[CES-68] Functions updated with ITN APIM for migration (#1303)

src/domains/citizen-auth-app/01_network.tf

@@ -98,6 +98,12 @@ data "azurerm_subnet" "apim_v2_snet" {
   resource_group_name  = local.vnet_common_resource_group_name
 }
 
+data "azurerm_subnet" "apim_itn_snet" {
+  name                 = "io-p-itn-apim-snet-01"
+  virtual_network_name = local.vnet_common_name_itn
+  resource_group_name  = local.vnet_common_resource_group_name_itn
+}
+
 data "azurerm_subnet" "azdoa_snet" {
   count                = var.enable_azdoa ? 1 : 0
   name                 = "azure-devops"

src/domains/citizen-auth-app/04_function_lollipop.tf

@@ -1,5 +1,5 @@
 data "azurerm_key_vault_secret" "first_lollipop_consumer_subscription_key" {
-  name         = "first-lollipop-consumer-pagopa-subscription-key-v2"
+  name         = "first-lollipop-consumer-pagopa-subscription-key-v2" # itn" Change it for itn switch
   key_vault_id = data.azurerm_key_vault.kv.id
 }
 

src/domains/citizen-auth-app/08_session_manager.tf

@@ -271,7 +271,8 @@ module "session_manager_weu" {
   allowed_subnets = [
     data.azurerm_subnet.apim_v2_snet.id,
     data.azurerm_subnet.appgateway_snet.id,
-    data.azurerm_subnet.fims_op_app_snet_01.id
+    data.azurerm_subnet.fims_op_app_snet_01.id,
+    data.azurerm_subnet.apim_itn_snet.id,
     // TODO: add proxy subnet
   ]
   allowed_ips = []
@@ -370,7 +371,8 @@ module "session_manager_weu_staging" {
     data.azurerm_subnet.self_hosted_runner_snet.id,
     #
     data.azurerm_subnet.apim_v2_snet.id,
-    data.azurerm_subnet.appgateway_snet.id
+    data.azurerm_subnet.appgateway_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
     // TODO: add proxy subnet
   ]
   allowed_ips = []

src/domains/citizen-auth-app/99_locals.tf

@@ -40,4 +40,7 @@ locals {
   # auth n identity domain
   short_domain      = "auth"
   short_project_itn = "${local.product}-${local.itn_location_short}-${local.short_domain}"
+
+  vnet_common_name_itn                = "${local.common_project_itn}-common-vnet-01"
+  vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01"
 }

src/domains/citizen-auth-app/README.md

@@ -150,6 +150,7 @@
 | [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.storage_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.storage_apievents](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
+| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.app_backend_l1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.app_backend_l2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |

src/domains/functions/README.md

@@ -85,6 +85,7 @@
 | [azurerm_storage_account.storage_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.userbackups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.userdatadownload](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
+| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.function_eucovidcert_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |

src/domains/functions/data.tf

@@ -117,6 +117,12 @@ data "azurerm_subnet" "apim_v2_snet" {
   virtual_network_name = local.vnet_common_name
 }
 
+data "azurerm_subnet" "apim_itn_snet" {
+  name                 = "io-p-itn-apim-snet-01"
+  resource_group_name  = local.vnet_common_resource_group_name_itn
+  virtual_network_name = local.vnet_common_name_itn
+}
+
 data "azurerm_subnet" "azdoa_snet" {
   name                 = "azure-devops"
   resource_group_name  = local.rg_common_name

src/domains/functions/function_admin.tf

@@ -97,9 +97,9 @@ locals {
 
       AssetsStorageConnection = data.azurerm_storage_account.assets_cdn.primary_connection_string
 
-      AZURE_APIM                = "io-p-apim-v2-api"
+      AZURE_APIM                = "io-p-apim-v2-api" # "io-p-itn-apim-01" Change for new APIM in ITN
       AZURE_APIM_HOST           = local.apim_hostname_api_internal
-      AZURE_APIM_RESOURCE_GROUP = "io-p-rg-internal"
+      AZURE_APIM_RESOURCE_GROUP = "io-p-rg-internal" # "io-p-itn-common-rg-01"
 
       MESSAGE_CONTAINER_NAME = local.message_content_container_name
 
@@ -241,6 +241,7 @@ module "function_admin" {
   allowed_subnets = [
     module.admin_snet.id,
     data.azurerm_subnet.apim_v2_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   # Action groups for alerts
@@ -292,6 +293,7 @@ module "function_admin_staging_slot" {
     module.admin_snet.id,
     data.azurerm_subnet.azdoa_snet.id,
     data.azurerm_subnet.apim_v2_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   tags = var.tags

src/domains/functions/function_services.tf

@@ -236,6 +236,7 @@ module "function_services" {
     data.azurerm_subnet.azdoa_snet.id,
     data.azurerm_subnet.apim_v2_snet.id,
     data.azurerm_subnet.function_eucovidcert_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   # Action groups for alerts
@@ -300,6 +301,7 @@ module "function_services_staging_slot" {
     data.azurerm_subnet.azdoa_snet.id,
     data.azurerm_subnet.apim_v2_snet.id,
     data.azurerm_subnet.function_eucovidcert_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   tags = var.tags

src/domains/functions/locals.tf

@@ -21,3 +21,16 @@ locals {
 
   service_api_url = "https://api-app.internal.io.pagopa.it/"
 }
+
+# Region ITN
+locals {
+  itn_location       = "italynorth"
+  itn_location_short = "itn"
+  common_project_itn = "${local.project}-${local.itn_location_short}"
+
+  vnet_common_name_itn                = "${local.common_project_itn}-common-vnet-01"
+  vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01"
+
+  apim_itn_name                = "${local.project}-${local.itn_location_short}-apim-01"
+  apim_itn_resource_group_name = "${local.project}-${local.itn_location_short}-common-rg-01"
+}

src/domains/ioweb-app/01_network.tf

@@ -67,6 +67,12 @@ data "azurerm_subnet" "apim_v2_snet" {
   resource_group_name  = local.vnet_common_resource_group_name
 }
 
+data "azurerm_subnet" "apim_itn_snet" {
+  name                 = "io-p-itn-apim-snet-01"
+  virtual_network_name = local.vnet_common_name_itn
+  resource_group_name  = local.vnet_common_resource_group_name_itn
+}
+
 data "azurerm_subnet" "azdoa_snet" {
   count                = var.enable_azdoa ? 1 : 0
   name                 = "azure-devops"

src/domains/ioweb-app/06_function_ioweb_profile.tf

@@ -166,6 +166,7 @@ module "function_ioweb_profile" {
     data.azurerm_subnet.apim_v2_snet.id,
     data.azurerm_subnet.function_profile_snet[0].id,
     data.azurerm_subnet.function_profile_snet[1].id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   enable_healthcheck = false
@@ -212,6 +213,7 @@ module "function_ioweb_profile_staging_slot" {
     data.azurerm_subnet.apim_v2_snet.id,
     data.azurerm_subnet.function_profile_snet[0].id,
     data.azurerm_subnet.function_profile_snet[1].id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   tags = var.tags

src/domains/ioweb-app/99_locals.tf

@@ -30,3 +30,18 @@ locals {
   bff_base_path                = "ioweb/backend/api/v1"
   bff_backend_url              = "https://%s/api/v1"
 }
+
+# Region ITN
+locals {
+  itn_location       = "italynorth"
+  itn_location_short = "itn"
+  project_itn        = "${var.prefix}-${var.env_short}-${local.itn_location_short}-${var.domain}"
+  common_project_itn = "${local.product}-${local.itn_location_short}"
+
+  # auth n identity domain
+  short_domain      = "auth"
+  short_project_itn = "${local.product}-${local.itn_location_short}-${local.short_domain}"
+
+  vnet_common_name_itn                = "${local.common_project_itn}-common-vnet-01"
+  vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01"
+}

src/domains/ioweb-app/README.md

@@ -81,6 +81,7 @@
 | [azurerm_resource_group.storage_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_storage_account.immutable_spid_logs_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_container.immutable_audit_logs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_container) | data source |
+| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.function_profile_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |

src/domains/messages-app/01_network.tf

@@ -76,6 +76,12 @@ data "azurerm_subnet" "apim_snet" {
   resource_group_name  = local.vnet_common_resource_group_name
 }
 
+data "azurerm_subnet" "apim_itn_snet" {
+  name                 = "io-p-itn-apim-snet-01"
+  virtual_network_name = local.vnet_common_name_itn
+  resource_group_name  = local.vnet_common_resource_group_name_itn
+}
+
 data "azurerm_subnet" "azdoa_snet" {
   name                 = "azure-devops"
   virtual_network_name = local.vnet_common_name

src/domains/messages-app/10_function_messages.tf

@@ -168,7 +168,8 @@ module "app_messages_function" {
     data.azurerm_subnet.app_backendl1_snet.id,
     data.azurerm_subnet.app_backendl2_snet.id,
     data.azurerm_subnet.apim_snet.id,
-    data.azurerm_subnet.app_backendl3_snet.id
+    data.azurerm_subnet.app_backendl3_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   allowed_ips = concat(

src/domains/messages-app/10_function_messages_xl.tf

@@ -87,7 +87,8 @@ module "app_messages_function_xl" {
     data.azurerm_subnet.app_backendl1_snet.id,
     data.azurerm_subnet.app_backendl2_snet.id,
     data.azurerm_subnet.apim_snet.id,
-    data.azurerm_subnet.app_backendl3_snet.id
+    data.azurerm_subnet.app_backendl3_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   allowed_ips = concat(

src/domains/messages-app/11_function_cqrs.tf

@@ -211,6 +211,7 @@ module "function_messages_cqrs" {
   allowed_subnets = [
     module.function_messages_cqrs_snet.id,
     data.azurerm_subnet.apim_snet.id,
+    data.azurerm_subnet.apim_itn_snet.id,
   ]
 
   allowed_ips = concat(

src/domains/messages-app/99_locals.tf

@@ -31,3 +31,18 @@ locals {
     "51.144.56.176/28",
   ]
 }
+
+# Region ITN
+locals {
+  itn_location       = "italynorth"
+  itn_location_short = "itn"
+  project_itn        = "${var.prefix}-${var.env_short}-${local.itn_location_short}-${var.domain}"
+  common_project_itn = "${local.product}-${local.itn_location_short}"
+
+  # auth n identity domain
+  short_domain      = "auth"
+  short_project_itn = "${local.product}-${local.itn_location_short}-${local.short_domain}"
+
+  vnet_common_name_itn                = "${local.common_project_itn}-common-vnet-01"
+  vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01"
+}

src/domains/messages-app/README.md

@@ -118,6 +118,7 @@
 | [azurerm_storage_account.push_notif_beta_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
 | [azurerm_storage_account.storage_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
+| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.apim_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subnet.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |