From 9f2b327e1c0f11f284a1057c63b94a46397d05d9 Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Wed, 27 Nov 2024 15:02:30 +0100 Subject: [PATCH 1/8] add primary key for cosmos db inside kv --- src/domains/rtp-common/README.md | 5 +++-- src/domains/rtp-common/cosmosdb_accounts.tf | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/domains/rtp-common/README.md b/src/domains/rtp-common/README.md index 6f34be12d..e2cda4ac9 100644 --- a/src/domains/rtp-common/README.md +++ b/src/domains/rtp-common/README.md @@ -23,6 +23,7 @@ | [azurerm_cosmosdb_sql_container.beta_tester](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | | [azurerm_cosmosdb_sql_database.db_rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database) | resource | | [azurerm_key_vault_secret.appinisights_connection_string_kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.azure_cosmos_primary_key_kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_key_vault_secret.cosmosdb_account_rtp_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_private_dns_zone.cosmos_nosql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | | [azurerm_private_dns_zone_virtual_network_link.cosmos_nosql_to_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | @@ -51,7 +52,7 @@ | [aca\_subnet\_name](#input\_aca\_subnet\_name) | ------------------------------------------------------------------------------ Subnet for ACA. ------------------------------------------------------------------------------ | `string` | n/a | yes | | [aca\_subnet\_resource\_group\_name](#input\_aca\_subnet\_resource\_group\_name) | n/a | `string` | n/a | yes | | [aca\_virtual\_network\_name](#input\_aca\_virtual\_network\_name) | n/a | `string` | n/a | yes | -| [cdn\_rtp](#input\_cdn\_rtp) | n/a | 
object({
    storage_account_replication_type   = string
    advanced_threat_protection_enabled = bool
  })
| n/a | yes | +| [cdn\_rtp](#input\_cdn\_rtp) | n/a | 
object({
    storage_account_replication_type   = string
    advanced_threat_protection_enabled = bool
  })
| n/a | yes | | [core\_integr\_virtual\_network\_name](#input\_core\_integr\_virtual\_network\_name) | ------------------------------------------------------------------------------ Virtual network which hosts APIM. ------------------------------------------------------------------------------ | `string` | n/a | yes | | [core\_integr\_virtual\_network\_resource\_group\_name](#input\_core\_integr\_virtual\_network\_resource\_group\_name) | n/a | `string` | n/a | yes | | [core\_intern\_virtual\_network\_name](#input\_core\_intern\_virtual\_network\_name) | ------------------------------------------------------------------------------ Virtual network which hosts AKS and ACA. ------------------------------------------------------------------------------ | `string` | n/a | yes | @@ -70,7 +71,7 @@ | [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | | [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | | [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | ## Outputs diff --git a/src/domains/rtp-common/cosmosdb_accounts.tf b/src/domains/rtp-common/cosmosdb_accounts.tf index c7da3105a..e8fe7e6b5 100644 --- a/src/domains/rtp-common/cosmosdb_accounts.tf +++ b/src/domains/rtp-common/cosmosdb_accounts.tf @@ -34,6 +34,16 @@ resource "azurerm_key_vault_secret" "cosmosdb_account_rtp_endpoint" { tags = var.tags } +# ------------------------------------------------------------------------------ +# Storing CosmosDB primary_key in the rtp key vault. +# ------------------------------------------------------------------------------ +resource "azurerm_key_vault_secret" "azure_cosmos_primary_key_kv" { + name = "azure-cosmos-key" + value = azurerm_cosmosdb_account.rtp.primary_key + key_vault_id = data.azurerm_key_vault.kv_domain.id + tags = var.tags +} + # ------------------------------------------------------------------------------ # Create a CosmosDB sql database. From 969360f05c9a69d8f2506ca02c37a9d3ab6c8b7a Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Wed, 27 Nov 2024 15:02:55 +0100 Subject: [PATCH 2/8] add primary key for cosmos db inside kv --- src/domains/rtp-app/.terraform.lock.hcl | 23 +++++++++++++++++++++++ src/domains/rtp-app/README.md | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/domains/rtp-app/.terraform.lock.hcl b/src/domains/rtp-app/.terraform.lock.hcl index e2c7d4a47..cbea10684 100644 --- a/src/domains/rtp-app/.terraform.lock.hcl +++ b/src/domains/rtp-app/.terraform.lock.hcl @@ -63,3 +63,26 @@ provider "registry.terraform.io/hashicorp/kubernetes" { "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } + +provider "registry.terraform.io/integrations/github" { + version = "6.4.0" + constraints = "~> 6.0" + hashes = [ + "h1:YiGCvjr7R77HGTzw81legWicEHApVTli8O+ooDpLexE=", + "zh:00f431c2a2510efcb1115442dda5e90815bcb16e1a3301679ade0139fa963d3b", + "zh:12a862f4317b3cb65682c1b687650cd91eeee99e63774bdcfa8bcfc64bad097b", + "zh:226d5e09ff27f94cb9336089181d26f85cb30219b863a579597f2e107f37de49", + "zh:402ecaa5add568a52ee01d816810f3b90f693be35c680fcdc9b6284bf55326f1", + "zh:60e3bdd9fbefb3c1d790bc08889c1dc0e83636b82284faaa709411aa4f96bb9f", + "zh:625099eeff2f8aaecd22a24a451b326828435c8f9de86f2e5e99872e7b467fa7", + "zh:79e8b665421009df2260f50e10da1f7a7863b557ece96e2b07dfd2fad1e86fcd", + "zh:98e471fefc93dcfedeec750c694110db7d3331dc3a256191d30b9d2f70d12157", + "zh:a17702765e1fa92d1c288ddfd97075819ad61b344b341be7e09c554c841a6d9e", + "zh:ca72ccf40624ae26bf4660d8dd84a51638f0a1e78d5f19fdfaafaef97f838af6", + "zh:d009ab5527d45c44c424d26cd2eb51a5a6a6448f3fb1023b675789588cc08d64", + "zh:e5811be1e942a75b14dfcd3e03523d8df60cfbde0d7e24d75e78480a02a58949", + "zh:e6008ad28225ad6996b06bcd7f3070863329df406a56754e7fb9c31d6301ace4", + "zh:f1d93f56ea4f87183a5de4780704907605851d95a2d285a9ec755bf784c5569c", + "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", + ] +} diff --git a/src/domains/rtp-app/README.md b/src/domains/rtp-app/README.md index abca2705d..eb32d1ecf 100644 --- a/src/domains/rtp-app/README.md +++ b/src/domains/rtp-app/README.md @@ -49,7 +49,7 @@ No modules. | [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | | [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | | [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | ## Outputs From a91c92a291a68c854f65000ed6a67b637b082854 Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Thu, 28 Nov 2024 14:57:25 +0100 Subject: [PATCH 3/8] change database to mongo --- .../rtd-common/env/dev/terraform.tfvars | 2 +- src/domains/rtp-common/03_database.tf | 89 ++++++++++++ src/domains/rtp-common/99_variables.tf | 28 ++++ src/domains/rtp-common/README.md | 18 +-- src/domains/rtp-common/cosmosdb_accounts.tf | 128 ------------------ .../rtp-common/env/dev/terraform.tfvars | 28 +++- .../rtp-common/env/prod/terraform.tfvars | 32 +++++ .../rtp-common/env/uat/terraform.tfvars | 32 +++++ src/domains/rtp-common/private_dns_zones.tf | 18 +-- src/domains/rtp-common/private_endpoints.tf | 8 +- 10 files changed, 231 insertions(+), 152 deletions(-) create mode 100644 src/domains/rtp-common/03_database.tf delete mode 100644 src/domains/rtp-common/cosmosdb_accounts.tf diff --git a/src/domains/rtd-common/env/dev/terraform.tfvars b/src/domains/rtd-common/env/dev/terraform.tfvars index e7ea40bde..ea9117d1b 100644 --- a/src/domains/rtd-common/env/dev/terraform.tfvars +++ b/src/domains/rtd-common/env/dev/terraform.tfvars @@ -68,7 +68,7 @@ cosmos_mongo_db_params = { enable_free_tier = false private_endpoint_enabled = false - public_network_access_enabled = true + public_network_access_enabled = false additional_geo_locations = [] is_virtual_network_filter_enabled = true diff --git a/src/domains/rtp-common/03_database.tf b/src/domains/rtp-common/03_database.tf new file mode 100644 index 000000000..2004f67c1 --- /dev/null +++ b/src/domains/rtp-common/03_database.tf @@ -0,0 +1,89 @@ +# ------------------------------------------------------------------------------ +# CosmosDB NoSQL account. +# ------------------------------------------------------------------------------ +resource "azurerm_cosmosdb_account" "rtp" { + name = "${local.project}-cosmos" + resource_group_name = azurerm_resource_group.data.name + location = azurerm_resource_group.data.location + kind = var.cosmos_mongo_db_params.kind + offer_type = var.cosmos_mongo_db_params.offer_type + + mongo_server_version = var.cosmos_mongo_db_params.server_version + enable_free_tier = var.cosmos_mongo_db_params.enable_free_tier + tags = var.tags + public_network_access_enabled = var.cosmos_mongo_db_params.public_network_access_enabled + + consistency_policy { + consistency_level = var.cosmos_mongo_db_params.consistency_policy.consistency_level + max_interval_in_seconds = var.cosmos_mongo_db_params.consistency_policy.max_interval_in_seconds + max_staleness_prefix = var.cosmos_mongo_db_params.consistency_policy.max_staleness_prefix + } + + dynamic "capabilities" { + for_each = var.cosmos_mongo_db_params.capabilities + + content { + name = capabilities.value + } + } + + geo_location { + failover_priority = 0 + location = var.location + } +} + +# ------------------------------------------------------------------------------ +# Storing CosmosDB primary mongo connection string in the rtp key vault. +# ------------------------------------------------------------------------------ +resource "azurerm_key_vault_secret" "cosmosdb_account_rtp_connection_string" { + name = "cosmosdb-account-rtp-connection-string" + value = azurerm_cosmosdb_account.rtp.primary_mongodb_connection_string + key_vault_id = data.azurerm_key_vault.kv_domain.id + tags = var.tags +} + +# ------------------------------------------------------------------------------ +# Create a CosmosDB sql database. +# ------------------------------------------------------------------------------ +resource "azurerm_cosmosdb_sql_database" "db_rtp" { + name = "rtp" + resource_group_name = azurerm_resource_group.data.name + account_name = azurerm_cosmosdb_account.rtp.name +} + + +# ------------------------------------------------------------------------------ +# Create a collection for the beta tester inside the db. +# ------------------------------------------------------------------------------ +resource "azurerm_cosmosdb_mongo_collection" "beta_tester" { + name = "serviceProviders" + resource_group_name = azurerm_resource_group.data.name + account_name = azurerm_cosmosdb_account.rtp.name + database_name = azurerm_cosmosdb_sql_database.db_rtp.name + + index { + keys = ["_id"] + unique = true + } +} + +# ------------------------------------------------------------------------------ +# Create a collection for the activations inside the db. +# ------------------------------------------------------------------------------ +resource "azurerm_cosmosdb_mongo_collection" "activations" { + name = "activations" + resource_group_name = azurerm_resource_group.data.name + account_name = azurerm_cosmosdb_account.rtp.name + database_name = azurerm_cosmosdb_sql_database.db_rtp.name + + index { + keys = ["_id"] + unique = true + } + + index { + keys = ["fiscalCode"] + unique = true + } +} \ No newline at end of file diff --git a/src/domains/rtp-common/99_variables.tf b/src/domains/rtp-common/99_variables.tf index 2fd7db904..d1631e1b1 100644 --- a/src/domains/rtp-common/99_variables.tf +++ b/src/domains/rtp-common/99_variables.tf @@ -88,3 +88,31 @@ variable "cdn_rtp" { advanced_threat_protection_enabled = bool }) } + + +# Cosmos DB +variable "cosmos_mongo_db_params" { + type = object({ + enabled = bool + capabilities = list(string) + offer_type = string + server_version = string + kind = string + consistency_policy = object({ + consistency_level = string + max_interval_in_seconds = number + max_staleness_prefix = number + }) + main_geo_location_zone_redundant = bool + enable_free_tier = bool + additional_geo_locations = list(object({ + location = string + failover_priority = number + zone_redundant = bool + })) + private_endpoint_enabled = bool + public_network_access_enabled = bool + is_virtual_network_filter_enabled = bool + backup_continuous_enabled = bool + }) +} \ No newline at end of file diff --git a/src/domains/rtp-common/README.md b/src/domains/rtp-common/README.md index e2cda4ac9..d0c9022bf 100644 --- a/src/domains/rtp-common/README.md +++ b/src/domains/rtp-common/README.md @@ -19,17 +19,16 @@ | Name | Type | |------|------| | [azurerm_cosmosdb_account.rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account) | resource | -| [azurerm_cosmosdb_sql_container.activations](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | -| [azurerm_cosmosdb_sql_container.beta_tester](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource | +| [azurerm_cosmosdb_mongo_collection.activations](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_collection) | resource | +| [azurerm_cosmosdb_mongo_collection.beta_tester](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_collection) | resource | | [azurerm_cosmosdb_sql_database.db_rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database) | resource | | [azurerm_key_vault_secret.appinisights_connection_string_kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.azure_cosmos_primary_key_kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.cosmosdb_account_rtp_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_private_dns_zone.cosmos_nosql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | -| [azurerm_private_dns_zone_virtual_network_link.cosmos_nosql_to_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.cosmos_nosql_to_intern](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_endpoint.cosmos_nosql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | -| [azurerm_private_endpoint.cosmos_nosql_vpn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_key_vault_secret.cosmosdb_account_rtp_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_private_dns_zone.cosmos_sql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.cosmos_sql_to_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.cosmos_sql_to_intern](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_endpoint.cosmos_sql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.cosmos_sql_vpn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.rtp_frontend_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | @@ -60,6 +59,7 @@ | [core\_private\_endpoints\_subnet\_name](#input\_core\_private\_endpoints\_subnet\_name) | ------------------------------------------------------------------------------ Private endpoints subnet. ------------------------------------------------------------------------------ | `string` | `"private-endpoint-snet"` | no | | [core\_virtual\_network\_name](#input\_core\_virtual\_network\_name) | ------------------------------------------------------------------------------ Virtual network which hosts VPN gateway. ------------------------------------------------------------------------------ | `string` | n/a | yes | | [core\_virtual\_network\_resource\_group\_name](#input\_core\_virtual\_network\_resource\_group\_name) | n/a | `string` | n/a | yes | +| [cosmos\_mongo\_db\_params](#input\_cosmos\_mongo\_db\_params) | Cosmos DB | 
object({
    enabled        = bool
    capabilities   = list(string)
    offer_type     = string
    server_version = string
    kind           = string
    consistency_policy = object({
      consistency_level       = string
      max_interval_in_seconds = number
      max_staleness_prefix    = number
    })
    main_geo_location_zone_redundant = bool
    enable_free_tier                 = bool
    additional_geo_locations = list(object({
      location          = string
      failover_priority = number
      zone_redundant    = bool
    }))
    private_endpoint_enabled          = bool
    public_network_access_enabled     = bool
    is_virtual_network_filter_enabled = bool
    backup_continuous_enabled         = bool
  })
| n/a | yes | | [dns\_zone\_prefix](#input\_dns\_zone\_prefix) | The dns zone prefix e.g. dev.rtp | `string` | n/a | yes | | [domain](#input\_domain) | n/a | `string` | n/a | yes | | [env](#input\_env) | n/a | `string` | n/a | yes | diff --git a/src/domains/rtp-common/cosmosdb_accounts.tf b/src/domains/rtp-common/cosmosdb_accounts.tf deleted file mode 100644 index e8fe7e6b5..000000000 --- a/src/domains/rtp-common/cosmosdb_accounts.tf +++ /dev/null @@ -1,128 +0,0 @@ -# ------------------------------------------------------------------------------ -# CosmosDB NoSQL account. -# ------------------------------------------------------------------------------ -resource "azurerm_cosmosdb_account" "rtp" { - name = "${local.project}-cosmos" - resource_group_name = azurerm_resource_group.data.name - location = azurerm_resource_group.data.location - kind = "GlobalDocumentDB" - offer_type = "Standard" - tags = var.tags - public_network_access_enabled = false - - capabilities { - name = "EnableUniqueCompoundNestedDocs" - } - - consistency_policy { - consistency_level = "Eventual" - } - - geo_location { - failover_priority = 0 - location = var.location - } -} - -# ------------------------------------------------------------------------------ -# Storing CosmosDB endpoint in the general key vault. -# ------------------------------------------------------------------------------ -resource "azurerm_key_vault_secret" "cosmosdb_account_rtp_endpoint" { - name = "cosmosdb-account-rtp-endpoint" - value = azurerm_cosmosdb_account.rtp.endpoint - key_vault_id = data.azurerm_key_vault.kv_domain.id - tags = var.tags -} - -# ------------------------------------------------------------------------------ -# Storing CosmosDB primary_key in the rtp key vault. -# ------------------------------------------------------------------------------ -resource "azurerm_key_vault_secret" "azure_cosmos_primary_key_kv" { - name = "azure-cosmos-key" - value = azurerm_cosmosdb_account.rtp.primary_key - key_vault_id = data.azurerm_key_vault.kv_domain.id - tags = var.tags -} - - -# ------------------------------------------------------------------------------ -# Create a CosmosDB sql database. -# ------------------------------------------------------------------------------ -resource "azurerm_cosmosdb_sql_database" "db_rtp" { - name = "rtp" - resource_group_name = azurerm_resource_group.data.name - account_name = azurerm_cosmosdb_account.rtp.name -} - - -# ------------------------------------------------------------------------------ -# Create a container for the beta tester inside the db. -# ------------------------------------------------------------------------------ -resource "azurerm_cosmosdb_sql_container" "beta_tester" { - name = "serviceProviders" - resource_group_name = azurerm_resource_group.data.name - account_name = azurerm_cosmosdb_account.rtp.name - database_name = azurerm_cosmosdb_sql_database.db_rtp.name - - partition_key_paths = ["/definition/id"] - partition_key_version = 1 - throughput = 400 - - indexing_policy { - indexing_mode = "consistent" - - included_path { - path = "/*" - } - - included_path { - path = "/included/?" - } - - excluded_path { - path = "/excluded/?" - } - } - - unique_key { - paths = ["/definition/idlong", "/definition/idshort"] - } -} - - - -# ------------------------------------------------------------------------------ -# Create a container for the activations inside the db. -# ------------------------------------------------------------------------------ -resource "azurerm_cosmosdb_sql_container" "activations" { - name = "activations" - resource_group_name = azurerm_resource_group.data.name - account_name = azurerm_cosmosdb_account.rtp.name - database_name = azurerm_cosmosdb_sql_database.db_rtp.name - - partition_key_paths = ["/definition/id"] - partition_key_version = 1 - throughput = 400 - - indexing_policy { - indexing_mode = "consistent" - - included_path { - path = "/*" - } - - included_path { - path = "/included/?" - } - - excluded_path { - path = "/excluded/?" - } - } - - unique_key { - paths = ["/definition/idlong", "/definition/idshort"] - } -} - - diff --git a/src/domains/rtp-common/env/dev/terraform.tfvars b/src/domains/rtp-common/env/dev/terraform.tfvars index 75ab04561..d375e9cb5 100644 --- a/src/domains/rtp-common/env/dev/terraform.tfvars +++ b/src/domains/rtp-common/env/dev/terraform.tfvars @@ -40,4 +40,30 @@ core_virtual_network_name = "cstar-d-vnet" core_virtual_network_resource_group_name = "cstar-d-vnet-rg" aca_subnet_name = "cstar-d-mcshared-aca-snet" aca_subnet_resource_group_name = "cstar-d-weu-dev01-vnet-rg" -aca_virtual_network_name = "cstar-d-weu-dev01-vnet" \ No newline at end of file +aca_virtual_network_name = "cstar-d-weu-dev01-vnet" + + + + +## Cosmos DB +cosmos_mongo_db_params = { + enabled = true + kind = "MongoDB" + capabilities = ["EnableMongo", "DisableRateLimitingResponses"] + offer_type = "Standard" + consistency_policy = { + consistency_level = "BoundedStaleness" + max_interval_in_seconds = 300 + max_staleness_prefix = 100000 + } + server_version = "4.2" + main_geo_location_zone_redundant = false + enable_free_tier = false + + private_endpoint_enabled = false + public_network_access_enabled = true + additional_geo_locations = [] + is_virtual_network_filter_enabled = true + + backup_continuous_enabled = false +} \ No newline at end of file diff --git a/src/domains/rtp-common/env/prod/terraform.tfvars b/src/domains/rtp-common/env/prod/terraform.tfvars index 04162f210..241e303bd 100644 --- a/src/domains/rtp-common/env/prod/terraform.tfvars +++ b/src/domains/rtp-common/env/prod/terraform.tfvars @@ -41,3 +41,35 @@ core_virtual_network_resource_group_name = "cstar-p-vnet-rg" aca_subnet_name = "cstar-p-mcshared-aca-snet" aca_subnet_resource_group_name = "cstar-p-weu-prod01-vnet-rg" aca_virtual_network_name = "cstar-p-weu-prod01-vnet" + + + +## Cosmos DB +cosmos_mongo_db_params = { + enabled = true + kind = "MongoDB" + capabilities = ["EnableMongo"] + offer_type = "Standard" + consistency_policy = { + consistency_level = "Strong" + max_interval_in_seconds = 5 + max_staleness_prefix = 100 + } + server_version = "4.2" + main_geo_location_zone_redundant = true + enable_free_tier = false + + private_endpoint_enabled = true + public_network_access_enabled = true + additional_geo_locations = [ + { + location = "northeurope" + failover_priority = 1 + zone_redundant = true + } + ] + + is_virtual_network_filter_enabled = true + + backup_continuous_enabled = true +} \ No newline at end of file diff --git a/src/domains/rtp-common/env/uat/terraform.tfvars b/src/domains/rtp-common/env/uat/terraform.tfvars index ce87c63b5..62129f9e6 100644 --- a/src/domains/rtp-common/env/uat/terraform.tfvars +++ b/src/domains/rtp-common/env/uat/terraform.tfvars @@ -41,3 +41,35 @@ core_virtual_network_resource_group_name = "cstar-u-vnet-rg" aca_subnet_name = "cstar-u-mcshared-aca-snet" aca_subnet_resource_group_name = "cstar-u-weu-uat01-vnet-rg" aca_virtual_network_name = "cstar-u-weu-uat01-vnet" + + + +## Cosmos DB +cosmos_mongo_db_params = { + enabled = true + kind = "MongoDB" + # Enable Mongo API and Server Side Retry + capabilities = ["EnableMongo", "DisableRateLimitingResponses"] + offer_type = "Standard" + consistency_policy = { + consistency_level = "BoundedStaleness" + max_interval_in_seconds = 300 + max_staleness_prefix = 100000 + } + server_version = "4.2" + main_geo_location_zone_redundant = false + enable_free_tier = false + + private_endpoint_enabled = true + public_network_access_enabled = true + additional_geo_locations = [] + # additional_geo_locations = [{ + # location = "northeurope" + # failover_priority = 1 + # zone_redundant = false + # }] + + is_virtual_network_filter_enabled = true + + backup_continuous_enabled = false +} \ No newline at end of file diff --git a/src/domains/rtp-common/private_dns_zones.tf b/src/domains/rtp-common/private_dns_zones.tf index 712fc52d8..36fb5b6bf 100644 --- a/src/domains/rtp-common/private_dns_zones.tf +++ b/src/domains/rtp-common/private_dns_zones.tf @@ -3,24 +3,24 @@ # # TODO: To be moved to core. # ------------------------------------------------------------------------------ -resource "azurerm_private_dns_zone" "cosmos_nosql" { +resource "azurerm_private_dns_zone" "cosmos_sql" { name = "privatelink.documents.azure.com" resource_group_name = azurerm_resource_group.network.name tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_nosql_to_intern" { - name = "cosmos_nosql_to_intern" - resource_group_name = azurerm_private_dns_zone.cosmos_nosql.resource_group_name - private_dns_zone_name = azurerm_private_dns_zone.cosmos_nosql.name +resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_sql_to_intern" { + name = "cosmos_sql_to_intern" + resource_group_name = azurerm_private_dns_zone.cosmos_sql.resource_group_name + private_dns_zone_name = azurerm_private_dns_zone.cosmos_sql.name virtual_network_id = data.azurerm_virtual_network.intern.id tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_nosql_to_core" { - name = "cosmos_nosql_to_core" - resource_group_name = azurerm_private_dns_zone.cosmos_nosql.resource_group_name - private_dns_zone_name = azurerm_private_dns_zone.cosmos_nosql.name +resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_sql_to_core" { + name = "cosmos_sql_to_core" + resource_group_name = azurerm_private_dns_zone.cosmos_sql.resource_group_name + private_dns_zone_name = azurerm_private_dns_zone.cosmos_sql.name virtual_network_id = data.azurerm_virtual_network.core.id tags = var.tags } \ No newline at end of file diff --git a/src/domains/rtp-common/private_endpoints.tf b/src/domains/rtp-common/private_endpoints.tf index 21301cb11..8d8b83a78 100644 --- a/src/domains/rtp-common/private_endpoints.tf +++ b/src/domains/rtp-common/private_endpoints.tf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------------ # Private endpoint from ACA subnet to CosmosDB NoSQL. # ------------------------------------------------------------------------------ -resource "azurerm_private_endpoint" "cosmos_nosql" { +resource "azurerm_private_endpoint" "cosmos_sql" { name = "${local.project}-cosmos-nosql-pep" location = azurerm_resource_group.network.location resource_group_name = azurerm_resource_group.network.name @@ -11,7 +11,7 @@ resource "azurerm_private_endpoint" "cosmos_nosql" { private_dns_zone_group { name = "${local.project}-cosmos-nosql-pdzg" - private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_nosql.id] + private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_sql.id] } private_service_connection { @@ -27,7 +27,7 @@ resource "azurerm_private_endpoint" "cosmos_nosql" { # ------------------------------------------------------------------------------ # Private endpoint from "private endpoints" subnet to CosmosDB NoSQL for VPN. # ------------------------------------------------------------------------------ -resource "azurerm_private_endpoint" "cosmos_nosql_vpn" { +resource "azurerm_private_endpoint" "cosmos_sql_vpn" { name = "${local.project}-cosmos-nosql-vpn-pep" resource_group_name = azurerm_resource_group.network.name location = azurerm_resource_group.network.location @@ -37,7 +37,7 @@ resource "azurerm_private_endpoint" "cosmos_nosql_vpn" { private_dns_zone_group { name = "${local.project}-cosmos-nosql-vpn-pdzg" - private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_nosql.id] + private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_sql.id] } private_service_connection { From 2402c367b3e123b66ed5bd8acb485687995c9c41 Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Thu, 28 Nov 2024 14:59:46 +0100 Subject: [PATCH 4/8] update --- src/domains/rtd-common/env/dev/terraform.tfvars | 2 +- src/domains/rtp-common/env/dev/terraform.tfvars | 2 +- src/domains/rtp-common/env/prod/terraform.tfvars | 2 +- src/domains/rtp-common/env/uat/terraform.tfvars | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/domains/rtd-common/env/dev/terraform.tfvars b/src/domains/rtd-common/env/dev/terraform.tfvars index ea9117d1b..e7ea40bde 100644 --- a/src/domains/rtd-common/env/dev/terraform.tfvars +++ b/src/domains/rtd-common/env/dev/terraform.tfvars @@ -68,7 +68,7 @@ cosmos_mongo_db_params = { enable_free_tier = false private_endpoint_enabled = false - public_network_access_enabled = false + public_network_access_enabled = true additional_geo_locations = [] is_virtual_network_filter_enabled = true diff --git a/src/domains/rtp-common/env/dev/terraform.tfvars b/src/domains/rtp-common/env/dev/terraform.tfvars index d375e9cb5..dbffee8b6 100644 --- a/src/domains/rtp-common/env/dev/terraform.tfvars +++ b/src/domains/rtp-common/env/dev/terraform.tfvars @@ -61,7 +61,7 @@ cosmos_mongo_db_params = { enable_free_tier = false private_endpoint_enabled = false - public_network_access_enabled = true + public_network_access_enabled = false additional_geo_locations = [] is_virtual_network_filter_enabled = true diff --git a/src/domains/rtp-common/env/prod/terraform.tfvars b/src/domains/rtp-common/env/prod/terraform.tfvars index 241e303bd..d7512864f 100644 --- a/src/domains/rtp-common/env/prod/terraform.tfvars +++ b/src/domains/rtp-common/env/prod/terraform.tfvars @@ -60,7 +60,7 @@ cosmos_mongo_db_params = { enable_free_tier = false private_endpoint_enabled = true - public_network_access_enabled = true + public_network_access_enabled = false additional_geo_locations = [ { location = "northeurope" diff --git a/src/domains/rtp-common/env/uat/terraform.tfvars b/src/domains/rtp-common/env/uat/terraform.tfvars index 62129f9e6..ade49d6a6 100644 --- a/src/domains/rtp-common/env/uat/terraform.tfvars +++ b/src/domains/rtp-common/env/uat/terraform.tfvars @@ -61,7 +61,7 @@ cosmos_mongo_db_params = { enable_free_tier = false private_endpoint_enabled = true - public_network_access_enabled = true + public_network_access_enabled = false additional_geo_locations = [] # additional_geo_locations = [{ # location = "northeurope" From 4f5ed045a83ef382edbc3aa05b20669cef622842 Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Thu, 28 Nov 2024 15:11:33 +0100 Subject: [PATCH 5/8] last fixes --- src/domains/rtp-common/03_database.tf | 8 ++--- src/domains/rtp-common/README.md | 12 +++---- .../rtp-common/env/dev/terraform.tfvars | 5 +-- src/domains/rtp-common/private_dns_zones.tf | 20 ++++++------ src/domains/rtp-common/private_endpoints.tf | 32 +++++++++---------- 5 files changed, 37 insertions(+), 40 deletions(-) diff --git a/src/domains/rtp-common/03_database.tf b/src/domains/rtp-common/03_database.tf index 2004f67c1..02d3d5f3f 100644 --- a/src/domains/rtp-common/03_database.tf +++ b/src/domains/rtp-common/03_database.tf @@ -46,7 +46,7 @@ resource "azurerm_key_vault_secret" "cosmosdb_account_rtp_connection_string" { # ------------------------------------------------------------------------------ # Create a CosmosDB sql database. # ------------------------------------------------------------------------------ -resource "azurerm_cosmosdb_sql_database" "db_rtp" { +resource "azurerm_cosmosdb_mongo_database" "db_rtp" { name = "rtp" resource_group_name = azurerm_resource_group.data.name account_name = azurerm_cosmosdb_account.rtp.name @@ -60,7 +60,7 @@ resource "azurerm_cosmosdb_mongo_collection" "beta_tester" { name = "serviceProviders" resource_group_name = azurerm_resource_group.data.name account_name = azurerm_cosmosdb_account.rtp.name - database_name = azurerm_cosmosdb_sql_database.db_rtp.name + database_name = azurerm_cosmosdb_mongo_database.db_rtp.name index { keys = ["_id"] @@ -75,7 +75,7 @@ resource "azurerm_cosmosdb_mongo_collection" "activations" { name = "activations" resource_group_name = azurerm_resource_group.data.name account_name = azurerm_cosmosdb_account.rtp.name - database_name = azurerm_cosmosdb_sql_database.db_rtp.name + database_name = azurerm_cosmosdb_mongo_database.db_rtp.name index { keys = ["_id"] @@ -86,4 +86,4 @@ resource "azurerm_cosmosdb_mongo_collection" "activations" { keys = ["fiscalCode"] unique = true } -} \ No newline at end of file +} diff --git a/src/domains/rtp-common/README.md b/src/domains/rtp-common/README.md index d0c9022bf..8683d839d 100644 --- a/src/domains/rtp-common/README.md +++ b/src/domains/rtp-common/README.md @@ -21,14 +21,14 @@ | [azurerm_cosmosdb_account.rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account) | resource | | [azurerm_cosmosdb_mongo_collection.activations](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_collection) | resource | | [azurerm_cosmosdb_mongo_collection.beta_tester](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_collection) | resource | -| [azurerm_cosmosdb_sql_database.db_rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database) | resource | +| [azurerm_cosmosdb_mongo_database.db_rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_database) | resource | | [azurerm_key_vault_secret.appinisights_connection_string_kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_key_vault_secret.cosmosdb_account_rtp_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_private_dns_zone.cosmos_sql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | -| [azurerm_private_dns_zone_virtual_network_link.cosmos_sql_to_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.cosmos_sql_to_intern](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_endpoint.cosmos_sql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | -| [azurerm_private_endpoint.cosmos_sql_vpn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_dns_zone.cosmos_mongo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.cosmos_mongo_to_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.cosmos_mongo_to_intern](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_endpoint.cosmos_mongo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.cosmos_mongo_vpn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.rtp_frontend_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | diff --git a/src/domains/rtp-common/env/dev/terraform.tfvars b/src/domains/rtp-common/env/dev/terraform.tfvars index dbffee8b6..779994f5b 100644 --- a/src/domains/rtp-common/env/dev/terraform.tfvars +++ b/src/domains/rtp-common/env/dev/terraform.tfvars @@ -42,9 +42,6 @@ aca_subnet_name = "cstar-d-mcshared-aca-snet" aca_subnet_resource_group_name = "cstar-d-weu-dev01-vnet-rg" aca_virtual_network_name = "cstar-d-weu-dev01-vnet" - - - ## Cosmos DB cosmos_mongo_db_params = { enabled = true @@ -66,4 +63,4 @@ cosmos_mongo_db_params = { is_virtual_network_filter_enabled = true backup_continuous_enabled = false -} \ No newline at end of file +} diff --git a/src/domains/rtp-common/private_dns_zones.tf b/src/domains/rtp-common/private_dns_zones.tf index 36fb5b6bf..4765f41d2 100644 --- a/src/domains/rtp-common/private_dns_zones.tf +++ b/src/domains/rtp-common/private_dns_zones.tf @@ -3,24 +3,24 @@ # # TODO: To be moved to core. # ------------------------------------------------------------------------------ -resource "azurerm_private_dns_zone" "cosmos_sql" { - name = "privatelink.documents.azure.com" +resource "azurerm_private_dns_zone" "cosmos_mongo" { + name = "privatelink.mongo.cosmos.azure.com" resource_group_name = azurerm_resource_group.network.name tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_sql_to_intern" { - name = "cosmos_sql_to_intern" - resource_group_name = azurerm_private_dns_zone.cosmos_sql.resource_group_name - private_dns_zone_name = azurerm_private_dns_zone.cosmos_sql.name +resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_mongo_to_intern" { + name = "cosmos_mongo_to_intern" + resource_group_name = azurerm_private_dns_zone.cosmos_mongo.resource_group_name + private_dns_zone_name = azurerm_private_dns_zone.cosmos_mongo.name virtual_network_id = data.azurerm_virtual_network.intern.id tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_sql_to_core" { - name = "cosmos_sql_to_core" - resource_group_name = azurerm_private_dns_zone.cosmos_sql.resource_group_name - private_dns_zone_name = azurerm_private_dns_zone.cosmos_sql.name +resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_mongo_to_core" { + name = "cosmos_mongo_to_core" + resource_group_name = azurerm_private_dns_zone.cosmos_mongo.resource_group_name + private_dns_zone_name = azurerm_private_dns_zone.cosmos_mongo.name virtual_network_id = data.azurerm_virtual_network.core.id tags = var.tags } \ No newline at end of file diff --git a/src/domains/rtp-common/private_endpoints.tf b/src/domains/rtp-common/private_endpoints.tf index 8d8b83a78..7ca915f15 100644 --- a/src/domains/rtp-common/private_endpoints.tf +++ b/src/domains/rtp-common/private_endpoints.tf @@ -1,23 +1,23 @@ # ------------------------------------------------------------------------------ -# Private endpoint from ACA subnet to CosmosDB NoSQL. +# Private endpoint from ACA subnet to CosmosDB mongo. # ------------------------------------------------------------------------------ -resource "azurerm_private_endpoint" "cosmos_sql" { - name = "${local.project}-cosmos-nosql-pep" +resource "azurerm_private_endpoint" "cosmos_mongo" { + name = "${local.project}-cosmos-mongo-pep" location = azurerm_resource_group.network.location resource_group_name = azurerm_resource_group.network.name subnet_id = data.azurerm_subnet.aca.id - custom_network_interface_name = "${local.project}-cosmos-nosql-pep-nic" + custom_network_interface_name = "${local.project}-cosmos-mongo-pep-nic" private_dns_zone_group { - name = "${local.project}-cosmos-nosql-pdzg" - private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_sql.id] + name = "${local.project}-cosmos-mongo-pdzg" + private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_mongo.id] } private_service_connection { - name = "${local.project}-cosmos-nosql-psc" + name = "${local.project}-cosmos-mongo-psc" private_connection_resource_id = azurerm_cosmosdb_account.rtp.id - subresource_names = ["Sql"] + subresource_names = ["MongoDB"] is_manual_connection = false } @@ -25,25 +25,25 @@ resource "azurerm_private_endpoint" "cosmos_sql" { } # ------------------------------------------------------------------------------ -# Private endpoint from "private endpoints" subnet to CosmosDB NoSQL for VPN. +# Private endpoint from "private endpoints" subnet to CosmosDB Mongo for VPN. # ------------------------------------------------------------------------------ -resource "azurerm_private_endpoint" "cosmos_sql_vpn" { - name = "${local.project}-cosmos-nosql-vpn-pep" +resource "azurerm_private_endpoint" "cosmos_mongo_vpn" { + name = "${local.project}-cosmos-mongo-vpn-pep" resource_group_name = azurerm_resource_group.network.name location = azurerm_resource_group.network.location subnet_id = data.azurerm_subnet.private_endpoints.id - custom_network_interface_name = "${local.project}-cosmos-nosql-vpn-pep-nic" + custom_network_interface_name = "${local.project}-cosmos-mongo-vpn-pep-nic" private_dns_zone_group { - name = "${local.project}-cosmos-nosql-vpn-pdzg" - private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_sql.id] + name = "${local.project}-cosmos-mongo-vpn-pdzg" + private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_mongo.id] } private_service_connection { - name = "${local.project}-cosmos-nosql-vpn-psc" + name = "${local.project}-cosmos-mongo-vpn-psc" private_connection_resource_id = azurerm_cosmosdb_account.rtp.id - subresource_names = ["Sql"] + subresource_names = ["MongoDB"] is_manual_connection = false } From 2fd50395e98ecf5d2a5b3755155293d57d72d528 Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Thu, 28 Nov 2024 15:44:42 +0100 Subject: [PATCH 6/8] update comsos verion --- src/domains/rtp-common/env/dev/terraform.tfvars | 2 +- src/domains/rtp-common/env/prod/terraform.tfvars | 2 +- src/domains/rtp-common/env/uat/terraform.tfvars | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/domains/rtp-common/env/dev/terraform.tfvars b/src/domains/rtp-common/env/dev/terraform.tfvars index 779994f5b..c8eb27e33 100644 --- a/src/domains/rtp-common/env/dev/terraform.tfvars +++ b/src/domains/rtp-common/env/dev/terraform.tfvars @@ -53,7 +53,7 @@ cosmos_mongo_db_params = { max_interval_in_seconds = 300 max_staleness_prefix = 100000 } - server_version = "4.2" + server_version = "7.0" main_geo_location_zone_redundant = false enable_free_tier = false diff --git a/src/domains/rtp-common/env/prod/terraform.tfvars b/src/domains/rtp-common/env/prod/terraform.tfvars index d7512864f..cf5195c35 100644 --- a/src/domains/rtp-common/env/prod/terraform.tfvars +++ b/src/domains/rtp-common/env/prod/terraform.tfvars @@ -55,7 +55,7 @@ cosmos_mongo_db_params = { max_interval_in_seconds = 5 max_staleness_prefix = 100 } - server_version = "4.2" + server_version = "7.0" main_geo_location_zone_redundant = true enable_free_tier = false diff --git a/src/domains/rtp-common/env/uat/terraform.tfvars b/src/domains/rtp-common/env/uat/terraform.tfvars index ade49d6a6..f164a26ea 100644 --- a/src/domains/rtp-common/env/uat/terraform.tfvars +++ b/src/domains/rtp-common/env/uat/terraform.tfvars @@ -56,7 +56,7 @@ cosmos_mongo_db_params = { max_interval_in_seconds = 300 max_staleness_prefix = 100000 } - server_version = "4.2" + server_version = "7.0" main_geo_location_zone_redundant = false enable_free_tier = false From 115e067cc2d92f99754ccef91e52e5881b0a44a6 Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Thu, 28 Nov 2024 17:11:33 +0100 Subject: [PATCH 7/8] fixes --- src/domains/rtp-common/README.md | 2 +- src/domains/rtp-common/env/dev/terraform.tfvars | 2 +- src/domains/rtp-common/env/prod/terraform.tfvars | 2 +- src/domains/rtp-common/env/uat/terraform.tfvars | 2 +- src/domains/rtp-common/private_dns_zones.tf | 15 ++++++++------- src/domains/rtp-common/private_endpoints.tf | 4 ++-- 6 files changed, 14 insertions(+), 13 deletions(-) diff --git a/src/domains/rtp-common/README.md b/src/domains/rtp-common/README.md index 8683d839d..141a205ad 100644 --- a/src/domains/rtp-common/README.md +++ b/src/domains/rtp-common/README.md @@ -24,7 +24,6 @@ | [azurerm_cosmosdb_mongo_database.db_rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_database) | resource | | [azurerm_key_vault_secret.appinisights_connection_string_kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_key_vault_secret.cosmosdb_account_rtp_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_private_dns_zone.cosmos_mongo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | | [azurerm_private_dns_zone_virtual_network_link.cosmos_mongo_to_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.cosmos_mongo_to_intern](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_endpoint.cosmos_mongo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | @@ -37,6 +36,7 @@ | [azurerm_dns_zone.cstar_public_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/dns_zone) | data source | | [azurerm_key_vault.kv_domain](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | +| [azurerm_private_dns_zone.cosmos_mongo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_subnet.aca](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.private_endpoints](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | diff --git a/src/domains/rtp-common/env/dev/terraform.tfvars b/src/domains/rtp-common/env/dev/terraform.tfvars index c8eb27e33..779994f5b 100644 --- a/src/domains/rtp-common/env/dev/terraform.tfvars +++ b/src/domains/rtp-common/env/dev/terraform.tfvars @@ -53,7 +53,7 @@ cosmos_mongo_db_params = { max_interval_in_seconds = 300 max_staleness_prefix = 100000 } - server_version = "7.0" + server_version = "4.2" main_geo_location_zone_redundant = false enable_free_tier = false diff --git a/src/domains/rtp-common/env/prod/terraform.tfvars b/src/domains/rtp-common/env/prod/terraform.tfvars index cf5195c35..d7512864f 100644 --- a/src/domains/rtp-common/env/prod/terraform.tfvars +++ b/src/domains/rtp-common/env/prod/terraform.tfvars @@ -55,7 +55,7 @@ cosmos_mongo_db_params = { max_interval_in_seconds = 5 max_staleness_prefix = 100 } - server_version = "7.0" + server_version = "4.2" main_geo_location_zone_redundant = true enable_free_tier = false diff --git a/src/domains/rtp-common/env/uat/terraform.tfvars b/src/domains/rtp-common/env/uat/terraform.tfvars index f164a26ea..ade49d6a6 100644 --- a/src/domains/rtp-common/env/uat/terraform.tfvars +++ b/src/domains/rtp-common/env/uat/terraform.tfvars @@ -56,7 +56,7 @@ cosmos_mongo_db_params = { max_interval_in_seconds = 300 max_staleness_prefix = 100000 } - server_version = "7.0" + server_version = "4.2" main_geo_location_zone_redundant = false enable_free_tier = false diff --git a/src/domains/rtp-common/private_dns_zones.tf b/src/domains/rtp-common/private_dns_zones.tf index 4765f41d2..2622e0040 100644 --- a/src/domains/rtp-common/private_dns_zones.tf +++ b/src/domains/rtp-common/private_dns_zones.tf @@ -3,24 +3,25 @@ # # TODO: To be moved to core. # ------------------------------------------------------------------------------ -resource "azurerm_private_dns_zone" "cosmos_mongo" { +# Cosmos MongoDB private dns zone +data "azurerm_private_dns_zone" "cosmos_mongo" { name = "privatelink.mongo.cosmos.azure.com" - resource_group_name = azurerm_resource_group.network.name - tags = var.tags + resource_group_name = var.core_integr_virtual_network_resource_group_name } + resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_mongo_to_intern" { name = "cosmos_mongo_to_intern" - resource_group_name = azurerm_private_dns_zone.cosmos_mongo.resource_group_name - private_dns_zone_name = azurerm_private_dns_zone.cosmos_mongo.name + resource_group_name = azurerm_cosmosdb_mongo_database.db_rtp.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.cosmos_mongo.name virtual_network_id = data.azurerm_virtual_network.intern.id tags = var.tags } resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_mongo_to_core" { name = "cosmos_mongo_to_core" - resource_group_name = azurerm_private_dns_zone.cosmos_mongo.resource_group_name - private_dns_zone_name = azurerm_private_dns_zone.cosmos_mongo.name + resource_group_name = azurerm_cosmosdb_mongo_database.db_rtp.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.cosmos_mongo.name virtual_network_id = data.azurerm_virtual_network.core.id tags = var.tags } \ No newline at end of file diff --git a/src/domains/rtp-common/private_endpoints.tf b/src/domains/rtp-common/private_endpoints.tf index 7ca915f15..fb45a409a 100644 --- a/src/domains/rtp-common/private_endpoints.tf +++ b/src/domains/rtp-common/private_endpoints.tf @@ -11,7 +11,7 @@ resource "azurerm_private_endpoint" "cosmos_mongo" { private_dns_zone_group { name = "${local.project}-cosmos-mongo-pdzg" - private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_mongo.id] + private_dns_zone_ids = [data.azurerm_private_dns_zone.cosmos_mongo.id] } private_service_connection { @@ -37,7 +37,7 @@ resource "azurerm_private_endpoint" "cosmos_mongo_vpn" { private_dns_zone_group { name = "${local.project}-cosmos-mongo-vpn-pdzg" - private_dns_zone_ids = [azurerm_private_dns_zone.cosmos_mongo.id] + private_dns_zone_ids = [data.azurerm_private_dns_zone.cosmos_mongo.id] } private_service_connection { From a76580efa6caefae6eada7938f16ea89e1316438 Mon Sep 17 00:00:00 2001 From: Luca Consalvi Date: Fri, 29 Nov 2024 13:54:47 +0100 Subject: [PATCH 8/8] delete enpoints --- src/domains/rtp-common/03_database.tf | 15 ------------- src/domains/rtp-common/README.md | 3 --- src/domains/rtp-common/private_dns_zones.tf | 24 +++------------------ 3 files changed, 3 insertions(+), 39 deletions(-) diff --git a/src/domains/rtp-common/03_database.tf b/src/domains/rtp-common/03_database.tf index 02d3d5f3f..c6da1d49c 100644 --- a/src/domains/rtp-common/03_database.tf +++ b/src/domains/rtp-common/03_database.tf @@ -53,21 +53,6 @@ resource "azurerm_cosmosdb_mongo_database" "db_rtp" { } -# ------------------------------------------------------------------------------ -# Create a collection for the beta tester inside the db. -# ------------------------------------------------------------------------------ -resource "azurerm_cosmosdb_mongo_collection" "beta_tester" { - name = "serviceProviders" - resource_group_name = azurerm_resource_group.data.name - account_name = azurerm_cosmosdb_account.rtp.name - database_name = azurerm_cosmosdb_mongo_database.db_rtp.name - - index { - keys = ["_id"] - unique = true - } -} - # ------------------------------------------------------------------------------ # Create a collection for the activations inside the db. # ------------------------------------------------------------------------------ diff --git a/src/domains/rtp-common/README.md b/src/domains/rtp-common/README.md index 141a205ad..eb18302c6 100644 --- a/src/domains/rtp-common/README.md +++ b/src/domains/rtp-common/README.md @@ -20,12 +20,9 @@ |------|------| | [azurerm_cosmosdb_account.rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account) | resource | | [azurerm_cosmosdb_mongo_collection.activations](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_collection) | resource | -| [azurerm_cosmosdb_mongo_collection.beta_tester](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_collection) | resource | | [azurerm_cosmosdb_mongo_database.db_rtp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_database) | resource | | [azurerm_key_vault_secret.appinisights_connection_string_kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_key_vault_secret.cosmosdb_account_rtp_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_private_dns_zone_virtual_network_link.cosmos_mongo_to_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.cosmos_mongo_to_intern](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_endpoint.cosmos_mongo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_private_endpoint.cosmos_mongo_vpn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | diff --git a/src/domains/rtp-common/private_dns_zones.tf b/src/domains/rtp-common/private_dns_zones.tf index 2622e0040..c84e2222e 100644 --- a/src/domains/rtp-common/private_dns_zones.tf +++ b/src/domains/rtp-common/private_dns_zones.tf @@ -1,27 +1,9 @@ -# ------------------------------------------------------------------------------ -# Private DNS zone for CosmosDB NoSQL. -# -# TODO: To be moved to core. + # ------------------------------------------------------------------------------ # Cosmos MongoDB private dns zone +# ------------------------------------------------------------------------------ + data "azurerm_private_dns_zone" "cosmos_mongo" { name = "privatelink.mongo.cosmos.azure.com" resource_group_name = var.core_integr_virtual_network_resource_group_name -} - - -resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_mongo_to_intern" { - name = "cosmos_mongo_to_intern" - resource_group_name = azurerm_cosmosdb_mongo_database.db_rtp.resource_group_name - private_dns_zone_name = data.azurerm_private_dns_zone.cosmos_mongo.name - virtual_network_id = data.azurerm_virtual_network.intern.id - tags = var.tags -} - -resource "azurerm_private_dns_zone_virtual_network_link" "cosmos_mongo_to_core" { - name = "cosmos_mongo_to_core" - resource_group_name = azurerm_cosmosdb_mongo_database.db_rtp.resource_group_name - private_dns_zone_name = data.azurerm_private_dns_zone.cosmos_mongo.name - virtual_network_id = data.azurerm_virtual_network.core.id - tags = var.tags } \ No newline at end of file