From 376cac296f9268615d73eff2bb45c70364ffc36d Mon Sep 17 00:00:00 2001 From: Diego Lagos <92735530+diegolagospagopa@users.noreply.github.com> Date: Tue, 21 May 2024 00:51:49 +0200 Subject: [PATCH] feat: Italy Apim open routes and dns private link (#2049) * upgrated modules to v8.13.0 * renaming monitoring file * removed dns private link for italy, it will be done into core-itn * added dns private data and link * changed file name * fix peering flags * updated azurerm provider version to v3.103.1 * converted from format to string interpolation * app gw integration now points to old apim v1 * next-core terraform lock updated * added .platform only for italy to connect the apim * pre-commit fixs * nodo-switcher: removed providers not needed * pre-commit fixs --- src/core-itn/.terraform.lock.hcl | 36 +-- src/core-itn/00_data.tf | 7 - src/core-itn/00_dns_private.tf | 72 ++++++ src/core-itn/00_key_vault.tf | 2 +- src/core-itn/00_network.tf | 7 + src/core-itn/01_keyvault.tf | 2 +- src/core-itn/01_network.tf | 14 +- src/core-itn/02_dns_private_link.tf | 111 ++++++++++ src/core-itn/10_evenhubs.tf | 2 +- src/core-itn/20_container_registry.tf | 2 +- .../{03_monitoring.tf => 70_monitoring.tf} | 0 src/core-itn/80_temp_dns_private_platform.tf | 30 +++ src/core-itn/99_main.tf | 2 +- src/core-itn/99_variables.tf | 31 ++- src/core-itn/README.md | 50 ++++- src/core-itn/env/dev/terraform.tfvars | 4 +- src/core-itn/env/prod/terraform.tfvars | 12 +- src/core-itn/env/uat/terraform.tfvars | 14 +- src/core/README.md | 12 - src/core/dns_private.tf | 143 ------------ src/domains/nodo-switcher/.terraform.lock.hcl | 48 ---- src/domains/nodo-switcher/99_main.tf | 18 -- src/domains/nodo-switcher/README.md | 2 - src/next-core/.terraform.lock.hcl | 207 +++++++++--------- .../{04_appgw.tf => 04_appgw_integration.tf} | 45 ++-- 25 files changed, 459 insertions(+), 414 deletions(-) delete mode 100644 src/core-itn/00_data.tf create mode 100644 src/core-itn/00_dns_private.tf create mode 100644 src/core-itn/02_dns_private_link.tf rename src/core-itn/{03_monitoring.tf => 70_monitoring.tf} (100%) create mode 100644 src/core-itn/80_temp_dns_private_platform.tf rename src/next-core/{04_appgw.tf => 04_appgw_integration.tf} (87%) diff --git a/src/core-itn/.terraform.lock.hcl b/src/core-itn/.terraform.lock.hcl index 37f5a3d9f0..0936b6ce70 100644 --- a/src/core-itn/.terraform.lock.hcl +++ b/src/core-itn/.terraform.lock.hcl @@ -26,25 +26,25 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.45.0" - constraints = ">= 3.30.0, <= 3.96.0, <= 3.97.1" + version = "3.103.1" + constraints = "~> 3.30, <= 3.103.1" hashes = [ - "h1:4BOYXFMiLk4ozEZHUhquRnE5urebcWvaCUV3uys646o=", - "h1:V3CLlXij3vZzxw51hvCBnqriy73llPG21NjO+7sLr+U=", - "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", - "h1:WupjURkT1JPNBRzKmrSsD1Y8zhuQnL3ctKBpNLZBsLA=", - "h1:gQLNY1I5e9kcle1p/VYEWb0eteQ/t5kUfnqVu2/GBNY=", - "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", - "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", - "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7", - "zh:853fecab9c987b6772c8d9aa10362675f6c626b60ebc7118aa33ce91366fcc38", - "zh:979848c45e8e058862c36ba3a661457f7c81ef26ebb6634f479600de9c203d65", - "zh:9b512c8588ecc9c1b803b746a3a8517422561a918f0dfb0faaa707ed53ef1760", - "zh:a9601ffb58043426bcff1220662d6d137f0b2857a24f2dcf180aeac2c9cea688", - "zh:d52d2652328f0ed3ba202561d88cb9f43c174edbfaab1abf69f772125dbfe15e", - "zh:d92d91ca597c47f575bf3ae129f4b723be9b7dcb71b906ec6ec740fac29b1aaa", - "zh:ded73b730e4197b70fda9e83447c119f92f75dc37be3ff2ed45730c8f0348c28", - "zh:ec37ac332d50f8ca5827f97198346b0f8ecbf470e2e3ba1e027bb389d826b902", + "h1:6SACEswBzcN+59PnuUqCwOyLuhEQSgjFX/23YJvJS5Y=", + "h1:6bkftpJOwSmA74r2ewWu5JrIoSbwzWRAcsv7S/A+6fs=", + "h1:ahmLlk8mjIu8OoRb/W9kVzACAHu/y4YFL259A0Yg0G0=", + "h1:iCU0VeGSX0LgIsvuWQ8QEzwepanrZXYOWw48SPD0dQw=", + "h1:ptAxoEtEpgPxT3SVWShUaBnNVCjT9jK5AHfFIoB9rLc=", + "zh:0e78a947c041893a47d2af804f2896d1337cc06230e730e3926db78d416ba883", + "zh:21666ab923f659a2fb7a28eee464249acc8617a21eeb4a805fd1acce5f6c0768", + "zh:357f7daa2f8cc88394d357192f736b21c2626aa99e31bf0dc0dc2fcf6956e555", + "zh:3bfaaa2b1b20841093c44c863bd3cf31068fc6e51b72f85006aa6e656e6555c6", + "zh:624d8eea3587b606209cbae89c51070aa85bf4877ea7d4ffeb4cb5d90d0cd3bb", + "zh:b66a65f0f60e62b9dc911f5376e7801d481810b8c52ae5e36a58730be0779b8a", + "zh:c0362821d82e9a989de4217527f7b9858cd71923508147ae65f47b32ffd85a0e", + "zh:ca8d1fc6e67af8970d3655c8f47bccd4e799b2efb5c7ce402ace7462915f30b3", + "zh:cd9aa496be3900b447a3c3e041e9d25aa6d10a6b0b4d1ebb1385cd6668d35b50", + "zh:d2350210ad53f1dd18ec29b84255aa7b14877e0f1cb5ae77355f9b8ebe2ea209", + "zh:f51cbed8c9b225fb346cc42d884c41bf43bb79c90d753e8cf2770362e4689d79", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/src/core-itn/00_data.tf b/src/core-itn/00_data.tf deleted file mode 100644 index f315dc1eed..0000000000 --- a/src/core-itn/00_data.tf +++ /dev/null @@ -1,7 +0,0 @@ -# data "azurerm_resource_group" "rg_vnet" { -# name = "${local.product}-vnet-rg" -# } -# -# data "azurerm_resource_group" "sec_rg" { -# name = "${local.product}-sec-rg" -# } diff --git a/src/core-itn/00_dns_private.tf b/src/core-itn/00_dns_private.tf new file mode 100644 index 0000000000..e3a037115f --- /dev/null +++ b/src/core-itn/00_dns_private.tf @@ -0,0 +1,72 @@ +data "azurerm_private_dns_zone" "db_nodo_pagamenti_com" { + name = "${var.env_short}.db-nodo-pagamenti.com" + resource_group_name = "pagopa-${var.env_short}-data-rg" +} + +data "azurerm_private_dns_zone" "internal_postgresql_pagopa_it" { + name = "${var.env_short}.internal.postgresql.pagopa.it" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +# +# ⚠️ This will be enabled after apim migration, now it will use a special one created in Italy +# +# data "azurerm_private_dns_zone" "dev_platform_pagopa_it" { +# name = "dev.platform.pagopa.it" +# resource_group_name = "pagopa-${var.env_short}-vnet-rg" +# } + +data "azurerm_private_dns_zone" "internal_dev_platform_pagopa_it" { + name = "internal.dev.platform.pagopa.it" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_azurecr_io" { + name = "privatelink.azurecr.io" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_blob_core_windows_net" { + name = "privatelink.blob.core.windows.net" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_datafactory_azure_net" { + name = "privatelink.datafactory.azure.net" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_documents_azure_com" { + name = "privatelink.documents.azure.com" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_mongo_cosmos_azure_com" { + name = "privatelink.mongo.cosmos.azure.com" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_queue_core_windows_net" { + name = "privatelink.queue.core.windows.net" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_redis_cache_windows_net" { + name = "privatelink.redis.cache.windows.net" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_servicebus_windows_net" { + name = "privatelink.servicebus.windows.net" + resource_group_name = "pagopa-${var.env_short}-msg-rg" +} + +data "azurerm_private_dns_zone" "privatelink_table_core_windows_net" { + name = "privatelink.table.core.windows.net" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} + +data "azurerm_private_dns_zone" "privatelink_table_cosmos_azure_com" { + name = "privatelink.table.cosmos.azure.com" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} diff --git a/src/core-itn/00_key_vault.tf b/src/core-itn/00_key_vault.tf index 5253010a07..362f99d3e1 100644 --- a/src/core-itn/00_key_vault.tf +++ b/src/core-itn/00_key_vault.tf @@ -5,7 +5,7 @@ data "azurerm_key_vault" "kv_core" { module "domain_key_vault_secrets_query" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v7.77.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v8.13.0" key_vault_name = data.azurerm_key_vault.kv_core.name resource_group = data.azurerm_key_vault.kv_core.resource_group_name diff --git a/src/core-itn/00_network.tf b/src/core-itn/00_network.tf index a76269fb4e..d7a55029c1 100644 --- a/src/core-itn/00_network.tf +++ b/src/core-itn/00_network.tf @@ -33,3 +33,10 @@ data "azurerm_resource_group" "rg_event_private_dns_zone" { name = local.msg_resource_group_name } +# +# App GW integration +# +data "azurerm_application_gateway" "app_gw_integration" { + name = "pagopa-${var.env_short}-weu-integration-app-gw" + resource_group_name = "pagopa-${var.env_short}-vnet-rg" +} diff --git a/src/core-itn/01_keyvault.tf b/src/core-itn/01_keyvault.tf index 99aa0d5da6..08dd7d1084 100644 --- a/src/core-itn/01_keyvault.tf +++ b/src/core-itn/01_keyvault.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" { } module "key_vault" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.5.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.13.0" name = "${local.project}-kv" location = azurerm_resource_group.sec_rg.location diff --git a/src/core-itn/01_network.tf b/src/core-itn/01_network.tf index ef02601f18..9b6b5451ba 100644 --- a/src/core-itn/01_network.tf +++ b/src/core-itn/01_network.tf @@ -9,7 +9,7 @@ resource "azurerm_resource_group" "rg_ita_vnet" { } module "vnet_italy" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network?ref=v7.77.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network?ref=v8.13.0" count = var.is_feature_enabled.vnet_ita ? 1 : 0 name = "${local.product_ita}-vnet" @@ -24,31 +24,33 @@ module "vnet_italy" { ## Peering between the vnet(main) and italy vnet module "vnet_ita_peering" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v7.77.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v8.13.0" count = var.is_feature_enabled.vnet_ita ? 1 : 0 source_resource_group_name = azurerm_resource_group.rg_ita_vnet.name source_virtual_network_name = module.vnet_italy[0].name source_remote_virtual_network_id = module.vnet_italy[0].id - source_use_remote_gateways = true + source_use_remote_gateways = false source_allow_forwarded_traffic = true + source_allow_gateway_transit = true target_resource_group_name = data.azurerm_resource_group.rg_vnet_core.name target_virtual_network_name = data.azurerm_virtual_network.vnet_core.name target_remote_virtual_network_id = data.azurerm_virtual_network.vnet_core.id target_allow_gateway_transit = true - target_allow_forwarded_traffic = true + target_allow_forwarded_traffic = false } module "vnet_ita_to_integration_peering" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v7.77.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v8.13.0" count = var.is_feature_enabled.vnet_ita ? 1 : 0 source_resource_group_name = azurerm_resource_group.rg_ita_vnet.name source_virtual_network_name = module.vnet_italy[0].name source_remote_virtual_network_id = module.vnet_italy[0].id source_use_remote_gateways = false - source_allow_forwarded_traffic = true + source_allow_forwarded_traffic = false + source_allow_gateway_transit = true target_resource_group_name = data.azurerm_resource_group.rg_vnet_integration.name target_virtual_network_name = data.azurerm_virtual_network.vnet_integration.name diff --git a/src/core-itn/02_dns_private_link.tf b/src/core-itn/02_dns_private_link.tf new file mode 100644 index 0000000000..3094a35de1 --- /dev/null +++ b/src/core-itn/02_dns_private_link.tf @@ -0,0 +1,111 @@ +resource "azurerm_private_dns_zone_virtual_network_link" "db_nodo_pagamenti_com_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.db_nodo_pagamenti_com.name + resource_group_name = data.azurerm_private_dns_zone.db_nodo_pagamenti_com.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "internal_postgresql_pagopa_it_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.internal_postgresql_pagopa_it.name + resource_group_name = data.azurerm_private_dns_zone.internal_postgresql_pagopa_it.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +# resource "azurerm_private_dns_zone_virtual_network_link" "dev_platform_pagopa_it_vnet_link" { +# name = module.vnet_italy[0].name +# private_dns_zone_name = data.azurerm_private_dns_zone.dev_platform_pagopa_it.name +# resource_group_name = data.azurerm_private_dns_zone.dev_platform_pagopa_it.resource_group_name +# virtual_network_id = module.vnet_italy[0].id +# tags = var.tags +# } + +resource "azurerm_private_dns_zone_virtual_network_link" "internal_dev_platform_pagopa_it_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.internal_dev_platform_pagopa_it.name + resource_group_name = data.azurerm_private_dns_zone.internal_dev_platform_pagopa_it.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_azurecr_io_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_azurecr_io.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_azurecr_io.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_blob_core_windows_net_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_blob_core_windows_net.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_blob_core_windows_net.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_datafactory_azure_net_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_datafactory_azure_net.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_datafactory_azure_net.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_documents_azure_com_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_documents_azure_com.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_documents_azure_com.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_mongo_cosmos_azure_com_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_mongo_cosmos_azure_com.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_mongo_cosmos_azure_com.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_queue_core_windows_net_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_queue_core_windows_net.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_queue_core_windows_net.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_redis_cache_windows_net_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_redis_cache_windows_net.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_redis_cache_windows_net.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_servicebus_windows_net_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_servicebus_windows_net.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_servicebus_windows_net.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_table_core_windows_net_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_table_core_windows_net.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_table_core_windows_net.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_table_cosmos_azure_com_vnet_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_table_cosmos_azure_com.name + resource_group_name = data.azurerm_private_dns_zone.privatelink_table_cosmos_azure_com.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} diff --git a/src/core-itn/10_evenhubs.tf b/src/core-itn/10_evenhubs.tf index 6f3b32a51c..30ba45a60d 100644 --- a/src/core-itn/10_evenhubs.tf +++ b/src/core-itn/10_evenhubs.tf @@ -7,7 +7,7 @@ resource "azurerm_resource_group" "eventhub_ita_rg" { module "eventhub_meucci" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub?ref=v8.2.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub?ref=v8.13.0" name = "${local.project}-evh-meucci" location = var.location resource_group_name = azurerm_resource_group.eventhub_ita_rg.name diff --git a/src/core-itn/20_container_registry.tf b/src/core-itn/20_container_registry.tf index 77cced3068..fe09510862 100644 --- a/src/core-itn/20_container_registry.tf +++ b/src/core-itn/20_container_registry.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "acr_ita_rg" { } module "container_registry_ita" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry?ref=v8.1.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry?ref=v8.13.0" name = replace("${local.project}-acr", "-", "") resource_group_name = azurerm_resource_group.acr_ita_rg.name diff --git a/src/core-itn/03_monitoring.tf b/src/core-itn/70_monitoring.tf similarity index 100% rename from src/core-itn/03_monitoring.tf rename to src/core-itn/70_monitoring.tf diff --git a/src/core-itn/80_temp_dns_private_platform.tf b/src/core-itn/80_temp_dns_private_platform.tf new file mode 100644 index 0000000000..e29c37583f --- /dev/null +++ b/src/core-itn/80_temp_dns_private_platform.tf @@ -0,0 +1,30 @@ +### 🔮 Italy DNS private 👉 .platform.pagopa.it +resource "azurerm_private_dns_zone" "italy_platform_private_dns_zone" { + name = "${var.platform_dns_zone_prefix}.${var.external_domain}" + resource_group_name = azurerm_resource_group.rg_ita_vnet.name + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "dev_platform_pagopa_it_vnet_core_link" { + name = module.vnet_italy[0].name + private_dns_zone_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.name + resource_group_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.resource_group_name + virtual_network_id = module.vnet_italy[0].id + tags = var.tags +} + +# +# RECORDS +# +resource "azurerm_private_dns_a_record" "platform_dns_a_private_apim" { + + for_each = toset(["api", "portal", "management"]) + name = each.key + zone_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.name + resource_group_name = azurerm_private_dns_zone.italy_platform_private_dns_zone.resource_group_name + ttl = var.dns_default_ttl_sec + records = [data.azurerm_application_gateway.app_gw_integration.frontend_ip_configuration[1].private_ip_address] + tags = var.tags +} + diff --git a/src/core-itn/99_main.tf b/src/core-itn/99_main.tf index 303a6f85b8..614145b1eb 100644 --- a/src/core-itn/99_main.tf +++ b/src/core-itn/99_main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "<= 3.96.0" + version = "<= 3.103.1" } azuread = { source = "hashicorp/azuread" diff --git a/src/core-itn/99_variables.tf b/src/core-itn/99_variables.tf index 9115340af1..6fae74de25 100644 --- a/src/core-itn/99_variables.tf +++ b/src/core-itn/99_variables.tf @@ -151,17 +151,26 @@ variable "law_internet_query_enabled" { } # DNS -# variable "external_domain" { -# type = string -# default = "pagopa.it" -# description = "Domain for delegation" -# } -# -# variable "dns_zone_internal_prefix" { -# type = string -# default = null -# description = "The dns subdomain." -# } +variable "external_domain" { + type = string + default = "pagopa.it" + description = "Domain for delegation" +} + +variable "dns_zone_internal_prefix" { + type = string + description = "The dns subdomain." +} + +variable "platform_dns_zone_prefix" { + type = string + description = "platform dns prefix" +} + +variable "dns_default_ttl_sec" { + type = number + description = "Dns default ttl secs" +} # # Event hub diff --git a/src/core-itn/README.md b/src/core-itn/README.md index 6957bd18b1..7d6b38e5ed 100644 --- a/src/core-itn/README.md +++ b/src/core-itn/README.md @@ -96,7 +96,7 @@ No outputs. |------|---------| | [terraform](#requirement\_terraform) | >= 1.6 | | [azuread](#requirement\_azuread) | <= 2.47.0 | -| [azurerm](#requirement\_azurerm) | <= 3.96.0 | +| [azurerm](#requirement\_azurerm) | <= 3.103.1 | | [helm](#requirement\_helm) | <= 2.12.1 | | [kubernetes](#requirement\_kubernetes) | <= 2.25.2 | | [local](#requirement\_local) | <= 2.40.0 | @@ -108,13 +108,13 @@ No outputs. | Name | Source | Version | |------|--------|---------| -| [container\_registry\_ita](#module\_container\_registry\_ita) | git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry | v8.1.0 | -| [domain\_key\_vault\_secrets\_query](#module\_domain\_key\_vault\_secrets\_query) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query | v7.77.0 | -| [eventhub\_meucci](#module\_eventhub\_meucci) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v8.2.0 | -| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.5.0 | -| [vnet\_ita\_peering](#module\_vnet\_ita\_peering) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v7.77.0 | -| [vnet\_ita\_to\_integration\_peering](#module\_vnet\_ita\_to\_integration\_peering) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v7.77.0 | -| [vnet\_italy](#module\_vnet\_italy) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v7.77.0 | +| [container\_registry\_ita](#module\_container\_registry\_ita) | git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry | v8.13.0 | +| [domain\_key\_vault\_secrets\_query](#module\_domain\_key\_vault\_secrets\_query) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query | v8.13.0 | +| [eventhub\_meucci](#module\_eventhub\_meucci) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v8.13.0 | +| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.13.0 | +| [vnet\_ita\_peering](#module\_vnet\_ita\_peering) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v8.13.0 | +| [vnet\_ita\_to\_integration\_peering](#module\_vnet\_ita\_to\_integration\_peering) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v8.13.0 | +| [vnet\_italy](#module\_vnet\_italy) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v8.13.0 | ## Resources @@ -128,6 +128,22 @@ No outputs. | [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource | | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | +| [azurerm_private_dns_a_record.platform_dns_a_private_apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | +| [azurerm_private_dns_zone.italy_platform_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.db_nodo_pagamenti_com_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.dev_platform_pagopa_it_vnet_core_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.internal_dev_platform_pagopa_it_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.internal_postgresql_pagopa_it_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_azurecr_io_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_blob_core_windows_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_datafactory_azure_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_documents_azure_com_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_mongo_cosmos_azure_com_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_queue_core_windows_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_redis_cache_windows_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_servicebus_windows_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_table_core_windows_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_table_cosmos_azure_com_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_public_ip.aks_leonardo_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | | [azurerm_resource_group.acr_ita_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.eventhub_ita_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | @@ -141,11 +157,25 @@ No outputs. | [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | | [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | | [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | +| [azurerm_application_gateway.app_gw_integration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_gateway) | data source | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | | [azurerm_key_vault.kv_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | | [azurerm_key_vault_secret.monitor_notification_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.monitor_notification_slack_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_private_dns_zone.db_nodo_pagamenti_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.eventhub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.internal_dev_platform_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.internal_postgresql_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_azurecr_io](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_datafactory_azure_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_documents_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_mongo_cosmos_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_queue_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_redis_cache_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_servicebus_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_table_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.privatelink_table_cosmos_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_resource_group.rg_event_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.rg_vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.rg_vnet_integration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | @@ -163,6 +193,8 @@ No outputs. | [cidr\_vnet\_italy](#input\_cidr\_vnet\_italy) | Address prefixes for vnet in italy. | `list(string)` | n/a | yes | | [container\_registry\_sku](#input\_container\_registry\_sku) | Sku for ACR | `string` | n/a | yes | | [container\_registry\_zone\_redundancy\_enabled](#input\_container\_registry\_zone\_redundancy\_enabled) | Enabled AZ for container registry | `bool` | n/a | yes | +| [dns\_default\_ttl\_sec](#input\_dns\_default\_ttl\_sec) | Dns default ttl secs | `number` | n/a | yes | +| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | n/a | yes | | [domain](#input\_domain) | n/a | `string` | n/a | yes | | [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | `false` | no | | [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | n/a | yes | @@ -175,6 +207,7 @@ No outputs. | [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | n/a | yes | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | +| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `"pagopa.it"` | no | | [is\_feature\_enabled](#input\_is\_feature\_enabled) | Features enabled in this domain | 
object({
    vnet_ita                  = bool,
    container_app_tools_cae   = optional(bool, false),
    node_forwarder_ha_enabled = bool
    vpn                       = optional(bool, false)
    dns_forwarder_lb          = optional(bool, false)
    postgres_private_dns      = bool
  })
| n/a | yes | | [law\_daily\_quota\_gb](#input\_law\_daily\_quota\_gb) | The workspace daily quota for ingestion in GB. | `number` | n/a | yes | | [law\_internet\_query\_enabled](#input\_law\_internet\_query\_enabled) | Should the Log Analytics Workspace support querying over the Public Internet? Defaults to true. | `bool` | n/a | yes | @@ -187,6 +220,7 @@ No outputs. | [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | | [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | | [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | +| [platform\_dns\_zone\_prefix](#input\_platform\_dns\_zone\_prefix) | platform dns prefix | `string` | n/a | yes | | [prefix](#input\_prefix) | n/a | `string` | n/a | yes | | [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | | [vnet\_ita\_ddos\_protection\_plan](#input\_vnet\_ita\_ddos\_protection\_plan) | n/a | 
object({
    id     = string
    enable = bool
  })
| `null` | no | diff --git a/src/core-itn/env/dev/terraform.tfvars b/src/core-itn/env/dev/terraform.tfvars index 6aac06fb8a..58af8c8f6a 100644 --- a/src/core-itn/env/dev/terraform.tfvars +++ b/src/core-itn/env/dev/terraform.tfvars @@ -44,8 +44,10 @@ cidr_subnet_tools_cae = ["10.3.252.0/23"] # # Dns # -external_domain = "pagopa.it" +platform_dns_zone_prefix = "dev.platform" dns_zone_internal_prefix = "internal.dev.platform" +external_domain = "pagopa.it" +dns_default_ttl_sec = 3600 ### External resources diff --git a/src/core-itn/env/prod/terraform.tfvars b/src/core-itn/env/prod/terraform.tfvars index 199ef522c5..4783655e7e 100644 --- a/src/core-itn/env/prod/terraform.tfvars +++ b/src/core-itn/env/prod/terraform.tfvars @@ -48,8 +48,10 @@ cidr_subnet_tools_cae = ["10.3.252.0/23"] # # Dns # -external_domain = "pagopa.it" +platform_dns_zone_prefix = "platform" dns_zone_internal_prefix = "internal.platform" +external_domain = "pagopa.it" +dns_default_ttl_sec = 3600 ### External resources @@ -121,3 +123,11 @@ ehns_metric_alerts = { # container_registry_sku = "Premium" container_registry_zone_redundancy_enabled = true + +# +# Monitoring +# +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 10 +law_internet_query_enabled = true diff --git a/src/core-itn/env/uat/terraform.tfvars b/src/core-itn/env/uat/terraform.tfvars index 1e99605d86..0801361bf2 100644 --- a/src/core-itn/env/uat/terraform.tfvars +++ b/src/core-itn/env/uat/terraform.tfvars @@ -48,10 +48,10 @@ cidr_subnet_tools_cae = ["10.3.252.0/23"] # # Dns # -external_domain = "pagopa.it" +platform_dns_zone_prefix = "uat.platform" dns_zone_internal_prefix = "internal.uat.platform" -dns_zone_prefix = "uat.platform" -dns_zone_prefix_prf = "prf.platform" +external_domain = "pagopa.it" +dns_default_ttl_sec = 3600 ### External resources @@ -121,3 +121,11 @@ ehns_metric_alerts = { # container_registry_sku = "Standard" container_registry_zone_redundancy_enabled = false + +# +# Monitoring +# +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 10 +law_internet_query_enabled = true diff --git a/src/core/README.md b/src/core/README.md index 2f0b872deb..a7f4e1cc16 100644 --- a/src/core/README.md +++ b/src/core/README.md @@ -422,7 +422,6 @@ | [azurerm_private_dns_zone_virtual_network_link.db_nodo_dns_zone_virtual_link](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.internal_platform_pagopa_it_private_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.internal_platform_vnetlink_vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.italy_db_nodo_dns_zone_virtual_link](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.platform_vnetlink_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.platform_vnetlink_vnet_integration](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.platform_vnetlink_vnet_integration_prf](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | @@ -438,17 +437,6 @@ | [azurerm_private_dns_zone_virtual_network_link.privatelink_table_cosmos_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_table_cosmos_azure_com_vnet_integration](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.vnet_integration_network_link](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_internal_platform](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_platform_platform_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_postgres](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_prf_platform](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_privatelink_blob_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_privatelink_documents_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_privatelink_mongo_cosmos_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_privatelink_queue_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_privatelink_table_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_privatelink_table_cosmos_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_ita_link_redis_cache_windows_net_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.vnet_link_privatelink_queue_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.vnet_privatelink_mongo_cosmos_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/public_ip) | resource | diff --git a/src/core/dns_private.tf b/src/core/dns_private.tf index cbe5686ca0..53a37a92a2 100644 --- a/src/core/dns_private.tf +++ b/src/core/dns_private.tf @@ -15,17 +15,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "db_nodo_dns_zone_virtu tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "italy_db_nodo_dns_zone_virtual_link" { - count = var.enabled_features.vnet_ita ? 1 : 0 - name = data.azurerm_virtual_network.vnet_ita[0].name - private_dns_zone_name = azurerm_private_dns_zone.db_nodo_dns_zone.name - resource_group_name = azurerm_resource_group.data.name - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - - tags = var.tags -} - resource "azurerm_private_dns_a_record" "private_dns_a_record_db_nodo" { name = "db-nodo-pagamenti" zone_name = azurerm_private_dns_zone.db_nodo_dns_zone.name @@ -90,18 +79,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_redis_cach tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_redis_cache_windows_net_vnet" { - count = var.redis_private_endpoint_enabled && var.enabled_features.vnet_ita ? 1 : 0 - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_redis_cache_windows_net[0].name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - - tags = var.tags -} - ### 🔮 Private dns zone: storage queue resource "azurerm_private_dns_zone" "privatelink_queue_core_windows_net" { @@ -125,20 +102,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vnet_link_privatelink_ tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_privatelink_queue_core_windows_net" { - count = var.storage_queue_private_endpoint_enabled && var.enabled_features.vnet_ita ? 1 : 0 - - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_queue_core_windows_net[0].name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - - tags = var.tags -} - - ### 🔮 DNS private 👉 .platform.pagopa.it resource "azurerm_private_dns_zone" "platform_private_dns_zone" { name = "${var.dns_zone_prefix}.${var.external_domain}" @@ -178,18 +141,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "platform_vnetlink_vnet tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_platform_platform_pagopa_it" { - count = var.enabled_features.vnet_ita ? 1 : 0 - - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.platform_private_dns_zone.name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - ### 🔮 DNS private 👉 prf.platform.pagopa.it resource "azurerm_private_dns_zone" "platform_private_dns_zone_prf" { @@ -232,18 +183,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "platform_vnetlink_vnet tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_prf_platform" { - count = var.env_short == "u" && var.enabled_features.vnet_ita ? 1 : 0 - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.platform_private_dns_zone_prf[0].name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - - ### 🔮 Private DNS Zone for Postgres Databases resource "azurerm_private_dns_zone" "postgres" { @@ -262,16 +201,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "postgres_vnet" { virtual_network_id = module.vnet.id } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_postgres" { - count = var.env_short != "d" && var.enabled_features.vnet_ita ? 1 : 0 - - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.postgres[0].name - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id -} - ### 🔮 Private DNS Zone for ACR azure container registry resource "azurerm_private_dns_zone" "privatelink_azurecr_pagopa" { @@ -310,17 +239,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_documents_ tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_privatelink_documents_azure_com_vnet" { - count = var.enabled_features.vnet_ita ? 1 : 0 - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_documents_azure_com.name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - ### 🔮 Private DNS Zone for Cosmos DB Table API # https://docs.microsoft.com/it-it/azure/cosmos-db/how-to-configure-private-endpoints resource "azurerm_private_dns_zone" "privatelink_table_cosmos_azure_com" { @@ -350,17 +268,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_table_cosm tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_privatelink_table_cosmos_azure_com_vnet" { - count = var.enabled_features.vnet_ita ? 1 : 0 - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_table_cosmos_azure_com.name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - ### 🔮 Private DNS Zone for Storage Accounts resource "azurerm_private_dns_zone" "storage_account" { @@ -390,17 +297,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_blob_azure tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_privatelink_blob_azure_com_vnet" { - count = var.enabled_features.vnet_ita ? 1 : 0 - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.storage_account.name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - ### 🔮 DNS private: internal.dev.platform.pagopa.it resource "azurerm_private_dns_zone" "internal_platform_pagopa_it" { @@ -430,18 +326,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "internal_platform_vnet tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_internal_platform" { - count = var.enabled_features.vnet_ita ? 1 : 0 - - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.internal_platform_pagopa_it.name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - ### 🔮 Cosmos MongoDB for ecommerce - private dns zone resource "azurerm_private_dns_zone" "privatelink_mongo_cosmos_azure_com" { @@ -463,19 +347,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vnet_privatelink_mongo tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_privatelink_mongo_cosmos_azure_com" { - count = var.enabled_features.vnet_ita ? 1 : 0 - - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_mongo_cosmos_azure_com.name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - - ### 🔮 Private DNS Zone for Table Storage Account # https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json resource "azurerm_private_dns_zone" "table_storage_account" { @@ -495,20 +366,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_table_azur tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "vnet_ita_link_privatelink_table_azure_com_vnet" { - count = var.enabled_features.vnet_ita ? 1 : 0 - - name = data.azurerm_virtual_network.vnet_ita[0].name - resource_group_name = azurerm_resource_group.rg_vnet.name - private_dns_zone_name = azurerm_private_dns_zone.table_storage_account.name - registration_enabled = false - - virtual_network_id = data.azurerm_virtual_network.vnet_ita[0].id - tags = var.tags -} - - - resource "azurerm_dns_a_record" "dns_a_forwarder" { count = var.nat_gateway_enabled ? 1 : 0 name = "forwarder" diff --git a/src/domains/nodo-switcher/.terraform.lock.hcl b/src/domains/nodo-switcher/.terraform.lock.hcl index 8dc1c7643b..2be98aa5e0 100644 --- a/src/domains/nodo-switcher/.terraform.lock.hcl +++ b/src/domains/nodo-switcher/.terraform.lock.hcl @@ -73,54 +73,6 @@ provider "registry.terraform.io/hashicorp/azurerm" { ] } -provider "registry.terraform.io/hashicorp/helm" { - version = "2.5.1" - constraints = "<= 2.5.1" - hashes = [ - "h1:9yMFsXyHAo+mUuMKczNSw44HcZaf1JkMqgOUgJF1dXs=", - "h1:NasRPC0qqlpGqcF3dsSoOFu7uc5hM+zJm+okd8FgrnQ=", - "h1:a9KwjqINdNy6IsEbkHUB1vwvYfy5OJ2VxFL9/NDFLoY=", - "h1:g3CzhAURjVq69AJ1u2d3DWd+i0rSmLX+JXSIts9BV6A=", - "h1:gogHvv1qr8bPzk5y1BoeTA5dOZt47byTXWXW3CJQ5C8=", - "zh:140b9748f0ad193a20d69e59d672f3c4eda8a56cede56a92f931bd3af020e2e9", - "zh:17ae319466ed6538ad49e011998bb86565fe0e97bc8b9ad7c8dda46a20f90669", - "zh:3a8bd723c21ba70e19f0395ed7096fc8e08bfc23366f1c3f06a9107eb37c572c", - "zh:3aae3b82adbe6dca52f1a1c8cf51575446e6b0f01f1b1f3b30de578c9af4a933", - "zh:3f65221f40148df57d2888e4f31ef3bf430b8c5af41de0db39a2b964e1826d7c", - "zh:650c74c4f46f5eb01df11d8392bdb7ebee3bba59ac0721000a6ad731ff0e61e2", - "zh:930fb8ab4cd6634472dfd6aa3123f109ef5b32cbe6ef7b4695fae6751353e83f", - "zh:ae57cd4b0be4b9ca252bc5d347bc925e35b0ed74d3dcdebf06c11362c1ac3436", - "zh:d15b1732a8602b6726eac22628b2f72f72d98b75b9c6aabceec9fd696fda696a", - "zh:d730ede1656bd193e2aea5302acec47c4905fe30b96f550196be4a0ed5f41936", - "zh:f010d4f9d8cd15936be4df12bf256cb2175ca1dedb728bd3a866c03d2ee7591f", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.11.0" - constraints = "<= 2.11.0" - hashes = [ - "h1:T65SZhN/tQgsAsHe/G5PCgpjofi+aTKPZ+nZg6WOJpc=", - "h1:d5NamuGihJgxmtSq07kSZblnJuekkjdFdRLTDeGb0us=", - "h1:lSh/Q5vX73hHL80TtGn2Vrv1UYLzlIRjC+xaCijY4ew=", - "h1:lrhK0YgF/daYiTUWAQeY3vBD7uX8gm/44ZD4GTw71r4=", - "h1:pJiAJwZKUaoAJ4x+3ONJkwEVkjrwGROCGFgj7noPO58=", - "zh:143a19dd0ea3b07fc5e3d9231f3c2d01f92894385c98a67327de74c76c715843", - "zh:1fc757d209e09c3cf7848e4274daa32408c07743698fbed10ee52a4a479b62b6", - "zh:22dfebd0685749c51a8f765d51a1090a259778960ac1cd4f32021a325b2b9b72", - "zh:3039b3b76e870cd8fc404cf75a29c66b171c6ba9b6182e131b6ae2ca648ec7c0", - "zh:3af0a15562fcab4b5684b18802e0239371b2b8ff9197ed069ff4827f795a002b", - "zh:50aaf20336d1296a73315adb66f7687f75bd5c6b1f93a894b95c75cc142810ec", - "zh:682064fabff895ec351860b4fe0321290bbbb17c2a410b62c9bea0039400650e", - "zh:70ac914d5830b3371a2679d8f77cc20c419a6e12925145afae6c977c8eb90934", - "zh:710aa02cccf7b0f3fb50880d6d2a7a8b8c9435248666616844ba71f74648cddc", - "zh:88e418118cd5afbdec4984944c7ab36950bf48e8d3e09e090232e55eecfb470b", - "zh:9cef159377bf23fa331f8724fdc6ce27ad39a217a4bae6df3b1ca408fc643da6", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - provider "registry.terraform.io/hashicorp/null" { version = "3.1.1" constraints = "<= 3.2.1" diff --git a/src/domains/nodo-switcher/99_main.tf b/src/domains/nodo-switcher/99_main.tf index 41e8714983..7c3245b08c 100644 --- a/src/domains/nodo-switcher/99_main.tf +++ b/src/domains/nodo-switcher/99_main.tf @@ -12,14 +12,6 @@ terraform { source = "hashicorp/azurerm" version = "<= 3.53.0" } - helm = { - source = "hashicorp/helm" - version = "<= 2.5.1" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "<= 2.11.0" - } null = { source = "hashicorp/null" version = "<= 3.2.1" @@ -40,13 +32,3 @@ provider "azurerm" { data "azurerm_subscription" "current" {} data "azurerm_client_config" "current" {} - -provider "kubernetes" { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" -} - -provider "helm" { - kubernetes { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" - } -} diff --git a/src/domains/nodo-switcher/README.md b/src/domains/nodo-switcher/README.md index 31712b49a3..5f3e005402 100644 --- a/src/domains/nodo-switcher/README.md +++ b/src/domains/nodo-switcher/README.md @@ -33,8 +33,6 @@ opening slack on your browser and navigating to the desired channel, you will fi | [azapi](#requirement\_azapi) | <= 1.3.0 | | [azuread](#requirement\_azuread) | <= 2.30.0 | | [azurerm](#requirement\_azurerm) | <= 3.53.0 | -| [helm](#requirement\_helm) | <= 2.5.1 | -| [kubernetes](#requirement\_kubernetes) | <= 2.11.0 | | [null](#requirement\_null) | <= 3.2.1 | ## Modules diff --git a/src/next-core/.terraform.lock.hcl b/src/next-core/.terraform.lock.hcl index 6e04d1f272..0bc31181e1 100644 --- a/src/next-core/.terraform.lock.hcl +++ b/src/next-core/.terraform.lock.hcl @@ -2,121 +2,121 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azuread" { - version = "2.21.0" + version = "2.47.0" constraints = "<= 2.47.0" hashes = [ - "h1:9gG6SWoUZZmmXbYBv6ra2RF5NYpamB9tGjsuBxrasFQ=", - "h1:KbY8dRdbfTwTzEBcdOFdD50JX8CUG5Mni25D2+k1rGc=", - "h1:akcofWscEl0ecIbf7lyEqRvPfOdA5q75EZvK8uSum1c=", - "h1:p9epRqujcxIMeT9THP0oNLGe4jjMBLjT5a7RntnFDaA=", - "h1:qHYbB6LJsYPVUcd7QkZ5tU+IX+10VcUG4NzsmIuWdlE=", - "zh:18c56e0478e8b3849f6d52f7e0ee495538e7fce66f22fc84a79599615e50ad1c", - "zh:1b95ba8dddc46c744b2d2be7da6fafaa8ebd8368d46ff77416a95cb7d622251e", + "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=", + "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", + "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:2b7559f9febd770b38deb2d7aee61cea03d9f7a39673e1c72252530825523206", - "zh:466f1099109fd0283d0a4ae6716d831b09d66218ad8abacf8787e9c634ce7a6f", - "zh:7d56b3c034496c62d0993e51339f876732bb5050f8bb0739cef952f7e881e79f", - "zh:7d600af10920dd9b2349cf745b112e07eb24e2ae25006e32db0a39e8c863b11d", - "zh:81eaaa3944a874b0ade6c23785d736e217554dc74b6a7c06cc8750de97ecca04", - "zh:9a4563c1dceb85f3f58787803af1d5b0baf26d802588d263d05cbd8a4f510e76", - "zh:cb885a238449548d392f7e3f00b1a3aebd41bbeefab23c40b180a058e8565638", - "zh:cd34877f0aa3120cd0b51dadde38c471ae35ea2a8a64604bba578901298c7c77", - "zh:da62d6cb7331e5893ac58942b12cbef5c0727390044ec1f25f5778010fb9e5d4", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.71.0" - constraints = ">= 3.30.0, >= 3.39.0, <= 3.85.0, <= 3.87.0, <= 3.94.0, <= 3.97.1" + version = "3.85.0" + constraints = ">= 3.30.0, ~> 3.30, >= 3.39.0, <= 3.85.0, <= 3.87.0, <= 3.94.0, <= 3.97.1" hashes = [ - "h1:CV6ZR6wy7b1fjS8SQX07EbQZwPjfaxT1mQbSIFwEcqE=", - "h1:QI0iaPNi0qAOIbXptd4ZObi0D5X1jojom5774GtEspA=", - "h1:nTc6DFS9euNgUkNylQ/AxNYN9Ln1dyL+WVIBNcict7Y=", - "h1:vhmOvVQgCyxXeS25wKuPTNpOAAtocPj5faL1yFS/Bcc=", - "h1:xySu+5dS0H9KYVsQoFp61uc5XLRKif9FrFs//OPNDrM=", - "zh:06f0d225b1711dfad256ff33134f878acc8f84624d9da66b075b075cc4d75892", - "zh:09ff74056818babe02ea5a633bffe2b8223eaf79916dc1db169651ef7725c22f", - "zh:27687e0f8458e6d88ebea94352eb523f56e8f5cdc468268af8f38dc4a4265bf4", - "zh:2d81bfab3c6a9b897fa8fbb5256c9e5a944e6ecbf7f73a2a3e2b53a2c4fbcfc5", - "zh:4cfc744cfc37aeeeecd82800c70e2591b38447af9e3c51bcbf06a5efe842ed65", - "zh:734fbb81508b264f772a076338ddf1c7b25534d2007a1738a7d55587478ed258", - "zh:9a5502c364f58073599fff8cdd8adc32e7f7bcd00a4d9b57d2fff678fd8a8319", - "zh:9bc528f7e78dbfd106f94b741b68dedd3dd3d31c3defcddcc1972c8e52a6b7db", - "zh:c30db03d877f9a7ae0c19d3fd338bbf95cdddbf6df1023709dbfa99689abac14", - "zh:c51d4065145b8f4ca45fc9a0f3ca7f2d933bc0302af2eead74f3ce64a9221ae8", - "zh:e23029fc7f81723795d7da770131adb1ce6f4d32f0a57eb75d47e036a0a19833", + "h1:BX6+m8KJATrpqlwBSyA63Fmwjvgwcs/v1qwB7B5GLCU=", + "h1:JLkmrm6Jcy4m0a3SrT26EU7b0njwFuhfflBZWUij7mA=", + "h1:UW2HuNrkVexKwNYbkI1Xr/B3ip/cCgizIjfKN+ulpPs=", + "h1:vPlaTsywMaTyPPYPy0t8twBwrYOGckDFg4kQ5yyJG0U=", + "h1:wcPRNQKHyR5boMFYQblUqVCbPyxuLlXpVgzMK3cLAPo=", + "zh:1ae6c0d82b5801641a17094b84f2ec1dcac699c1c4e40669a267511061414a34", + "zh:259e9386a43aabecb1205b0ceea2d205223637c09b66d806a89fed04f3343253", + "zh:4d940f9c14fece4f1d9219ac9d104202e5561bddc5024e5ac97f3f93eea20110", + "zh:530bca70b950e835f63c796c694106d701e5de0e2cf096fa35f08afd5c254594", + "zh:69e6b7f44ffbe0383b6485bb9db26781eb7869503889303e202967900a6b35ed", + "zh:8528e7d054254daae06eeb2bf343d566d3908a024fdfb5e515fbdbe0669c15eb", + "zh:98d66edfa89ed9a431ca37be384e5dfe7fa20bdc732c6e7d30f3f922ca3b29dc", + "zh:b8d37cedeffeb6bd37d4ec79fc2da19ed6b57d1ac08d835395dfa4fb3cfdf447", + "zh:bbc94e89cd6c0d59c2e5ed0bce852cac8435b6dc2e979691ee84af4c8b2c9bb8", + "zh:ceb4c624e8bb56bbcfe53e3c4ed4b4d27c3a5b62e5f4890b32c98b60b83c7827", + "zh:f08c5bf19eb25f668633964c6bfa823aa0ead785824082533c4a6cff3959e3d0", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/helm" { - version = "2.5.1" + version = "2.12.1" constraints = "<= 2.12.1" hashes = [ - "h1:9yMFsXyHAo+mUuMKczNSw44HcZaf1JkMqgOUgJF1dXs=", - "h1:NasRPC0qqlpGqcF3dsSoOFu7uc5hM+zJm+okd8FgrnQ=", - "h1:a9KwjqINdNy6IsEbkHUB1vwvYfy5OJ2VxFL9/NDFLoY=", - "h1:g3CzhAURjVq69AJ1u2d3DWd+i0rSmLX+JXSIts9BV6A=", - "h1:gogHvv1qr8bPzk5y1BoeTA5dOZt47byTXWXW3CJQ5C8=", - "zh:140b9748f0ad193a20d69e59d672f3c4eda8a56cede56a92f931bd3af020e2e9", - "zh:17ae319466ed6538ad49e011998bb86565fe0e97bc8b9ad7c8dda46a20f90669", - "zh:3a8bd723c21ba70e19f0395ed7096fc8e08bfc23366f1c3f06a9107eb37c572c", - "zh:3aae3b82adbe6dca52f1a1c8cf51575446e6b0f01f1b1f3b30de578c9af4a933", - "zh:3f65221f40148df57d2888e4f31ef3bf430b8c5af41de0db39a2b964e1826d7c", - "zh:650c74c4f46f5eb01df11d8392bdb7ebee3bba59ac0721000a6ad731ff0e61e2", - "zh:930fb8ab4cd6634472dfd6aa3123f109ef5b32cbe6ef7b4695fae6751353e83f", - "zh:ae57cd4b0be4b9ca252bc5d347bc925e35b0ed74d3dcdebf06c11362c1ac3436", - "zh:d15b1732a8602b6726eac22628b2f72f72d98b75b9c6aabceec9fd696fda696a", - "zh:d730ede1656bd193e2aea5302acec47c4905fe30b96f550196be4a0ed5f41936", - "zh:f010d4f9d8cd15936be4df12bf256cb2175ca1dedb728bd3a866c03d2ee7591f", + "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", + "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", + "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=", + "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.11.0" + version = "2.25.2" constraints = "<= 2.25.2" hashes = [ - "h1:T65SZhN/tQgsAsHe/G5PCgpjofi+aTKPZ+nZg6WOJpc=", - "h1:d5NamuGihJgxmtSq07kSZblnJuekkjdFdRLTDeGb0us=", - "h1:lSh/Q5vX73hHL80TtGn2Vrv1UYLzlIRjC+xaCijY4ew=", - "h1:lrhK0YgF/daYiTUWAQeY3vBD7uX8gm/44ZD4GTw71r4=", - "h1:pJiAJwZKUaoAJ4x+3ONJkwEVkjrwGROCGFgj7noPO58=", - "zh:143a19dd0ea3b07fc5e3d9231f3c2d01f92894385c98a67327de74c76c715843", - "zh:1fc757d209e09c3cf7848e4274daa32408c07743698fbed10ee52a4a479b62b6", - "zh:22dfebd0685749c51a8f765d51a1090a259778960ac1cd4f32021a325b2b9b72", - "zh:3039b3b76e870cd8fc404cf75a29c66b171c6ba9b6182e131b6ae2ca648ec7c0", - "zh:3af0a15562fcab4b5684b18802e0239371b2b8ff9197ed069ff4827f795a002b", - "zh:50aaf20336d1296a73315adb66f7687f75bd5c6b1f93a894b95c75cc142810ec", - "zh:682064fabff895ec351860b4fe0321290bbbb17c2a410b62c9bea0039400650e", - "zh:70ac914d5830b3371a2679d8f77cc20c419a6e12925145afae6c977c8eb90934", - "zh:710aa02cccf7b0f3fb50880d6d2a7a8b8c9435248666616844ba71f74648cddc", - "zh:88e418118cd5afbdec4984944c7ab36950bf48e8d3e09e090232e55eecfb470b", - "zh:9cef159377bf23fa331f8724fdc6ce27ad39a217a4bae6df3b1ca408fc643da6", + "h1:+Yi+ho+dpgEmMz6Mt/9O/kDQw9HTcrLWkMyTBFN9yIE=", + "h1:QlTKoO0efmkzgX/9y0DQCEkg7VeidOSQW8epF6B4cEQ=", + "h1:T1WAQt40cAk721H0AM/eZ5YuodJaIfS8r3Tu7rKCJJE=", + "h1:o/+UcYEaEHrQzq2kkWw2MohCK033u6vY+T6cmHd46QU=", + "h1:vrpxWZfnmJ7t9gDff1/z4h+UhewGBpDB52EIwhygn6A=", + "zh:044788ac936e0e8ece8f78a2e4e366ecd435ea8235388eaf2cbc8e7975d9d970", + "zh:24f5ff01df91f51f00ee7ff39430adeb63bb2ca4ea0042e68f06d6b65808c02f", + "zh:49984aa0aa1faa8c4f01e8faa039322f1e6fdaeab0b7e32f5c6e96edfde36a38", + "zh:4eeceaff56bac9fc782e7e33f157fa2c7e9a47b2c3c3d12da2642c312ace73f6", + "zh:4f49b6419345960d5af475e0200c243af4c9c140b0ee64799fe1fc9b023c49ea", + "zh:7958414d516867a2263a978792a24843f80023fb233cf051ff4095adc9803d85", + "zh:c633a755fc95e9ff0cd73656f052947afd85883a0987dde5198113aa48474156", + "zh:cbfe958d119795004ce1e8001449d01c056fa2a062b51d07843d98be216337d7", + "zh:cfb85392e18768578d4c943438897083895719be678227fd90efbe3500702a56", + "zh:d705a661ed5da425dd236a48645bec39fe78a67d2e70e8460b720417cbf260ac", + "zh:ddd7a01263da3793df4f3b5af65f166307eed5acf525e51e058cda59009cc856", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/local" { - version = "2.4.0" + version = "2.5.1" hashes = [ - "h1:7RnIbO3CFakblTJs7o0mUiY44dc9xGYsLhSNFSNS1Ds=", - "h1:Bs7LAkV/iQTLv72j+cTMrvx2U3KyXrcVHaGbdns1NcE=", - "h1:OMqURhlP2IgLEgUCzSlaKXyb/IbnKForgDSjZF/NY4Y=", - "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", - "h1:ZUEYUmm2t4vxwzxy1BvN1wL6SDWrDxfH7pxtzX8c6d0=", - "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", - "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", - "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", + "h1:/GAVA/xheGQcbOZEq0qxANOg+KVLCA7Wv8qluxhTjhU=", + "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=", + "h1:Np4kERf9SMrqUi7DJ1rK3soMK14k49nfgE7l/ipQ5xw=", + "h1:fm2EuMlsdPTuv2tKwx3PMJzWJUh7aMtU9Eky7t4fMys=", + "h1:tjcGlQAFA0kmQ4vKkIPPUC4it1UYxLbg4YvHOWRAJHA=", + "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", + "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", + "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", + "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", + "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", + "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", + "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", - "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", - "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", - "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", - "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", - "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", - "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", - "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", + "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", + "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", + "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", + "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", ] } @@ -169,24 +169,25 @@ provider "registry.terraform.io/hashicorp/random" { } provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" + version = "4.0.5" + constraints = "<= 4.1.0" hashes = [ - "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", - "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", - "h1:bNsvpX5EGuVxgGRXBQVLXlmq40PdoLp8Rfuh1ZmV7yY=", - "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=", - "h1:rKKMyIEBZwR+8j6Tx3PwqBrStuH+J+pxcbCR5XN8WAw=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "h1:e4LBdJoZJNOQXPWgOAG0UuPBVhCStu98PieNlqJTmeU=", + "h1:jb/Rg9inGYp4t8HtBoETESsQJgdmOHoe1bzzg2uNB3w=", + "h1:kcw9sNLNFMY2S0HIGOkjlwKtUc8lpqZsQGsC2SG9xEQ=", + "h1:yLqz+skP3+EbU3yyvw8JqzflQTKDQGsC9QyZAg+S4dg=", + "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=", + "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e", + "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32", + "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b", + "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a", + "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a", + "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e", + "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc", + "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9", + "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4", + "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8", + "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/src/next-core/04_appgw.tf b/src/next-core/04_appgw_integration.tf similarity index 87% rename from src/next-core/04_appgw.tf rename to src/next-core/04_appgw_integration.tf index 65e37a51b7..05e24f1f2a 100644 --- a/src/next-core/04_appgw.tf +++ b/src/next-core/04_appgw_integration.tf @@ -1,17 +1,16 @@ module "integration_appgateway_snet" { source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.50.0" - name = format("%s-integration-appgateway-snet", local.product_region) + name = "${local.product_region}-integration-appgateway-snet" resource_group_name = data.azurerm_resource_group.rg_vnet_integration.name virtual_network_name = data.azurerm_virtual_network.vnet_integration.name address_prefixes = var.cidr_subnet_appgateway_integration private_endpoint_network_policies_enabled = true - } resource "azurerm_user_assigned_identity" "appgateway" { resource_group_name = data.azurerm_resource_group.sec_rg.name location = data.azurerm_resource_group.sec_rg.location - name = format("%s-integration-appgateway-identity", local.product_region) + name = "${local.product_region}-integration-appgateway-identity" tags = var.tags } @@ -26,7 +25,6 @@ resource "azurerm_key_vault_access_policy" "app_gateway_policy" { storage_permissions = [] } - resource "azurerm_public_ip" "integration_appgateway_public_ip" { name = "${local.product_region}-integration-appgateway-pip" resource_group_name = data.azurerm_resource_group.rg_vnet_integration.name @@ -38,6 +36,9 @@ resource "azurerm_public_ip" "integration_appgateway_public_ip" { tags = var.tags } +# +# 🔱 APP GW Integration +# module "app_gw_integration" { source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_gateway?ref=v7.50.0" @@ -52,7 +53,6 @@ module "app_gw_integration" { # WAF waf_enabled = var.app_gateway_waf_enabled - # Networking subnet_id = module.integration_appgateway_snet.id public_ip_id = azurerm_public_ip.integration_appgateway_public_ip.id @@ -63,22 +63,20 @@ module "app_gw_integration" { backends = { apim = { protocol = "Https" - host = format("api.%s.%s", var.dns_zone_prefix, var.external_domain) + host = "api.${var.dns_zone_prefix}.${var.external_domain}" port = 443 - ip_addresses = module.apimv2.private_ip_addresses - fqdns = [format("api.%s.%s.", var.dns_zone_prefix, var.external_domain)] + ip_addresses = data.azurerm_api_management.apim.private_ip_addresses + fqdns = ["api.${var.dns_zone_prefix}.${var.external_domain}."] probe = "/status-0123456789abcdef" probe_name = "probe-apim" request_timeout = 60 pick_host_name_from_backend = false } - - } ssl_profiles = [ { - name = format("%s-ssl-profile", local.product_region) + name = "${local.product_region}-ssl-profile" trusted_client_certificate_names = null verify_client_cert_issuer_dn = false ssl_policy = { @@ -97,16 +95,15 @@ module "app_gw_integration" { } ] - trusted_client_certificates = [ - ] + trusted_client_certificates = [] # Configure listeners listeners = { api = { protocol = "Https" - host = format("api.%s.%s", var.dns_zone_prefix, var.external_domain) + host = "api.${var.dns_zone_prefix}.${var.external_domain}" port = 443 - ssl_profile_name = format("%s-ssl-profile", local.product_region) + ssl_profile_name = "${local.product_region}-ssl-profile" firewall_policy_id = null type = "Private" @@ -122,13 +119,12 @@ module "app_gw_integration" { portal = { protocol = "Https" - host = format("portal.%s.%s", var.dns_zone_prefix, var.external_domain) + host = "portal.${var.dns_zone_prefix}.${var.external_domain}" port = 443 - ssl_profile_name = format("%s-ssl-profile", local.product_region) + ssl_profile_name = "${local.product_region}-ssl-profile" firewall_policy_id = null type = "Private" - certificate = { name = var.app_gateway_portal_certificate_name id = replace( @@ -141,13 +137,12 @@ module "app_gw_integration" { management = { protocol = "Https" - host = format("management.%s.%s", var.dns_zone_prefix, var.external_domain) + host = "management.${var.dns_zone_prefix}.${var.external_domain}" port = 443 - ssl_profile_name = format("%s-ssl-profile", local.product_region) + ssl_profile_name = "${local.product_region}-ssl-profile" firewall_policy_id = null type = "Private" - certificate = { name = var.app_gateway_management_certificate_name id = replace( @@ -157,25 +152,19 @@ module "app_gw_integration" { ) } } - - } # maps listener to backend routes = { - api = { listener = "api" backend = "apim" rewrite_rule_set_name = null priority = 10 - } - } - rewrite_rule_sets = [ - ] + rewrite_rule_sets = [] # TLS identity_ids = [azurerm_user_assigned_identity.appgateway.id]