Skip to content

Commit

Permalink
fix: Functions ip restriction configuration (#2579)
Browse files Browse the repository at this point in the history
fix functions ip restriction configuration
  • Loading branch information
mamari90 authored Nov 21, 2024
1 parent 2bed043 commit db942d9
Show file tree
Hide file tree
Showing 8 changed files with 25 additions and 6 deletions.
2 changes: 1 addition & 1 deletion src/domains/checkout-app/05_checkout_function.tf
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ module "checkout_function" {

allowed_subnets = [data.azurerm_subnet.apim_snet.id]

ip_restriction_default_action = "Deny"
ip_restriction_default_action = var.checkout_ip_restriction_default_action

allowed_ips = []

Expand Down
3 changes: 2 additions & 1 deletion src/domains/checkout-app/05_pagopa_proxy.tf
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,14 @@ data "azurerm_redis_cache" "pagopa_proxy_redis" {
}



module "pagopa_proxy_app_service" {
source = "./.terraform/modules/__v3__/app_service"

depends_on = [
module.pagopa_proxy_snet
]
ip_restriction_default_action = "Allow"
ip_restriction_default_action = var.pagopa_proxy_ip_restriction_default_action
resource_group_name = data.azurerm_resource_group.pagopa_proxy_rg.name
location = var.location

Expand Down
2 changes: 1 addition & 1 deletion src/domains/checkout-app/05_pagopa_proxy_ha.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module "pagopa_proxy_app_service_ha" {
depends_on = [
module.pagopa_proxy_snet_ha
]
ip_restriction_default_action = "Allow"
ip_restriction_default_action = var.pagopa_proxy_ip_restriction_default_action

resource_group_name = data.azurerm_resource_group.pagopa_proxy_rg.name
location = var.location
Expand Down
10 changes: 10 additions & 0 deletions src/domains/checkout-app/99_variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -278,3 +278,13 @@ variable "pagopa_proxy_ha_enabled" {
type = bool
description = "(Required) enables the deployment of pagopa proxy in HA"
}

variable "checkout_ip_restriction_default_action" {
type = string
description = "(Required) The Default action for traffic that does not match any ip_restriction rule. possible values include Allow and Deny. "
}

variable "pagopa_proxy_ip_restriction_default_action" {
type = string
description = "(Required) The Default action for traffic that does not match any ip_restriction rule. possible values include Allow and Deny. "
}
2 changes: 2 additions & 0 deletions src/domains/checkout-app/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@
| <a name="input_checkout_function_sku_tier"></a> [checkout\_function\_sku\_tier](#input\_checkout\_function\_sku\_tier) | App service plan sku tier | `string` | `null` | no |
| <a name="input_checkout_function_worker_count"></a> [checkout\_function\_worker\_count](#input\_checkout\_function\_worker\_count) | (Optional) checkout function worker count number | `number` | `1` | no |
| <a name="input_checkout_function_zone_balancing_enabled"></a> [checkout\_function\_zone\_balancing\_enabled](#input\_checkout\_function\_zone\_balancing\_enabled) | (Optional) Enables zone balancing for checkout function | `bool` | `true` | no |
| <a name="input_checkout_ip_restriction_default_action"></a> [checkout\_ip\_restriction\_default\_action](#input\_checkout\_ip\_restriction\_default\_action) | (Required) The Default action for traffic that does not match any ip\_restriction rule. possible values include Allow and Deny. | `string` | n/a | yes |
| <a name="input_checkout_pagopaproxy_host"></a> [checkout\_pagopaproxy\_host](#input\_checkout\_pagopaproxy\_host) | pagopaproxy host | `string` | `null` | no |
| <a name="input_cidr_subnet_checkout_be"></a> [cidr\_subnet\_checkout\_be](#input\_cidr\_subnet\_checkout\_be) | Address prefixes subnet checkout function | `list(string)` | `null` | no |
| <a name="input_cidr_subnet_pagopa_proxy"></a> [cidr\_subnet\_pagopa\_proxy](#input\_cidr\_subnet\_pagopa\_proxy) | Address prefixes subnet proxy | `list(string)` | `null` | no |
Expand All @@ -127,6 +128,7 @@
| <a name="input_pagopa_proxy_autoscale_maximum"></a> [pagopa\_proxy\_autoscale\_maximum](#input\_pagopa\_proxy\_autoscale\_maximum) | The maximum number of instances for this resource. | `number` | `10` | no |
| <a name="input_pagopa_proxy_autoscale_minimum"></a> [pagopa\_proxy\_autoscale\_minimum](#input\_pagopa\_proxy\_autoscale\_minimum) | The minimum number of instances for this resource. | `number` | `1` | no |
| <a name="input_pagopa_proxy_ha_enabled"></a> [pagopa\_proxy\_ha\_enabled](#input\_pagopa\_proxy\_ha\_enabled) | (Required) enables the deployment of pagopa proxy in HA | `bool` | n/a | yes |
| <a name="input_pagopa_proxy_ip_restriction_default_action"></a> [pagopa\_proxy\_ip\_restriction\_default\_action](#input\_pagopa\_proxy\_ip\_restriction\_default\_action) | (Required) The Default action for traffic that does not match any ip\_restriction rule. possible values include Allow and Deny. | `string` | n/a | yes |
| <a name="input_pagopa_proxy_plan_sku"></a> [pagopa\_proxy\_plan\_sku](#input\_pagopa\_proxy\_plan\_sku) | (Required) pagopa proxy app service sku name | `string` | n/a | yes |
| <a name="input_pagopa_proxy_vnet_integration"></a> [pagopa\_proxy\_vnet\_integration](#input\_pagopa\_proxy\_vnet\_integration) | (Optional) enables vnet integration for pagopa proxy app service | `bool` | `true` | no |
| <a name="input_pagopa_proxy_zone_balance_enabled"></a> [pagopa\_proxy\_zone\_balance\_enabled](#input\_pagopa\_proxy\_zone\_balance\_enabled) | (Optional) enables zone balancing for pagopa proxy app service | `bool` | `true` | no |
Expand Down
4 changes: 3 additions & 1 deletion src/domains/checkout-app/env/weu-dev/terraform.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,6 @@ checkout_function_autoscale_default = 1
checkout_function_zone_balancing_enabled = false

# ecommerce ingress hostname
ecommerce_ingress_hostname = "weudev.ecommerce.internal.dev.platform.pagopa.it"
ecommerce_ingress_hostname = "weudev.ecommerce.internal.dev.platform.pagopa.it"
checkout_ip_restriction_default_action = "Allow"
pagopa_proxy_ip_restriction_default_action = "Allow"
4 changes: 3 additions & 1 deletion src/domains/checkout-app/env/weu-prod/terraform.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -68,4 +68,6 @@ function_app_storage_account_info = {
advanced_threat_protection_enable = true
}

checkout_cdn_storage_replication_type = "GZRS"
checkout_cdn_storage_replication_type = "GZRS"
checkout_ip_restriction_default_action = "Deny"
pagopa_proxy_ip_restriction_default_action = "Deny"
4 changes: 3 additions & 1 deletion src/domains/checkout-app/env/weu-uat/terraform.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,6 @@ checkout_function_autoscale_default = 1
checkout_function_zone_balancing_enabled = false

# ecommerce ingress hostname
ecommerce_ingress_hostname = "weuuat.ecommerce.internal.uat.platform.pagopa.it"
ecommerce_ingress_hostname = "weuuat.ecommerce.internal.uat.platform.pagopa.it"
checkout_ip_restriction_default_action = "Allow"
pagopa_proxy_ip_restriction_default_action = "Allow"

0 comments on commit db942d9

Please sign in to comment.