add cert payopt.itn.internal.platform.pagopa.it

pagopa · Dec 19, 2024 · 33ce55b · 33ce55b
1 parent 31e3405
commit 33ce55b
Show file tree

Hide file tree

Showing 7 changed files with 154 additions and 157 deletions.
diff --git a/azure-devops/paymentoptions/00_key_vault.tf b/azure-devops/paymentoptions/00_key_vault.tf
@@ -15,10 +15,10 @@ data "azurerm_key_vault" "domain_kv_uat" {
 }
 
 
-# data "azurerm_key_vault" "domain_kv_prod" {
+data "azurerm_key_vault" "domain_kv_prod" {
 
-#   provider = azurerm.prod
+  provider = azurerm.prod
 
-#   resource_group_name = local.prod_payopt_key_vault_resource_group
-#   name                = local.prod_payopt_key_vault_name
-# }
+  resource_group_name = local.prod_payopt_key_vault_resource_group
+  name                = local.prod_payopt_key_vault_name
+}
diff --git a/azure-devops/paymentoptions/00_secrets_payopt.tf b/azure-devops/paymentoptions/00_secrets_payopt.tf
@@ -36,26 +36,23 @@ module "payopt_uat_secrets" {
   ]
 }
 
-# module "payopt_prod_secrets" {
+module "payopt_prod_secrets" {
 
-#   providers = {
-#     azurerm = azurerm.prod
-#   }
+  providers = {
+    azurerm = azurerm.prod
+  }
 
-#   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v8.22.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v8.22.0"
 
-#   resource_group = local.prod_payopt_key_vault_resource_group
-#   key_vault_name = local.prod_payopt_key_vault_name
+  resource_group = local.prod_payopt_key_vault_resource_group
+  key_vault_name = local.prod_payopt_key_vault_name
 
-#   secrets = [
-#     "pagopa-p-itn-prod-aks-azure-devops-sa-token",
-#     "pagopa-p-itn-prod-aks-azure-devops-sa-cacrt",
-#     "pagopa-p-itn-prod-aks-apiserver-url",
-#     "institutions-storage-account-connection-string",
-#     "notices-storage-account-connection-string",
-#     "notices-mongo-connection-string",
-#   ]
-# }
+  secrets = [
+    "pagopa-p-itn-prod-aks-azure-devops-sa-token",
+    "pagopa-p-itn-prod-aks-azure-devops-sa-cacrt",
+    "pagopa-p-itn-prod-aks-apiserver-url"
+  ]
+}
 
 
 module "general_dev_secrets" {
@@ -86,18 +83,16 @@ module "general_uat_secrets" {
   secrets = []
 }
 
-# module "general_prod_secrets" {
+module "general_prod_secrets" {
 
-#   providers = {
-#     azurerm = azurerm.prod
-#   }
+  providers = {
+    azurerm = azurerm.prod
+  }
 
-#   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v8.22.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v8.22.0"
 
-#   resource_group = "pagopa-p-sec-rg"
-#   key_vault_name = "pagopa-p-kv"
+  resource_group = "pagopa-p-sec-rg"
+  key_vault_name = "pagopa-p-kv"
 
-#   secrets = [
-#     "integration-test-subkey",
-#   ]
-# }
+  secrets = []
+}
diff --git a/azure-devops/paymentoptions/00_secrets_prod.tf b/azure-devops/paymentoptions/00_secrets_prod.tf
@@ -18,9 +18,9 @@ module "secrets" {
   ]
 }
 
-# data "azurerm_subscriptions" "prod" {
-#   display_name_prefix = local.prod_subscription_name
-# }
+data "azurerm_subscriptions" "prod" {
+  display_name_prefix = local.prod_subscription_name
+}
 
 data "azurerm_subscriptions" "uat" {
   display_name_prefix = local.uat_subscription_name

diff --git a/azure-devops/paymentoptions/00_service_connections.tf b/azure-devops/paymentoptions/00_service_connections.tf
@@ -29,7 +29,7 @@ data "azuredevops_serviceendpoint_azurerm" "uat" {
   service_endpoint_name = var.service_connection_uat_azurerm_name
 }
 
-# data "azuredevops_serviceendpoint_azurerm" "prod" {
-#   project_id            = data.azuredevops_project.project.id
-#   service_endpoint_name = var.service_connection_prod_azurerm_name
-# }
+data "azuredevops_serviceendpoint_azurerm" "prod" {
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = var.service_connection_prod_azurerm_name
+}
diff --git a/azure-devops/paymentoptions/03_service_connections_aks.tf b/azure-devops/paymentoptions/03_service_connections_aks.tf
@@ -24,15 +24,15 @@ resource "azuredevops_serviceendpoint_kubernetes" "aks_uat" {
   }
 }
 
-# resource "azuredevops_serviceendpoint_kubernetes" "aks_prod" {
-#   depends_on            = [data.azuredevops_project.project]
-#   project_id            = data.azuredevops_project.project.id
-#   service_endpoint_name = local.srv_endpoint_name_aks_prod
-#   apiserver_url         = module.payopt_prod_secrets.values["pagopa-p-itn-prod-aks-apiserver-url"].value
-#   authorization_type    = "ServiceAccount"
-#   service_account {
-#     # base64 values
-#     token   = module.payopt_prod_secrets.values["pagopa-p-itn-prod-aks-azure-devops-sa-token"].value
-#     ca_cert = module.payopt_prod_secrets.values["pagopa-p-itn-prod-aks-azure-devops-sa-cacrt"].value
-#   }
-# }
+resource "azuredevops_serviceendpoint_kubernetes" "aks_prod" {
+  depends_on            = [data.azuredevops_project.project]
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = local.srv_endpoint_name_aks_prod
+  apiserver_url         = module.payopt_prod_secrets.values["pagopa-p-itn-prod-aks-apiserver-url"].value
+  authorization_type    = "ServiceAccount"
+  service_account {
+    # base64 values
+    token   = module.payopt_prod_secrets.values["pagopa-p-itn-prod-aks-azure-devops-sa-token"].value
+    ca_cert = module.payopt_prod_secrets.values["pagopa-p-itn-prod-aks-azure-devops-sa-cacrt"].value
+  }
+}
diff --git a/azure-devops/paymentoptions/03_service_connections_tls_certificate.tf b/azure-devops/paymentoptions/03_service_connections_tls_certificate.tf
@@ -59,31 +59,31 @@ resource "azurerm_key_vault_access_policy" "UAT-PAYOPT-TLS-CERT-SERVICE-CONN_kv_
   certificate_permissions = ["Get", "Import"]
 }
 
-# #
-# # PROD
-# #
-# module "PROD-PAYOPT-TLS-CERT-SERVICE-CONN" {
-#   providers = {
-#     azurerm = azurerm.prod
-#   }
-
-#   depends_on = [data.azuredevops_project.project]
-#  source     = "git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_serviceendpoint_federated?ref=v9.2.1"
-
-#   project_id          = data.azuredevops_project.project.id
-#   name                = "${local.prefix}-${local.domain}-p-tls-cert-azdo"
-#   tenant_id           = data.azurerm_client_config.current.tenant_id
-#   subscription_name   = var.prod_subscription_name
-#   subscription_id     = data.azurerm_subscriptions.prod.subscriptions[0].subscription_id
-#   location            = local.location_westeurope
-#   resource_group_name = local.prod_identity_rg_name
-# }
-
-# resource "azurerm_key_vault_access_policy" "PROD-PAYOPT-TLS-CERT-SERVICE-CONN_kv_access_policy" {
-#   provider     = azurerm.prod
-#   key_vault_id = data.azurerm_key_vault.domain_kv_prod.id
-#   tenant_id    = data.azurerm_client_config.current.tenant_id
-#   object_id    = module.PROD-PAYOPT-TLS-CERT-SERVICE-CONN.service_principal_object_id
-
-#   certificate_permissions = ["Get", "Import"]
-# }
+#
+# PROD
+#
+module "PROD-PAYOPT-TLS-CERT-SERVICE-CONN" {
+  providers = {
+    azurerm = azurerm.prod
+  }
+
+  depends_on = [data.azuredevops_project.project]
+ source     = "git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_serviceendpoint_federated?ref=v9.2.1"
+
+  project_id          = data.azuredevops_project.project.id
+  name                = "${local.prefix}-${local.domain}-p-tls-cert-azdo"
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  subscription_name   = var.prod_subscription_name
+  subscription_id     = data.azurerm_subscriptions.prod.subscriptions[0].subscription_id
+  location            = local.location_westeurope
+  resource_group_name = local.prod_identity_rg_name
+}
+
+resource "azurerm_key_vault_access_policy" "PROD-PAYOPT-TLS-CERT-SERVICE-CONN_kv_access_policy" {
+  provider     = azurerm.prod
+  key_vault_id = data.azurerm_key_vault.domain_kv_prod.id
+  tenant_id    = data.azurerm_client_config.current.tenant_id
+  object_id    = module.PROD-PAYOPT-TLS-CERT-SERVICE-CONN.service_principal_object_id
+
+  certificate_permissions = ["Get", "Import"]
+}
diff --git a/azure-devops/paymentoptions/05_tlscert-payopt-itn-internal-platform-pagopa-it.tf b/azure-devops/paymentoptions/05_tlscert-payopt-itn-internal-platform-pagopa-it.tf
@@ -1,88 +1,90 @@
-# variable "tlscert-payopt-itn-internal-prod-platform-pagopa-it" {
-#   default = {
-#     repository = {
-#       organization   = "pagopa"
-#       name           = "le-azure-acme-tiny"
-#       branch_name    = "refs/heads/master"
-#       pipelines_path = "."
-#     }
-#     pipeline = {
-#       enable_tls_cert         = true
-#       path                    = "TLS-Certificates\\PROD"
-#       dns_record_name         = "payopt.itn.internal"
-#       dns_zone_name           = "platform.pagopa.it"
-#       dns_zone_resource_group = "pagopa-p-vnet-rg"
-#       # common variables to all pipelines
-#       variables = {
-#       }
-#       # common secret variables to all pipelines
-#       variables_secret = {
-#       }
-#     }
-#   }
-# }
+variable "tlscert-payopt-itn-internal-prod-platform-pagopa-it" {
+  default = {
+    repository = {
+      organization   = "pagopa"
+      name           = "le-azure-acme-tiny"
+      branch_name    = "refs/heads/master"
+      pipelines_path = "."
+    }
+    pipeline = {
+      enable_tls_cert         = true
+      path                    = "TLS-Certificates\\PROD"
+      dns_record_name         = "payopt.itn.internal"
+      dns_zone_name           = "platform.pagopa.it"
+      dns_zone_resource_group = "pagopa-p-vnet-rg"
+      # common variables to all pipelines
+      variables = {
+        CERT_NAME_EXPIRE_SECONDS = "2592000" #30 days
+        KEY_VAULT_NAME           = "pagopa-p-itn-payopt-kv"
+      }
+      # common secret variables to all pipelines
+      variables_secret = {
+      }
+    }
+  }
+}
 
-# locals {
-#   tlscert-payopt-itn-internal-prod-platform-pagopa-it = {
-#     tenant_id         = data.azurerm_client_config.current.tenant_id
-#     subscription_name = "PROD-PAGOPA"
-#     subscription_id   = data.azurerm_subscriptions.prod.subscriptions[0].subscription_id
-#   }
-#   tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables = {
-#     KEY_VAULT_SERVICE_CONNECTION = module.PROD-PAYOPT-TLS-CERT-SERVICE-CONN.service_endpoint_name
-#   }
-#   tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables_secret = {
-#   }
-# }
+locals {
+  tlscert-payopt-itn-internal-prod-platform-pagopa-it = {
+    tenant_id         = data.azurerm_client_config.current.tenant_id
+    subscription_name = "PROD-PAGOPA"
+    subscription_id   = data.azurerm_subscriptions.prod.subscriptions[0].subscription_id
+  }
+  tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables = {
+    KEY_VAULT_SERVICE_CONNECTION = module.PROD-PAYOPT-TLS-CERT-SERVICE-CONN.service_endpoint_name
+  }
+  tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables_secret = {
+  }
+}
 
-# module "tlscert-payopt-itn-internal-prod-platform-pagopa-it-cert_az" {
+module "tlscert-payopt-itn-internal-prod-platform-pagopa-it-cert_az" {
 
-#   providers = {
-#     azurerm = azurerm.prod
-#   }
+  providers = {
+    azurerm = azurerm.prod
+  }
 
-#  source = "./.terraform/modules/__azdo__/azuredevops_build_definition_tls_cert_federated"
-#   count  = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.enable_tls_cert == true ? 1 : 0
+  source = "./.terraform/modules/__azdo__/azuredevops_build_definition_tls_cert_federated"
+  count  = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.enable_tls_cert == true ? 1 : 0
 
-#   project_id                   = data.azuredevops_project.project.id
-#   repository                   = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.repository
-#   path                         = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.path
-#   github_service_connection_id = data.azuredevops_serviceendpoint_github.github_ro.id
+  project_id                   = data.azuredevops_project.project.id
+  repository                   = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.repository
+  path                         = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.path
+  github_service_connection_id = data.azuredevops_serviceendpoint_github.github_ro.id
 
-#   dns_record_name                      = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.dns_record_name
-#   dns_zone_name                        = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.dns_zone_name
-#   dns_zone_resource_group              = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.dns_zone_resource_group
-#   tenant_id                            = local.tlscert-payopt-itn-internal-prod-platform-pagopa-it.tenant_id
-#   subscription_name                    = local.tlscert-payopt-itn-internal-prod-platform-pagopa-it.subscription_name
-#   subscription_id                      = local.tlscert-payopt-itn-internal-prod-platform-pagopa-it.subscription_id
-#   location                             = local.location_westeurope
-#   credential_key_vault_name            = local.prod_payopt_key_vault_name
-#   credential_key_vault_resource_group  = local.prod_payopt_key_vault_resource_group
-#   managed_identity_resource_group_name = local.prod_identity_rg_name
+  dns_record_name                      = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.dns_record_name
+  dns_zone_name                        = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.dns_zone_name
+  dns_zone_resource_group              = var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.dns_zone_resource_group
+  tenant_id                            = local.tlscert-payopt-itn-internal-prod-platform-pagopa-it.tenant_id
+  subscription_name                    = local.tlscert-payopt-itn-internal-prod-platform-pagopa-it.subscription_name
+  subscription_id                      = local.tlscert-payopt-itn-internal-prod-platform-pagopa-it.subscription_id
+  location                             = local.location_westeurope
+  credential_key_vault_name            = local.prod_payopt_key_vault_name
+  credential_key_vault_resource_group  = local.prod_payopt_key_vault_resource_group
+  managed_identity_resource_group_name = local.prod_identity_rg_name
 
-#   variables = merge(
-#     var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.variables,
-#     local.tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables,
-#   )
+  variables = merge(
+    var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.variables,
+    local.tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables,
+  )
 
-#   variables_secret = merge(
-#     var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.variables_secret,
-#     local.tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables_secret,
-#   )
+  variables_secret = merge(
+    var.tlscert-payopt-itn-internal-prod-platform-pagopa-it.pipeline.variables_secret,
+    local.tlscert-payopt-itn-internal-prod-platform-pagopa-it-variables_secret,
+  )
 
-#   service_connection_ids_authorization = [
-#     module.PROD-PAYOPT-TLS-CERT-SERVICE-CONN.service_endpoint_id,
-#   ]
+  service_connection_ids_authorization = [
+    module.PROD-PAYOPT-TLS-CERT-SERVICE-CONN.service_endpoint_id,
+  ]
 
-#   schedules = {
-#     days_to_build              = ["Wed",Fri"]
-#     schedule_only_with_changes = false
-#     start_hours                = 13
-#     start_minutes              = 0
-#     time_zone                  = "(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna"
-#     branch_filter = {
-#       include = ["master"]
-#       exclude = []
-#     }
-#   }
-# }
+  schedules = {
+    days_to_build              = ["Wed", "Fri"]
+    schedule_only_with_changes = false
+    start_hours                = 3
+    start_minutes              = 0
+    time_zone                  = "(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna"
+    branch_filter = {
+      include = ["master"]
+      exclude = []
+    }
+  }
+}