fix: Pay-wallet storage private link (#2116)

* moved monitoring to another file

* upgrated azurerm to v3.106.1

* updated modules to last version

* fix private link to queue from blob

* updated env variables for prod

src/domains/pay-wallet-common/00_monitor.tf

@@ -38,27 +38,3 @@ locals {
   ]
 
 }
-
-module "web_test_availability_alert_rules_for_api" {
-  for_each = { for v in local.test_urls : v.host => v if v != null }
-  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_web_test_preview?ref=v8.5.0"
-
-  subscription_id                   = data.azurerm_subscription.current.subscription_id
-  name                              = "test-avail-${each.value.host}"
-  location                          = data.azurerm_resource_group.monitor_italy_rg.location
-  resource_group                    = data.azurerm_resource_group.monitor_italy_rg.name
-  application_insight_name          = data.azurerm_application_insights.application_insights_italy.name
-  application_insight_id            = data.azurerm_application_insights.application_insights_italy.id
-  request_url                       = "https://${each.value.host}${each.value.path}"
-  ssl_cert_remaining_lifetime_check = 7
-  expected_http_status              = each.value.expected_http_status
-
-  actions = [
-    {
-      action_group_id = data.azurerm_monitor_action_group.email.id,
-    },
-    {
-      action_group_id = data.azurerm_monitor_action_group.slack.id,
-    },
-  ]
-}

src/domains/pay-wallet-common/01_network.tf

@@ -11,7 +11,7 @@ resource "azurerm_private_dns_a_record" "ingress" {
 #
 
 module "cosmosdb_pay_wallet_snet" {
-  source               = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.5.0"
+  source               = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.20.1"
   name                 = "${local.project}-cosmosb-snet"
   address_prefixes     = var.cidr_subnet_cosmosdb_pay_wallet
   resource_group_name  = local.vnet_italy_resource_group_name
@@ -26,7 +26,7 @@ module "cosmosdb_pay_wallet_snet" {
 }
 
 module "redis_pagopa_pay_wallet_snet" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.5.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.20.1"
 
   name                                      = "${local.project}-redis-snet"
   address_prefixes                          = var.cidr_subnet_redis_pay_wallet
@@ -36,7 +36,7 @@ module "redis_pagopa_pay_wallet_snet" {
 }
 
 module "storage_pay_wallet_snet" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.5.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.20.1"
 
   name                 = "${local.project}-storage-snet"
   address_prefixes     = var.cidr_subnet_storage_pay_wallet

src/domains/pay-wallet-common/02_security.tf

@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" {
 }
 
 module "key_vault" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.5.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.20.1"
 
   name                       = "${local.product}-${var.domain}-kv"
   location                   = azurerm_resource_group.sec_rg.location

src/domains/pay-wallet-common/03_cosmosdb.tf

@@ -8,7 +8,7 @@ resource "azurerm_resource_group" "cosmosdb_pay_wallet_rg" {
 module "cosmosdb_account_mongodb" {
   count = var.is_feature_enabled.cosmos ? 1 : 0
 
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v8.5.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v8.20.1"
 
   name                = "${local.project}-cosmos-account"
   location            = var.location
@@ -117,7 +117,7 @@ locals {
 
 module "cosmosdb_pay_wallet_collections" {
 
-  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v8.5.0"
+  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v8.20.1"
   for_each = var.is_feature_enabled.cosmos ? { for index, coll in local.collections : coll.name => coll } : {}
 
   name                = each.value.name

src/domains/pay-wallet-common/03_redis.tf

@@ -8,7 +8,7 @@ resource "azurerm_resource_group" "redis_pay_wallet_rg" {
 module "pagopa_pay_wallet_redis" {
   count = var.is_feature_enabled.redis ? 1 : 0
 
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache?ref=v8.5.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache?ref=v8.20.1"
 
   name                          = "${local.project}-redis"
   resource_group_name           = azurerm_resource_group.redis_pay_wallet_rg.name

src/domains/pay-wallet-common/03_storage.tf

@@ -7,7 +7,7 @@ resource "azurerm_resource_group" "storage_pay_wallet_rg" {
 module "pay_wallet_storage" {
 
   count  = var.is_feature_enabled.storage ? 1 : 0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v8.5.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v8.20.1"
 
   name                                       = replace("${local.project}-sa", "-", "")
   account_kind                               = var.pay_wallet_storage_params.kind
@@ -17,7 +17,6 @@ module "pay_wallet_storage" {
   blob_versioning_enabled                    = true
   resource_group_name                        = azurerm_resource_group.storage_pay_wallet_rg.name
   location                                   = var.location
-  enable_resource_advanced_threat_protection = var.pay_wallet_storage_params.advanced_threat_protection
   advanced_threat_protection                 = var.pay_wallet_storage_params.advanced_threat_protection
   allow_nested_items_to_be_public            = false
   public_network_access_enabled              = var.pay_wallet_storage_params.public_network_access_enabled
@@ -43,7 +42,7 @@ resource "azurerm_private_endpoint" "storage_private_endpoint" {
   subnet_id           = module.storage_pay_wallet_snet.id
   private_dns_zone_group {
     name                 = "${local.project}-storage-private-dns-zone-group"
-    private_dns_zone_ids = [data.azurerm_private_dns_zone.privatelink_blob_azure_com.id]
+    private_dns_zone_ids = [data.azurerm_private_dns_zone.privatelink_queue_azure_com.id]
   }
 
   private_service_connection {

src/domains/pay-wallet-common/80_monitoring.tf

@@ -0,0 +1,23 @@
+# module "web_test_availability_alert_rules_for_api" {
+#   for_each = { for v in local.test_urls : v.host => v if v != null }
+#   source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_web_test_preview?ref=v8.20.1"
+#
+#   subscription_id                   = data.azurerm_subscription.current.subscription_id
+#   name                              = "test-avail-${each.value.host}"
+#   location                          = data.azurerm_resource_group.monitor_italy_rg.location
+#   resource_group                    = data.azurerm_resource_group.monitor_italy_rg.name
+#   application_insight_name          = data.azurerm_application_insights.application_insights_italy.name
+#   application_insight_id            = data.azurerm_application_insights.application_insights_italy.id
+#   request_url                       = "https://${each.value.host}${each.value.path}"
+#   ssl_cert_remaining_lifetime_check = 7
+#   expected_http_status              = each.value.expected_http_status
+#
+#   actions = [
+#     {
+#       action_group_id = data.azurerm_monitor_action_group.email.id,
+#     },
+#     {
+#       action_group_id = data.azurerm_monitor_action_group.slack.id,
+#     },
+#   ]
+# }

src/domains/pay-wallet-common/99_main.tf

@@ -3,15 +3,15 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "<= 3.97.1"
+      version = "<= 3.106.1"
     }
     azuread = {
       source  = "hashicorp/azuread"
       version = "<= 2.47.0"
     }
     null = {
       source  = "hashicorp/null"
-      version = "<= 3.2.2"
+      version = "<= 3.3.2"
     }
   }
 

src/domains/pay-wallet-common/env/itn-prod/terraform.tfvars

@@ -21,17 +21,18 @@ is_feature_enabled = {
   storage = false
 }
 
+### External resources
+
+monitor_italy_resource_group_name                 = "pagopa-u-itn-core-monitor-rg"
+log_analytics_italy_workspace_name                = "pagopa-u-itn-core-law"
+log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg"
+
 ### NETWORK
 
 cidr_subnet_cosmosdb_pay_wallet = ["10.3.8.0/24"]
 cidr_subnet_redis_pay_wallet    = ["10.3.9.0/24"]
 cidr_subnet_storage_pay_wallet  = ["10.3.10.0/24"]
 
-### External resources
-
-monitor_resource_group_name                 = "pagopa-p-monitor-rg"
-log_analytics_workspace_name                = "pagopa-p-law"
-log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg"
 
 ingress_load_balancer_ip = "10.3.2.250"
 
@@ -52,7 +53,7 @@ cosmos_mongo_db_params = {
     max_interval_in_seconds = 5
     max_staleness_prefix    = 100000
   }
-  server_version                   = "4.0"
+  server_version                   = "4.2"
   main_geo_location_zone_redundant = true
   enable_free_tier                 = false
 
@@ -99,4 +100,3 @@ pay_wallet_storage_params = {
   retention_days                = 30,
   public_network_access_enabled = false,
 }
-

src/domains/pay-wallet-common/env/itn-uat/terraform.tfvars

@@ -34,7 +34,6 @@ cidr_subnet_redis_pay_wallet    = ["10.3.9.0/24"]
 cidr_subnet_storage_pay_wallet  = ["10.3.10.0/24"]
 
 
-
 ingress_load_balancer_ip = "10.3.2.250"
 
 ### dns