From 7f03fd19fe676b56050974da4d3c3d7313d21514 Mon Sep 17 00:00:00 2001 From: Mario Mupo <43968294+mamu0@users.noreply.github.com> Date: Wed, 20 Nov 2024 18:43:13 +0100 Subject: [PATCH] [CES-68] Functions updated with ITN APIM for migration (#1303) --- src/domains/citizen-auth-app/01_network.tf | 6 ++++++ .../citizen-auth-app/04_function_lollipop.tf | 2 +- .../citizen-auth-app/08_session_manager.tf | 6 ++++-- src/domains/citizen-auth-app/99_locals.tf | 3 +++ src/domains/citizen-auth-app/README.md | 1 + src/domains/functions/README.md | 1 + src/domains/functions/data.tf | 6 ++++++ src/domains/functions/function_admin.tf | 6 ++++-- src/domains/functions/function_services.tf | 2 ++ src/domains/functions/locals.tf | 13 +++++++++++++ src/domains/ioweb-app/01_network.tf | 6 ++++++ .../ioweb-app/06_function_ioweb_profile.tf | 2 ++ src/domains/ioweb-app/99_locals.tf | 15 +++++++++++++++ src/domains/ioweb-app/README.md | 1 + src/domains/messages-app/01_network.tf | 6 ++++++ src/domains/messages-app/10_function_messages.tf | 3 ++- .../messages-app/10_function_messages_xl.tf | 3 ++- src/domains/messages-app/11_function_cqrs.tf | 1 + src/domains/messages-app/99_locals.tf | 15 +++++++++++++++ src/domains/messages-app/README.md | 1 + 20 files changed, 92 insertions(+), 7 deletions(-) diff --git a/src/domains/citizen-auth-app/01_network.tf b/src/domains/citizen-auth-app/01_network.tf index 155b75b9a..7dd9d8de6 100644 --- a/src/domains/citizen-auth-app/01_network.tf +++ b/src/domains/citizen-auth-app/01_network.tf @@ -98,6 +98,12 @@ data "azurerm_subnet" "apim_v2_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "apim_itn_snet" { + name = "io-p-itn-apim-snet-01" + virtual_network_name = local.vnet_common_name_itn + resource_group_name = local.vnet_common_resource_group_name_itn +} + data "azurerm_subnet" "azdoa_snet" { count = var.enable_azdoa ? 1 : 0 name = "azure-devops" diff --git a/src/domains/citizen-auth-app/04_function_lollipop.tf b/src/domains/citizen-auth-app/04_function_lollipop.tf index 68da4a97a..24ab736b9 100644 --- a/src/domains/citizen-auth-app/04_function_lollipop.tf +++ b/src/domains/citizen-auth-app/04_function_lollipop.tf @@ -1,5 +1,5 @@ data "azurerm_key_vault_secret" "first_lollipop_consumer_subscription_key" { - name = "first-lollipop-consumer-pagopa-subscription-key-v2" + name = "first-lollipop-consumer-pagopa-subscription-key-v2" # itn" Change it for itn switch key_vault_id = data.azurerm_key_vault.kv.id } diff --git a/src/domains/citizen-auth-app/08_session_manager.tf b/src/domains/citizen-auth-app/08_session_manager.tf index 69cecf1ff..4df8946d8 100644 --- a/src/domains/citizen-auth-app/08_session_manager.tf +++ b/src/domains/citizen-auth-app/08_session_manager.tf @@ -271,7 +271,8 @@ module "session_manager_weu" { allowed_subnets = [ data.azurerm_subnet.apim_v2_snet.id, data.azurerm_subnet.appgateway_snet.id, - data.azurerm_subnet.fims_op_app_snet_01.id + data.azurerm_subnet.fims_op_app_snet_01.id, + data.azurerm_subnet.apim_itn_snet.id, // TODO: add proxy subnet ] allowed_ips = [] @@ -370,7 +371,8 @@ module "session_manager_weu_staging" { data.azurerm_subnet.self_hosted_runner_snet.id, # data.azurerm_subnet.apim_v2_snet.id, - data.azurerm_subnet.appgateway_snet.id + data.azurerm_subnet.appgateway_snet.id, + data.azurerm_subnet.apim_itn_snet.id, // TODO: add proxy subnet ] allowed_ips = [] diff --git a/src/domains/citizen-auth-app/99_locals.tf b/src/domains/citizen-auth-app/99_locals.tf index 76de9c7d5..c4145e1fe 100644 --- a/src/domains/citizen-auth-app/99_locals.tf +++ b/src/domains/citizen-auth-app/99_locals.tf @@ -40,4 +40,7 @@ locals { # auth n identity domain short_domain = "auth" short_project_itn = "${local.product}-${local.itn_location_short}-${local.short_domain}" + + vnet_common_name_itn = "${local.common_project_itn}-common-vnet-01" + vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01" } diff --git a/src/domains/citizen-auth-app/README.md b/src/domains/citizen-auth-app/README.md index c978d1c9e..bb4dd076b 100644 --- a/src/domains/citizen-auth-app/README.md +++ b/src/domains/citizen-auth-app/README.md @@ -150,6 +150,7 @@ | [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.storage_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.storage_apievents](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | +| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backend_l1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backend_l2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | diff --git a/src/domains/functions/README.md b/src/domains/functions/README.md index bcdcbf1d9..b28a3a8af 100644 --- a/src/domains/functions/README.md +++ b/src/domains/functions/README.md @@ -85,6 +85,7 @@ | [azurerm_storage_account.storage_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.userbackups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.userdatadownload](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | +| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.function_eucovidcert_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | diff --git a/src/domains/functions/data.tf b/src/domains/functions/data.tf index bb8021362..c076eb802 100644 --- a/src/domains/functions/data.tf +++ b/src/domains/functions/data.tf @@ -117,6 +117,12 @@ data "azurerm_subnet" "apim_v2_snet" { virtual_network_name = local.vnet_common_name } +data "azurerm_subnet" "apim_itn_snet" { + name = "io-p-itn-apim-snet-01" + resource_group_name = local.vnet_common_resource_group_name_itn + virtual_network_name = local.vnet_common_name_itn +} + data "azurerm_subnet" "azdoa_snet" { name = "azure-devops" resource_group_name = local.rg_common_name diff --git a/src/domains/functions/function_admin.tf b/src/domains/functions/function_admin.tf index 91f7ab6d4..04b3d7228 100644 --- a/src/domains/functions/function_admin.tf +++ b/src/domains/functions/function_admin.tf @@ -97,9 +97,9 @@ locals { AssetsStorageConnection = data.azurerm_storage_account.assets_cdn.primary_connection_string - AZURE_APIM = "io-p-apim-v2-api" + AZURE_APIM = "io-p-apim-v2-api" # "io-p-itn-apim-01" Change for new APIM in ITN AZURE_APIM_HOST = local.apim_hostname_api_internal - AZURE_APIM_RESOURCE_GROUP = "io-p-rg-internal" + AZURE_APIM_RESOURCE_GROUP = "io-p-rg-internal" # "io-p-itn-common-rg-01" MESSAGE_CONTAINER_NAME = local.message_content_container_name @@ -241,6 +241,7 @@ module "function_admin" { allowed_subnets = [ module.admin_snet.id, data.azurerm_subnet.apim_v2_snet.id, + data.azurerm_subnet.apim_itn_snet.id, ] # Action groups for alerts @@ -292,6 +293,7 @@ module "function_admin_staging_slot" { module.admin_snet.id, data.azurerm_subnet.azdoa_snet.id, data.azurerm_subnet.apim_v2_snet.id, + data.azurerm_subnet.apim_itn_snet.id, ] tags = var.tags diff --git a/src/domains/functions/function_services.tf b/src/domains/functions/function_services.tf index 44ad8a081..a08568830 100644 --- a/src/domains/functions/function_services.tf +++ b/src/domains/functions/function_services.tf @@ -236,6 +236,7 @@ module "function_services" { data.azurerm_subnet.azdoa_snet.id, data.azurerm_subnet.apim_v2_snet.id, data.azurerm_subnet.function_eucovidcert_snet.id, + data.azurerm_subnet.apim_itn_snet.id, ] # Action groups for alerts @@ -300,6 +301,7 @@ module "function_services_staging_slot" { data.azurerm_subnet.azdoa_snet.id, data.azurerm_subnet.apim_v2_snet.id, data.azurerm_subnet.function_eucovidcert_snet.id, + data.azurerm_subnet.apim_itn_snet.id, ] tags = var.tags diff --git a/src/domains/functions/locals.tf b/src/domains/functions/locals.tf index c62a9a190..df041f64b 100644 --- a/src/domains/functions/locals.tf +++ b/src/domains/functions/locals.tf @@ -21,3 +21,16 @@ locals { service_api_url = "https://api-app.internal.io.pagopa.it/" } + +# Region ITN +locals { + itn_location = "italynorth" + itn_location_short = "itn" + common_project_itn = "${local.project}-${local.itn_location_short}" + + vnet_common_name_itn = "${local.common_project_itn}-common-vnet-01" + vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01" + + apim_itn_name = "${local.project}-${local.itn_location_short}-apim-01" + apim_itn_resource_group_name = "${local.project}-${local.itn_location_short}-common-rg-01" +} diff --git a/src/domains/ioweb-app/01_network.tf b/src/domains/ioweb-app/01_network.tf index 6754ecc2b..8d9561236 100644 --- a/src/domains/ioweb-app/01_network.tf +++ b/src/domains/ioweb-app/01_network.tf @@ -67,6 +67,12 @@ data "azurerm_subnet" "apim_v2_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "apim_itn_snet" { + name = "io-p-itn-apim-snet-01" + virtual_network_name = local.vnet_common_name_itn + resource_group_name = local.vnet_common_resource_group_name_itn +} + data "azurerm_subnet" "azdoa_snet" { count = var.enable_azdoa ? 1 : 0 name = "azure-devops" diff --git a/src/domains/ioweb-app/06_function_ioweb_profile.tf b/src/domains/ioweb-app/06_function_ioweb_profile.tf index bb9dda311..8d1bb0ecb 100644 --- a/src/domains/ioweb-app/06_function_ioweb_profile.tf +++ b/src/domains/ioweb-app/06_function_ioweb_profile.tf @@ -166,6 +166,7 @@ module "function_ioweb_profile" { data.azurerm_subnet.apim_v2_snet.id, data.azurerm_subnet.function_profile_snet[0].id, data.azurerm_subnet.function_profile_snet[1].id, + data.azurerm_subnet.apim_itn_snet.id, ] enable_healthcheck = false @@ -212,6 +213,7 @@ module "function_ioweb_profile_staging_slot" { data.azurerm_subnet.apim_v2_snet.id, data.azurerm_subnet.function_profile_snet[0].id, data.azurerm_subnet.function_profile_snet[1].id, + data.azurerm_subnet.apim_itn_snet.id, ] tags = var.tags diff --git a/src/domains/ioweb-app/99_locals.tf b/src/domains/ioweb-app/99_locals.tf index e5c4e74ce..f4b9f1b51 100644 --- a/src/domains/ioweb-app/99_locals.tf +++ b/src/domains/ioweb-app/99_locals.tf @@ -30,3 +30,18 @@ locals { bff_base_path = "ioweb/backend/api/v1" bff_backend_url = "https://%s/api/v1" } + +# Region ITN +locals { + itn_location = "italynorth" + itn_location_short = "itn" + project_itn = "${var.prefix}-${var.env_short}-${local.itn_location_short}-${var.domain}" + common_project_itn = "${local.product}-${local.itn_location_short}" + + # auth n identity domain + short_domain = "auth" + short_project_itn = "${local.product}-${local.itn_location_short}-${local.short_domain}" + + vnet_common_name_itn = "${local.common_project_itn}-common-vnet-01" + vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01" +} diff --git a/src/domains/ioweb-app/README.md b/src/domains/ioweb-app/README.md index 28fc994df..cf75d31cb 100644 --- a/src/domains/ioweb-app/README.md +++ b/src/domains/ioweb-app/README.md @@ -81,6 +81,7 @@ | [azurerm_resource_group.storage_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_storage_account.immutable_spid_logs_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_container.immutable_audit_logs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_container) | data source | +| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.function_profile_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | diff --git a/src/domains/messages-app/01_network.tf b/src/domains/messages-app/01_network.tf index 5497bb69f..4379d366d 100644 --- a/src/domains/messages-app/01_network.tf +++ b/src/domains/messages-app/01_network.tf @@ -76,6 +76,12 @@ data "azurerm_subnet" "apim_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "apim_itn_snet" { + name = "io-p-itn-apim-snet-01" + virtual_network_name = local.vnet_common_name_itn + resource_group_name = local.vnet_common_resource_group_name_itn +} + data "azurerm_subnet" "azdoa_snet" { name = "azure-devops" virtual_network_name = local.vnet_common_name diff --git a/src/domains/messages-app/10_function_messages.tf b/src/domains/messages-app/10_function_messages.tf index 814d67939..c87210e36 100644 --- a/src/domains/messages-app/10_function_messages.tf +++ b/src/domains/messages-app/10_function_messages.tf @@ -168,7 +168,8 @@ module "app_messages_function" { data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, data.azurerm_subnet.apim_snet.id, - data.azurerm_subnet.app_backendl3_snet.id + data.azurerm_subnet.app_backendl3_snet.id, + data.azurerm_subnet.apim_itn_snet.id, ] allowed_ips = concat( diff --git a/src/domains/messages-app/10_function_messages_xl.tf b/src/domains/messages-app/10_function_messages_xl.tf index 6579b1177..b9911c059 100644 --- a/src/domains/messages-app/10_function_messages_xl.tf +++ b/src/domains/messages-app/10_function_messages_xl.tf @@ -87,7 +87,8 @@ module "app_messages_function_xl" { data.azurerm_subnet.app_backendl1_snet.id, data.azurerm_subnet.app_backendl2_snet.id, data.azurerm_subnet.apim_snet.id, - data.azurerm_subnet.app_backendl3_snet.id + data.azurerm_subnet.app_backendl3_snet.id, + data.azurerm_subnet.apim_itn_snet.id, ] allowed_ips = concat( diff --git a/src/domains/messages-app/11_function_cqrs.tf b/src/domains/messages-app/11_function_cqrs.tf index 37bff2452..3a71d74c0 100644 --- a/src/domains/messages-app/11_function_cqrs.tf +++ b/src/domains/messages-app/11_function_cqrs.tf @@ -211,6 +211,7 @@ module "function_messages_cqrs" { allowed_subnets = [ module.function_messages_cqrs_snet.id, data.azurerm_subnet.apim_snet.id, + data.azurerm_subnet.apim_itn_snet.id, ] allowed_ips = concat( diff --git a/src/domains/messages-app/99_locals.tf b/src/domains/messages-app/99_locals.tf index 09409a6d7..b1dfc0cf9 100644 --- a/src/domains/messages-app/99_locals.tf +++ b/src/domains/messages-app/99_locals.tf @@ -31,3 +31,18 @@ locals { "51.144.56.176/28", ] } + +# Region ITN +locals { + itn_location = "italynorth" + itn_location_short = "itn" + project_itn = "${var.prefix}-${var.env_short}-${local.itn_location_short}-${var.domain}" + common_project_itn = "${local.product}-${local.itn_location_short}" + + # auth n identity domain + short_domain = "auth" + short_project_itn = "${local.product}-${local.itn_location_short}-${local.short_domain}" + + vnet_common_name_itn = "${local.common_project_itn}-common-vnet-01" + vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01" +} diff --git a/src/domains/messages-app/README.md b/src/domains/messages-app/README.md index c0ae8c20b..530b43644 100644 --- a/src/domains/messages-app/README.md +++ b/src/domains/messages-app/README.md @@ -118,6 +118,7 @@ | [azurerm_storage_account.push_notif_beta_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.storage_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | +| [azurerm_subnet.apim_itn_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.apim_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |