diff --git a/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl
index deeb990bf2..857777b726 100644
--- a/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl
+++ b/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl
@@ -574,6 +574,70 @@
}
}
}
+ },
+ "/ecommerce/searchNpgOperations": {
+ "post": {
+ "tags": [
+ "eCommerce"
+ ],
+ "summary": "Search npg operations by TransactionId",
+ "description": "GET with body payload - no resources created",
+ "requestBody": {
+ "$ref": "#/components/requestBodies/SearchNpgOperationsRequest"
+ },
+ "responses": {
+ "200": {
+ "description": "Transaction status found",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/SearchNpgOperationsResponse"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Formally invalid input",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ProblemJson"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Transaction not found",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ProblemJson"
+ }
+ }
+ }
+ },
+ "422": {
+ "description": "Unsupported version",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ProblemJson"
+ }
+ }
+ }
+ },
+ "500": {
+ "description": "Internal server error",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ProblemJson"
+ }
+ }
+ }
+ }
+ }
+ }
}
},
"components": {
@@ -1553,6 +1617,145 @@
"username",
"status"
]
+ },
+ "SearchNpgOperationsRequest": {
+ "type": "object",
+ "description": "",
+ "properties": {
+ "idTransaction": {
+ "description": "Uniquely identify a transaction",
+ "type": "string",
+ "minLength": 32,
+ "maxLength": 32,
+ "example": "3fa85f6457174562b3fc2c963f66afa6"
+ }
+ },
+ "required": [
+ "idTransaction"
+ ]
+ },
+ "SearchNpgOperationsResponse": {
+ "type": "object",
+ "description": "",
+ "properties": {
+ "operations": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/Operation"
+ }
+ }
+ }
+ },
+ "Operation": {
+ "type": "object",
+ "properties": {
+ "additionalData": {
+ "type": "object",
+ "properties": {
+ "authorizationCode": {
+ "type": "string",
+ "description": "A string representing the authorization code for the transaction."
+ },
+ "rrn": {
+ "type": "string",
+ "description": "A string representing the retrieval reference number (RRN) for the transaction."
+ }
+ },
+ "additionalProperties": false,
+ "description": "Object containing additional fields specific to the chosen payment method",
+ "example": {
+ "authorizationCode": "647189",
+ "rrn": "BWtmt0ykQma3PElZ_k25vg"
+ }
+ },
+ "operationAmount": {
+ "type": "string",
+ "description": "Operation amount in the payment currency",
+ "example": "3545"
+ },
+ "operationCurrency": {
+ "type": "string",
+ "description": "Payment currency",
+ "example": "EUR"
+ },
+ "operationId": {
+ "type": "string",
+ "example": "3470744"
+ },
+ "operationResult": {
+ "$ref": "#/components/schemas/OperationResult"
+ },
+ "operationTime": {
+ "type": "string",
+ "description": "Operation time in ISO 8601 format",
+ "example": "2022-09-01T01:20:00.000Z"
+ },
+ "operationType": {
+ "$ref": "#/components/schemas/OperationType"
+ },
+ "orderId": {
+ "maxLength": 27,
+ "type": "string",
+ "description": "Merchant order id, unique in the merchant domain",
+ "example": "btid2384983"
+ },
+ "paymentCircuit": {
+ "$ref": "#/components/schemas/PaymentCircuit"
+ },
+ "paymentEndToEndId": {
+ "maxLength": 35,
+ "type": "string",
+ "description": "It is defined by the circuit to uniquely identify the transaction. Required for circuid reconciliation purposes.",
+ "example": "e723hedsdew"
+ },
+ "paymentMethod": {
+ "$ref": "#/components/schemas/PaymentMethod"
+ }
+ }
+ },
+ "OperationResult": {
+ "type": "string",
+ "description": "Transaction output:\n* AUTHORIZED - Payment authorized\n* EXECUTED - Payment confirmed, verification successfully executed\n* DECLINED - Declined by the Issuer during the authorization phase\n* DENIED_BY_RISK - Negative outcome of the transaction risk analysis\n* THREEDS_VALIDATED - 3DS authentication OK or 3DS skipped (non-secure payment) \n* THREEDS_FAILED - cancellation or authentication failure during 3DS\n* PENDING - Payment ongoing. Follow up notifications are expected\n* CANCELED - Canceled by the cardholder\n* VOIDED - Online reversal of the full authorized amount\n* REFUNDED - Full or partial amount refunded\n* FAILED - Payment failed due to technical reasons\n",
+ "example": "AUTHORIZED",
+ "enum": [
+ "AUTHORIZED",
+ "EXECUTED",
+ "DECLINED",
+ "DENIED_BY_RISK",
+ "THREEDS_VALIDATED",
+ "THREEDS_FAILED",
+ "PENDING",
+ "CANCELED",
+ "VOIDED",
+ "REFUNDED",
+ "FAILED"
+ ]
+ },
+ "OperationType": {
+ "type": "string",
+ "description": "It indicates the purpose of the request:\n* AUTHORIZATION - any authorization with explicit capture\n* CAPTURE - a captured authorization or an implicit captured payment\n* VOID - reversal of an authorization\n* REFUND - refund of a captured amount\n* CANCEL - the rollback of an capture, refund. \n",
+ "example": "CAPTURE",
+ "enum": [
+ "AUTHORIZATION",
+ "CAPTURE",
+ "VOID",
+ "REFUND",
+ "CANCEL"
+ ]
+ },
+ "PaymentMethod": {
+ "type": "string",
+ "description": "* CARD - Any card circuit\n* APM - Alternative payment method\n",
+ "example": "CARD",
+ "enum": [
+ "CARD",
+ "APM"
+ ]
+ },
+ "PaymentCircuit": {
+ "type": "string",
+ "description": "one of the payment circuit values returned by the GET payment_methods web service. The list may include (but not limited to) VISA, MC, AMEX, DINERS, GOOGLE_PAY, APPLE_PAY, PAYPAL, BANCONTACT, BANCOMAT_PAY, MYBANK, PIS, AMAZON_PAY, ALIPAY.\"\n",
+ "example": "VISA"
}
},
"requestBodies": {
@@ -1825,7 +2028,17 @@
}
}
}
+ },
+ "SearchNpgOperationsRequest": {
+ "required": true,
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/SearchNpgOperationsRequest"
+ }
+ }
+ }
}
}
}
-}
+}
\ No newline at end of file
diff --git a/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl
index 40ba066357..a6a1b062d0 100644
--- a/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl
+++ b/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl
@@ -3,7 +3,7 @@
"info": {
"version": "0.0.1",
"title": "Pagopa eCommerce services for app IO outcomes",
- "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)",
+ "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)\n- TAKEN_IN_CHARGE(17) → Waiting for outcome \n- PSP_ERROR(25) → Error from psp\n- BE_KO(99) → Backend Error\n- BALANCE_NOT_AVAILABLE(116) → Balance not available\n- CVV_ERROR(117) → Security code error\n- LIMIT_EXCEDEED(121) → Limit excedeed",
"contact": {
"name": "pagoPA - Touchpoints team"
}
@@ -50,10 +50,16 @@
"11",
"12",
"13",
- "14"
+ "14",
+ "17",
+ "25",
+ "99",
+ "116",
+ "117",
+ "121"
]
},
- "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session\n",
+ "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session `17` - Taken in charge `25` - PSP Error `99` - Backend Error `116` - Balance not available `117` - CVV Error `121` - Limit exceeded\n",
"required": true
}
],
@@ -75,4 +81,4 @@
}
}
}
-}
\ No newline at end of file
+}
diff --git a/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl
index 7ff19f49a1..fc23a19ef6 100644
--- a/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl
+++ b/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl
@@ -3,7 +3,7 @@
"info": {
"version": "0.0.1",
"title": "Pagopa eCommerce services for app IO with payment wallet",
- "description": "API's exposed from eCommerce services to app IO to allow pagoPA payment with payment wallet.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)",
+ "description": "API's exposed from eCommerce services to app IO to allow pagoPA payment with payment wallet.",
"contact": {
"name": "pagoPA - Touchpoints team"
}
diff --git a/src/domains/fdr-app/00_data.tf b/src/domains/fdr-app/00_data.tf
index fd3591b006..8d5195f824 100644
--- a/src/domains/fdr-app/00_data.tf
+++ b/src/domains/fdr-app/00_data.tf
@@ -128,3 +128,7 @@ data "azurerm_api_management_api" "apim_nodo_per_psp_api_v1_auth" {
data "azurerm_resource_group" "rg_api" {
name = "${local.product}-api-rg"
}
+
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/fdr-app/07_gh_runner.tf b/src/domains/fdr-app/07_gh_runner.tf
new file mode 100644
index 0000000000..27cdef9bd2
--- /dev/null
+++ b/src/domains/fdr-app/07_gh_runner.tf
@@ -0,0 +1,57 @@
+locals {
+ # because westeurope does not support any other container app environment creation
+ tools_cae_name = var.env_short != "p" ? "${local.product}-tools-cae" : "${local.product}-itn-core-tools-cae"
+ tools_cae_rg = var.env_short != "p" ? "${local.product}-core-tools-rg" : "${local.product}-itn-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-fdr-nodo-dei-pagamenti", # FdR-1
+ short_name : "fdr-ndp"
+ },
+ {
+ name : "pagopa-fdr", # FdR-3
+ short_name : "fdr"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+
+ function_deploy = {
+ enabled = true
+ function_rg = [
+ azurerm_resource_group.reporting_fdr_rg.name,
+ data.azurerm_resource_group.fdr_re_rg.name,
+ data.azurerm_resource_group.fdr_rg.name,
+ ]
+ }
+
+ location = var.gh_runner_job_location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/fdr-app/99_main.tf b/src/domains/fdr-app/99_main.tf
index 8cc12b32de..a01b466595 100644
--- a/src/domains/fdr-app/99_main.tf
+++ b/src/domains/fdr-app/99_main.tf
@@ -50,6 +50,7 @@ provider "helm" {
}
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
+
diff --git a/src/domains/fdr-app/99_variables.tf b/src/domains/fdr-app/99_variables.tf
index 1d950efa97..84476cddc2 100644
--- a/src/domains/fdr-app/99_variables.tf
+++ b/src/domains/fdr-app/99_variables.tf
@@ -460,3 +460,9 @@ variable "enabled_features" {
}
description = "Features enabled in this domain"
}
+
+variable "gh_runner_job_location" {
+ type = string
+ description = "(Optional) The GH runner container app job location. Consistent with the container app environment location"
+ default = "westeurope"
+}
diff --git a/src/domains/fdr-app/README.md b/src/domains/fdr-app/README.md
index cd630442a2..178b8bf46d 100644
--- a/src/domains/fdr-app/README.md
+++ b/src/domains/fdr-app/README.md
@@ -17,7 +17,7 @@
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_api\_fdr\_api\_v1\_internal](#module\_apim\_api\_fdr\_api\_v1\_internal) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_fdr\_api\_v1\_org](#module\_apim\_api\_fdr\_api\_v1\_org) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_fdr\_api\_v1\_psp](#module\_apim\_api\_fdr\_api\_v1\_psp) | ./.terraform/modules/__v3__/api_management_api | n/a |
@@ -39,6 +39,7 @@
| [fdr\_xml\_to\_json\_function](#module\_fdr\_xml\_to\_json\_function) | ./.terraform/modules/__v3__/function_app | n/a |
| [fdr\_xml\_to\_json\_function\_slot\_staging](#module\_fdr\_xml\_to\_json\_function\_slot\_staging) | ./.terraform/modules/__v3__/function_app_slot | n/a |
| [fdr\_xml\_to\_json\_function\_snet](#module\_fdr\_xml\_to\_json\_function\_snet) | ./.terraform/modules/__v3__/subnet | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [reporting\_fdr\_function](#module\_reporting\_fdr\_function) | ./.terraform/modules/__v3__/function_app | n/a |
| [reporting\_fdr\_function\_snet](#module\_reporting\_fdr\_function\_snet) | ./.terraform/modules/__v3__/subnet | n/a |
@@ -128,6 +129,7 @@
| [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.fdr_re_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.fdr_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.msg_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
@@ -179,6 +181,7 @@
| [fn\_app\_runtime\_version](#input\_fn\_app\_runtime\_version) | Function app runtime version. | `string` | `"~4"` | no |
| [ftp\_organization](#input\_ftp\_organization) | Organization configured with FTP | `string` | `null` | no |
| [function\_app\_storage\_account\_replication\_type](#input\_function\_app\_storage\_account\_replication\_type) | (Optional) Storage account replication type used for function apps | `string` | `"ZRS"` | no |
+| [gh\_runner\_job\_location](#input\_gh\_runner\_job\_location) | (Optional) The GH runner container app job location. Consistent with the container app environment location | `string` | `"westeurope"` | no |
| [github](#input\_github) | n/a | object({
org = string
}) | {
"org": "pagopa"
} | no |
| [image\_name](#input\_image\_name) | The image name to use with a function app | `string` | `null` | no |
| [image\_tag](#input\_image\_tag) | The image tag to use with a function app | `string` | `null` | no |
diff --git a/src/domains/fdr-app/env/weu-dev/terraform.tfvars b/src/domains/fdr-app/env/weu-dev/terraform.tfvars
index 34a84b7bbd..057aa98501 100644
--- a/src/domains/fdr-app/env/weu-dev/terraform.tfvars
+++ b/src/domains/fdr-app/env/weu-dev/terraform.tfvars
@@ -33,7 +33,7 @@ storage_account_info = {
account_replication_type = "LRS"
access_tier = "Hot"
advanced_threat_protection_enable = false
- use_legacy_defender_version = false
+ use_legacy_defender_version = true
public_network_access_enabled = false
}
@@ -43,7 +43,7 @@ reporting_fdr_storage_account_info = {
account_replication_type = "LRS"
access_tier = "Hot"
advanced_threat_protection_enable = false
- use_legacy_defender_version = false
+ use_legacy_defender_version = true
public_network_access_enabled = false
}
diff --git a/src/domains/fdr-app/env/weu-prod/terraform.tfvars b/src/domains/fdr-app/env/weu-prod/terraform.tfvars
index 0cf807df16..53b9f62794 100644
--- a/src/domains/fdr-app/env/weu-prod/terraform.tfvars
+++ b/src/domains/fdr-app/env/weu-prod/terraform.tfvars
@@ -1,11 +1,12 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "fdr"
-location = "westeurope"
-location_short = "weu"
-location_string = "West Europe"
-instance = "prod"
+prefix = "pagopa"
+env_short = "p"
+env = "prod"
+domain = "fdr"
+location = "westeurope"
+location_short = "weu"
+location_string = "West Europe"
+instance = "prod"
+gh_runner_job_location = "italynorth"
tags = {
CreatedBy = "Terraform"
@@ -34,7 +35,7 @@ storage_account_info = {
account_replication_type = "GZRS"
access_tier = "Hot"
advanced_threat_protection_enable = true
- use_legacy_defender_version = false
+ use_legacy_defender_version = true
public_network_access_enabled = false
}
@@ -44,7 +45,7 @@ reporting_fdr_storage_account_info = {
account_replication_type = "GZRS"
access_tier = "Hot"
advanced_threat_protection_enable = true
- use_legacy_defender_version = false
+ use_legacy_defender_version = true
public_network_access_enabled = false
}
diff --git a/src/domains/fdr-app/env/weu-uat/terraform.tfvars b/src/domains/fdr-app/env/weu-uat/terraform.tfvars
index f9f105638b..68483cc70b 100644
--- a/src/domains/fdr-app/env/weu-uat/terraform.tfvars
+++ b/src/domains/fdr-app/env/weu-uat/terraform.tfvars
@@ -33,7 +33,7 @@ storage_account_info = {
account_replication_type = "ZRS"
access_tier = "Hot"
advanced_threat_protection_enable = true
- use_legacy_defender_version = false
+ use_legacy_defender_version = true
public_network_access_enabled = false
}
@@ -43,7 +43,7 @@ reporting_fdr_storage_account_info = {
account_replication_type = "LRS"
access_tier = "Hot"
advanced_threat_protection_enable = true
- use_legacy_defender_version = false
+ use_legacy_defender_version = true
public_network_access_enabled = false
}
diff --git a/src/domains/gps-app/00_data.tf b/src/domains/gps-app/00_data.tf
index 9ce6d9dbba..23dd6b912e 100644
--- a/src/domains/gps-app/00_data.tf
+++ b/src/domains/gps-app/00_data.tf
@@ -29,7 +29,11 @@ data "azurerm_key_vault_secret" "gpd_db_pwd" {
# }
data "azurerm_postgresql_flexible_server" "postgres_flexible_server_private" {
- count = 1 # forced count
+ count = 1 # forced count
name = format("%s-gpd-pgflex", local.product)
resource_group_name = format("%s-pgres-flex-rg", local.product)
}
+
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/gps-app/04_apim_gpd_core.tf b/src/domains/gps-app/04_apim_gpd_core.tf
index 507f2cf640..ec31b5f179 100644
--- a/src/domains/gps-app/04_apim_gpd_core.tf
+++ b/src/domains/gps-app/04_apim_gpd_core.tf
@@ -193,13 +193,13 @@ resource "azurerm_api_management_api_operation_policy" "create_debt_position_v1_
}
resource "terraform_data" "sha256_create_debt_position_v2_policy" {
- count = var.env_short != "p" ? 1 : 0 # disbled v2 external bulk prod
+ count = var.env_short != "p" ? 1 : 0 # disbled v2 external bulk prod
input = sha256(file("./api/gpd_api/debt-position-services/create_base_policy.xml"))
}
resource "azurerm_api_management_api_operation_policy" "create_debt_position_v2_policy" {
- count = var.env_short != "p" ? 1 : 0 # disbled v2 external bulk prod
+ count = var.env_short != "p" ? 1 : 0 # disbled v2 external bulk prod
api_name = format("%s-debt-positions-service-api-v2", local.product)
api_management_name = local.pagopa_apim_name
diff --git a/src/domains/gps-app/07_gh_runner.tf b/src/domains/gps-app/07_gh_runner.tf
new file mode 100644
index 0000000000..387235fe29
--- /dev/null
+++ b/src/domains/gps-app/07_gh_runner.tf
@@ -0,0 +1,82 @@
+locals {
+ # because westeurope does not support any other container app environment creation
+ tools_cae_name = var.env_short != "p" ? "${local.product}-tools-cae" : "${local.product}-itn-core-tools-cae"
+ tools_cae_rg = var.env_short != "p" ? "${local.product}-core-tools-rg" : "${local.product}-itn-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-gpd-upload",
+ short_name : "gpd-upload"
+ },
+ {
+ name : "pagopa-gpd-upload-function",
+ short_name : "gpd-upload-fn"
+ },
+ {
+ name : "pagopa-gpd-payments-pull",
+ short_name : "gpd-pay-pull"
+ },
+ {
+ name : "pagopa-gps-donation-service",
+ short_name : "gpd-donation"
+ },
+ {
+ name : "pagopa-gpd-payments",
+ short_name : "gpd-payments"
+ },
+ {
+ name : "pagopa-gpd-reporting-batch",
+ short_name : "gpd-rpt-batch"
+ },
+ {
+ name : "pagopa-gpd-reporting-analysis",
+ short_name : "gpd-rpt-an"
+ },
+ {
+ name : "pagopa-gpd-reporting-service",
+ short_name : "gpd-rpt-svc"
+ },
+ {
+ name : "pagopa-gpd-ingestion-manager"
+ short_name : "gpd-ingst-mgr"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+ function_deploy = {
+ enabled = true
+ function_rg = [
+ azurerm_resource_group.gpd_rg.name
+ ]
+ }
+
+ location = var.gh_runner_job_location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/gps-app/99_main.tf b/src/domains/gps-app/99_main.tf
index 0886ed88ea..83b6d3b611 100644
--- a/src/domains/gps-app/99_main.tf
+++ b/src/domains/gps-app/99_main.tf
@@ -66,6 +66,6 @@ provider "kubectl" {
}
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
diff --git a/src/domains/gps-app/99_variables.tf b/src/domains/gps-app/99_variables.tf
index 395f82e481..28148223fb 100644
--- a/src/domains/gps-app/99_variables.tf
+++ b/src/domains/gps-app/99_variables.tf
@@ -543,3 +543,9 @@ variable "limits_cpu" {
description = "Connect Limit CPU"
default = "0.5"
}
+
+variable "gh_runner_job_location" {
+ type = string
+ description = "(Optional) The GH runner container app job location. Consistent with the container app environment location"
+ default = "westeurope"
+}
diff --git a/src/domains/gps-app/README.md b/src/domains/gps-app/README.md
index dc798cb97b..bd74a88016 100644
--- a/src/domains/gps-app/README.md
+++ b/src/domains/gps-app/README.md
@@ -18,7 +18,7 @@
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_aca\_integration\_product](#module\_apim\_aca\_integration\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_api\_debt\_positions\_api\_v1](#module\_apim\_api\_debt\_positions\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_debt\_positions\_api\_v2](#module\_apim\_api\_debt\_positions\_api\_v2) | ./.terraform/modules/__v3__/api_management_api | n/a |
@@ -45,6 +45,7 @@
| [apim\_gps\_enrollments\_product](#module\_apim\_gps\_enrollments\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_gps\_product](#module\_apim\_gps\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_pn\_integration\_product](#module\_apim\_pn\_integration\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [reporting\_analysis\_function](#module\_reporting\_analysis\_function) | ./.terraform/modules/__v3__/function_app | n/a |
| [reporting\_analysis\_function\_slot\_staging](#module\_reporting\_analysis\_function\_slot\_staging) | ./.terraform/modules/__v3__/function_app_slot | n/a |
@@ -128,6 +129,8 @@
| [kubernetes_role_binding.deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
| [kubernetes_role_binding.system_deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource |
| [kubernetes_service_account.azure_devops](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+| [null_resource.wait_kafka_connect](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.wait_postgres_connector](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [terraform_data.sha256_create_debt_position_v1_policy](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
| [terraform_data.sha256_create_debt_position_v2_policy](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
| [terraform_data.sha256_segregation_codes_fragment](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
@@ -158,6 +161,7 @@
| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_postgresql_flexible_server.postgres_flexible_server_private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/postgresql_flexible_server) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_subnet.apim_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
@@ -186,6 +190,7 @@
| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
| [flag\_responsetime\_alert](#input\_flag\_responsetime\_alert) | Flag to enable if payments-pull response time alert is available | `number` | `0` | no |
| [fn\_app\_storage\_account\_info](#input\_fn\_app\_storage\_account\_info) | n/a | object({
account_kind = optional(string, "StorageV2")
account_tier = optional(string, "Standard")
account_replication_type = optional(string, "LRS")
advanced_threat_protection_enable = optional(bool, true)
access_tier = optional(string, "Hot")
public_network_access_enabled = optional(bool, false)
use_legacy_defender_version = optional(bool, false)
}) | {
"access_tier": "Hot",
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection_enable": true,
"public_network_access_enabled": false,
"use_legacy_defender_version": true
} | no |
+| [gh\_runner\_job\_location](#input\_gh\_runner\_job\_location) | (Optional) The GH runner container app job location. Consistent with the container app environment location | `string` | `"westeurope"` | no |
| [gpd\_always\_on](#input\_gpd\_always\_on) | Always on property | `bool` | `true` | no |
| [gpd\_autoscale\_default](#input\_gpd\_autoscale\_default) | The number of instances that are available for scaling if metrics are not available for evaluation. | `number` | `1` | no |
| [gpd\_autoscale\_maximum](#input\_gpd\_autoscale\_maximum) | The maximum number of instances for this resource. | `number` | `3` | no |
diff --git a/src/domains/gps-app/env/weu-prod/terraform.tfvars b/src/domains/gps-app/env/weu-prod/terraform.tfvars
index fe596ecd93..d72cab2504 100644
--- a/src/domains/gps-app/env/weu-prod/terraform.tfvars
+++ b/src/domains/gps-app/env/weu-prod/terraform.tfvars
@@ -1,11 +1,12 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "gps"
-location = "westeurope"
-location_short = "weu"
-location_string = "West Europe"
-instance = "prod"
+prefix = "pagopa"
+env_short = "p"
+env = "prod"
+domain = "gps"
+location = "westeurope"
+location_short = "weu"
+location_string = "West Europe"
+instance = "prod"
+gh_runner_job_location = "italynorth"
tags = {
CreatedBy = "Terraform"
diff --git a/src/domains/nodo-app/00_alert_wisp_dismantling.tf b/src/domains/nodo-app/00_alert_wisp_dismantling.tf
index a0abc1f625..1b88189b5d 100644
--- a/src/domains/nodo-app/00_alert_wisp_dismantling.tf
+++ b/src/domains/nodo-app/00_alert_wisp_dismantling.tf
@@ -34,6 +34,53 @@ AzureDiagnostics
}
}
+// Query explanation: https://pagopa.atlassian.net/wiki/spaces/I/pages/574751186/Razionalizzazione+Alert
+resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-converter-redirect-availability" {
+ count = var.env_short == "p" ? 1 : 0
+ resource_group_name = "dashboards"
+ name = "pagopa-${var.env_short}-opex_pagopa-wisp-converter-redirect-availability"
+ location = var.location
+
+ action {
+ action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id]
+ email_subject = "Alert pagopa-wisp-converter-redirect-availability"
+ custom_webhook_payload = "{}"
+ }
+
+ data_source_id = data.azurerm_api_management.apim.id
+ description = "Availability for https://api.platform.pagopa.it/wisp-converter/redirect/api/v1/payments is less than or equal to threshold - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-wisp-converter"
+ enabled = true
+ query = (<<-QUERY
+let lowTrafficThreshold = 70; // the lower threshold that can be calculated regarding the number of invocations
+let highTrafficThreshold = 95; // the upper threshold that can be calculated regarding the number of invocations
+let trafficMin = 100; // the minimum number of invocations (traffic) below which 'lowTrafficThreshold' guideline is used
+let trafficLinear = 500; // the minimum number of invocations (traffic) above which 'highTrafficThreshold' guideline is used
+let thresholdDelta = trafficLinear - trafficMin; // the difference of the traffic guideline on which the expected availability is calculated
+let availabilityDelta = highTrafficThreshold - lowTrafficThreshold; // the difference of the threshold limits on which the expected availability is calculated
+// -----------------------------------------
+AzureDiagnostics
+| where url_s startswith "https://api.platform.pagopa.it/wisp-converter/redirect/api/v1/payments"
+| summarize
+ total=count(),
+ success=count(responseCode_d == 302)
+ by timeslot = bin(TimeGenerated, 5m)
+| extend trafficUp = total - trafficMin
+| extend deltaRatio = todouble(todouble(trafficUp) / todouble(thresholdDelta))
+| extend expectedAvailability = iff(total >= trafficLinear, toreal(highTrafficThreshold), iff(total <= trafficMin, toreal(lowTrafficThreshold), (deltaRatio * (availabilityDelta)) + lowTrafficThreshold))
+| extend availability = ((success * 1.0) / total) * 100
+| project timeslot, availability, threshold=expectedAvailability
+| where availability < threshold
+ QUERY
+ )
+ severity = 1
+ frequency = 5
+ time_window = 10
+ trigger {
+ operator = "GreaterThanOrEqual"
+ threshold = 2
+ }
+}
+
// These API invoking and result are logged only on application insight
// [receiptKo, receiptOk, createTimer, deleteTimer]
resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-converter-ai-availability" {
@@ -126,7 +173,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-convert
let errorsToExclude = dynamic([
"WIC-1300", // payment position already paid
"WIC-2001", // RPT timer creation
- "WIC-3001", "WIC-3002", "WIC-3003", "WIC-3004", "WIC-3005", "WIC-3006" // client errors
+ "WIC-3004" // CLIENT_CHECKOUT error
]);
traces
| where cloud_RoleName == "pagopawispconverter"
diff --git a/src/domains/nodo-app/00_data.tf b/src/domains/nodo-app/00_data.tf
index deb2adedad..bf30ab9656 100644
--- a/src/domains/nodo-app/00_data.tf
+++ b/src/domains/nodo-app/00_data.tf
@@ -18,4 +18,6 @@ data "azurerm_resource_group" "node_cfg_sync_rg" {
name = "${local.project}-cfg-sync-rg"
}
-
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/nodo-app/07_gh_runner.tf b/src/domains/nodo-app/07_gh_runner.tf
new file mode 100644
index 0000000000..90daf895dc
--- /dev/null
+++ b/src/domains/nodo-app/07_gh_runner.tf
@@ -0,0 +1,91 @@
+locals {
+ # because westeurope does not support any other container app environment creation
+ tools_cae_name = var.env_short != "p" ? "${local.product}-tools-cae" : "${local.product}-itn-core-tools-cae"
+ tools_cae_rg = var.env_short != "p" ? "${local.product}-core-tools-rg" : "${local.product}-itn-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-stand-in-manager",
+ short_name : "standin-mgr"
+ },
+ {
+ name : "pagopa-stand-in-technical-support",
+ short_name : "stanin-tech-sup"
+ },
+ {
+ name : "pagopa-node-cfg-sync",
+ short_name : "node-cfg-sync"
+ },
+ {
+ name : "pagopa-nodo-verifyko-to-tablestorage",
+ short_name : "nodo-vfko-table"
+ },
+ {
+ name : "pagopa-nodo-verifyko-to-datastore",
+ short_name : "nodo-vfko-data"
+ },
+ {
+ name : "pagopa-nodo-verifyko-aux",
+ short_name : "nodo-vfko-aux"
+ },
+ {
+ name : "pagopa-wisp-soap-converter",
+ short_name : "wisp-soap-cvt"
+ },
+ {
+ name : "pagopa-wisp-converter",
+ short_name : "wisp-cvt"
+ },
+ {
+ name : "pagopa-wisp-converter-technical-support",
+ short_name : "wisp-cvt-supp"
+ },
+ {
+ name : "pagopa-node-technical-support-worker",
+ short_name : "node-tech-supp"
+ },
+ {
+ name : "pagopa-mbd"
+ short_name : "mdb"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+
+ function_deploy = {
+ enabled = true
+ function_rg = [
+ data.azurerm_resource_group.nodo_verify_ko_rg.name
+ ]
+ }
+
+ location = var.gh_runner_job_location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/nodo-app/99_main.tf b/src/domains/nodo-app/99_main.tf
index fce1b8cec3..659390c0d9 100644
--- a/src/domains/nodo-app/99_main.tf
+++ b/src/domains/nodo-app/99_main.tf
@@ -53,6 +53,6 @@ provider "helm" {
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
diff --git a/src/domains/nodo-app/99_variables.tf b/src/domains/nodo-app/99_variables.tf
index a2b69af8df..d1ee93b348 100644
--- a/src/domains/nodo-app/99_variables.tf
+++ b/src/domains/nodo-app/99_variables.tf
@@ -473,3 +473,8 @@ variable "wfesp_dismantling" {
})
}
+variable "gh_runner_job_location" {
+ type = string
+ description = "(Optional) The GH runner container app job location. Consistent with the container app environment location"
+ default = "westeurope"
+}
diff --git a/src/domains/nodo-app/README.md b/src/domains/nodo-app/README.md
index 530c805eea..dcfb87913e 100644
--- a/src/domains/nodo-app/README.md
+++ b/src/domains/nodo-app/README.md
@@ -17,7 +17,7 @@
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_api\_mock\_ec\_api\_replica\_v1](#module\_apim\_api\_mock\_ec\_api\_replica\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_mock\_ec\_api\_v1](#module\_apim\_api\_mock\_ec\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_mock\_ec\_secondary\_api\_replica\_v1](#module\_apim\_api\_mock\_ec\_secondary\_api\_replica\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
@@ -59,6 +59,7 @@
| [apim\_wfesp\_product](#module\_apim\_wfesp\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_wfesp\_product\_replica](#module\_apim\_wfesp\_product\_replica) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_wisp\_converter\_product](#module\_apim\_wisp\_converter\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [load\_balancer\_nodo\_egress](#module\_load\_balancer\_nodo\_egress) | ./.terraform/modules/__v3__/load_balancer | n/a |
| [nodo\_re\_to\_datastore\_function](#module\_nodo\_re\_to\_datastore\_function) | ./.terraform/modules/__v3__/function_app | n/a |
| [nodo\_re\_to\_datastore\_function\_slot\_staging](#module\_nodo\_re\_to\_datastore\_function\_slot\_staging) | ./.terraform/modules/__v3__/function_app_slot | n/a |
@@ -205,6 +206,7 @@
| [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-ai-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
| [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-ai-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
| [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
+| [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-redirect-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
| [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-wic-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
| [azurerm_resource_group.nodo_re_to_datastore_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.vmss_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -264,6 +266,7 @@
| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slacknodo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.node_cfg_sync_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.nodo_verify_ko_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
@@ -298,6 +301,7 @@
| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
| [function\_app\_storage\_account\_replication\_type](#input\_function\_app\_storage\_account\_replication\_type) | (Optional) Storage account replication type used for function apps | `string` | `"ZRS"` | no |
+| [gh\_runner\_job\_location](#input\_gh\_runner\_job\_location) | (Optional) The GH runner container app job location. Consistent with the container app environment location | `string` | `"westeurope"` | no |
| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
| [lb\_frontend\_private\_ip\_address](#input\_lb\_frontend\_private\_ip\_address) | load balancer egress nodo private ip | `string` | n/a | yes |
diff --git a/src/domains/nodo-app/env/weu-prod/terraform.tfvars b/src/domains/nodo-app/env/weu-prod/terraform.tfvars
index 08cd0bfe29..287508bd46 100644
--- a/src/domains/nodo-app/env/weu-prod/terraform.tfvars
+++ b/src/domains/nodo-app/env/weu-prod/terraform.tfvars
@@ -1,11 +1,12 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "nodo"
-location = "westeurope"
-location_short = "weu"
-location_string = "West Europe"
-instance = "prod"
+prefix = "pagopa"
+env_short = "p"
+env = "prod"
+domain = "nodo"
+location = "westeurope"
+location_short = "weu"
+location_string = "West Europe"
+instance = "prod"
+gh_runner_job_location = "italynorth"
tags = {
CreatedBy = "Terraform"
diff --git a/src/domains/nodo-common/00_azuread.tf b/src/domains/nodo-common/00_azuread.tf
index 14a0893a9f..b7f42c3c3b 100644
--- a/src/domains/nodo-common/00_azuread.tf
+++ b/src/domains/nodo-common/00_azuread.tf
@@ -13,4 +13,4 @@ data "azuread_group" "adgroup_externals" {
data "azuread_group" "adgroup_security" {
display_name = "${local.product}-adgroup-security"
-}
\ No newline at end of file
+}
diff --git a/src/domains/nodo-common/99_locals.tf b/src/domains/nodo-common/99_locals.tf
index e7ce45b796..159bab0da8 100644
--- a/src/domains/nodo-common/99_locals.tf
+++ b/src/domains/nodo-common/99_locals.tf
@@ -15,10 +15,10 @@ locals {
monitor_action_group_slack_name = "SlackPagoPA"
monitor_action_group_email_name = "PagoPA"
monitor_action_group_opsgenie_name = "Opsgenie"
- application_insights_name = "pagopa-${var.env_short}-appinsights"
- vnet_name = "${local.product}-vnet"
- vnet_replica_name = "${local.product}-${var.location_replica_short}-core-replica-vnet"
- vnet_resource_group_name = "${local.product}-vnet-rg"
+ application_insights_name = "pagopa-${var.env_short}-appinsights"
+ vnet_name = "${local.product}-vnet"
+ vnet_replica_name = "${local.product}-${var.location_replica_short}-core-replica-vnet"
+ vnet_resource_group_name = "${local.product}-vnet-rg"
acr_name = replace("${local.product}commonacr", "-", "")
acr_resource_group_name = "${local.product}-container-registry-rg"
diff --git a/src/domains/nodo-common/README.md b/src/domains/nodo-common/README.md
index d936977bac..b13018d719 100644
--- a/src/domains/nodo-common/README.md
+++ b/src/domains/nodo-common/README.md
@@ -1,5 +1,5 @@
-
+
## Requirements
| Name | Version |
@@ -64,6 +64,7 @@
| [azurerm_data_factory_trigger_schedule.trigger_online](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_trigger_schedule) | resource |
| [azurerm_data_factory_trigger_schedule.trigger_re](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_trigger_schedule) | resource |
| [azurerm_data_factory_trigger_schedule.trigger_wfesp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_trigger_schedule) | resource |
+| [azurerm_key_vault_secret.ai_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.cosmos_biz_account_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.cosmos_neg_biz_account_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.cosmos_verifyko_account_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
@@ -142,6 +143,7 @@
| [azurerm_api_management_product.apim_gpd_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
| [azurerm_api_management_product.apim_nodo_dei_pagamenti_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
| [azurerm_api_management_product.apim_technical_support_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
+| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
| [azurerm_cosmosdb_account.bizevents_datastore_cosmosdb_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
| [azurerm_cosmosdb_account.bizevents_neg_datastore_cosmosdb_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
@@ -236,10 +238,10 @@
| [storage\_account\_snet\_private\_link\_service\_network\_policies\_enabled](#input\_storage\_account\_snet\_private\_link\_service\_network\_policies\_enabled) | If true, create a private link service | `bool` | `true` | no |
| [tags](#input\_tags) | n/a | `map(any)` | {
"CreatedBy": "Terraform"
} | no |
| [verifyko\_cosmos\_nosql\_db\_params](#input\_verifyko\_cosmos\_nosql\_db\_params) | n/a | object({
capabilities = list(string)
offer_type = string
server_version = string
kind = string
consistency_policy = object({
consistency_level = string
max_interval_in_seconds = number
max_staleness_prefix = number
})
main_geo_location_zone_redundant = bool
enable_free_tier = bool
additional_geo_locations = list(object({
location = string
failover_priority = number
zone_redundant = bool
}))
private_endpoint_enabled = bool
public_network_access_enabled = bool
is_virtual_network_filter_enabled = bool
backup_continuous_enabled = bool
events_ttl = number
max_throughput = number
}) | n/a | yes |
-| [wisp\_converter\_cosmos\_nosql\_db\_params](#input\_wisp\_converter\_cosmos\_nosql\_db\_params) | n/a | object({
capabilities = list(string)
offer_type = string
server_version = string
kind = string
consistency_policy = object({
consistency_level = string
max_interval_in_seconds = number
max_staleness_prefix = number
})
main_geo_location_zone_redundant = bool
enable_free_tier = bool
additional_geo_locations = list(object({
location = string
failover_priority = number
zone_redundant = bool
}))
private_endpoint_enabled = bool
public_network_access_enabled = bool
is_virtual_network_filter_enabled = bool
backup_continuous_enabled = bool
data_ttl = number
data_max_throughput = number
re_ttl = number
re_max_throughput = number
receipt_ttl = number
receipt_max_throughput = number
receipt_dead_letter_ttl = number
receipt_dead_letter_max_throughput = number
idempotency_ttl = number
idempotency_max_throughput = number
rt_ttl = number
rt_max_throughput = number
configuration_ttl = number
configuration_max_throughput = number
nav2iuv_mapping_ttl = number
nav2iuv_mapping_max_throughput = number
}) | n/a | yes |
+| [wisp\_converter\_cosmos\_nosql\_db\_params](#input\_wisp\_converter\_cosmos\_nosql\_db\_params) | n/a | object({
capabilities = list(string)
offer_type = string
server_version = string
kind = string
consistency_policy = object({
consistency_level = string
max_interval_in_seconds = number
max_staleness_prefix = number
})
main_geo_location_zone_redundant = bool
enable_free_tier = bool
additional_geo_locations = list(object({
location = string
failover_priority = number
zone_redundant = bool
}))
private_endpoint_enabled = bool
public_network_access_enabled = bool
is_virtual_network_filter_enabled = bool
backup_continuous_enabled = bool
data_ttl = number
data_max_throughput = number
re_ttl = number
re_max_throughput = number
receipt_ttl = number
receipt_max_throughput = number
receipt_dead_letter_ttl = number
receipt_dead_letter_max_throughput = number
idempotency_ttl = number
idempotency_max_throughput = number
rt_ttl = number
rt_max_throughput = number
configuration_ttl = number
configuration_max_throughput = number
report_ttl = number
report_max_throughput = number
nav2iuv_mapping_ttl = number
nav2iuv_mapping_max_throughput = number
}) | n/a | yes |
| [wisp\_converter\_storage\_account](#input\_wisp\_converter\_storage\_account) | n/a | object({
account_kind = string
account_tier = string
account_replication_type = string
advanced_threat_protection = bool
blob_delete_retention_days = number
blob_versioning_enabled = bool
public_network_access_enabled = bool
backup_enabled = bool
backup_retention_days = number
}) | n/a | yes |
## Outputs
No outputs.
-
+
diff --git a/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars b/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars
index 6d966c7f63..90add576be 100644
--- a/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars
+++ b/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars
@@ -67,7 +67,7 @@ cosmos_mongo_db_params = {
is_virtual_network_filter_enabled = false
enable_provisioned_throughput_exceeded_alert = false
backup_continuous_enabled = false
- ip_range_filter = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26,13.88.56.148,40.91.218.243,13.91.105.215,4.210.172.107,40.80.152.199,13.95.130.121,20.245.81.54,40.118.23.126"
+ ip_range_filter = null
}
cosmos_mongo_db_pay_wallet_params = {
diff --git a/src/domains/paymentoptions-app/.terraform.lock.hcl b/src/domains/paymentoptions-app/.terraform.lock.hcl
deleted file mode 100644
index 3e8f565f69..0000000000
--- a/src/domains/paymentoptions-app/.terraform.lock.hcl
+++ /dev/null
@@ -1,122 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/azuread" {
- version = "2.47.0"
- constraints = "<= 2.47.0"
- hashes = [
- "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=",
- "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=",
- "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=",
- "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=",
- "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=",
- "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e",
- "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
- "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001",
- "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f",
- "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17",
- "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569",
- "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a",
- "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e",
- "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee",
- "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57",
- "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb",
- "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.97.1"
- constraints = "~> 3.30, <= 3.116.0"
- hashes = [
- "h1:LtwGbd4HEb5QCXmdxSvTjPSh8/Gp8eAQMYfiAKaubV4=",
- "h1:b8yfRYs+CepOlnx1JeQVMTX3N6HHfS85iOXE8hn8yok=",
- "h1:klBuN2uVZF7AVMhskbbgF8pygyhPBxsjedB1GUV79PA=",
- "h1:m5wyoRGjbVfJU2YaGZrN1lfGgjpyuwi7Ykw1uHdwlAg=",
- "h1:vwYchGsh1TY+/GjUv6CUS6It2opnMYYYVt4GBvCmesY=",
- "zh:15171efcc3aa3a37748c502c493cb16ecff603b81ada4499a843574976bac524",
- "zh:2ca6c13a4a96f67763ecced0015c7b101ee02d54ea54b28a8df4ae06468071b1",
- "zh:2e3c77dbfd8f760132ecef2d6117e939cbea26b96aba5e4d926e7f7f0f7afe72",
- "zh:4bc346eece1622be93c73801d8256502b11fd7c2e7f7cea12d048bb9fc9fe900",
- "zh:4f1042942ed8d0433680a367527289459d43b0894a51eaba83ac414e80d5187f",
- "zh:63e674c31482ae3579ea84daf5b1ba066ce40cb23475f54e17b6b131320a1bec",
- "zh:8327148766dcb7a174673729a832c8095d7e137d0e6c7e2a9a01da48b8b73fbe",
- "zh:851b3ae417059a80c7813e7f0063298a590a42f056004f2c2558ea14061c207e",
- "zh:ac081b48907139c121a422ae9b1f40fc72c6aaaeb05cbdbf848102a6a5f426f4",
- "zh:dc1d663df2d95e4ba91070ceb20d3560b6ea5c465d39c57a5979319302643e41",
- "zh:ed26457367cbbb94237e935d297cb31b5687f9abf697377da0ee46974480db9b",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/helm" {
- version = "2.12.1"
- constraints = "~> 2.12, <= 2.12.1"
- hashes = [
- "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=",
- "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
- "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=",
- "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=",
- "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=",
- "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
- "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
- "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
- "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
- "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
- "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
- "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
- "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
- "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
- "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
- "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.29.0"
- constraints = "~> 2.27, <= 2.29.0"
- hashes = [
- "h1:+YCSx70JPlL2PX+yO53gzy1v0Bj61QMhq0N8U0DjK6c=",
- "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=",
- "h1:Igs0JTtmzn5q7RHqrvrTMCD/DCSLPMinvUnhYZ2oITw=",
- "h1:oUDANZ62j22EWXtXUDAJe4HFq6BZhrYa4VLk49u7Om0=",
- "h1:uM3M6zkZ7Tjr91SJaHz+ce+rmGtfUDih2fN3ogV+eYA=",
- "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113",
- "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578",
- "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195",
- "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac",
- "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff",
- "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25",
- "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723",
- "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3",
- "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226",
- "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a",
- "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
- version = "3.2.1"
- constraints = "~> 3.2, <= 3.2.1"
- hashes = [
- "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=",
- "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=",
- "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=",
- "h1:wqgRvlyVIbkCeCQs+5jj6zVuQL0KDxZZtNofGqqlSdI=",
- "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
- "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
- "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
- "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
- "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
- "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
- "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
- "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
- "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
- "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
- "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
- ]
-}
diff --git a/src/domains/paymentoptions-app/02_namespace.tf b/src/domains/paymentoptions-app/02_namespace.tf
deleted file mode 100644
index 73e2653de5..0000000000
--- a/src/domains/paymentoptions-app/02_namespace.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-resource "kubernetes_namespace" "namespace" {
- metadata {
- name = var.domain
- }
-}
-
-module "pod_identity" {
- source = "./.terraform/modules/__v3__/kubernetes_pod_identity"
-
- resource_group_name = local.aks_resource_group_name
- location = var.location
- tenant_id = data.azurerm_subscription.current.tenant_id
- cluster_name = local.aks_name
-
- identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity"
- namespace = kubernetes_namespace.namespace.metadata[0].name
- key_vault_id = data.azurerm_key_vault.kv.id
-
- secret_permissions = ["Get"]
-}
diff --git a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf
deleted file mode 100644
index 83624cc77e..0000000000
--- a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf
+++ /dev/null
@@ -1,49 +0,0 @@
-module "tls_checker" {
- source = "./.terraform/modules/__v3__/tls_checker"
-
- https_endpoint = local.domain_hostname
- alert_name = local.domain_hostname
- alert_enabled = true
- helm_chart_present = true
- namespace = kubernetes_namespace.namespace.metadata[0].name
- location_string = var.location_string
- kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string"
- application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name
- application_insights_id = data.azurerm_application_insights.application_insights_italy.id
- application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id]
- keyvault_name = data.azurerm_key_vault.kv.name
- keyvault_tenant_id = data.azurerm_client_config.current.tenant_id
-}
-
-resource "helm_release" "cert_mounter" {
- name = "cert-mounter-blueprint"
- repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint"
- chart = "cert-mounter-blueprint"
- version = "1.0.4"
- namespace = var.domain
- timeout = 120
- force_update = true
-
- values = [
- templatefile("${path.root}/helm/cert-mounter.yaml.tpl", {
- NAMESPACE = var.domain,
- DOMAIN = var.domain,
- CERTIFICATE_NAME = replace(local.domain_hostname, ".", "-"),
- ENV_SHORT = var.env_short,
- KV_NAME = data.azurerm_key_vault.kv.name
- })
- ]
-}
-
-resource "helm_release" "reloader" {
- name = "reloader"
- repository = "https://stakater.github.io/stakater-charts"
- chart = "reloader"
- version = "v1.0.69"
- namespace = kubernetes_namespace.namespace.metadata[0].name
-
- set {
- name = "reloader.watchGlobally"
- value = "false"
- }
-}
diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json b/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json
deleted file mode 100644
index 0967ef424b..0000000000
--- a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini
deleted file mode 100644
index 067019d64d..0000000000
--- a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-file_crypted="noedit_secret_enc.json"
-kv_name="pagopa-d-itn-paymentoptions-kv"
-kv_sops_key_name="pagopa-d-paymentoptions-sops-key"
diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json b/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json
deleted file mode 100644
index 2c63c08510..0000000000
--- a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json
+++ /dev/null
@@ -1,2 +0,0 @@
-{
-}
diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini
deleted file mode 100644
index a83c6d693e..0000000000
--- a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-file_crypted="noedit_secret_enc.json"
-kv_name="pagopa-p-itn-paymentoptions-kv"
-kv_sops_key_name="pagopa-p-paymentoptions-sops-key"
diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json b/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json
deleted file mode 100644
index 2c63c08510..0000000000
--- a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json
+++ /dev/null
@@ -1,2 +0,0 @@
-{
-}
diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini
deleted file mode 100644
index e5b5471c37..0000000000
--- a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-file_crypted="noedit_secret_enc.json"
-kv_name="pagopa-u-itn-paymentoptions-kv"
-kv_sops_key_name="pagopa-u-paymentoptions-sops-key"
diff --git a/src/domains/payopt-app/.terraform.lock.hcl b/src/domains/payopt-app/.terraform.lock.hcl
new file mode 100644
index 0000000000..5ff319e7d6
--- /dev/null
+++ b/src/domains/payopt-app/.terraform.lock.hcl
@@ -0,0 +1,102 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azuread" {
+ version = "3.0.2"
+ constraints = "<= 3.0.2"
+ hashes = [
+ "h1:yQqvUtgtrYKGpIygdM8P6N+pvMWJJWIsVdPow29VE20=",
+ "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3",
+ "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
+ "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64",
+ "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867",
+ "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c",
+ "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f",
+ "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0",
+ "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03",
+ "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f",
+ "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669",
+ "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a",
+ "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+ version = "3.116.0"
+ constraints = "~> 3.30, ~> 3.110, ~> 3.116.0, <= 3.116.0"
+ hashes = [
+ "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=",
+ "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d",
+ "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7",
+ "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24",
+ "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a",
+ "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880",
+ "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70",
+ "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc",
+ "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953",
+ "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa",
+ "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/helm" {
+ version = "2.16.0"
+ constraints = "~> 2.12, <= 2.16.0"
+ hashes = [
+ "h1:zk+1yjCh9RKDsugek6X2JXtLywtdIeS1DeOLjzypU70=",
+ "zh:0fa970817bab7a8411ff443d51004dc2974c0ef4aad082a514f8b56559db3113",
+ "zh:333b9ac02fcbf9dcf4825dc1e4fc373ef4571b1dd00b79f5c8ea24e1c79992f0",
+ "zh:792e1e9c409dd76e3eabf3b0c0a6b5a3c3ef42adfc578f7899def46a81e994ef",
+ "zh:8eca4a52d43ca97d944a8c5d0f2ee60bcbefcb3ccee51d5620bde9047b8ea9c7",
+ "zh:90969e6a0f7127b0cb75c8790f63f4d050576ffe9bd722887a11d885430624cd",
+ "zh:a9d72fb106f16ab4f68c779a2c59124929cbc1cb0dbc47ed5ef380c6205f70bb",
+ "zh:c28bc1a2c0f8f11626baf905a888b2600663ba8dbb33ce4203efcafa16c77fc5",
+ "zh:c5d6c72a8c5513ff868209ceda9e6000723b02d21811d05909d26614784d4db6",
+ "zh:d105d40b1a217120332f65a93b24470d18e355868bfa99f0cdeeff5869cff9fb",
+ "zh:e6c78637c8c6081b8817f61658de8d0163b92157336ac3236cf183b5834f9487",
+ "zh:edef68729e4f263df3a6737fc73b14e1ee952b800d72d0c6f2cb524bc1ad7ec8",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+ version = "2.33.0"
+ constraints = "~> 2.27, ~> 2.30, <= 2.33.0"
+ hashes = [
+ "h1:HDyytvOlqNw5fJ0SB/nzgqCWniK4LAZNx23LaPavQq8=",
+ "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329",
+ "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d",
+ "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c",
+ "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf",
+ "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275",
+ "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a",
+ "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979",
+ "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201",
+ "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc",
+ "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d",
+ "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/null" {
+ version = "3.2.3"
+ constraints = "~> 3.2, <= 3.2.3"
+ hashes = [
+ "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=",
+ "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2",
+ "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d",
+ "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3",
+ "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f",
+ "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301",
+ "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670",
+ "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed",
+ "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65",
+ "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd",
+ "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5",
+ ]
+}
diff --git a/src/domains/paymentoptions-app/00_alerts.tf b/src/domains/payopt-app/00_alerts.tf
similarity index 100%
rename from src/domains/paymentoptions-app/00_alerts.tf
rename to src/domains/payopt-app/00_alerts.tf
diff --git a/src/domains/paymentoptions-app/00_data.tf b/src/domains/payopt-app/00_data.tf
similarity index 94%
rename from src/domains/paymentoptions-app/00_data.tf
rename to src/domains/payopt-app/00_data.tf
index 1dc819d122..ba3c5868cb 100644
--- a/src/domains/paymentoptions-app/00_data.tf
+++ b/src/domains/payopt-app/00_data.tf
@@ -36,3 +36,8 @@ data "azurerm_api_management_product" "apim_forwarder_product" {
api_management_name = local.pagopa_apim_name
resource_group_name = local.pagopa_apim_rg
}
+
+
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/paymentoptions-app/00_keyvault.tf b/src/domains/payopt-app/00_keyvault.tf
similarity index 100%
rename from src/domains/paymentoptions-app/00_keyvault.tf
rename to src/domains/payopt-app/00_keyvault.tf
diff --git a/src/domains/paymentoptions-app/00_monitor.tf b/src/domains/payopt-app/00_monitor.tf
similarity index 100%
rename from src/domains/paymentoptions-app/00_monitor.tf
rename to src/domains/payopt-app/00_monitor.tf
diff --git a/src/domains/paymentoptions-app/00_network.tf b/src/domains/payopt-app/00_network.tf
similarity index 100%
rename from src/domains/paymentoptions-app/00_network.tf
rename to src/domains/payopt-app/00_network.tf
diff --git a/src/domains/paymentoptions-app/01_network.tf b/src/domains/payopt-app/01_network.tf
similarity index 100%
rename from src/domains/paymentoptions-app/01_network.tf
rename to src/domains/payopt-app/01_network.tf
diff --git a/src/domains/payopt-app/02_namespace.tf b/src/domains/payopt-app/02_namespace.tf
new file mode 100644
index 0000000000..7d9fcc5c42
--- /dev/null
+++ b/src/domains/payopt-app/02_namespace.tf
@@ -0,0 +1,39 @@
+resource "kubernetes_namespace" "namespace" {
+ metadata {
+ name = var.domain
+ }
+}
+
+# module "pod_identity" {
+# source = "./.terraform/modules/__v3__/kubernetes_pod_identity"
+
+# resource_group_name = local.aks_resource_group_name
+# location = var.location
+# tenant_id = data.azurerm_subscription.current.tenant_id
+# cluster_name = local.aks_name
+
+# identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity"
+# namespace = kubernetes_namespace.namespace.metadata[0].name
+# key_vault_id = data.azurerm_key_vault.kv.id
+
+# secret_permissions = ["Get"]
+# }
+
+
+
+# WL-IDENTITY
+# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity
+module "workload_identity" {
+ source = "./.terraform/modules/__v3__/kubernetes_workload_identity_configuration"
+
+ workload_identity_name_prefix = var.domain
+ workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name
+ aks_name = data.azurerm_kubernetes_cluster.aks.name
+ aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name
+ namespace = var.domain
+
+ key_vault_id = data.azurerm_key_vault.kv.id
+ key_vault_certificate_permissions = ["Get"]
+ key_vault_key_permissions = ["Get"]
+ key_vault_secret_permissions = ["Get"]
+}
diff --git a/src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf b/src/domains/payopt-app/03_serviceaccounts_azure_devops.tf
similarity index 100%
rename from src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf
rename to src/domains/payopt-app/03_serviceaccounts_azure_devops.tf
diff --git a/src/domains/paymentoptions-app/04_apim_payment_options.tf b/src/domains/payopt-app/04_apim_payment_options.tf
similarity index 100%
rename from src/domains/paymentoptions-app/04_apim_payment_options.tf
rename to src/domains/payopt-app/04_apim_payment_options.tf
diff --git a/src/domains/paymentoptions-app/04_apim_payment_options_mock.tf b/src/domains/payopt-app/04_apim_payment_options_mock.tf
similarity index 100%
rename from src/domains/paymentoptions-app/04_apim_payment_options_mock.tf
rename to src/domains/payopt-app/04_apim_payment_options_mock.tf
diff --git a/src/domains/payopt-app/05_aks_middleware_tools.tf b/src/domains/payopt-app/05_aks_middleware_tools.tf
new file mode 100644
index 0000000000..0afc20f24f
--- /dev/null
+++ b/src/domains/payopt-app/05_aks_middleware_tools.tf
@@ -0,0 +1,55 @@
+
+# WL-IDENTITY
+# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%F0%9F%94%AE-tls-cheker
+module "tls_checker" {
+ source = "./.terraform/modules/__v3__/tls_checker"
+
+ https_endpoint = local.domain_hostname
+ alert_name = local.domain_hostname
+ alert_enabled = true
+ helm_chart_present = true
+ namespace = kubernetes_namespace.namespace.metadata[0].name
+ location_string = var.location_string
+ kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string"
+ application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name
+ application_insights_id = data.azurerm_application_insights.application_insights_italy.id
+ application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id]
+ keyvault_name = data.azurerm_key_vault.kv.name
+ keyvault_tenant_id = data.azurerm_client_config.current.tenant_id
+
+ workload_identity_enabled = true
+ workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name
+ workload_identity_client_id = module.workload_identity.workload_identity_client_id
+
+ depends_on = [module.workload_identity]
+}
+
+
+# WL-IDENTITY
+# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%3Acertificate%3A-cert-mounter
+module "cert_mounter" {
+ source = "./.terraform/modules/__v3__/cert_mounter"
+
+ namespace = var.domain
+ certificate_name = replace(local.domain_hostname, ".", "-")
+ kv_name = data.azurerm_key_vault.kv.name
+ tenant_id = data.azurerm_subscription.current.tenant_id
+
+ workload_identity_enabled = true
+ workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name
+ workload_identity_client_id = module.workload_identity.workload_identity_client_id
+
+ depends_on = [module.workload_identity]
+}
+resource "helm_release" "reloader" {
+ name = "reloader"
+ repository = "https://stakater.github.io/stakater-charts"
+ chart = "reloader"
+ version = "v1.0.69"
+ namespace = kubernetes_namespace.namespace.metadata[0].name
+
+ set {
+ name = "reloader.watchGlobally"
+ value = "false"
+ }
+}
diff --git a/src/domains/paymentoptions-app/05_subkey.tf b/src/domains/payopt-app/05_subkey.tf
similarity index 100%
rename from src/domains/paymentoptions-app/05_subkey.tf
rename to src/domains/payopt-app/05_subkey.tf
diff --git a/src/domains/paymentoptions-app/06_keyvault.tf b/src/domains/payopt-app/06_keyvault.tf
similarity index 100%
rename from src/domains/paymentoptions-app/06_keyvault.tf
rename to src/domains/payopt-app/06_keyvault.tf
diff --git a/src/domains/payopt-app/07_gh_runner.tf b/src/domains/payopt-app/07_gh_runner.tf
new file mode 100644
index 0000000000..cf5d9cfbbf
--- /dev/null
+++ b/src/domains/payopt-app/07_gh_runner.tf
@@ -0,0 +1,43 @@
+locals {
+ tools_cae_name = "${local.product}-${var.location_short}-core-tools-cae"
+ tools_cae_rg = "${local.product}-${var.location_short}-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-payment-options-service",
+ short_name : "payopt-svc"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+
+ location = var.location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/paymentoptions-app/90_pdb.tf b/src/domains/payopt-app/90_pdb.tf
similarity index 100%
rename from src/domains/paymentoptions-app/90_pdb.tf
rename to src/domains/payopt-app/90_pdb.tf
diff --git a/src/domains/paymentoptions-app/99_locals.tf b/src/domains/payopt-app/99_locals.tf
similarity index 100%
rename from src/domains/paymentoptions-app/99_locals.tf
rename to src/domains/payopt-app/99_locals.tf
diff --git a/src/domains/paymentoptions-app/99_main.tf b/src/domains/payopt-app/99_main.tf
similarity index 84%
rename from src/domains/paymentoptions-app/99_main.tf
rename to src/domains/payopt-app/99_main.tf
index 3e6238a771..27e3029347 100644
--- a/src/domains/paymentoptions-app/99_main.tf
+++ b/src/domains/payopt-app/99_main.tf
@@ -7,19 +7,19 @@ terraform {
}
azuread = {
source = "hashicorp/azuread"
- version = "<= 2.47.0"
+ version = "<= 3.0.2"
}
null = {
source = "hashicorp/null"
- version = "<= 3.2.1"
+ version = "<= 3.2.3"
}
kubernetes = {
source = "hashicorp/kubernetes"
- version = "<= 2.29.0"
+ version = "<= 2.33.0"
}
helm = {
source = "hashicorp/helm"
- version = "<= 2.12.1"
+ version = "<= 2.16.0"
}
}
@@ -49,6 +49,6 @@ provider "helm" {
}
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
diff --git a/src/domains/paymentoptions-app/99_variables.tf b/src/domains/payopt-app/99_variables.tf
similarity index 100%
rename from src/domains/paymentoptions-app/99_variables.tf
rename to src/domains/payopt-app/99_variables.tf
diff --git a/src/domains/paymentoptions-app/README.md b/src/domains/payopt-app/README.md
similarity index 96%
rename from src/domains/paymentoptions-app/README.md
rename to src/domains/payopt-app/README.md
index 9001d59ffe..6cbabfb2d3 100644
--- a/src/domains/paymentoptions-app/README.md
+++ b/src/domains/payopt-app/README.md
@@ -16,10 +16,11 @@
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_api\_pay\_opt\_mock\_api](#module\_apim\_api\_pay\_opt\_mock\_api) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_payment\_options\_mock\_product](#module\_apim\_payment\_options\_mock\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_payment\_options\_product](#module\_apim\_payment\_options\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [kubernetes\_service\_account](#module\_kubernetes\_service\_account) | ./.terraform/modules/__v3__/kubernetes_service_account | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a |
@@ -68,6 +69,7 @@
| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_subnet.apim_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml b/src/domains/payopt-app/api/payment-options-mock/_base_policy.xml
similarity index 100%
rename from src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml
rename to src/domains/payopt-app/api/payment-options-mock/_base_policy.xml
diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml b/src/domains/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml
similarity index 100%
rename from src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml
rename to src/domains/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml
diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl b/src/domains/payopt-app/api/payment-options-mock/_openapi.json.tpl
similarity index 100%
rename from src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl
rename to src/domains/payopt-app/api/payment-options-mock/_openapi.json.tpl
diff --git a/src/domains/paymentoptions-app/api_product/_base_policy.xml b/src/domains/payopt-app/api_product/_base_policy.xml
similarity index 100%
rename from src/domains/paymentoptions-app/api_product/_base_policy.xml
rename to src/domains/payopt-app/api_product/_base_policy.xml
diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.ini b/src/domains/payopt-app/env/itn-dev/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-dev/backend.ini
rename to src/domains/payopt-app/env/itn-dev/backend.ini
diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.tfvars b/src/domains/payopt-app/env/itn-dev/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-dev/backend.tfvars
rename to src/domains/payopt-app/env/itn-dev/backend.tfvars
diff --git a/src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars b/src/domains/payopt-app/env/itn-dev/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars
rename to src/domains/payopt-app/env/itn-dev/terraform.tfvars
diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.ini b/src/domains/payopt-app/env/itn-prod/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-prod/backend.ini
rename to src/domains/payopt-app/env/itn-prod/backend.ini
diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.tfvars b/src/domains/payopt-app/env/itn-prod/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-prod/backend.tfvars
rename to src/domains/payopt-app/env/itn-prod/backend.tfvars
diff --git a/src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars b/src/domains/payopt-app/env/itn-prod/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars
rename to src/domains/payopt-app/env/itn-prod/terraform.tfvars
diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.ini b/src/domains/payopt-app/env/itn-uat/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-uat/backend.ini
rename to src/domains/payopt-app/env/itn-uat/backend.ini
diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.tfvars b/src/domains/payopt-app/env/itn-uat/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-uat/backend.tfvars
rename to src/domains/payopt-app/env/itn-uat/backend.tfvars
diff --git a/src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars b/src/domains/payopt-app/env/itn-uat/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars
rename to src/domains/payopt-app/env/itn-uat/terraform.tfvars
diff --git a/src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl b/src/domains/payopt-app/helm/cert-mounter.yaml.tpl
similarity index 100%
rename from src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl
rename to src/domains/payopt-app/helm/cert-mounter.yaml.tpl
diff --git a/src/domains/paymentoptions-app/terraform.sh b/src/domains/payopt-app/terraform.sh
similarity index 100%
rename from src/domains/paymentoptions-app/terraform.sh
rename to src/domains/payopt-app/terraform.sh
diff --git a/src/domains/paymentoptions-common/.terraform.lock.hcl b/src/domains/payopt-common/.terraform.lock.hcl
similarity index 68%
rename from src/domains/paymentoptions-common/.terraform.lock.hcl
rename to src/domains/payopt-common/.terraform.lock.hcl
index c1bc80ffb2..412a66cdaf 100644
--- a/src/domains/paymentoptions-common/.terraform.lock.hcl
+++ b/src/domains/payopt-common/.terraform.lock.hcl
@@ -6,7 +6,6 @@ provider "registry.terraform.io/hashicorp/azuread" {
constraints = "<= 2.47.0"
hashes = [
"h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=",
- "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=",
"zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e",
"zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
"zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001",
@@ -23,23 +22,22 @@ provider "registry.terraform.io/hashicorp/azuread" {
}
provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.106.0"
- constraints = "~> 3.30, <= 3.106.0"
+ version = "3.116.0"
+ constraints = "~> 3.30, ~> 3.116.0, < 4.0.0"
hashes = [
- "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=",
- "h1:Mxe1/I27IZK3BP6cm84Gt0+7PXd2EDaDUMxuljm/rUA=",
- "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47",
- "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038",
- "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055",
- "zh:5e234c0a2f3c9677ea72b2a6e6ca90defb99fab29ae565f5d1f70728ba4ba78f",
- "zh:83fd042ece6977429d79affd03d6ce963d2f122604dbf15a1abf203d7a7bbc8a",
- "zh:93027e1f66b3bf83398d572d4e6f6e7777330c78c54da3226dadd50fd868ada9",
- "zh:ae3d1dd66140c303df97d93c47a60f16735ce17cf156f45475dcee4a7360af5b",
- "zh:daf9d2eb89e785458a76b88bf2ef0696c472094c77cc9cff3b3ea4b885c5a482",
- "zh:dd46370141651e6549da6d85e25c7a6770c47581bbaaa27eda2886d41d849747",
+ "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=",
+ "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d",
+ "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7",
+ "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24",
+ "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a",
+ "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880",
+ "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70",
+ "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc",
+ "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953",
+ "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa",
+ "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:f77405c0d8f6e0d93d9da83256b3b02c164bad4c791ed9604310ff02ae086ad1",
- "zh:ffa769147bda833aef8802e3a391bd175ec749862764d61cbdaa8200d5b8f893",
+ "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab",
]
}
@@ -48,7 +46,6 @@ provider "registry.terraform.io/hashicorp/null" {
constraints = "<= 3.2.2"
hashes = [
"h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
- "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=",
"zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
"zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
"zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
diff --git a/src/domains/paymentoptions-common/00_data.tf b/src/domains/payopt-common/00_data.tf
similarity index 100%
rename from src/domains/paymentoptions-common/00_data.tf
rename to src/domains/payopt-common/00_data.tf
diff --git a/src/domains/paymentoptions-common/00_monitor.tf b/src/domains/payopt-common/00_monitor.tf
similarity index 100%
rename from src/domains/paymentoptions-common/00_monitor.tf
rename to src/domains/payopt-common/00_monitor.tf
diff --git a/src/domains/paymentoptions-common/00_network.tf b/src/domains/payopt-common/00_network.tf
similarity index 100%
rename from src/domains/paymentoptions-common/00_network.tf
rename to src/domains/payopt-common/00_network.tf
diff --git a/src/domains/paymentoptions-common/01_network.tf b/src/domains/payopt-common/01_network.tf
similarity index 100%
rename from src/domains/paymentoptions-common/01_network.tf
rename to src/domains/payopt-common/01_network.tf
diff --git a/src/domains/paymentoptions-common/03_eventhub.tf b/src/domains/payopt-common/03_eventhub.tf
similarity index 92%
rename from src/domains/paymentoptions-common/03_eventhub.tf
rename to src/domains/payopt-common/03_eventhub.tf
index b2693b1ba8..e8d3ee1f9e 100644
--- a/src/domains/paymentoptions-common/03_eventhub.tf
+++ b/src/domains/payopt-common/03_eventhub.tf
@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "eventhub_ita_rg" {
}
module "eventhub_namespace" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub?ref=v8.22.0"
+ source = "./.terraform/modules/__v3__/eventhub"
name = "${local.project}-evh"
location = var.location
resource_group_name = azurerm_resource_group.eventhub_ita_rg.name
@@ -52,7 +52,7 @@ module "eventhub_namespace" {
# CONFIGURATION
#
module "eventhub_paymentoptions_configuration" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub_configuration?ref=v8.22.0"
+ source = "./.terraform/modules/__v3__/eventhub_configuration"
count = var.is_feature_enabled.eventhub ? 1 : 0
event_hub_namespace_name = module.eventhub_namespace.name
diff --git a/src/domains/paymentoptions-common/10_github_identity.tf b/src/domains/payopt-common/10_github_identity.tf
similarity index 89%
rename from src/domains/paymentoptions-common/10_github_identity.tf
rename to src/domains/payopt-common/10_github_identity.tf
index 41e54948b3..36a3cd077b 100644
--- a/src/domains/paymentoptions-common/10_github_identity.tf
+++ b/src/domains/payopt-common/10_github_identity.tf
@@ -59,7 +59,7 @@ locals {
# create a module for each 20 repos
module "identity_cd_01" {
- source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.22.0"
+ source = "./.terraform/modules/__v3__/github_federated_identity"
# pagopa---github--identity
prefix = var.prefix
env_short = var.env_short
@@ -131,7 +131,7 @@ resource "null_resource" "github_runner_app_permissions_to_namespace_cd_01" {
# create a module for each 20 repos
module "identity_pr_01" {
- source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.22.0"
+ source = "./.terraform/modules/__v3__/github_federated_identity"
prefix = var.prefix
env_short = var.env_short
domain = "${var.domain}-01-pr"
@@ -170,7 +170,7 @@ resource "azurerm_key_vault_access_policy" "gha_pr_iac_managed_identities" {
# create a module for each 20 repos
module "identity_ref_01" {
- source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.36.1"
+ source = "./.terraform/modules/__v3__/github_federated_identity"
prefix = var.prefix
env_short = var.env_short
domain = "${var.domain}-01-ref"
@@ -205,3 +205,14 @@ resource "azurerm_key_vault_access_policy" "gha_ref_iac_managed_identities" {
storage_permissions = []
}
+
+
+# WL-IDENTITY
+# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity
+module "workload_identity" {
+ source = "./.terraform/modules/__v3__/kubernetes_workload_identity_init"
+
+ workload_identity_name_prefix = var.domain
+ workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name
+ workload_identity_location = var.location
+}
\ No newline at end of file
diff --git a/src/domains/paymentoptions-common/99_locals.tf b/src/domains/payopt-common/99_locals.tf
similarity index 100%
rename from src/domains/paymentoptions-common/99_locals.tf
rename to src/domains/payopt-common/99_locals.tf
diff --git a/src/domains/paymentoptions-common/99_main.tf b/src/domains/payopt-common/99_main.tf
similarity index 75%
rename from src/domains/paymentoptions-common/99_main.tf
rename to src/domains/payopt-common/99_main.tf
index cb415d65d1..95f5c16d5e 100644
--- a/src/domains/paymentoptions-common/99_main.tf
+++ b/src/domains/payopt-common/99_main.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "<= 3.106.0"
+ version = "< 4.0.0"
}
azuread = {
source = "hashicorp/azuread"
@@ -29,3 +29,8 @@ provider "azurerm" {
data "azurerm_subscription" "current" {}
data "azurerm_client_config" "current" {}
+
+module "__v3__" {
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+}
diff --git a/src/domains/paymentoptions-common/99_variables.tf b/src/domains/payopt-common/99_variables.tf
similarity index 100%
rename from src/domains/paymentoptions-common/99_variables.tf
rename to src/domains/payopt-common/99_variables.tf
diff --git a/src/domains/paymentoptions-common/README.md b/src/domains/payopt-common/README.md
similarity index 98%
rename from src/domains/paymentoptions-common/README.md
rename to src/domains/payopt-common/README.md
index a2f2fc6335..c5647a5acc 100644
--- a/src/domains/paymentoptions-common/README.md
+++ b/src/domains/payopt-common/README.md
@@ -1,13 +1,13 @@
# paymentoptions-common
-
+
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.6 |
| [azuread](#requirement\_azuread) | <= 2.47.0 |
-| [azurerm](#requirement\_azurerm) | <= 3.106.0 |
+| [azurerm](#requirement\_azurerm) | < 4.0.0 |
| [null](#requirement\_null) | <= 3.2.2 |
## Modules
@@ -87,4 +87,4 @@
## Outputs
No outputs.
-
+
diff --git a/src/domains/paymentoptions-common/env/itn-dev/backend.ini b/src/domains/payopt-common/env/itn-dev/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-dev/backend.ini
rename to src/domains/payopt-common/env/itn-dev/backend.ini
diff --git a/src/domains/paymentoptions-common/env/itn-dev/backend.tfvars b/src/domains/payopt-common/env/itn-dev/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-dev/backend.tfvars
rename to src/domains/payopt-common/env/itn-dev/backend.tfvars
diff --git a/src/domains/paymentoptions-common/env/itn-dev/terraform.tfvars b/src/domains/payopt-common/env/itn-dev/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-dev/terraform.tfvars
rename to src/domains/payopt-common/env/itn-dev/terraform.tfvars
diff --git a/src/domains/paymentoptions-common/env/itn-prod/backend.ini b/src/domains/payopt-common/env/itn-prod/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-prod/backend.ini
rename to src/domains/payopt-common/env/itn-prod/backend.ini
diff --git a/src/domains/paymentoptions-common/env/itn-prod/backend.tfvars b/src/domains/payopt-common/env/itn-prod/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-prod/backend.tfvars
rename to src/domains/payopt-common/env/itn-prod/backend.tfvars
diff --git a/src/domains/paymentoptions-common/env/itn-prod/terraform.tfvars b/src/domains/payopt-common/env/itn-prod/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-prod/terraform.tfvars
rename to src/domains/payopt-common/env/itn-prod/terraform.tfvars
diff --git a/src/domains/paymentoptions-common/env/itn-uat/backend.ini b/src/domains/payopt-common/env/itn-uat/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-uat/backend.ini
rename to src/domains/payopt-common/env/itn-uat/backend.ini
diff --git a/src/domains/paymentoptions-common/env/itn-uat/backend.tfvars b/src/domains/payopt-common/env/itn-uat/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-uat/backend.tfvars
rename to src/domains/payopt-common/env/itn-uat/backend.tfvars
diff --git a/src/domains/paymentoptions-common/env/itn-uat/terraform.tfvars b/src/domains/payopt-common/env/itn-uat/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-common/env/itn-uat/terraform.tfvars
rename to src/domains/payopt-common/env/itn-uat/terraform.tfvars
diff --git a/src/domains/paymentoptions-common/terraform.sh b/src/domains/payopt-common/terraform.sh
similarity index 100%
rename from src/domains/paymentoptions-common/terraform.sh
rename to src/domains/payopt-common/terraform.sh
diff --git a/src/domains/paymentoptions-secrets/.terraform.lock.hcl b/src/domains/payopt-secrets/.terraform.lock.hcl
similarity index 95%
rename from src/domains/paymentoptions-secrets/.terraform.lock.hcl
rename to src/domains/payopt-secrets/.terraform.lock.hcl
index a389468af5..e6e5cedf47 100644
--- a/src/domains/paymentoptions-secrets/.terraform.lock.hcl
+++ b/src/domains/payopt-secrets/.terraform.lock.hcl
@@ -6,7 +6,6 @@ provider "registry.terraform.io/hashicorp/azuread" {
constraints = "<= 2.47.0"
hashes = [
"h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=",
- "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=",
"zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e",
"zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
"zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001",
@@ -27,7 +26,6 @@ provider "registry.terraform.io/hashicorp/azurerm" {
constraints = "~> 3.30, <= 3.106.0"
hashes = [
"h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=",
- "h1:Mxe1/I27IZK3BP6cm84Gt0+7PXd2EDaDUMxuljm/rUA=",
"zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47",
"zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038",
"zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055",
@@ -48,7 +46,6 @@ provider "registry.terraform.io/hashicorp/external" {
constraints = "<= 2.2.3"
hashes = [
"h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=",
- "h1:D2RKjqoU26isFINpmeKG9NS0LvkPmrQkNXeYO2TdgyA=",
"zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9",
"zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c",
"zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4",
@@ -68,7 +65,6 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.16.1"
constraints = "<= 2.16.1"
hashes = [
- "h1:PO4Ye/+lu5hCaUEOtwNOldQYoA0dqL1bcBICIpdlcd8=",
"h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=",
"zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c",
"zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f",
@@ -89,7 +85,6 @@ provider "registry.terraform.io/hashicorp/null" {
version = "3.2.1"
constraints = "~> 3.2, <= 3.2.1"
hashes = [
- "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=",
"h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
"zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
"zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
diff --git a/src/domains/paymentoptions-secrets/00_azuread.tf b/src/domains/payopt-secrets/00_azuread.tf
similarity index 100%
rename from src/domains/paymentoptions-secrets/00_azuread.tf
rename to src/domains/payopt-secrets/00_azuread.tf
diff --git a/src/domains/paymentoptions-secrets/01_keyvault.tf b/src/domains/payopt-secrets/01_keyvault.tf
similarity index 94%
rename from src/domains/paymentoptions-secrets/01_keyvault.tf
rename to src/domains/payopt-secrets/01_keyvault.tf
index 28af4e56e2..c91ffe6e9c 100644
--- a/src/domains/paymentoptions-secrets/01_keyvault.tf
+++ b/src/domains/payopt-secrets/01_keyvault.tf
@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" {
}
module "key_vault" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.22.0"
+ source = "./.terraform/modules/__v3__/key_vault"
name = "${local.product}-${var.location_short}-${var.domain}-kv"
location = azurerm_resource_group.sec_rg.location
@@ -92,7 +92,7 @@ resource "azurerm_key_vault_access_policy" "azdevops_iac_policy" {
# create json letsencrypt inside kv
# requierd: Docker
module "letsencrypt_paymentoptions" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git///letsencrypt_credential?ref=v8.44.0"
+ source = "./.terraform/modules/__v3__/letsencrypt_credential"
prefix = var.prefix
env = var.env_short
diff --git a/src/domains/paymentoptions-secrets/02_azdo.tf b/src/domains/payopt-secrets/02_azdo.tf
similarity index 100%
rename from src/domains/paymentoptions-secrets/02_azdo.tf
rename to src/domains/payopt-secrets/02_azdo.tf
diff --git a/src/domains/paymentoptions-secrets/02_init_sops.tf b/src/domains/payopt-secrets/02_init_sops.tf
similarity index 100%
rename from src/domains/paymentoptions-secrets/02_init_sops.tf
rename to src/domains/payopt-secrets/02_init_sops.tf
diff --git a/src/domains/paymentoptions-secrets/03_sops_secrets.tf b/src/domains/payopt-secrets/03_sops_secrets.tf
similarity index 100%
rename from src/domains/paymentoptions-secrets/03_sops_secrets.tf
rename to src/domains/payopt-secrets/03_sops_secrets.tf
diff --git a/src/domains/paymentoptions-secrets/99_locals.tf b/src/domains/payopt-secrets/99_locals.tf
similarity index 100%
rename from src/domains/paymentoptions-secrets/99_locals.tf
rename to src/domains/payopt-secrets/99_locals.tf
diff --git a/src/domains/paymentoptions-secrets/99_main.tf b/src/domains/payopt-secrets/99_main.tf
similarity index 86%
rename from src/domains/paymentoptions-secrets/99_main.tf
rename to src/domains/payopt-secrets/99_main.tf
index 93ec8f61ca..9d3239722c 100644
--- a/src/domains/paymentoptions-secrets/99_main.tf
+++ b/src/domains/payopt-secrets/99_main.tf
@@ -41,3 +41,8 @@ provider "kubernetes" {
data "azurerm_subscription" "current" {}
data "azurerm_client_config" "current" {}
+
+module "__v3__" {
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+}
diff --git a/src/domains/paymentoptions-secrets/99_variables.tf b/src/domains/payopt-secrets/99_variables.tf
similarity index 100%
rename from src/domains/paymentoptions-secrets/99_variables.tf
rename to src/domains/payopt-secrets/99_variables.tf
diff --git a/src/domains/paymentoptions-secrets/README.md b/src/domains/payopt-secrets/README.md
similarity index 100%
rename from src/domains/paymentoptions-secrets/README.md
rename to src/domains/payopt-secrets/README.md
diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.ini b/src/domains/payopt-secrets/env/itn-dev/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-dev/backend.ini
rename to src/domains/payopt-secrets/env/itn-dev/backend.ini
diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars b/src/domains/payopt-secrets/env/itn-dev/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars
rename to src/domains/payopt-secrets/env/itn-dev/backend.tfvars
diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars b/src/domains/payopt-secrets/env/itn-dev/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars
rename to src/domains/payopt-secrets/env/itn-dev/terraform.tfvars
diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.ini b/src/domains/payopt-secrets/env/itn-prod/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-prod/backend.ini
rename to src/domains/payopt-secrets/env/itn-prod/backend.ini
diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars b/src/domains/payopt-secrets/env/itn-prod/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars
rename to src/domains/payopt-secrets/env/itn-prod/backend.tfvars
diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars b/src/domains/payopt-secrets/env/itn-prod/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars
rename to src/domains/payopt-secrets/env/itn-prod/terraform.tfvars
diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.ini b/src/domains/payopt-secrets/env/itn-uat/backend.ini
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-uat/backend.ini
rename to src/domains/payopt-secrets/env/itn-uat/backend.ini
diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars b/src/domains/payopt-secrets/env/itn-uat/backend.tfvars
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars
rename to src/domains/payopt-secrets/env/itn-uat/backend.tfvars
diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars b/src/domains/payopt-secrets/env/itn-uat/terraform.tfvars
similarity index 100%
rename from src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars
rename to src/domains/payopt-secrets/env/itn-uat/terraform.tfvars
diff --git a/src/domains/payopt-secrets/secret/itn-dev/configs.json b/src/domains/payopt-secrets/secret/itn-dev/configs.json
new file mode 100644
index 0000000000..9e26dfeeb6
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-dev/configs.json
@@ -0,0 +1 @@
+{}
\ No newline at end of file
diff --git a/src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json b/src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json
new file mode 100644
index 0000000000..6c3c1af837
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json
@@ -0,0 +1,22 @@
+{
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": [
+ {
+ "vault_url": "https://pagopa-d-itn-payopt-kv.vault.azure.net",
+ "name": "pagopa-d-payopt-sops-key",
+ "version": "3cfc1dcd61ee4a9bb4bff1fd4e5d45f1",
+ "created_at": "2024-11-28T14:36:24Z",
+ "enc": "vpf4sFWuobCrXfjbD0TXrg8Tv31mVZngHunMNN_tL_wMI38V11PI1yJtx9XiHiC1Mf84mlKCq8OeOwB9kMQacsngGuVtE1hTMBIGqd2mbmXoKKHXQfyoczXOMTgUGCtrpAHBvO86BX6ONbRIz9WFYnXBntDk6CkVDFYVTwiViO77nSo6LpxG_PG9cBS_Am_gdzDZxM1gMJx3OrIxuEIaQ_l9LuO35Wtx1DW8hrD95xSNEaRUOxZr9bzAHtZYvKEeWdj2AzZCxkL8ikMVB1fpi5qpOzpnEDl9HMylxExET7E6Nhbl8eUXNRJi00MCNC6HeOcPdYd8gPHYtHdefThmVg"
+ }
+ ],
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2024-11-28T14:36:26Z",
+ "mac": "ENC[AES256_GCM,data:hkNbqIGNsyia2OK0mRXYMD3sLz4Sgc8mLuUaVCVmuVw8XSFBjrVDK5Vn1Z77xh34a9PFhW7ovWndeAO0tCwWVrFoL3vO9UhHGhoihUGy81SbmawJruF4DR+f3BTrk1lEIE39nAUHbikS97GknfTH8aZbOFupAd+hCXFO1DkHZ5g=,iv:QZEf/HHOtth8xX5+d0/omA3LAzSlzFLO5tdz6B6ZJ9o=,tag:+FnEej6YVzQ5vFLd1MwbCA==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.9.1"
+ }
+}
\ No newline at end of file
diff --git a/src/domains/payopt-secrets/secret/itn-dev/secret.ini b/src/domains/payopt-secrets/secret/itn-dev/secret.ini
new file mode 100644
index 0000000000..1cf65b61b0
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-dev/secret.ini
@@ -0,0 +1,3 @@
+file_crypted="noedit_secret_enc.json"
+kv_name="pagopa-d-itn-payopt-kv"
+kv_sops_key_name="pagopa-d-payopt-sops-key"
diff --git a/src/domains/payopt-secrets/secret/itn-prod/configs.json b/src/domains/payopt-secrets/secret/itn-prod/configs.json
new file mode 100644
index 0000000000..9e26dfeeb6
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-prod/configs.json
@@ -0,0 +1 @@
+{}
\ No newline at end of file
diff --git a/src/domains/payopt-secrets/secret/itn-prod/secret.ini b/src/domains/payopt-secrets/secret/itn-prod/secret.ini
new file mode 100644
index 0000000000..61a2254ac6
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-prod/secret.ini
@@ -0,0 +1,3 @@
+file_crypted="noedit_secret_enc.json"
+kv_name="pagopa-p-itn-payopt-kv"
+kv_sops_key_name="pagopa-p-payopt-sops-key"
diff --git a/src/domains/payopt-secrets/secret/itn-uat/configs.json b/src/domains/payopt-secrets/secret/itn-uat/configs.json
new file mode 100644
index 0000000000..9e26dfeeb6
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-uat/configs.json
@@ -0,0 +1 @@
+{}
\ No newline at end of file
diff --git a/src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json b/src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json
new file mode 100644
index 0000000000..878e035cff
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json
@@ -0,0 +1,22 @@
+{
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": [
+ {
+ "vault_url": "https://pagopa-u-itn-payopt-kv.vault.azure.net",
+ "name": "pagopa-u-payopt-sops-key",
+ "version": "391d59d66b2e4c118246648bf60dc813",
+ "created_at": "2024-11-28T14:41:50Z",
+ "enc": "dyWl_4p70QqcfQsqmIABzVxCWauyBDVZIg9WsqjoAfhNWbCbYvzXbjCiIJhOUJK_4H-EHDb70bnIG4HyIhNmEoNhQD69R9YDkQvJs146WOfBeUT4EO7xcXcM0wZEwjkeQq0PwkVRVvufColcIhlNKg0VMDCK6K2vRijAHAT4P9-gWrVukCnLYP2mlgXKmjX51CQVOV9S97LJEXzl4ki3mI8DGrGYX9qY9uZb6har_8MJaxAAAwcCkz5OYeAImDnz4f_t3ZcIpy4LeG1rubJCNnAxBLCXxL7lt4m-nwcclLQMd_a1U-DyyoOS03_2KwTYkhQI0YnXS9xancsdWXwK9g"
+ }
+ ],
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2024-11-28T14:41:51Z",
+ "mac": "ENC[AES256_GCM,data:Umg7BLjeiSk1FSp+ozRgtM/EAmf4SD0wvTJvlrNpmv7hi5g+rn1V2/OoyS7xxnQg4eqDNOJSs3mDfcdHfMffYs2mNxNl8H91SYYkgH85VZYHKShUVS4o5bKwAvyDPmB4qRJ/aAlFGUWMVobGUuBSDP1/GT0Md7Ic4qeYaaepN9k=,iv:ZfMS6ik70+Ctv+/wmy4gfWvrH1+5QIHkp1v+K6n0wbQ=,tag:bAW+DPq9SLrvjvSOXleczw==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.9.1"
+ }
+}
\ No newline at end of file
diff --git a/src/domains/payopt-secrets/secret/itn-uat/secret.ini b/src/domains/payopt-secrets/secret/itn-uat/secret.ini
new file mode 100644
index 0000000000..c16aa7f137
--- /dev/null
+++ b/src/domains/payopt-secrets/secret/itn-uat/secret.ini
@@ -0,0 +1,3 @@
+file_crypted="noedit_secret_enc.json"
+kv_name="pagopa-u-itn-payopt-kv"
+kv_sops_key_name="pagopa-u-payopt-sops-key"
diff --git a/src/domains/paymentoptions-secrets/sops.sh b/src/domains/payopt-secrets/sops.sh
similarity index 100%
rename from src/domains/paymentoptions-secrets/sops.sh
rename to src/domains/payopt-secrets/sops.sh
diff --git a/src/domains/paymentoptions-secrets/terraform.sh b/src/domains/payopt-secrets/terraform.sh
similarity index 100%
rename from src/domains/paymentoptions-secrets/terraform.sh
rename to src/domains/payopt-secrets/terraform.sh
diff --git a/src/domains/paymentoptions-secrets/terrasops.sh b/src/domains/payopt-secrets/terrasops.sh
similarity index 100%
rename from src/domains/paymentoptions-secrets/terrasops.sh
rename to src/domains/payopt-secrets/terrasops.sh
diff --git a/src/domains/printit-app/.terraform.lock.hcl b/src/domains/printit-app/.terraform.lock.hcl
deleted file mode 100644
index 7042274182..0000000000
--- a/src/domains/printit-app/.terraform.lock.hcl
+++ /dev/null
@@ -1,122 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/azuread" {
- version = "2.47.0"
- constraints = "<= 2.47.0"
- hashes = [
- "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=",
- "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=",
- "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=",
- "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=",
- "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=",
- "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e",
- "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
- "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001",
- "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f",
- "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17",
- "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569",
- "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a",
- "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e",
- "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee",
- "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57",
- "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb",
- "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.106.0"
- constraints = "~> 3.30, ~> 3.95, <= 3.116.0"
- hashes = [
- "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=",
- "h1:AGR/aM9v/7MCHVWOn00fCaPgpJkoFnxxEVLwR5iWg2c=",
- "h1:LohUd1Yk1/eZsO1UlFlHFtxCfiW5q9YpY+uTj5ERmGU=",
- "h1:Mxe1/I27IZK3BP6cm84Gt0+7PXd2EDaDUMxuljm/rUA=",
- "h1:P9K7gXiyVgoEY1eDe2ADSspiz1+Ky+N3G4fUUhtebG4=",
- "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47",
- "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038",
- "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055",
- "zh:5e234c0a2f3c9677ea72b2a6e6ca90defb99fab29ae565f5d1f70728ba4ba78f",
- "zh:83fd042ece6977429d79affd03d6ce963d2f122604dbf15a1abf203d7a7bbc8a",
- "zh:93027e1f66b3bf83398d572d4e6f6e7777330c78c54da3226dadd50fd868ada9",
- "zh:ae3d1dd66140c303df97d93c47a60f16735ce17cf156f45475dcee4a7360af5b",
- "zh:daf9d2eb89e785458a76b88bf2ef0696c472094c77cc9cff3b3ea4b885c5a482",
- "zh:dd46370141651e6549da6d85e25c7a6770c47581bbaaa27eda2886d41d849747",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:f77405c0d8f6e0d93d9da83256b3b02c164bad4c791ed9604310ff02ae086ad1",
- "zh:ffa769147bda833aef8802e3a391bd175ec749862764d61cbdaa8200d5b8f893",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/helm" {
- version = "2.12.1"
- constraints = "~> 2.12, <= 2.12.1"
- hashes = [
- "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=",
- "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
- "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=",
- "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=",
- "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=",
- "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
- "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
- "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
- "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
- "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
- "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
- "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
- "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
- "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
- "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
- "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.29.0"
- constraints = "~> 2.27, <= 2.29.0"
- hashes = [
- "h1:+YCSx70JPlL2PX+yO53gzy1v0Bj61QMhq0N8U0DjK6c=",
- "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=",
- "h1:Igs0JTtmzn5q7RHqrvrTMCD/DCSLPMinvUnhYZ2oITw=",
- "h1:oUDANZ62j22EWXtXUDAJe4HFq6BZhrYa4VLk49u7Om0=",
- "h1:uM3M6zkZ7Tjr91SJaHz+ce+rmGtfUDih2fN3ogV+eYA=",
- "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113",
- "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578",
- "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195",
- "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac",
- "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff",
- "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25",
- "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723",
- "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3",
- "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226",
- "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a",
- "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
- version = "3.2.1"
- constraints = "~> 3.2, <= 3.2.1"
- hashes = [
- "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=",
- "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=",
- "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=",
- "h1:wqgRvlyVIbkCeCQs+5jj6zVuQL0KDxZZtNofGqqlSdI=",
- "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
- "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
- "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
- "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
- "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
- "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
- "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
- "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
- "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
- "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
- "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
- ]
-}
diff --git a/src/domains/printit-app/00_data.tf b/src/domains/printit-app/00_data.tf
index bafb7487f9..3379b804d6 100644
--- a/src/domains/printit-app/00_data.tf
+++ b/src/domains/printit-app/00_data.tf
@@ -55,3 +55,7 @@ data "azurerm_api_management_product" "apim_api_config_product" {
api_management_name = local.pagopa_apim_name
resource_group_name = local.pagopa_apim_rg
}
+
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/printit-app/07_gh_runner.tf b/src/domains/printit-app/07_gh_runner.tf
new file mode 100644
index 0000000000..8b975cbd19
--- /dev/null
+++ b/src/domains/printit-app/07_gh_runner.tf
@@ -0,0 +1,62 @@
+locals {
+ tools_cae_name = "${local.product}-${var.location_short}-core-tools-cae"
+ tools_cae_rg = "${local.product}-${var.location_short}-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-print-payment-notice-service",
+ short_name : "print-not-svc"
+ },
+ {
+ name : "pagopa-print-payment-notice-generator",
+ short_name : "print-not-gen"
+ },
+ {
+ name : "pagopa-print-payment-notice-functions",
+ short_name : "print-not-fn"
+ },
+ {
+ name : "pagopa-template-notice-pdf",
+ short_name : "tpl-not-pdf"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+
+ function_deploy = {
+ enabled = true
+ function_rg = [
+ azurerm_resource_group.printit_pdf_engine_app_service_rg.name
+ ]
+ }
+
+ location = var.location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/printit-app/99_main.tf b/src/domains/printit-app/99_main.tf
index beac371f38..a9311a6494 100644
--- a/src/domains/printit-app/99_main.tf
+++ b/src/domains/printit-app/99_main.tf
@@ -49,7 +49,7 @@ provider "helm" {
}
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
diff --git a/src/domains/printit-app/README.md b/src/domains/printit-app/README.md
index d08ff22ae9..fee28d345b 100644
--- a/src/domains/printit-app/README.md
+++ b/src/domains/printit-app/README.md
@@ -132,7 +132,7 @@ No outputs.
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_api\_pdf\_engine\_api\_v1](#module\_apim\_api\_pdf\_engine\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_pdf\_engine\_node\_api\_v1](#module\_apim\_api\_pdf\_engine\_node\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_notices\_blob\_api\_v1](#module\_apim\_notices\_blob\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
@@ -141,6 +141,7 @@ No outputs.
| [apim\_notices\_service\_product\_external](#module\_apim\_notices\_service\_product\_external) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_notices\_service\_product\_internal](#module\_apim\_notices\_service\_product\_internal) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_pdf\_engine\_product](#module\_apim\_pdf\_engine\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [kubernetes\_service\_account](#module\_kubernetes\_service\_account) | ./.terraform/modules/__v3__/kubernetes_service_account | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [printit\_pdf\_engine\_app\_service](#module\_printit\_pdf\_engine\_app\_service) | ./.terraform/modules/__v3__/app_service | n/a |
@@ -223,6 +224,7 @@ No outputs.
| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_storage_account.institutions_storage_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.notices_storage_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
diff --git a/src/domains/receipts-app/00_azuread.tf b/src/domains/receipts-app/00_azuread.tf
index b7f42c3c3b..f9104bfe70 100644
--- a/src/domains/receipts-app/00_azuread.tf
+++ b/src/domains/receipts-app/00_azuread.tf
@@ -14,3 +14,7 @@ data "azuread_group" "adgroup_externals" {
data "azuread_group" "adgroup_security" {
display_name = "${local.product}-adgroup-security"
}
+
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/receipts-app/07_gh_runner.tf b/src/domains/receipts-app/07_gh_runner.tf
new file mode 100644
index 0000000000..785eedf2b1
--- /dev/null
+++ b/src/domains/receipts-app/07_gh_runner.tf
@@ -0,0 +1,60 @@
+locals {
+ # because westeurope does not support any other container app environment creation
+ tools_cae_name = var.env_short != "p" ? "${local.product}-tools-cae" : "${local.product}-itn-core-tools-cae"
+ tools_cae_rg = var.env_short != "p" ? "${local.product}-core-tools-rg" : "${local.product}-itn-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-receipt-pdf-generator",
+ short_name : "rcpt-pdf-gen"
+ },
+ {
+ name : "pagopa-receipt-pdf-datastore",
+ short_name : "rcpt-pdf-dts"
+ },
+ {
+ name : "pagopa-receipt-pdf-helpdesk",
+ short_name : "rcpt-pdf-hlpdsk"
+ },
+ {
+ name : "pagopa-receipt-pdf-notifier",
+ short_name : "rcpt-pdf-ntfy"
+ },
+ {
+ name : "pagopa-receipt-pdf-service",
+ short_name : "rcpt-pdf-svc"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+
+ location = var.gh_runner_job_location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/receipts-app/99_main.tf b/src/domains/receipts-app/99_main.tf
index 9a6a4bd895..0b19681059 100644
--- a/src/domains/receipts-app/99_main.tf
+++ b/src/domains/receipts-app/99_main.tf
@@ -49,6 +49,6 @@ provider "helm" {
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
diff --git a/src/domains/receipts-app/99_variables.tf b/src/domains/receipts-app/99_variables.tf
index 66f761c6ab..2455f700eb 100644
--- a/src/domains/receipts-app/99_variables.tf
+++ b/src/domains/receipts-app/99_variables.tf
@@ -127,3 +127,9 @@ variable "pod_disruption_budgets" {
description = "Pod disruption budget for domain namespace"
default = {}
}
+
+variable "gh_runner_job_location" {
+ type = string
+ description = "(Optional) The GH runner container app job location. Consistent with the container app environment location"
+ default = "westeurope"
+}
diff --git a/src/domains/receipts-app/README.md b/src/domains/receipts-app/README.md
index c0c244baf0..736f25b71d 100644
--- a/src/domains/receipts-app/README.md
+++ b/src/domains/receipts-app/README.md
@@ -16,10 +16,11 @@
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_api\_receipts\_api\_v1](#module\_apim\_api\_receipts\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_receipts\_helpdesk\_api\_v1](#module\_apim\_api\_receipts\_helpdesk\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_receipts\_product](#module\_apim\_receipts\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a |
@@ -64,6 +65,7 @@
| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
@@ -79,6 +81,7 @@
| [env](#input\_env) | n/a | `string` | n/a | yes |
| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
+| [gh\_runner\_job\_location](#input\_gh\_runner\_job\_location) | (Optional) The GH runner container app job location. Consistent with the container app environment location | `string` | `"westeurope"` | no |
| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
diff --git a/src/domains/receipts-app/env/weu-prod/terraform.tfvars b/src/domains/receipts-app/env/weu-prod/terraform.tfvars
index c1ecbde594..e4fe3c628e 100644
--- a/src/domains/receipts-app/env/weu-prod/terraform.tfvars
+++ b/src/domains/receipts-app/env/weu-prod/terraform.tfvars
@@ -1,11 +1,12 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "receipts"
-location = "westeurope"
-location_short = "weu"
-location_string = "West Europe"
-instance = "prod"
+prefix = "pagopa"
+env_short = "p"
+env = "prod"
+domain = "receipts"
+location = "westeurope"
+location_short = "weu"
+location_string = "West Europe"
+instance = "prod"
+gh_runner_job_location = "italynorth"
tags = {
CreatedBy = "Terraform"
diff --git a/src/domains/selfcare-app/00_data.tf b/src/domains/selfcare-app/00_data.tf
index 4cc5131e33..7331d89dbe 100644
--- a/src/domains/selfcare-app/00_data.tf
+++ b/src/domains/selfcare-app/00_data.tf
@@ -13,3 +13,7 @@ data "azurerm_monitor_action_group" "opsgenie" {
resource_group_name = var.monitor_resource_group_name
name = local.monitor_action_group_opsgenie_name
}
+
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/selfcare-app/07_gh_runner.tf b/src/domains/selfcare-app/07_gh_runner.tf
new file mode 100644
index 0000000000..25ce220161
--- /dev/null
+++ b/src/domains/selfcare-app/07_gh_runner.tf
@@ -0,0 +1,52 @@
+locals {
+ # because westeurope does not support any other container app environment creation
+ tools_cae_name = var.env_short != "p" ? "${local.product}-tools-cae" : "${local.product}-itn-core-tools-cae"
+ tools_cae_rg = var.env_short != "p" ? "${local.product}-core-tools-rg" : "${local.product}-itn-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-selfcare-ms-backoffice-backend",
+ short_name : "slfc-bo-be"
+ },
+ {
+ name : "pagopa-backoffice-external",
+ short_name : "slfc-bo-ext"
+ },
+ {
+ name : "pagopa-selfcare-frontend"
+ short_name : "slfc-fe"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+
+ location = var.gh_runner_job_location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/selfcare-app/99_main.tf b/src/domains/selfcare-app/99_main.tf
index 7d123104ee..d3ba7a99a0 100644
--- a/src/domains/selfcare-app/99_main.tf
+++ b/src/domains/selfcare-app/99_main.tf
@@ -48,6 +48,7 @@ provider "helm" {
}
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
+
diff --git a/src/domains/selfcare-app/99_variables.tf b/src/domains/selfcare-app/99_variables.tf
index 388e45d38a..8699ae429b 100644
--- a/src/domains/selfcare-app/99_variables.tf
+++ b/src/domains/selfcare-app/99_variables.tf
@@ -154,3 +154,9 @@ variable "pod_disruption_budgets" {
description = "Pod disruption budget for domain namespace"
default = {}
}
+
+variable "gh_runner_job_location" {
+ type = string
+ description = "(Optional) The GH runner container app job location. Consistent with the container app environment location"
+ default = "westeurope"
+}
diff --git a/src/domains/selfcare-app/README.md b/src/domains/selfcare-app/README.md
index 901d3e42f4..0ebc8ff63d 100644
--- a/src/domains/selfcare-app/README.md
+++ b/src/domains/selfcare-app/README.md
@@ -16,11 +16,12 @@
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_selfcare\_backoffice\_external\_ec\_product](#module\_apim\_selfcare\_backoffice\_external\_ec\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_selfcare\_backoffice\_external\_psp\_product](#module\_apim\_selfcare\_backoffice\_external\_psp\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_selfcare\_backoffice\_helpdesk\_product](#module\_apim\_selfcare\_backoffice\_helpdesk\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_selfcare\_product](#module\_apim\_selfcare\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [selfcare\_cdn](#module\_selfcare\_cdn) | ./.terraform/modules/__v3__/cdn | n/a |
| [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a |
@@ -80,6 +81,7 @@
| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
@@ -97,6 +99,7 @@
| [env](#input\_env) | n/a | `string` | n/a | yes |
| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
+| [gh\_runner\_job\_location](#input\_gh\_runner\_job\_location) | (Optional) The GH runner container app job location. Consistent with the container app environment location | `string` | `"westeurope"` | no |
| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
diff --git a/src/domains/selfcare-app/env/weu-prod/terraform.tfvars b/src/domains/selfcare-app/env/weu-prod/terraform.tfvars
index 3741bce367..3d9583836e 100644
--- a/src/domains/selfcare-app/env/weu-prod/terraform.tfvars
+++ b/src/domains/selfcare-app/env/weu-prod/terraform.tfvars
@@ -1,11 +1,12 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "selfcare"
-location = "westeurope"
-location_short = "weu"
-location_string = "West Europe"
-instance = "prod"
+prefix = "pagopa"
+env_short = "p"
+env = "prod"
+domain = "selfcare"
+location = "westeurope"
+location_short = "weu"
+location_string = "West Europe"
+instance = "prod"
+gh_runner_job_location = "italynorth"
tags = {
CreatedBy = "Terraform"
diff --git a/src/domains/shared-app/00_data.tf b/src/domains/shared-app/00_data.tf
index ae7bbf3b32..3b4ed17b20 100644
--- a/src/domains/shared-app/00_data.tf
+++ b/src/domains/shared-app/00_data.tf
@@ -2,3 +2,7 @@ data "azurerm_api_management" "apim" {
name = "${local.product}-apim"
resource_group_name = "${local.product}-api-rg"
}
+
+data "azurerm_resource_group" "identity_rg" {
+ name = "${local.product}-identity-rg"
+}
diff --git a/src/domains/shared-app/07_gh_runner.tf b/src/domains/shared-app/07_gh_runner.tf
new file mode 100644
index 0000000000..5c1786f615
--- /dev/null
+++ b/src/domains/shared-app/07_gh_runner.tf
@@ -0,0 +1,56 @@
+locals {
+ # because westeurope does not support any other container app environment creation
+ tools_cae_name = var.env_short != "p" ? "${local.product}-tools-cae" : "${local.product}-itn-core-tools-cae"
+ tools_cae_rg = var.env_short != "p" ? "${local.product}-core-tools-rg" : "${local.product}-itn-core-tools-rg"
+}
+
+module "gh_runner_job" {
+ source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup"
+
+ domain_name = var.domain
+ env_short = var.env_short
+ environment_name = local.tools_cae_name
+ environment_rg = local.tools_cae_rg
+ gh_identity_suffix = "job-01"
+ runner_labels = ["self-hosted-job"]
+ gh_repositories = [
+ {
+ name : "pagopa-shared-toolbox",
+ short_name : "shd-tbox"
+ },
+ {
+ name : "pagopa-platform-authorizer",
+ short_name : "pltfm-auth"
+ },
+ {
+ name : "pagopa-platform-authorizer-config",
+ short_name : "pltfm-auth-cfg"
+ },
+ {
+ name : "pagopa-iuvgenerator",
+ short_name : "iuv-gen"
+ }
+ ]
+ job = {
+ name = var.domain
+ }
+ job_meta = {}
+ key_vault = {
+ name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret
+ rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret
+ secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret
+ }
+ kubernetes_deploy = {
+ enabled = true
+ namespaces = [kubernetes_namespace.namespace.metadata[0].name]
+ cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
+ rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
+ }
+
+ location = var.location
+ prefix = var.prefix
+ resource_group_name = data.azurerm_resource_group.identity_rg.name
+
+ tags = var.tags
+
+}
diff --git a/src/domains/shared-app/99_main.tf b/src/domains/shared-app/99_main.tf
index 7b2c991012..496d786052 100644
--- a/src/domains/shared-app/99_main.tf
+++ b/src/domains/shared-app/99_main.tf
@@ -61,6 +61,7 @@ provider "helm" {
module "__v3__" {
- # v8.59.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=3fc1dafaf4354e24ca8673005ec0caf4106343a3"
+ # v8.60.0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
}
+
diff --git a/src/domains/shared-app/99_variables.tf b/src/domains/shared-app/99_variables.tf
index 56b72d433a..1a00929ef5 100644
--- a/src/domains/shared-app/99_variables.tf
+++ b/src/domains/shared-app/99_variables.tf
@@ -341,3 +341,9 @@ variable "function_app_ip_restriction_default_action" {
description = "(Optional) The Default action for traffic that does not match any ip_restriction rule. possible values include Allow and Deny. Defaults to Allow."
default = "Allow"
}
+
+variable "gh_runner_job_location" {
+ type = string
+ description = "(Optional) The GH runner container app job location. Consistent with the container app environment location"
+ default = "westeurope"
+}
diff --git a/src/domains/shared-app/README.md b/src/domains/shared-app/README.md
index c6adb18fc3..c99eb91940 100644
--- a/src/domains/shared-app/README.md
+++ b/src/domains/shared-app/README.md
@@ -16,7 +16,7 @@
| Name | Source | Version |
|------|--------|---------|
-| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
+| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
| [apim\_api\_authorizer\_api\_v1](#module\_apim\_api\_authorizer\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_authorizer\_config\_api\_v1](#module\_apim\_api\_authorizer\_config\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
| [apim\_api\_enrolled\_orgs\_api\_v1](#module\_apim\_api\_enrolled\_orgs\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
@@ -38,6 +38,7 @@
| [apim\_statuspage\_product](#module\_apim\_statuspage\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_taxonomy\_product](#module\_apim\_taxonomy\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| [apim\_technical\_support\_product](#module\_apim\_technical\_support\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
| [pagopa\_shared\_toolbox\_cdn](#module\_pagopa\_shared\_toolbox\_cdn) | ./.terraform/modules/__v3__/cdn | n/a |
| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| [shared\_pdf\_engine\_app\_service](#module\_shared\_pdf\_engine\_app\_service) | ./.terraform/modules/__v3__/app_service | n/a |
@@ -146,6 +147,7 @@
| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
+| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.taxonomy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_storage_account.pagopa_apiconfig_fe_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
@@ -182,6 +184,7 @@
| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
| [function\_app\_ip\_restriction\_default\_action](#input\_function\_app\_ip\_restriction\_default\_action) | (Optional) The Default action for traffic that does not match any ip\_restriction rule. possible values include Allow and Deny. Defaults to Allow. | `string` | `"Allow"` | no |
| [function\_app\_storage\_account\_replication\_type](#input\_function\_app\_storage\_account\_replication\_type) | (Optional) Storage account replication type used for function apps | `string` | `"ZRS"` | no |
+| [gh\_runner\_job\_location](#input\_gh\_runner\_job\_location) | (Optional) The GH runner container app job location. Consistent with the container app environment location | `string` | `"westeurope"` | no |
| [influxdb2\_helm](#input\_influxdb2\_helm) | influxdb2 helm chart configuration | object({
chart_version = string,
image = object({
name = string,
tag = string
})
}) | {
"chart_version": "2.1.0",
"image": {
"name": "influxdb",
"tag": "2.2.0-alpine@sha256:f3b54d91cae591fc3fde20299bd0b262f6f6d9a1f73b98d623b501e82c49d5fb"
}
} | no |
| [influxdb\_helm](#input\_influxdb\_helm) | influxdb helm chart configuration | object({
chart_version = string,
image = object({
name = string,
tag = string
})
}) | {
"chart_version": "4.12.0",
"image": {
"name": "influxdb",
"tag": "1.8.10-alpine@sha256:c436689dc135f204734d63b82fd03044fa3a5205127cb2d1fa7398ff224936b1"
}
} | no |
| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
diff --git a/src/domains/shared-app/env/weu-prod/terraform.tfvars b/src/domains/shared-app/env/weu-prod/terraform.tfvars
index 29de6f345d..ecba144ddf 100644
--- a/src/domains/shared-app/env/weu-prod/terraform.tfvars
+++ b/src/domains/shared-app/env/weu-prod/terraform.tfvars
@@ -1,11 +1,12 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "shared"
-location = "westeurope"
-location_short = "weu"
-location_string = "West Europe"
-instance = "prod"
+prefix = "pagopa"
+env_short = "p"
+env = "prod"
+domain = "shared"
+location = "westeurope"
+location_short = "weu"
+location_string = "West Europe"
+instance = "prod"
+gh_runner_job_location = "italynorth"
tags = {
CreatedBy = "Terraform"
@@ -96,4 +97,4 @@ pdf_engine_zone_balancing_enabled = true
io_backend_base_path = "https://api-app.io.pagopa.it"
pdv_api_base_path = "https://api.tokenizer.pdv.pagopa.it/tokenizer/v1"
-ecommerce_for_io_pm_npg = "NPG"
\ No newline at end of file
+ecommerce_for_io_pm_npg = "NPG"