feat: Added printit domain (#320)

* init printit module * added printit state * fix locals variables * fix secrets * removed uat and prod resources * added certificate for dev
pagopa · Mar 12, 2024 · 7727798 · 7727798
1 parent 82ba68b
commit 7727798
Show file tree

Hide file tree

Showing 15 changed files with 927 additions and 0 deletions.
diff --git a/azure-devops/.env/printit_state.tfvars b/azure-devops/.env/printit_state.tfvars
@@ -0,0 +1,4 @@
+resource_group_name  = "terraform-state-rg"
+storage_account_name = "tfinfprodpagopa"
+container_name       = "terraform-state"
+key                  = "azdo-printit.terraform.tfstate"
diff --git a/azure-devops/printit/.terraform.lock.hcl b/azure-devops/printit/.terraform.lock.hcl
diff --git a/azure-devops/printit/00_key_vault.tf b/azure-devops/printit/00_key_vault.tf
@@ -0,0 +1,24 @@
+data "azurerm_key_vault" "domain_kv_dev" {
+
+  provider = azurerm.dev
+
+  resource_group_name = local.dev_printit_key_vault_resource_group
+  name                = local.dev_printit_key_vault_name
+}
+
+#data "azurerm_key_vault" "domain_kv_uat" {
+#
+#  provider = azurerm.uat
+#
+#  resource_group_name = local.uat_printit_key_vault_resource_group
+#  name                = local.uat_printit_key_vault_name
+#}
+#
+#data "azurerm_key_vault" "domain_kv_prod" {
+#
+#  provider = azurerm.prod
+#
+#  resource_group_name = local.prod_printit_key_vault_resource_group
+#  name                = local.prod_printit_key_vault_name
+#}
+
diff --git a/azure-devops/printit/00_secrets_printit.tf b/azure-devops/printit/00_secrets_printit.tf
@@ -0,0 +1,54 @@
+module "printit_dev_secrets" {
+
+  providers = {
+    azurerm = azurerm.dev
+  }
+
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v7.67.1"
+
+  resource_group = local.dev_printit_key_vault_resource_group
+  key_vault_name = local.dev_printit_key_vault_name
+
+  secrets = [
+    "pagopa-d-itn-dev-aks-azure-devops-sa-token",
+    "pagopa-d-itn-dev-aks-azure-devops-sa-cacrt",
+    "pagopa-d-itn-dev-aks-apiserver-url",
+  ]
+}
+#
+#module "printit_uat_secrets" {
+#
+#  providers = {
+#    azurerm = azurerm.uat
+#  }
+#
+#  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v7.67.1"
+#
+#  resource_group = local.uat_printit_key_vault_resource_group
+#  key_vault_name = local.uat_printit_key_vault_name
+#
+#  secrets = [
+#    "pagopa-u-itn-uat-aks-azure-devops-sa-token",
+#    "pagopa-u-itn-uat-aks-azure-devops-sa-cacrt",
+#    "pagopa-u-itn-uat-aks-apiserver-url",
+#  ]
+#}
+#
+#module "printit_prod_secrets" {
+#
+#  providers = {
+#    azurerm = azurerm.prod
+#  }
+#
+#  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v7.67.1"
+#
+#  resource_group = local.prod_printit_key_vault_resource_group
+#  key_vault_name = local.prod_printit_key_vault_name
+#
+#  secrets = [
+#    "pagopa-p-itn-prod-aks-azure-devops-sa-token",
+#    "pagopa-p-itn-prod-aks-azure-devops-sa-cacrt",
+#    "pagopa-p-itn-prod-aks-apiserver-url"
+#  ]
+#}
+
diff --git a/azure-devops/printit/00_secrets_prod.tf b/azure-devops/printit/00_secrets_prod.tf
@@ -0,0 +1,33 @@
+#
+# PROD KEYVAULT
+#
+
+module "secrets" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v7.67.1"
+
+  resource_group = local.prod_key_vault_resource_group
+  key_vault_name = local.prod_key_vault_azdo_name
+
+  secrets = [
+    "DANGER-GITHUB-API-TOKEN",
+    "azure-devops-github-ro-TOKEN",
+    "azure-devops-github-rw-TOKEN",
+    "azure-devops-github-pr-TOKEN",
+    "azure-devops-github-EMAIL",
+    "azure-devops-github-USERNAME",
+  ]
+}
+
+
+
+data "azurerm_subscriptions" "prod" {
+  display_name_prefix = local.prod_subscription_name
+}
+
+data "azurerm_subscriptions" "uat" {
+  display_name_prefix = local.uat_subscription_name
+}
+
+data "azurerm_subscriptions" "dev" {
+  display_name_prefix = local.dev_subscription_name
+}
diff --git a/azure-devops/printit/00_service_connections.tf b/azure-devops/printit/00_service_connections.tf
@@ -0,0 +1,53 @@
+#
+# GITHUB
+#
+data "azuredevops_serviceendpoint_github" "github_pr" {
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = "io-azure-devops-github-pr"
+}
+
+data "azuredevops_serviceendpoint_github" "github_ro" {
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = "io-azure-devops-github-ro"
+}
+
+data "azuredevops_serviceendpoint_github" "github_rw" {
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = "io-azure-devops-github-rw"
+}
+
+#
+# AZURERM
+#
+data "azuredevops_serviceendpoint_azurerm" "dev" {
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = var.service_connection_dev_azurerm_name
+}
+
+#data "azuredevops_serviceendpoint_azurerm" "uat" {
+#  project_id            = data.azuredevops_project.project.id
+#  service_endpoint_name = var.service_connection_uat_azurerm_name
+#}
+#
+#data "azuredevops_serviceendpoint_azurerm" "prod" {
+#  project_id            = data.azuredevops_project.project.id
+#  service_endpoint_name = var.service_connection_prod_azurerm_name
+#}
+
+#
+# ACR
+#
+data "azuredevops_serviceendpoint_azurecr" "dev" {
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = var.service_connection_dev_acr_name
+}
+
+#data "azuredevops_serviceendpoint_azurecr" "uat" {
+#  project_id            = data.azuredevops_project.project.id
+#  service_endpoint_name = var.service_connection_uat_acr_name
+#}
+#
+#data "azuredevops_serviceendpoint_azurecr" "prod" {
+#  project_id            = data.azuredevops_project.project.id
+#  service_endpoint_name = var.service_connection_prod_acr_name
+#}
diff --git a/azure-devops/printit/01_project.tf b/azure-devops/printit/01_project.tf
@@ -0,0 +1,3 @@
+data "azuredevops_project" "project" {
+  name = var.project_name
+}
diff --git a/azure-devops/printit/03_service_connections_aks.tf b/azure-devops/printit/03_service_connections_aks.tf
@@ -0,0 +1,38 @@
+resource "azuredevops_serviceendpoint_kubernetes" "aks_dev" {
+  depends_on            = [data.azuredevops_project.project]
+  project_id            = data.azuredevops_project.project.id
+  service_endpoint_name = local.srv_endpoint_name_aks_dev
+  apiserver_url         = module.printit_dev_secrets.values["pagopa-d-itn-dev-aks-apiserver-url"].value
+  authorization_type    = "ServiceAccount"
+  service_account {
+    # base64 values
+    token   = module.printit_dev_secrets.values["pagopa-d-itn-dev-aks-azure-devops-sa-token"].value
+    ca_cert = module.printit_dev_secrets.values["pagopa-d-itn-dev-aks-azure-devops-sa-cacrt"].value
+  }
+}
+
+#resource "azuredevops_serviceendpoint_kubernetes" "aks_uat" {
+#  depends_on            = [data.azuredevops_project.project]
+#  project_id            = data.azuredevops_project.project.id
+#  service_endpoint_name = local.srv_endpoint_name_aks_uat
+#  apiserver_url         = module.printit_uat_secrets.values["pagopa-u-itn-uat-aks-apiserver-url"].value
+#  authorization_type    = "ServiceAccount"
+#  service_account {
+#    # base64 values
+#    token   = module.printit_uat_secrets.values["pagopa-u-itn-uat-aks-azure-devops-sa-token"].value
+#    ca_cert = module.printit_uat_secrets.values["pagopa-u-itn-uat-aks-azure-devops-sa-cacrt"].value
+#  }
+#}
+#
+#resource "azuredevops_serviceendpoint_kubernetes" "aks_prod" {
+#  depends_on            = [data.azuredevops_project.project]
+#  project_id            = data.azuredevops_project.project.id
+#  service_endpoint_name = local.srv_endpoint_name_aks_prod
+#  apiserver_url         = module.printit_prod_secrets.values["pagopa-p-itn-prod-aks-apiserver-url"].value
+#  authorization_type    = "ServiceAccount"
+#  service_account {
+#    # base64 values
+#    token   = module.printit_prod_secrets.values["pagopa-p-itn-prod-aks-azure-devops-sa-token"].value
+#    ca_cert = module.printit_prod_secrets.values["pagopa-p-itn-prod-aks-azure-devops-sa-cacrt"].value
+#  }
+#}