Skip to content

Commit

Permalink
feat: Italy Apim open routes and dns private link (#2049)
Browse files Browse the repository at this point in the history 
* upgrated modules to v8.13.0

* renaming monitoring file

* removed dns private link for italy, it will be done into core-itn

* added dns private data and link

* changed file name

* fix peering flags

* updated azurerm provider version to v3.103.1

* converted from format to string interpolation

* app gw integration now points to old apim v1

* next-core terraform lock updated

* added <env>.platform only for italy to connect the apim

* pre-commit fixs

* nodo-switcher: removed providers not needed

* pre-commit fixs
  • Loading branch information
@diegolagospagopa
diegolagospagopa authored May 20, 2024
1 parent 877d7c7 commit 376cac2
Show file tree
Hide file tree
Showing 25 changed files with 459 additions and 414 deletions.
36 changes: 18 additions & 18 deletions src/core-itn/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 0 additions & 7 deletions src/core-itn/00_data.tf
View file

This file was deleted.

72 changes: 72 additions & 0 deletions src/core-itn/00_dns_private.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
data "azurerm_private_dns_zone" "db_nodo_pagamenti_com" {
name = "${var.env_short}.db-nodo-pagamenti.com"
resource_group_name = "pagopa-${var.env_short}-data-rg"
}

data "azurerm_private_dns_zone" "internal_postgresql_pagopa_it" {
name = "${var.env_short}.internal.postgresql.pagopa.it"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

#
# ⚠️ This will be enabled after apim migration, now it will use a special one created in Italy
#
# data "azurerm_private_dns_zone" "dev_platform_pagopa_it" {
# name = "dev.platform.pagopa.it"
# resource_group_name = "pagopa-${var.env_short}-vnet-rg"
# }

data "azurerm_private_dns_zone" "internal_dev_platform_pagopa_it" {
name = "internal.dev.platform.pagopa.it"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_azurecr_io" {
name = "privatelink.azurecr.io"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_blob_core_windows_net" {
name = "privatelink.blob.core.windows.net"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_datafactory_azure_net" {
name = "privatelink.datafactory.azure.net"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_documents_azure_com" {
name = "privatelink.documents.azure.com"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_mongo_cosmos_azure_com" {
name = "privatelink.mongo.cosmos.azure.com"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_queue_core_windows_net" {
name = "privatelink.queue.core.windows.net"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_redis_cache_windows_net" {
name = "privatelink.redis.cache.windows.net"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_servicebus_windows_net" {
name = "privatelink.servicebus.windows.net"
resource_group_name = "pagopa-${var.env_short}-msg-rg"
}

data "azurerm_private_dns_zone" "privatelink_table_core_windows_net" {
name = "privatelink.table.core.windows.net"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}

data "azurerm_private_dns_zone" "privatelink_table_cosmos_azure_com" {
name = "privatelink.table.cosmos.azure.com"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}
2 changes: 1 addition & 1 deletion src/core-itn/00_key_vault.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ data "azurerm_key_vault" "kv_core" {


module "domain_key_vault_secrets_query" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v7.77.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v8.13.0"

key_vault_name = data.azurerm_key_vault.kv_core.name
resource_group = data.azurerm_key_vault.kv_core.resource_group_name
Expand Down
7 changes: 7 additions & 0 deletions src/core-itn/00_network.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,10 @@ data "azurerm_resource_group" "rg_event_private_dns_zone" {
name = local.msg_resource_group_name
}

#
# App GW integration
#
data "azurerm_application_gateway" "app_gw_integration" {
name = "pagopa-${var.env_short}-weu-integration-app-gw"
resource_group_name = "pagopa-${var.env_short}-vnet-rg"
}
2 changes: 1 addition & 1 deletion src/core-itn/01_keyvault.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" {
}

module "key_vault" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.5.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.13.0"

name = "${local.project}-kv"
location = azurerm_resource_group.sec_rg.location
Expand Down
14 changes: 8 additions & 6 deletions src/core-itn/01_network.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ resource "azurerm_resource_group" "rg_ita_vnet" {
}

module "vnet_italy" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network?ref=v7.77.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network?ref=v8.13.0"
count = var.is_feature_enabled.vnet_ita ? 1 : 0

name = "${local.product_ita}-vnet"
Expand All @@ -24,31 +24,33 @@ module "vnet_italy" {

## Peering between the vnet(main) and italy vnet
module "vnet_ita_peering" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v7.77.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v8.13.0"
count = var.is_feature_enabled.vnet_ita ? 1 : 0

source_resource_group_name = azurerm_resource_group.rg_ita_vnet.name
source_virtual_network_name = module.vnet_italy[0].name
source_remote_virtual_network_id = module.vnet_italy[0].id
source_use_remote_gateways = true
source_use_remote_gateways = false
source_allow_forwarded_traffic = true
source_allow_gateway_transit = true

target_resource_group_name = data.azurerm_resource_group.rg_vnet_core.name
target_virtual_network_name = data.azurerm_virtual_network.vnet_core.name
target_remote_virtual_network_id = data.azurerm_virtual_network.vnet_core.id
target_allow_gateway_transit = true
target_allow_forwarded_traffic = true
target_allow_forwarded_traffic = false
}

module "vnet_ita_to_integration_peering" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v7.77.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v8.13.0"
count = var.is_feature_enabled.vnet_ita ? 1 : 0

source_resource_group_name = azurerm_resource_group.rg_ita_vnet.name
source_virtual_network_name = module.vnet_italy[0].name
source_remote_virtual_network_id = module.vnet_italy[0].id
source_use_remote_gateways = false
source_allow_forwarded_traffic = true
source_allow_forwarded_traffic = false
source_allow_gateway_transit = true

target_resource_group_name = data.azurerm_resource_group.rg_vnet_integration.name
target_virtual_network_name = data.azurerm_virtual_network.vnet_integration.name
Expand Down
111 changes: 111 additions & 0 deletions src/core-itn/02_dns_private_link.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
resource "azurerm_private_dns_zone_virtual_network_link" "db_nodo_pagamenti_com_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.db_nodo_pagamenti_com.name
resource_group_name = data.azurerm_private_dns_zone.db_nodo_pagamenti_com.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "internal_postgresql_pagopa_it_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.internal_postgresql_pagopa_it.name
resource_group_name = data.azurerm_private_dns_zone.internal_postgresql_pagopa_it.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

# resource "azurerm_private_dns_zone_virtual_network_link" "dev_platform_pagopa_it_vnet_link" {
# name = module.vnet_italy[0].name
# private_dns_zone_name = data.azurerm_private_dns_zone.dev_platform_pagopa_it.name
# resource_group_name = data.azurerm_private_dns_zone.dev_platform_pagopa_it.resource_group_name
# virtual_network_id = module.vnet_italy[0].id
# tags = var.tags
# }

resource "azurerm_private_dns_zone_virtual_network_link" "internal_dev_platform_pagopa_it_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.internal_dev_platform_pagopa_it.name
resource_group_name = data.azurerm_private_dns_zone.internal_dev_platform_pagopa_it.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_azurecr_io_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_azurecr_io.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_azurecr_io.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_blob_core_windows_net_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_blob_core_windows_net.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_blob_core_windows_net.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_datafactory_azure_net_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_datafactory_azure_net.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_datafactory_azure_net.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_documents_azure_com_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_documents_azure_com.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_documents_azure_com.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_mongo_cosmos_azure_com_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_mongo_cosmos_azure_com.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_mongo_cosmos_azure_com.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_queue_core_windows_net_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_queue_core_windows_net.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_queue_core_windows_net.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_redis_cache_windows_net_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_redis_cache_windows_net.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_redis_cache_windows_net.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_servicebus_windows_net_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_servicebus_windows_net.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_servicebus_windows_net.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_table_core_windows_net_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_table_core_windows_net.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_table_core_windows_net.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_table_cosmos_azure_com_vnet_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_table_cosmos_azure_com.name
resource_group_name = data.azurerm_private_dns_zone.privatelink_table_cosmos_azure_com.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}
2 changes: 1 addition & 1 deletion src/core-itn/10_evenhubs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ resource "azurerm_resource_group" "eventhub_ita_rg" {


module "eventhub_meucci" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub?ref=v8.2.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub?ref=v8.13.0"
name = "${local.project}-evh-meucci"
location = var.location
resource_group_name = azurerm_resource_group.eventhub_ita_rg.name
Expand Down
2 changes: 1 addition & 1 deletion src/core-itn/20_container_registry.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "acr_ita_rg" {
}

module "container_registry_ita" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry?ref=v8.1.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry?ref=v8.13.0"

name = replace("${local.project}-acr", "-", "")
resource_group_name = azurerm_resource_group.acr_ita_rg.name
Expand Down
0 src/core-itn/03_monitoring.tf → src/core-itn/70_monitoring.tf
View file
File renamed without changes.
30 changes: 30 additions & 0 deletions src/core-itn/80_temp_dns_private_platform.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
### 🔮 Italy DNS private 👉 <prod|uat|dev>.platform.pagopa.it
resource "azurerm_private_dns_zone" "italy_platform_private_dns_zone" {
name = "${var.platform_dns_zone_prefix}.${var.external_domain}"
resource_group_name = azurerm_resource_group.rg_ita_vnet.name

tags = var.tags
}

resource "azurerm_private_dns_zone_virtual_network_link" "dev_platform_pagopa_it_vnet_core_link" {
name = module.vnet_italy[0].name
private_dns_zone_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.name
resource_group_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.resource_group_name
virtual_network_id = module.vnet_italy[0].id
tags = var.tags
}

#
# RECORDS
#
resource "azurerm_private_dns_a_record" "platform_dns_a_private_apim" {

for_each = toset(["api", "portal", "management"])
name = each.key
zone_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.name
resource_group_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.resource_group_name
ttl = var.dns_default_ttl_sec
records = [data.azurerm_application_gateway.app_gw_integration.frontend_ip_configuration[1].private_ip_address]
tags = var.tags
}

2 changes: 1 addition & 1 deletion src/core-itn/99_main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "<= 3.96.0"
version = "<= 3.103.1"
}
azuread = {
source = "hashicorp/azuread"
Expand Down
Loading

0 comments on commit 376cac2

Please sign in to comment.