | [azurerm_cosmosdb_account.cosmos_citizen_auth](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source | -| [azurerm_cosmosdb_account.cosmos_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source | | [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault.kv_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault_certificate_data.lollipop_certificate_v1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate_data) | data source | | [azurerm_key_vault_secret.backendli_api_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.cookies_key_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.fast_login_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.first_lollipop_consumer_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.jwk_primary_key_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.quarantine_error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_nat_gateway.nat_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/nat_gateway) | data source | | [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_documents_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | @@ -88,7 +78,6 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [application\_insights\_name](#input\_application\_insights\_name) | Specifies the name of the Application Insights. | `string` | n/a | yes | -| [cidr\_subnet\_fims](#input\_cidr\_subnet\_fims) | App service FIMS address space. | `list(string)` | n/a | yes | | [cidr\_subnet\_fnfastlogin](#input\_cidr\_subnet\_fnfastlogin) | Function Lollipop address space. | `list(string)` | n/a | yes | | [cidr\_subnet\_fnlollipop](#input\_cidr\_subnet\_fnlollipop) | Function Lollipop address space. | `list(string)` | n/a | yes | | [domain](#input\_domain) | n/a | `string` | n/a | yes | @@ -96,12 +85,6 @@ | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | | [fastlogin\_enabled](#input\_fastlogin\_enabled) | Fast login LC creation flag | `bool` | `false` | no | -| [fims\_autoscale\_default](#input\_fims\_autoscale\_default) | The number of instances that are available for scaling if metrics are not available for evaluation. | `number` | `1` | no | -| [fims\_autoscale\_maximum](#input\_fims\_autoscale\_maximum) | The maximum number of instances for this resource. | `number` | `3` | no | -| [fims\_autoscale\_minimum](#input\_fims\_autoscale\_minimum) | The minimum number of instances for this resource. | `number` | `1` | no | -| [fims\_enabled](#input\_fims\_enabled) | FIMS creation flag | `bool` | `false` | no | -| [fims\_plan\_sku\_size](#input\_fims\_plan\_sku\_size) | App service plan sku size | `string` | `null` | no | -| [fims\_plan\_sku\_tier](#input\_fims\_plan\_sku\_tier) | App service plan sku tier | `string` | `null` | no | | [function\_fastlogin\_autoscale\_default](#input\_function\_fastlogin\_autoscale\_default) | The number of instances that are available for scaling if metrics are not available for evaluation. | `number` | `1` | no | | [function\_fastlogin\_autoscale\_maximum](#input\_function\_fastlogin\_autoscale\_maximum) | The maximum number of instances for this resource. | `number` | `3` | no | | [function\_fastlogin\_autoscale\_minimum](#input\_function\_fastlogin\_autoscale\_minimum) | The minimum number of instances for this resource. | `number` | `1` | no | diff --git a/src/domains/citizen-auth-app/env/weu-beta/terraform.tfvars b/src/domains/citizen-auth-app/env/weu-beta/terraform.tfvars index 704802bd1..96bb25306 100644 --- a/src/domains/citizen-auth-app/env/weu-beta/terraform.tfvars +++ b/src/domains/citizen-auth-app/env/weu-beta/terraform.tfvars @@ -44,4 +44,3 @@ tls_cert_check_helm = { ingress_load_balancer_ip = "10.10.0.254" cidr_subnet_fnlollipop = ["127.0.0.1/32"] cidr_subnet_fnfastlogin = ["127.0.0.2/32"] -cidr_subnet_fims = ["127.0.0.3/32"] diff --git a/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars b/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars index e309d7a08..5c51557fd 100644 --- a/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars +++ b/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars @@ -8,7 +8,6 @@ location_string = "West Europe" instance = "prod01" lollipop_enabled = true fastlogin_enabled = true -fims_enabled = true tags = { CreatedBy = "Terraform" @@ -62,12 +61,3 @@ function_fastlogin_sku_size = "P1v3" function_fastlogin_autoscale_minimum = 2 function_fastlogin_autoscale_maximum = 20 function_fastlogin_autoscale_default = 10 - -# FIMS App Service -cidr_subnet_fims = ["10.0.18.0/26"] -fims_plan_sku_tier = "PremiumV3" -fims_plan_sku_size = "P1v3" -fims_autoscale_minimum = 1 -fims_autoscale_maximum = 3 -fims_autoscale_default = 1 - diff --git a/src/domains/citizen-auth-common/03_apim_v2.tf b/src/domains/citizen-auth-common/03_apim_v2.tf index 21078150f..d1ba9badb 100644 --- a/src/domains/citizen-auth-common/03_apim_v2.tf +++ b/src/domains/citizen-auth-common/03_apim_v2.tf @@ -137,104 +137,6 @@ resource "azurerm_key_vault_secret" "fast_login_subscription_key_v2" { key_vault_id = module.key_vault.id } -#################################################################################### -# FIMS admin API -#################################################################################### - -data "azurerm_linux_web_app" "appservice_fims" { - name = "${local.product}-${var.domain}-${var.location_short}-${var.fims_app_instance}-app-fims" - resource_group_name = "${local.common_project}-fims-rg" -} - -module "apim_product_fims_admin" { - source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.62.0" - - product_id = "fims-admin-api" - api_management_name = data.azurerm_api_management.apim_v2_api.name - resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name - display_name = "FIMS ADMIN API" - description = "ADMIN API for FIMS openid provider." - subscription_required = true - approval_required = false - published = true - - policy_xml = file("./api_product/fims/_base_policy.xml") -} - -module "api_fims_admin" { - source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.62.0" - - name = "fims-admin-api" - api_management_name = data.azurerm_api_management.apim_v2_api.name - resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name - revision = "1" - display_name = "FIMS ADMIN API" - description = "ADMIN API for FIMS." - - path = "fims/admin" - protocols = ["https"] - product_ids = [module.apim_product_fims_admin.product_id] - - service_url = format("https://%s", data.azurerm_linux_web_app.appservice_fims.default_hostname) - - subscription_required = true - - content_format = "swagger-json" - content_value = templatefile("./api/fims/admin/_swagger.json.tpl", - { - host = "api-app.internal.io.pagopa.it" - } - ) - - xml_content = file("./api/fims/admin/policy.xml") -} - -#################################################################################### -# FIMS public API -#################################################################################### -module "apim_product_fims_public" { - source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.62.0" - - product_id = "fims-public-api" - api_management_name = data.azurerm_api_management.apim_v2_api.name - resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name - display_name = "FIMS PUBLIC API" - description = "PUBLIC API for FIMS openid provider." - subscription_required = false - approval_required = false - published = true - - policy_xml = file("./api_product/fims/_base_policy.xml") -} - -module "api_fims_public" { - source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.62.0" - - name = "fims-public-api" - api_management_name = data.azurerm_api_management.apim_v2_api.name - resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name - revision = "1" - display_name = "FIMS PUBLIC API" - description = "PUBLIC API for FIMS." - - path = "fims" - protocols = ["https"] - product_ids = [module.apim_product_fims_public.product_id] - - service_url = format("https://%s", data.azurerm_linux_web_app.appservice_fims.default_hostname) - - subscription_required = false - - content_format = "swagger-json" - content_value = templatefile("./api/fims/public/_swagger.json.tpl", - { - host = "api-app.internal.io.pagopa.it" - } - ) - - xml_content = file("./api/fims/public/policy.xml") -} - #################################################################################### # Fast-Login Operation's API #################################################################################### diff --git a/src/domains/citizen-auth-common/05_database.tf b/src/domains/citizen-auth-common/05_database.tf index 86e90e097..6ad929e0c 100644 --- a/src/domains/citizen-auth-common/05_database.tf +++ b/src/domains/citizen-auth-common/05_database.tf @@ -123,194 +123,3 @@ resource "azurerm_monitor_metric_alert" "cosmosdb_account_normalized_RU_consumpt tags = var.tags } - -############################ -# FIMS COSMOS -############################ -module "cosmosdb_account_fims" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account?ref=v7.62.0" - - name = "${local.product}-${var.domain}-fims-account" - domain = upper(var.domain) - location = azurerm_resource_group.data_rg.location - resource_group_name = azurerm_resource_group.data_rg.name - offer_type = "Standard" - enable_free_tier = false - kind = "GlobalDocumentDB" - - public_network_access_enabled = false - private_endpoint_enabled = true - private_service_connection_sql_name = "${local.product}-citizen-auth-fims-account-private-endpoint" - private_endpoint_sql_name = "${local.product}-citizen-auth-fims-account" - private_dns_zone_sql_ids = [data.azurerm_private_dns_zone.privatelink_documents_azure_com.id] - subnet_id = data.azurerm_subnet.private_endpoints_subnet.id - is_virtual_network_filter_enabled = false - - main_geo_location_location = azurerm_resource_group.data_rg.location - main_geo_location_zone_redundant = true - additional_geo_locations = [{ - location = "northeurope" - failover_priority = 1 - zone_redundant = false - }] - consistency_policy = { - consistency_level = "Session" - max_interval_in_seconds = null - max_staleness_prefix = null - } - - # Action groups for alerts - action = [ - { - action_group_id = data.azurerm_monitor_action_group.error_action_group.id - webhook_properties = {} - } - ] - - tags = var.tags -} - -module "cosmosdb_sql_database_fims" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_sql_database?ref=v7.62.0" - name = "fims" - resource_group_name = azurerm_resource_group.data_rg.name - account_name = module.cosmosdb_account_fims.name -} - -resource "azurerm_cosmosdb_sql_container" "fims_client" { - - name = "Client" - resource_group_name = azurerm_resource_group.data_rg.name - account_name = module.cosmosdb_account_fims.name - database_name = module.cosmosdb_sql_database_fims.name - - partition_key_path = "/organizationId" - partition_key_version = 2 - - autoscale_settings { - max_throughput = var.fims_database.client.max_throughput - } - - default_ttl = var.fims_database.client.ttl - - indexing_policy { - indexing_mode = "consistent" - - included_path { - path = "/*" - } - - excluded_path { - path = "/\"_etag\"/?" - } - - composite_index { - index { - path = "/id" - order = "Descending" - } - index { - path = "/organizationId" - order = "Ascending" - } - } - } -} - -resource "azurerm_cosmosdb_sql_container" "fims_grant" { - - name = "Grant" - resource_group_name = azurerm_resource_group.data_rg.name - account_name = module.cosmosdb_account_fims.name - database_name = module.cosmosdb_sql_database_fims.name - - partition_key_path = "/identityId" - partition_key_version = 2 - - autoscale_settings { - max_throughput = var.fims_database.grant.max_throughput - } - - default_ttl = var.fims_database.grant.ttl - - indexing_policy { - indexing_mode = "consistent" - - included_path { - path = "/*" - } - - excluded_path { - path = "/\"_etag\"/?" - } - - composite_index { - index { - path = "/id" - order = "Descending" - } - index { - path = "/identityId" - order = "Ascending" - } - } - } -} - -resource "azurerm_cosmosdb_sql_container" "fims_interaction" { - - name = "Interaction" - resource_group_name = azurerm_resource_group.data_rg.name - account_name = module.cosmosdb_account_fims.name - database_name = module.cosmosdb_sql_database_fims.name - - partition_key_path = "/id" - partition_key_version = 2 - - autoscale_settings { - max_throughput = var.fims_database.interaction.max_throughput - } - - default_ttl = var.fims_database.interaction.ttl - - indexing_policy { - indexing_mode = "consistent" - - included_path { - path = "/*" - } - - excluded_path { - path = "/\"_etag\"/?" - } - } -} - -resource "azurerm_cosmosdb_sql_container" "fims_session" { - - name = "Session" - resource_group_name = azurerm_resource_group.data_rg.name - account_name = module.cosmosdb_account_fims.name - database_name = module.cosmosdb_sql_database_fims.name - - partition_key_path = "/id" - partition_key_version = 2 - - autoscale_settings { - max_throughput = var.fims_database.session.max_throughput - } - - default_ttl = var.fims_database.session.ttl - - indexing_policy { - indexing_mode = "consistent" - - included_path { - path = "/*" - } - - excluded_path { - path = "/\"_etag\"/?" - } - } -} diff --git a/src/domains/citizen-auth-common/99_variables.tf b/src/domains/citizen-auth-common/99_variables.tf index f7d4c5613..d2ae58bfa 100644 --- a/src/domains/citizen-auth-common/99_variables.tf +++ b/src/domains/citizen-auth-common/99_variables.tf @@ -60,11 +60,6 @@ variable "instance" { description = "One of beta, prod01, prod02" } -variable "fims_app_instance" { - type = string - description = "App instance name. One of beta, prod01, prod02" -} - variable "tags" { type = map(any) default = { @@ -83,15 +78,6 @@ variable "citizen_auth_database" { ) } -variable "fims_database" { - type = map( - object({ - max_throughput = number - ttl = number - }) - ) -} - ### External resources variable "monitor_resource_group_name" { diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md index 8937756a4..9153f80b9 100644 --- a/src/domains/citizen-auth-common/README.md +++ b/src/domains/citizen-auth-common/README.md @@ -12,18 +12,12 @@ | Name | Source | Version | |------|--------|---------| -| [api\_fims\_admin](#module\_api\_fims\_admin) | github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v7.62.0 | -| [api\_fims\_public](#module\_api\_fims\_public) | github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v7.62.0 | -| [apim\_product\_fims\_admin](#module\_apim\_product\_fims\_admin) | github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v7.62.0 | -| [apim\_product\_fims\_public](#module\_apim\_product\_fims\_public) | github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v7.62.0 | | [apim\_v2\_fast\_login\_operation\_api\_v1](#module\_apim\_v2\_fast\_login\_operation\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v7.62.0 | | [apim\_v2\_lollipop\_api\_v1](#module\_apim\_v2\_lollipop\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v7.62.0 | | [apim\_v2\_product\_fast\_login\_operation](#module\_apim\_v2\_product\_fast\_login\_operation) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v7.62.0 | | [apim\_v2\_product\_lollipop](#module\_apim\_v2\_product\_lollipop) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v7.62.0 | | [cosmosdb\_account](#module\_cosmosdb\_account) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account | v7.62.0 | -| [cosmosdb\_account\_fims](#module\_cosmosdb\_account\_fims) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account | v7.62.0 | | [cosmosdb\_sql\_database\_citizen\_auth](#module\_cosmosdb\_sql\_database\_citizen\_auth) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_sql_database | v7.62.0 | -| [cosmosdb\_sql\_database\_fims](#module\_cosmosdb\_sql\_database\_fims) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_sql_database | v7.62.0 | | [immutable\_lv\_audit\_logs\_storage](#module\_immutable\_lv\_audit\_logs\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account | v7.62.0 | | [immutable\_lv\_audit\_logs\_storage\_customer\_managed\_key](#module\_immutable\_lv\_audit\_logs\_storage\_customer\_managed\_key) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account_customer_managed_key | v7.62.0 | | [io\_citizen\_auth\_storage](#module\_io\_citizen\_auth\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account | v7.62.0 | @@ -51,10 +45,6 @@ | [azurerm_api_management_subscription.pagopa_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | | [azurerm_api_management_user.fast_login_operation_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource | | [azurerm_api_management_user.pagopa_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource | -| [azurerm_cosmosdb_sql_container.fims_client](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | -| [azurerm_cosmosdb_sql_container.fims_grant](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | -| [azurerm_cosmosdb_sql_container.fims_interaction](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | -| [azurerm_cosmosdb_sql_container.fims_session](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | | [azurerm_cosmosdb_sql_container.lollipop_pubkeys](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | | [azurerm_key_vault_access_policy.access_policy_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | | [azurerm_key_vault_access_policy.access_policy_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | @@ -95,7 +85,6 @@ | [azurerm_key_vault_secret.functions_fast_login_api_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.io_fn_weu_lollipop_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_linux_function_app.functions_fast_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source | -| [azurerm_linux_web_app.appservice_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source | | [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | @@ -126,8 +115,6 @@ | [enable\_azdoa](#input\_enable\_azdoa) | Specifies Azure Devops Agent enabling | `bool` | `true` | no | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [fims\_app\_instance](#input\_fims\_app\_instance) | App instance name. One of beta, prod01, prod02 | `string` | n/a | yes | -| [fims\_database](#input\_fims\_database) | n/a |
map(
object({
max_throughput = number
ttl = number
})
)
| n/a | yes | | [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_full](#input\_location\_full) | One of West Europe, North Europe | `string` | n/a | yes | diff --git a/src/domains/citizen-auth-common/env/prod/terraform.tfvars b/src/domains/citizen-auth-common/env/prod/terraform.tfvars index 7e3d24883..60591163c 100644 --- a/src/domains/citizen-auth-common/env/prod/terraform.tfvars +++ b/src/domains/citizen-auth-common/env/prod/terraform.tfvars @@ -1,12 +1,11 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "citizen-auth" -location = "westeurope" -location_short = "weu" -location_full = "West Europe" -instance = "common" -fims_app_instance = "prod01" +prefix = "io" +env_short = "p" +env = "prod" +domain = "citizen-auth" +location = "westeurope" +location_short = "weu" +location_full = "West Europe" +instance = "common" tags = { CreatedBy = "Terraform" @@ -25,25 +24,6 @@ citizen_auth_database = { } } -fims_database = { - client = { - max_throughput = 3000 - ttl = -1 - }, - grant = { - max_throughput = 3000 - ttl = -1 - }, - interaction = { - max_throughput = 3000 - ttl = -1 - }, - session = { - max_throughput = 3000 - ttl = -1 - } -} - ### External resources monitor_resource_group_name = "io-p-rg-common"