diff --git a/src/aks-leonardo/.terraform.lock.hcl b/src/aks-leonardo/.terraform.lock.hcl new file mode 100644 index 0000000000..1e00c6e8a3 --- /dev/null +++ b/src/aks-leonardo/.terraform.lock.hcl @@ -0,0 +1,172 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/alekc/kubectl" { + version = "2.1.3" + constraints = "~> 2.0" + hashes = [ + "h1:AymCb0DCWzmyLqn1qEhVs2pcFUZGT/kxPK+I/BObFH8=", + "h1:JlCnFOeGK8AkmA5eaW0qIWXKA1stD8Irij+cttcZLsk=", + "h1:LzkjMzVRQqwvbY+tF3b+Wxj9BDLZ6Qj9rpPKVppodDU=", + "h1:hImtuIg0fyXqKqi2ZPjESGsc/R1jls5VfSWtNyKRTMA=", + "h1:poWSAAtK4FI1x79C2OyLaNrvWUGTQdr1ZT58edDz+Rs=", + "zh:0e601ae36ebc32eb8c10aff4c48c1125e471fa09f5668465af7581c9057fa22c", + "zh:1773f08a412d1a5f89bac174fe1efdfd255ecdda92d31a2e31937e4abf843a2f", + "zh:1da2db1f940c5d34e31c2384c7bd7acba68725cc1d3ba6db0fec42efe80dbfb7", + "zh:20dc810fb09031bcfea4f276e1311e8286d8d55705f55433598418b7bcc76357", + "zh:326a01c86ba90f6c6eb121bacaabb85cfa9059d6587aea935a9bbb6d3d8e3f3f", + "zh:5a3737ea1e08421fe3e700dc833c6fd2c7b8c3f32f5444e844b3fe0c2352757b", + "zh:5f490acbd0348faefea273cb358db24e684cbdcac07c71002ee26b6cfd2c54a0", + "zh:777688cda955213ba637e2ac6b1994e438a5af4d127a34ecb9bb010a8254f8a8", + "zh:7acc32371053592f55ee0bcbbc2f696a8466415dea7f4bc5a6573f03953fc926", + "zh:81f0108e2efe5ae71e651a8826b61d0ce6918811ccfdc0e5b81b2cfb0f7f57fe", + "zh:88b785ea7185720cf40679cb8fa17e57b8b07fd6322cf2d4000b835282033d81", + "zh:89d833336b5cd027e671b46f9c5bc7d10c5109e95297639bbec8001da89aa2f7", + "zh:df108339a89d4372e5b13f77bd9d53c02a04362fb5d85e1d9b6b47292e30821c", + "zh:e8a2e3a5c50ca124e6014c361d72a9940d8e815f37ae2d1e9487ac77c3043013", + ] +} + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.47.0" + constraints = "<= 2.47.0" + hashes = [ + "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=", + "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", + "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.110.0" + constraints = "~> 3.30, ~> 3.105, <= 3.110.0" + hashes = [ + "h1:4QrrAcbVTUzX2xQIywvAZeM+lrCgcFbFGoADvTAXdhk=", + "h1:EY+IRabj+4NJ3tqB4kVg7dTjoTdwOMHUhIvIoddgRTI=", + "h1:ice1q9zU8gIFSpCvuO7NBvod/zV5FPoZHhaHvXlETss=", + "h1:sxJe/N9/r+UDNQmRMKRRbJN9N1zpijux3iCJYwWs20A=", + "h1:uxeKsqfI9LjvYkcMCiFwlDpQzZvrB83pVJIoG9s4t54=", + "zh:1a1fe9e1a4c08453f249352d135349f7a06f2973dbb839375c7b802523a87351", + "zh:25a9ddeb9b0e1d974aa45ecd67e3f7b8ee333565f0fd99e02b588acf55c46664", + "zh:3ef3f6ed554348b10a645342110baa7d5a4932857e66f20b2b258f9c1af57b0b", + "zh:443e05f7510de0992d7fd4912d2aa3ef477cf186e7c2796bbb699ea12e531b86", + "zh:815444b71a70e79a2c96995bb1970a860d9ce160e11d07c7e61dd284f9b9de8e", + "zh:839d6bc2344e64f0ae8c39c2fd76bedd86c96c3ea22d827492f797b114cb761a", + "zh:922ec196b32c2fe8cff13a58ebfd75929f3a500cf8730aa80d72e0074f00b7cd", + "zh:a818559d9d389b0d6d27bc2c9cea7b97c27451bd9a49f4e86d2221613b459e09", + "zh:e90979a9f2574a368c5857a19bbfa43718cfd4ba12cc3dff9f7ce8f782160d1b", + "zh:f1321caa0a77e7ffb68384b3e35d285fa0fa6c2a8202d2a37d8c321367060ac7", + "zh:f3ae86bf1cb82923595d389db220fd2039cb5fd3720d754abd5c06b6c705ac2c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/external" { + version = "2.3.3" + constraints = "<= 2.3.3" + hashes = [ + "h1:/x65slrvO8YG5MKxE2DaU5udEbUxBu3BgEiO7EEM9bQ=", + "h1:H+3QlVPs/7CDa3I4KU/a23wYeGeJxeBlgvR7bfK1t1w=", + "h1:Qi72kOSrEYgEt5itloFhDfmiFZ7wnRy3+F74XsRuUOw=", + "h1:Up2xaIhiNYomK8Lhe29U2FcojpbRWZYDtSeS03OhI94=", + "h1:gShzO1rJtADK9tDZMvMgjciVAzsBh39LNjtThCwX1Hg=", + "zh:03d81462f9578ec91ce8e26f887e34151eda0e100f57e9772dbea86363588239", + "zh:37ec2a20f6a3ec3a0fd95d3f3de26da6cb9534b30488bc45723e118a0911c0d8", + "zh:4eb5b119179539f2749ce9de0e1b9629d025990f062f4f4dddc161562bb89d37", + "zh:5a31bb58414f41bee5e09b939012df5b88654120b0238a89dfd6691ba197619a", + "zh:6221a05e52a6a2d4f520ffe7cbc741f4f6080e0855061b0ed54e8be4a84eb9b7", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8bb068496b4679bef625e4710d9f3432e301c3a56602271f04e60eadf7f8a94c", + "zh:94742aa5378bab626ce34f79bcef6a373e4f86ea7a8b762e9f71270a899e0d00", + "zh:a485831b5a525cd8f40e8982fa37da40ff70b1ae092c8b755fcde123f0b1238d", + "zh:a647ff16d071eabcabd87ea8183eb90a775a0294ddd735d742075d62fff09193", + "zh:b74710c5954aaa3faf262c18d36a8c2407862d9f842c63e7fa92fa4de3d29df6", + "zh:fa73d83edc92af2e551857594c2232ba6a9e3603ad34b0a5940865202c08d8d7", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.12.1" + constraints = ">= 2.0.0, ~> 2.12, <= 2.12.1" + hashes = [ + "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", + "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", + "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=", + "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.27.0" + constraints = "~> 2.27, <= 2.27.0" + hashes = [ + "h1:/3kLyOR2jTaWS1MKso4xAztrocGBMxi8yVadWiqSWOg=", + "h1:GzU0FzYAT/+IgAhnSBcFH3bT+4I5N6oSga6iZgNJAus=", + "h1:TrlG/sofnDv8kAbzKOD5pIPeUiI5VQY61NuWH+cItDw=", + "h1:WuU4rl7szPJr9Nfu5OoQGF84k8yQf+gmS9zU2eZuxcc=", + "h1:w9ENsSqT/3Oj/yt4GcudG202ehSD2Ls5gwqOLoKrBUQ=", + "zh:3bdba30ae67c55dc7e9a317ac0da3b208ea7926fe9c2f0ae6587ee88dcc58d1f", + "zh:3f35138a831c00b188d2ffee27111dd0cf59afad2dd5653ed9e67d59646de12c", + "zh:64066d18f6ae9a316c2bc840ef3e641d7ab94e1ea3a41d12523e77345ad442ef", + "zh:653063d44b44881af3a480f7f8eaa94fa300e0229df2072d30f606bddcc9f025", + "zh:87f306e37efb61d13efa6da53a1e45e97e5996ebc0568b1caf8c3c5e54c05809", + "zh:8c428b9708f9634391e52300218771eab3fe942bb1295d8c0ad50ca4b33db3d9", + "zh:a44e87119a0337ded15479851786a13f412b413d9a463ba550d1210249206b0f", + "zh:aa2c4d110b0de6ef997c0d45f3f23f8a98f5530753095d6eff439a6d91a8ea31", + "zh:eb15ed8781ac6a0dec2f7d03cf090e23cfa05e3225806c6231ff2c574662fd63", + "zh:eb81c563f93bd3303f9620d11cd49f21f3f89ac3475c6d3e821b239feb9c217d", + "zh:f1a344a7f16131123577e4ec994d04a34ea458ec16c1ccac53fe7946bd817b18", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + constraints = "~> 3.2, <= 3.2.2" + hashes = [ + "h1:Gef5VGfobY5uokA5nV/zFvWeMNR2Pmq79DH94QnNZPM=", + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=", + "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=", + "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + ] +} \ No newline at end of file diff --git a/src/aks-leonardo/03_aks_0.tf b/src/aks-leonardo/03_aks_0.tf index f7359b2fb0..cad32dc45c 100644 --- a/src/aks-leonardo/03_aks_0.tf +++ b/src/aks-leonardo/03_aks_0.tf @@ -55,6 +55,9 @@ module "aks_leonardo" { addon_azure_policy_enabled = true addon_azure_key_vault_secrets_provider_enabled = true addon_azure_pod_identity_enabled = true + workload_identity_enabled = var.aks_enable_workload_identity + oidc_issuer_enabled = var.aks_enable_workload_identity + alerts_enabled = var.aks_alerts_enabled # custom_metric_alerts = local.aks_metrics_alerts diff --git a/src/aks-leonardo/99_variables.tf b/src/aks-leonardo/99_variables.tf index 3c615d556f..1d4c0e2d00 100644 --- a/src/aks-leonardo/99_variables.tf +++ b/src/aks-leonardo/99_variables.tf @@ -566,3 +566,8 @@ variable "monitor_appinsights_name" { type = string description = "App insight in europe name" } + +variable "aks_enable_workload_identity" { + type = bool + default = false +} \ No newline at end of file diff --git a/src/aks-leonardo/env/itn-dev/terraform.tfvars b/src/aks-leonardo/env/itn-dev/terraform.tfvars index 2983974d05..63381ca858 100644 --- a/src/aks-leonardo/env/itn-dev/terraform.tfvars +++ b/src/aks-leonardo/env/itn-dev/terraform.tfvars @@ -38,9 +38,11 @@ monitor_appinsights_name = "pagopa-d-appinsights" # # ⛴ AKS # -aks_private_cluster_enabled = false -aks_alerts_enabled = false -aks_kubernetes_version = "1.29.4" +aks_private_cluster_enabled = false +aks_alerts_enabled = false +aks_kubernetes_version = "1.29.4" +aks_enable_workload_identity = true + aks_system_node_pool = { name = "padaksleosys", vm_size = "Standard_B2ms", diff --git a/src/aks-leonardo/env/itn-prod/terraform.tfvars b/src/aks-leonardo/env/itn-prod/terraform.tfvars index 71ccc407af..c6997560ea 100644 --- a/src/aks-leonardo/env/itn-prod/terraform.tfvars +++ b/src/aks-leonardo/env/itn-prod/terraform.tfvars @@ -39,10 +39,12 @@ monitor_appinsights_name = "pagopa-p-appinsights" # # ⛴ AKS # -aks_private_cluster_enabled = true -aks_alerts_enabled = false -aks_kubernetes_version = "1.29.4" -aks_sku_tier = "Standard" +aks_private_cluster_enabled = true +aks_alerts_enabled = false +aks_kubernetes_version = "1.29.4" +aks_sku_tier = "Standard" +aks_enable_workload_identity = false + aks_system_node_pool = { name = "papaksleosys", vm_size = "Standard_D2ds_v5", diff --git a/src/aks-leonardo/env/itn-uat/terraform.tfvars b/src/aks-leonardo/env/itn-uat/terraform.tfvars index 10b77c9724..8cb8833e9b 100644 --- a/src/aks-leonardo/env/itn-uat/terraform.tfvars +++ b/src/aks-leonardo/env/itn-uat/terraform.tfvars @@ -38,10 +38,12 @@ monitor_appinsights_name = "pagopa-u-appinsights" # # ⛴ AKS # -aks_private_cluster_enabled = true -aks_alerts_enabled = false -aks_kubernetes_version = "1.29.4" -aks_sku_tier = "Standard" +aks_private_cluster_enabled = true +aks_alerts_enabled = false +aks_kubernetes_version = "1.29.4" +aks_sku_tier = "Standard" +aks_enable_workload_identity = true + aks_system_node_pool = { name = "pauaksleosys", vm_size = "Standard_D2ds_v5", diff --git a/src/domains/ebollo-secrets/.terraform.lock.hcl b/src/domains/ebollo-secrets/.terraform.lock.hcl index a389468af5..e6e5cedf47 100644 --- a/src/domains/ebollo-secrets/.terraform.lock.hcl +++ b/src/domains/ebollo-secrets/.terraform.lock.hcl @@ -6,7 +6,6 @@ provider "registry.terraform.io/hashicorp/azuread" { constraints = "<= 2.47.0" hashes = [ "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", @@ -27,7 +26,6 @@ provider "registry.terraform.io/hashicorp/azurerm" { constraints = "~> 3.30, <= 3.106.0" hashes = [ "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=", - "h1:Mxe1/I27IZK3BP6cm84Gt0+7PXd2EDaDUMxuljm/rUA=", "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47", "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038", "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055", @@ -48,7 +46,6 @@ provider "registry.terraform.io/hashicorp/external" { constraints = "<= 2.2.3" hashes = [ "h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=", - "h1:D2RKjqoU26isFINpmeKG9NS0LvkPmrQkNXeYO2TdgyA=", "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", @@ -68,7 +65,6 @@ provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.16.1" constraints = "<= 2.16.1" hashes = [ - "h1:PO4Ye/+lu5hCaUEOtwNOldQYoA0dqL1bcBICIpdlcd8=", "h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=", "zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c", "zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f", @@ -89,7 +85,6 @@ provider "registry.terraform.io/hashicorp/null" { version = "3.2.1" constraints = "~> 3.2, <= 3.2.1" hashes = [ - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", diff --git a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl index a00ceef3f6..20f6fa6cad 100644 --- a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl @@ -1,7 +1,7 @@ - + diff --git a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl index 0f949c30a4..a4fd8a9e85 100644 --- a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl @@ -1,7 +1,7 @@ - + diff --git a/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl b/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl index e747d56f7b..f381de268b 100644 --- a/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl @@ -2,7 +2,7 @@ - + diff --git a/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl index 40ba066357..a6a1b062d0 100644 --- a/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl @@ -3,7 +3,7 @@ "info": { "version": "0.0.1", "title": "Pagopa eCommerce services for app IO outcomes", - "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)", + "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)\n- TAKEN_IN_CHARGE(17) → Waiting for outcome \n- PSP_ERROR(25) → Error from psp\n- BE_KO(99) → Backend Error\n- BALANCE_NOT_AVAILABLE(116) → Balance not available\n- CVV_ERROR(117) → Security code error\n- LIMIT_EXCEDEED(121) → Limit excedeed", "contact": { "name": "pagoPA - Touchpoints team" } @@ -50,10 +50,16 @@ "11", "12", "13", - "14" + "14", + "17", + "25", + "99", + "116", + "117", + "121" ] }, - "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session\n", + "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session `17` - Taken in charge `25` - PSP Error `99` - Backend Error `116` - Balance not available `117` - CVV Error `121` - Limit exceeded\n", "required": true } ], @@ -75,4 +81,4 @@ } } } -} \ No newline at end of file +} diff --git a/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl index 7ff19f49a1..fc23a19ef6 100644 --- a/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl @@ -3,7 +3,7 @@ "info": { "version": "0.0.1", "title": "Pagopa eCommerce services for app IO with payment wallet", - "description": "API's exposed from eCommerce services to app IO to allow pagoPA payment with payment wallet.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)", + "description": "API's exposed from eCommerce services to app IO to allow pagoPA payment with payment wallet.", "contact": { "name": "pagoPA - Touchpoints team" } diff --git a/src/domains/nodo-app/00_alert_wisp_dismantling.tf b/src/domains/nodo-app/00_alert_wisp_dismantling.tf index a0abc1f625..1b88189b5d 100644 --- a/src/domains/nodo-app/00_alert_wisp_dismantling.tf +++ b/src/domains/nodo-app/00_alert_wisp_dismantling.tf @@ -34,6 +34,53 @@ AzureDiagnostics } } +// Query explanation: https://pagopa.atlassian.net/wiki/spaces/I/pages/574751186/Razionalizzazione+Alert +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-converter-redirect-availability" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-wisp-converter-redirect-availability" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Alert pagopa-wisp-converter-redirect-availability" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim.id + description = "Availability for https://api.platform.pagopa.it/wisp-converter/redirect/api/v1/payments is less than or equal to threshold - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-wisp-converter" + enabled = true + query = (<<-QUERY +let lowTrafficThreshold = 70; // the lower threshold that can be calculated regarding the number of invocations +let highTrafficThreshold = 95; // the upper threshold that can be calculated regarding the number of invocations +let trafficMin = 100; // the minimum number of invocations (traffic) below which 'lowTrafficThreshold' guideline is used +let trafficLinear = 500; // the minimum number of invocations (traffic) above which 'highTrafficThreshold' guideline is used +let thresholdDelta = trafficLinear - trafficMin; // the difference of the traffic guideline on which the expected availability is calculated +let availabilityDelta = highTrafficThreshold - lowTrafficThreshold; // the difference of the threshold limits on which the expected availability is calculated +// ----------------------------------------- +AzureDiagnostics +| where url_s startswith "https://api.platform.pagopa.it/wisp-converter/redirect/api/v1/payments" +| summarize + total=count(), + success=count(responseCode_d == 302) + by timeslot = bin(TimeGenerated, 5m) +| extend trafficUp = total - trafficMin +| extend deltaRatio = todouble(todouble(trafficUp) / todouble(thresholdDelta)) +| extend expectedAvailability = iff(total >= trafficLinear, toreal(highTrafficThreshold), iff(total <= trafficMin, toreal(lowTrafficThreshold), (deltaRatio * (availabilityDelta)) + lowTrafficThreshold)) +| extend availability = ((success * 1.0) / total) * 100 +| project timeslot, availability, threshold=expectedAvailability +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + // These API invoking and result are logged only on application insight // [receiptKo, receiptOk, createTimer, deleteTimer] resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-converter-ai-availability" { @@ -126,7 +173,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-convert let errorsToExclude = dynamic([ "WIC-1300", // payment position already paid "WIC-2001", // RPT timer creation - "WIC-3001", "WIC-3002", "WIC-3003", "WIC-3004", "WIC-3005", "WIC-3006" // client errors + "WIC-3004" // CLIENT_CHECKOUT error ]); traces | where cloud_RoleName == "pagopawispconverter" diff --git a/src/domains/nodo-app/README.md b/src/domains/nodo-app/README.md index bbe25279f2..dcfb87913e 100644 --- a/src/domains/nodo-app/README.md +++ b/src/domains/nodo-app/README.md @@ -206,6 +206,7 @@ | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-ai-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-ai-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | +| [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-redirect-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-wic-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_resource_group.nodo_re_to_datastore_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.vmss_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | diff --git a/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars b/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars index 6d966c7f63..90add576be 100644 --- a/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars +++ b/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars @@ -67,7 +67,7 @@ cosmos_mongo_db_params = { is_virtual_network_filter_enabled = false enable_provisioned_throughput_exceeded_alert = false backup_continuous_enabled = false - ip_range_filter = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26,13.88.56.148,40.91.218.243,13.91.105.215,4.210.172.107,40.80.152.199,13.95.130.121,20.245.81.54,40.118.23.126" + ip_range_filter = null } cosmos_mongo_db_pay_wallet_params = { diff --git a/src/domains/paymentoptions-app/02_namespace.tf b/src/domains/paymentoptions-app/02_namespace.tf deleted file mode 100644 index 73e2653de5..0000000000 --- a/src/domains/paymentoptions-app/02_namespace.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "kubernetes_namespace" "namespace" { - metadata { - name = var.domain - } -} - -module "pod_identity" { - source = "./.terraform/modules/__v3__/kubernetes_pod_identity" - - resource_group_name = local.aks_resource_group_name - location = var.location - tenant_id = data.azurerm_subscription.current.tenant_id - cluster_name = local.aks_name - - identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" - namespace = kubernetes_namespace.namespace.metadata[0].name - key_vault_id = data.azurerm_key_vault.kv.id - - secret_permissions = ["Get"] -} diff --git a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf deleted file mode 100644 index 83624cc77e..0000000000 --- a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf +++ /dev/null @@ -1,49 +0,0 @@ -module "tls_checker" { - source = "./.terraform/modules/__v3__/tls_checker" - - https_endpoint = local.domain_hostname - alert_name = local.domain_hostname - alert_enabled = true - helm_chart_present = true - namespace = kubernetes_namespace.namespace.metadata[0].name - location_string = var.location_string - kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" - application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name - application_insights_id = data.azurerm_application_insights.application_insights_italy.id - application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] - keyvault_name = data.azurerm_key_vault.kv.name - keyvault_tenant_id = data.azurerm_client_config.current.tenant_id -} - -resource "helm_release" "cert_mounter" { - name = "cert-mounter-blueprint" - repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint" - chart = "cert-mounter-blueprint" - version = "1.0.4" - namespace = var.domain - timeout = 120 - force_update = true - - values = [ - templatefile("${path.root}/helm/cert-mounter.yaml.tpl", { - NAMESPACE = var.domain, - DOMAIN = var.domain, - CERTIFICATE_NAME = replace(local.domain_hostname, ".", "-"), - ENV_SHORT = var.env_short, - KV_NAME = data.azurerm_key_vault.kv.name - }) - ] -} - -resource "helm_release" "reloader" { - name = "reloader" - repository = "https://stakater.github.io/stakater-charts" - chart = "reloader" - version = "v1.0.69" - namespace = kubernetes_namespace.namespace.metadata[0].name - - set { - name = "reloader.watchGlobally" - value = "false" - } -} diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json b/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json deleted file mode 100644 index 0967ef424b..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini deleted file mode 100644 index 067019d64d..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-d-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-d-paymentoptions-sops-key" diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json b/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json deleted file mode 100644 index 2c63c08510..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini deleted file mode 100644 index a83c6d693e..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-p-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-p-paymentoptions-sops-key" diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json b/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json deleted file mode 100644 index 2c63c08510..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini deleted file mode 100644 index e5b5471c37..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-u-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-u-paymentoptions-sops-key" diff --git a/src/domains/payopt-app/.terraform.lock.hcl b/src/domains/payopt-app/.terraform.lock.hcl new file mode 100644 index 0000000000..5ff319e7d6 --- /dev/null +++ b/src/domains/payopt-app/.terraform.lock.hcl @@ -0,0 +1,102 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "3.0.2" + constraints = "<= 3.0.2" + hashes = [ + "h1:yQqvUtgtrYKGpIygdM8P6N+pvMWJJWIsVdPow29VE20=", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.116.0" + constraints = "~> 3.30, ~> 3.110, ~> 3.116.0, <= 3.116.0" + hashes = [ + "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.16.0" + constraints = "~> 2.12, <= 2.16.0" + hashes = [ + "h1:zk+1yjCh9RKDsugek6X2JXtLywtdIeS1DeOLjzypU70=", + "zh:0fa970817bab7a8411ff443d51004dc2974c0ef4aad082a514f8b56559db3113", + "zh:333b9ac02fcbf9dcf4825dc1e4fc373ef4571b1dd00b79f5c8ea24e1c79992f0", + "zh:792e1e9c409dd76e3eabf3b0c0a6b5a3c3ef42adfc578f7899def46a81e994ef", + "zh:8eca4a52d43ca97d944a8c5d0f2ee60bcbefcb3ccee51d5620bde9047b8ea9c7", + "zh:90969e6a0f7127b0cb75c8790f63f4d050576ffe9bd722887a11d885430624cd", + "zh:a9d72fb106f16ab4f68c779a2c59124929cbc1cb0dbc47ed5ef380c6205f70bb", + "zh:c28bc1a2c0f8f11626baf905a888b2600663ba8dbb33ce4203efcafa16c77fc5", + "zh:c5d6c72a8c5513ff868209ceda9e6000723b02d21811d05909d26614784d4db6", + "zh:d105d40b1a217120332f65a93b24470d18e355868bfa99f0cdeeff5869cff9fb", + "zh:e6c78637c8c6081b8817f61658de8d0163b92157336ac3236cf183b5834f9487", + "zh:edef68729e4f263df3a6737fc73b14e1ee952b800d72d0c6f2cb524bc1ad7ec8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.33.0" + constraints = "~> 2.27, ~> 2.30, <= 2.33.0" + hashes = [ + "h1:HDyytvOlqNw5fJ0SB/nzgqCWniK4LAZNx23LaPavQq8=", + "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", + "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", + "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", + "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", + "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", + "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", + "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", + "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", + "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", + "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", + "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.3" + constraints = "~> 3.2, <= 3.2.3" + hashes = [ + "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + ] +} diff --git a/src/domains/paymentoptions-app/00_alerts.tf b/src/domains/payopt-app/00_alerts.tf similarity index 100% rename from src/domains/paymentoptions-app/00_alerts.tf rename to src/domains/payopt-app/00_alerts.tf diff --git a/src/domains/paymentoptions-app/00_data.tf b/src/domains/payopt-app/00_data.tf similarity index 100% rename from src/domains/paymentoptions-app/00_data.tf rename to src/domains/payopt-app/00_data.tf diff --git a/src/domains/paymentoptions-app/00_keyvault.tf b/src/domains/payopt-app/00_keyvault.tf similarity index 100% rename from src/domains/paymentoptions-app/00_keyvault.tf rename to src/domains/payopt-app/00_keyvault.tf diff --git a/src/domains/paymentoptions-app/00_monitor.tf b/src/domains/payopt-app/00_monitor.tf similarity index 100% rename from src/domains/paymentoptions-app/00_monitor.tf rename to src/domains/payopt-app/00_monitor.tf diff --git a/src/domains/paymentoptions-app/00_network.tf b/src/domains/payopt-app/00_network.tf similarity index 100% rename from src/domains/paymentoptions-app/00_network.tf rename to src/domains/payopt-app/00_network.tf diff --git a/src/domains/paymentoptions-app/01_network.tf b/src/domains/payopt-app/01_network.tf similarity index 100% rename from src/domains/paymentoptions-app/01_network.tf rename to src/domains/payopt-app/01_network.tf diff --git a/src/domains/payopt-app/02_namespace.tf b/src/domains/payopt-app/02_namespace.tf new file mode 100644 index 0000000000..7d9fcc5c42 --- /dev/null +++ b/src/domains/payopt-app/02_namespace.tf @@ -0,0 +1,39 @@ +resource "kubernetes_namespace" "namespace" { + metadata { + name = var.domain + } +} + +# module "pod_identity" { +# source = "./.terraform/modules/__v3__/kubernetes_pod_identity" + +# resource_group_name = local.aks_resource_group_name +# location = var.location +# tenant_id = data.azurerm_subscription.current.tenant_id +# cluster_name = local.aks_name + +# identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" +# namespace = kubernetes_namespace.namespace.metadata[0].name +# key_vault_id = data.azurerm_key_vault.kv.id + +# secret_permissions = ["Get"] +# } + + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity +module "workload_identity" { + source = "./.terraform/modules/__v3__/kubernetes_workload_identity_configuration" + + workload_identity_name_prefix = var.domain + workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + aks_name = data.azurerm_kubernetes_cluster.aks.name + aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + namespace = var.domain + + key_vault_id = data.azurerm_key_vault.kv.id + key_vault_certificate_permissions = ["Get"] + key_vault_key_permissions = ["Get"] + key_vault_secret_permissions = ["Get"] +} diff --git a/src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf b/src/domains/payopt-app/03_serviceaccounts_azure_devops.tf similarity index 100% rename from src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf rename to src/domains/payopt-app/03_serviceaccounts_azure_devops.tf diff --git a/src/domains/paymentoptions-app/04_apim_payment_options.tf b/src/domains/payopt-app/04_apim_payment_options.tf similarity index 100% rename from src/domains/paymentoptions-app/04_apim_payment_options.tf rename to src/domains/payopt-app/04_apim_payment_options.tf diff --git a/src/domains/paymentoptions-app/04_apim_payment_options_mock.tf b/src/domains/payopt-app/04_apim_payment_options_mock.tf similarity index 100% rename from src/domains/paymentoptions-app/04_apim_payment_options_mock.tf rename to src/domains/payopt-app/04_apim_payment_options_mock.tf diff --git a/src/domains/payopt-app/05_aks_middleware_tools.tf b/src/domains/payopt-app/05_aks_middleware_tools.tf new file mode 100644 index 0000000000..0afc20f24f --- /dev/null +++ b/src/domains/payopt-app/05_aks_middleware_tools.tf @@ -0,0 +1,55 @@ + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%F0%9F%94%AE-tls-cheker +module "tls_checker" { + source = "./.terraform/modules/__v3__/tls_checker" + + https_endpoint = local.domain_hostname + alert_name = local.domain_hostname + alert_enabled = true + helm_chart_present = true + namespace = kubernetes_namespace.namespace.metadata[0].name + location_string = var.location_string + kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" + application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name + application_insights_id = data.azurerm_application_insights.application_insights_italy.id + application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] + keyvault_name = data.azurerm_key_vault.kv.name + keyvault_tenant_id = data.azurerm_client_config.current.tenant_id + + workload_identity_enabled = true + workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name + workload_identity_client_id = module.workload_identity.workload_identity_client_id + + depends_on = [module.workload_identity] +} + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%3Acertificate%3A-cert-mounter +module "cert_mounter" { + source = "./.terraform/modules/__v3__/cert_mounter" + + namespace = var.domain + certificate_name = replace(local.domain_hostname, ".", "-") + kv_name = data.azurerm_key_vault.kv.name + tenant_id = data.azurerm_subscription.current.tenant_id + + workload_identity_enabled = true + workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name + workload_identity_client_id = module.workload_identity.workload_identity_client_id + + depends_on = [module.workload_identity] +} +resource "helm_release" "reloader" { + name = "reloader" + repository = "https://stakater.github.io/stakater-charts" + chart = "reloader" + version = "v1.0.69" + namespace = kubernetes_namespace.namespace.metadata[0].name + + set { + name = "reloader.watchGlobally" + value = "false" + } +} diff --git a/src/domains/paymentoptions-app/05_subkey.tf b/src/domains/payopt-app/05_subkey.tf similarity index 100% rename from src/domains/paymentoptions-app/05_subkey.tf rename to src/domains/payopt-app/05_subkey.tf diff --git a/src/domains/paymentoptions-app/06_keyvault.tf b/src/domains/payopt-app/06_keyvault.tf similarity index 100% rename from src/domains/paymentoptions-app/06_keyvault.tf rename to src/domains/payopt-app/06_keyvault.tf diff --git a/src/domains/paymentoptions-app/07_gh_runner.tf b/src/domains/payopt-app/07_gh_runner.tf similarity index 100% rename from src/domains/paymentoptions-app/07_gh_runner.tf rename to src/domains/payopt-app/07_gh_runner.tf diff --git a/src/domains/paymentoptions-app/90_pdb.tf b/src/domains/payopt-app/90_pdb.tf similarity index 100% rename from src/domains/paymentoptions-app/90_pdb.tf rename to src/domains/payopt-app/90_pdb.tf diff --git a/src/domains/paymentoptions-app/99_locals.tf b/src/domains/payopt-app/99_locals.tf similarity index 100% rename from src/domains/paymentoptions-app/99_locals.tf rename to src/domains/payopt-app/99_locals.tf diff --git a/src/domains/paymentoptions-app/99_main.tf b/src/domains/payopt-app/99_main.tf similarity index 89% rename from src/domains/paymentoptions-app/99_main.tf rename to src/domains/payopt-app/99_main.tf index 7c1a14d9e9..27e3029347 100644 --- a/src/domains/paymentoptions-app/99_main.tf +++ b/src/domains/payopt-app/99_main.tf @@ -7,19 +7,19 @@ terraform { } azuread = { source = "hashicorp/azuread" - version = "<= 2.47.0" + version = "<= 3.0.2" } null = { source = "hashicorp/null" - version = "<= 3.2.1" + version = "<= 3.2.3" } kubernetes = { source = "hashicorp/kubernetes" - version = "<= 2.29.0" + version = "<= 2.33.0" } helm = { source = "hashicorp/helm" - version = "<= 2.12.1" + version = "<= 2.16.0" } } diff --git a/src/domains/paymentoptions-app/99_variables.tf b/src/domains/payopt-app/99_variables.tf similarity index 100% rename from src/domains/paymentoptions-app/99_variables.tf rename to src/domains/payopt-app/99_variables.tf diff --git a/src/domains/paymentoptions-app/README.md b/src/domains/payopt-app/README.md similarity index 100% rename from src/domains/paymentoptions-app/README.md rename to src/domains/payopt-app/README.md diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml b/src/domains/payopt-app/api/payment-options-mock/_base_policy.xml similarity index 100% rename from src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml rename to src/domains/payopt-app/api/payment-options-mock/_base_policy.xml diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml b/src/domains/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml similarity index 100% rename from src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml rename to src/domains/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl b/src/domains/payopt-app/api/payment-options-mock/_openapi.json.tpl similarity index 100% rename from src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl rename to src/domains/payopt-app/api/payment-options-mock/_openapi.json.tpl diff --git a/src/domains/paymentoptions-app/api_product/_base_policy.xml b/src/domains/payopt-app/api_product/_base_policy.xml similarity index 100% rename from src/domains/paymentoptions-app/api_product/_base_policy.xml rename to src/domains/payopt-app/api_product/_base_policy.xml diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.ini b/src/domains/payopt-app/env/itn-dev/backend.ini similarity index 100% rename from src/domains/paymentoptions-app/env/itn-dev/backend.ini rename to src/domains/payopt-app/env/itn-dev/backend.ini diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.tfvars b/src/domains/payopt-app/env/itn-dev/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-dev/backend.tfvars rename to src/domains/payopt-app/env/itn-dev/backend.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars b/src/domains/payopt-app/env/itn-dev/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars rename to src/domains/payopt-app/env/itn-dev/terraform.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.ini b/src/domains/payopt-app/env/itn-prod/backend.ini similarity index 100% rename from src/domains/paymentoptions-app/env/itn-prod/backend.ini rename to src/domains/payopt-app/env/itn-prod/backend.ini diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.tfvars b/src/domains/payopt-app/env/itn-prod/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-prod/backend.tfvars rename to src/domains/payopt-app/env/itn-prod/backend.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars b/src/domains/payopt-app/env/itn-prod/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars rename to src/domains/payopt-app/env/itn-prod/terraform.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.ini b/src/domains/payopt-app/env/itn-uat/backend.ini similarity index 100% rename from src/domains/paymentoptions-app/env/itn-uat/backend.ini rename to src/domains/payopt-app/env/itn-uat/backend.ini diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.tfvars b/src/domains/payopt-app/env/itn-uat/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-uat/backend.tfvars rename to src/domains/payopt-app/env/itn-uat/backend.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars b/src/domains/payopt-app/env/itn-uat/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars rename to src/domains/payopt-app/env/itn-uat/terraform.tfvars diff --git a/src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl b/src/domains/payopt-app/helm/cert-mounter.yaml.tpl similarity index 100% rename from src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl rename to src/domains/payopt-app/helm/cert-mounter.yaml.tpl diff --git a/src/domains/paymentoptions-app/terraform.sh b/src/domains/payopt-app/terraform.sh similarity index 100% rename from src/domains/paymentoptions-app/terraform.sh rename to src/domains/payopt-app/terraform.sh diff --git a/src/domains/payopt-common/.terraform.lock.hcl b/src/domains/payopt-common/.terraform.lock.hcl new file mode 100644 index 0000000000..412a66cdaf --- /dev/null +++ b/src/domains/payopt-common/.terraform.lock.hcl @@ -0,0 +1,62 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.47.0" + constraints = "<= 2.47.0" + hashes = [ + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.116.0" + constraints = "~> 3.30, ~> 3.116.0, < 4.0.0" + hashes = [ + "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + constraints = "<= 3.2.2" + hashes = [ + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + ] +} diff --git a/src/domains/paymentoptions-common/00_data.tf b/src/domains/payopt-common/00_data.tf similarity index 100% rename from src/domains/paymentoptions-common/00_data.tf rename to src/domains/payopt-common/00_data.tf diff --git a/src/domains/paymentoptions-common/00_monitor.tf b/src/domains/payopt-common/00_monitor.tf similarity index 100% rename from src/domains/paymentoptions-common/00_monitor.tf rename to src/domains/payopt-common/00_monitor.tf diff --git a/src/domains/paymentoptions-common/00_network.tf b/src/domains/payopt-common/00_network.tf similarity index 100% rename from src/domains/paymentoptions-common/00_network.tf rename to src/domains/payopt-common/00_network.tf diff --git a/src/domains/paymentoptions-common/01_network.tf b/src/domains/payopt-common/01_network.tf similarity index 100% rename from src/domains/paymentoptions-common/01_network.tf rename to src/domains/payopt-common/01_network.tf diff --git a/src/domains/paymentoptions-common/03_eventhub.tf b/src/domains/payopt-common/03_eventhub.tf similarity index 100% rename from src/domains/paymentoptions-common/03_eventhub.tf rename to src/domains/payopt-common/03_eventhub.tf diff --git a/src/domains/paymentoptions-common/10_github_identity.tf b/src/domains/payopt-common/10_github_identity.tf similarity index 92% rename from src/domains/paymentoptions-common/10_github_identity.tf rename to src/domains/payopt-common/10_github_identity.tf index e77e55ee1a..36a3cd077b 100644 --- a/src/domains/paymentoptions-common/10_github_identity.tf +++ b/src/domains/payopt-common/10_github_identity.tf @@ -205,3 +205,14 @@ resource "azurerm_key_vault_access_policy" "gha_ref_iac_managed_identities" { storage_permissions = [] } + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity +module "workload_identity" { + source = "./.terraform/modules/__v3__/kubernetes_workload_identity_init" + + workload_identity_name_prefix = var.domain + workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + workload_identity_location = var.location +} \ No newline at end of file diff --git a/src/domains/paymentoptions-common/99_locals.tf b/src/domains/payopt-common/99_locals.tf similarity index 100% rename from src/domains/paymentoptions-common/99_locals.tf rename to src/domains/payopt-common/99_locals.tf diff --git a/src/domains/paymentoptions-common/99_main.tf b/src/domains/payopt-common/99_main.tf similarity index 83% rename from src/domains/paymentoptions-common/99_main.tf rename to src/domains/payopt-common/99_main.tf index d782f0f5cb..95f5c16d5e 100644 --- a/src/domains/paymentoptions-common/99_main.tf +++ b/src/domains/payopt-common/99_main.tf @@ -7,11 +7,11 @@ terraform { } azuread = { source = "hashicorp/azuread" - version = "<= 3.0.2" + version = "<= 2.47.0" } null = { source = "hashicorp/null" - version = "<= 3.2.3" + version = "<= 3.2.2" } } @@ -31,5 +31,6 @@ data "azurerm_subscription" "current" {} data "azurerm_client_config" "current" {} module "__v3__" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=15bbe5eb512bc0fa8f06ed28e0cca754b868743a" + # v8.60.0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" } diff --git a/src/domains/paymentoptions-common/99_variables.tf b/src/domains/payopt-common/99_variables.tf similarity index 100% rename from src/domains/paymentoptions-common/99_variables.tf rename to src/domains/payopt-common/99_variables.tf diff --git a/src/domains/paymentoptions-common/README.md b/src/domains/payopt-common/README.md similarity index 100% rename from src/domains/paymentoptions-common/README.md rename to src/domains/payopt-common/README.md diff --git a/src/domains/paymentoptions-common/env/itn-dev/backend.ini b/src/domains/payopt-common/env/itn-dev/backend.ini similarity index 100% rename from src/domains/paymentoptions-common/env/itn-dev/backend.ini rename to src/domains/payopt-common/env/itn-dev/backend.ini diff --git a/src/domains/paymentoptions-common/env/itn-dev/backend.tfvars b/src/domains/payopt-common/env/itn-dev/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-dev/backend.tfvars rename to src/domains/payopt-common/env/itn-dev/backend.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-dev/terraform.tfvars b/src/domains/payopt-common/env/itn-dev/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-dev/terraform.tfvars rename to src/domains/payopt-common/env/itn-dev/terraform.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-prod/backend.ini b/src/domains/payopt-common/env/itn-prod/backend.ini similarity index 100% rename from src/domains/paymentoptions-common/env/itn-prod/backend.ini rename to src/domains/payopt-common/env/itn-prod/backend.ini diff --git a/src/domains/paymentoptions-common/env/itn-prod/backend.tfvars b/src/domains/payopt-common/env/itn-prod/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-prod/backend.tfvars rename to src/domains/payopt-common/env/itn-prod/backend.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-prod/terraform.tfvars b/src/domains/payopt-common/env/itn-prod/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-prod/terraform.tfvars rename to src/domains/payopt-common/env/itn-prod/terraform.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-uat/backend.ini b/src/domains/payopt-common/env/itn-uat/backend.ini similarity index 100% rename from src/domains/paymentoptions-common/env/itn-uat/backend.ini rename to src/domains/payopt-common/env/itn-uat/backend.ini diff --git a/src/domains/paymentoptions-common/env/itn-uat/backend.tfvars b/src/domains/payopt-common/env/itn-uat/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-uat/backend.tfvars rename to src/domains/payopt-common/env/itn-uat/backend.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-uat/terraform.tfvars b/src/domains/payopt-common/env/itn-uat/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-uat/terraform.tfvars rename to src/domains/payopt-common/env/itn-uat/terraform.tfvars diff --git a/src/domains/paymentoptions-common/terraform.sh b/src/domains/payopt-common/terraform.sh similarity index 100% rename from src/domains/paymentoptions-common/terraform.sh rename to src/domains/payopt-common/terraform.sh diff --git a/src/domains/payopt-secrets/.terraform.lock.hcl b/src/domains/payopt-secrets/.terraform.lock.hcl new file mode 100644 index 0000000000..e6e5cedf47 --- /dev/null +++ b/src/domains/payopt-secrets/.terraform.lock.hcl @@ -0,0 +1,102 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.47.0" + constraints = "<= 2.47.0" + hashes = [ + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.106.0" + constraints = "~> 3.30, <= 3.106.0" + hashes = [ + "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=", + "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47", + "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038", + "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055", + "zh:5e234c0a2f3c9677ea72b2a6e6ca90defb99fab29ae565f5d1f70728ba4ba78f", + "zh:83fd042ece6977429d79affd03d6ce963d2f122604dbf15a1abf203d7a7bbc8a", + "zh:93027e1f66b3bf83398d572d4e6f6e7777330c78c54da3226dadd50fd868ada9", + "zh:ae3d1dd66140c303df97d93c47a60f16735ce17cf156f45475dcee4a7360af5b", + "zh:daf9d2eb89e785458a76b88bf2ef0696c472094c77cc9cff3b3ea4b885c5a482", + "zh:dd46370141651e6549da6d85e25c7a6770c47581bbaaa27eda2886d41d849747", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f77405c0d8f6e0d93d9da83256b3b02c164bad4c791ed9604310ff02ae086ad1", + "zh:ffa769147bda833aef8802e3a391bd175ec749862764d61cbdaa8200d5b8f893", + ] +} + +provider "registry.terraform.io/hashicorp/external" { + version = "2.2.3" + constraints = "<= 2.2.3" + hashes = [ + "h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=", + "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", + "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", + "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", + "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387", + "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a", + "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32", + "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353", + "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f", + "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a", + "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.16.1" + constraints = "<= 2.16.1" + hashes = [ + "h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=", + "zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c", + "zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f", + "zh:3a479014187af1d0aec3a1d3d9c09551b801956fe6dd29af1186dec86712731b", + "zh:73fb0a69f1abdb02858b6589f7fab6d989a0f422f7ad95ed662aaa84872d3473", + "zh:a33852cd382cbc8e06d3f6c018b468ad809d24d912d64722e037aed1f9bf39db", + "zh:b533ff2214dca90296b1d22eace7eaa7e3efe5a7ae9da66a112094abc932db4f", + "zh:ddf74d8bb1aeb01dc2c36ef40e2b283d32b2a96db73f6daaf179fa2f10949c80", + "zh:e720f3a15d34e795fa9ff90bc755e838ebb4aef894aa2a423fb16dfa6d6b0667", + "zh:e789ae70a658800cb0a19ef7e4e9b26b5a38a92b43d1f41d64fc8bb46539cefb", + "zh:e8aed7dc0bd8f843d607dee5f72640dbef6835a8b1c6ea12cea5b4ec53e463f7", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb3ac4f43c8b0dfc0b0103dd0f062ea72b3a34518d4c8808e3a44c9a3dd5f024", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + constraints = "~> 3.2, <= 3.2.1" + hashes = [ + "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} diff --git a/src/domains/paymentoptions-secrets/00_azuread.tf b/src/domains/payopt-secrets/00_azuread.tf similarity index 100% rename from src/domains/paymentoptions-secrets/00_azuread.tf rename to src/domains/payopt-secrets/00_azuread.tf diff --git a/src/domains/paymentoptions-secrets/01_keyvault.tf b/src/domains/payopt-secrets/01_keyvault.tf similarity index 100% rename from src/domains/paymentoptions-secrets/01_keyvault.tf rename to src/domains/payopt-secrets/01_keyvault.tf diff --git a/src/domains/paymentoptions-secrets/02_azdo.tf b/src/domains/payopt-secrets/02_azdo.tf similarity index 100% rename from src/domains/paymentoptions-secrets/02_azdo.tf rename to src/domains/payopt-secrets/02_azdo.tf diff --git a/src/domains/paymentoptions-secrets/02_init_sops.tf b/src/domains/payopt-secrets/02_init_sops.tf similarity index 100% rename from src/domains/paymentoptions-secrets/02_init_sops.tf rename to src/domains/payopt-secrets/02_init_sops.tf diff --git a/src/domains/paymentoptions-secrets/03_sops_secrets.tf b/src/domains/payopt-secrets/03_sops_secrets.tf similarity index 100% rename from src/domains/paymentoptions-secrets/03_sops_secrets.tf rename to src/domains/payopt-secrets/03_sops_secrets.tf diff --git a/src/domains/paymentoptions-secrets/99_locals.tf b/src/domains/payopt-secrets/99_locals.tf similarity index 100% rename from src/domains/paymentoptions-secrets/99_locals.tf rename to src/domains/payopt-secrets/99_locals.tf diff --git a/src/domains/paymentoptions-secrets/99_main.tf b/src/domains/payopt-secrets/99_main.tf similarity index 81% rename from src/domains/paymentoptions-secrets/99_main.tf rename to src/domains/payopt-secrets/99_main.tf index ba2156d6dd..9d3239722c 100644 --- a/src/domains/paymentoptions-secrets/99_main.tf +++ b/src/domains/payopt-secrets/99_main.tf @@ -2,23 +2,23 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "<= 3.116.0" + version = "<= 3.106.0" } azuread = { source = "hashicorp/azuread" - version = "<= 3.0.2" + version = "<= 2.47.0" } null = { source = "hashicorp/null" - version = "<= 3.2.3" + version = "<= 3.2.1" } external = { source = "hashicorp/external" - version = "<= 2.3.4" + version = "<= 2.2.3" } kubernetes = { source = "hashicorp/kubernetes" - version = "<= 2.33.0" + version = "<= 2.16.1" } } @@ -43,5 +43,6 @@ data "azurerm_subscription" "current" {} data "azurerm_client_config" "current" {} module "__v3__" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=15bbe5eb512bc0fa8f06ed28e0cca754b868743a" + # v8.60.0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" } diff --git a/src/domains/paymentoptions-secrets/99_variables.tf b/src/domains/payopt-secrets/99_variables.tf similarity index 100% rename from src/domains/paymentoptions-secrets/99_variables.tf rename to src/domains/payopt-secrets/99_variables.tf diff --git a/src/domains/paymentoptions-secrets/README.md b/src/domains/payopt-secrets/README.md similarity index 100% rename from src/domains/paymentoptions-secrets/README.md rename to src/domains/payopt-secrets/README.md diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.ini b/src/domains/payopt-secrets/env/itn-dev/backend.ini similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-dev/backend.ini rename to src/domains/payopt-secrets/env/itn-dev/backend.ini diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars b/src/domains/payopt-secrets/env/itn-dev/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars rename to src/domains/payopt-secrets/env/itn-dev/backend.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars b/src/domains/payopt-secrets/env/itn-dev/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars rename to src/domains/payopt-secrets/env/itn-dev/terraform.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.ini b/src/domains/payopt-secrets/env/itn-prod/backend.ini similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-prod/backend.ini rename to src/domains/payopt-secrets/env/itn-prod/backend.ini diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars b/src/domains/payopt-secrets/env/itn-prod/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars rename to src/domains/payopt-secrets/env/itn-prod/backend.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars b/src/domains/payopt-secrets/env/itn-prod/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars rename to src/domains/payopt-secrets/env/itn-prod/terraform.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.ini b/src/domains/payopt-secrets/env/itn-uat/backend.ini similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-uat/backend.ini rename to src/domains/payopt-secrets/env/itn-uat/backend.ini diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars b/src/domains/payopt-secrets/env/itn-uat/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars rename to src/domains/payopt-secrets/env/itn-uat/backend.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars b/src/domains/payopt-secrets/env/itn-uat/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars rename to src/domains/payopt-secrets/env/itn-uat/terraform.tfvars diff --git a/src/domains/payopt-secrets/secret/itn-dev/configs.json b/src/domains/payopt-secrets/secret/itn-dev/configs.json new file mode 100644 index 0000000000..9e26dfeeb6 --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-dev/configs.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json b/src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json new file mode 100644 index 0000000000..6c3c1af837 --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json @@ -0,0 +1,22 @@ +{ + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-d-itn-payopt-kv.vault.azure.net", + "name": "pagopa-d-payopt-sops-key", + "version": "3cfc1dcd61ee4a9bb4bff1fd4e5d45f1", + "created_at": "2024-11-28T14:36:24Z", + "enc": "vpf4sFWuobCrXfjbD0TXrg8Tv31mVZngHunMNN_tL_wMI38V11PI1yJtx9XiHiC1Mf84mlKCq8OeOwB9kMQacsngGuVtE1hTMBIGqd2mbmXoKKHXQfyoczXOMTgUGCtrpAHBvO86BX6ONbRIz9WFYnXBntDk6CkVDFYVTwiViO77nSo6LpxG_PG9cBS_Am_gdzDZxM1gMJx3OrIxuEIaQ_l9LuO35Wtx1DW8hrD95xSNEaRUOxZr9bzAHtZYvKEeWdj2AzZCxkL8ikMVB1fpi5qpOzpnEDl9HMylxExET7E6Nhbl8eUXNRJi00MCNC6HeOcPdYd8gPHYtHdefThmVg" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-11-28T14:36:26Z", + "mac": "ENC[AES256_GCM,data:hkNbqIGNsyia2OK0mRXYMD3sLz4Sgc8mLuUaVCVmuVw8XSFBjrVDK5Vn1Z77xh34a9PFhW7ovWndeAO0tCwWVrFoL3vO9UhHGhoihUGy81SbmawJruF4DR+f3BTrk1lEIE39nAUHbikS97GknfTH8aZbOFupAd+hCXFO1DkHZ5g=,iv:QZEf/HHOtth8xX5+d0/omA3LAzSlzFLO5tdz6B6ZJ9o=,tag:+FnEej6YVzQ5vFLd1MwbCA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/src/domains/payopt-secrets/secret/itn-dev/secret.ini b/src/domains/payopt-secrets/secret/itn-dev/secret.ini new file mode 100644 index 0000000000..1cf65b61b0 --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-dev/secret.ini @@ -0,0 +1,3 @@ +file_crypted="noedit_secret_enc.json" +kv_name="pagopa-d-itn-payopt-kv" +kv_sops_key_name="pagopa-d-payopt-sops-key" diff --git a/src/domains/payopt-secrets/secret/itn-prod/configs.json b/src/domains/payopt-secrets/secret/itn-prod/configs.json new file mode 100644 index 0000000000..9e26dfeeb6 --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-prod/configs.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/src/domains/payopt-secrets/secret/itn-prod/secret.ini b/src/domains/payopt-secrets/secret/itn-prod/secret.ini new file mode 100644 index 0000000000..61a2254ac6 --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-prod/secret.ini @@ -0,0 +1,3 @@ +file_crypted="noedit_secret_enc.json" +kv_name="pagopa-p-itn-payopt-kv" +kv_sops_key_name="pagopa-p-payopt-sops-key" diff --git a/src/domains/payopt-secrets/secret/itn-uat/configs.json b/src/domains/payopt-secrets/secret/itn-uat/configs.json new file mode 100644 index 0000000000..9e26dfeeb6 --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-uat/configs.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json b/src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json new file mode 100644 index 0000000000..878e035cff --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json @@ -0,0 +1,22 @@ +{ + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-u-itn-payopt-kv.vault.azure.net", + "name": "pagopa-u-payopt-sops-key", + "version": "391d59d66b2e4c118246648bf60dc813", + "created_at": "2024-11-28T14:41:50Z", + "enc": "dyWl_4p70QqcfQsqmIABzVxCWauyBDVZIg9WsqjoAfhNWbCbYvzXbjCiIJhOUJK_4H-EHDb70bnIG4HyIhNmEoNhQD69R9YDkQvJs146WOfBeUT4EO7xcXcM0wZEwjkeQq0PwkVRVvufColcIhlNKg0VMDCK6K2vRijAHAT4P9-gWrVukCnLYP2mlgXKmjX51CQVOV9S97LJEXzl4ki3mI8DGrGYX9qY9uZb6har_8MJaxAAAwcCkz5OYeAImDnz4f_t3ZcIpy4LeG1rubJCNnAxBLCXxL7lt4m-nwcclLQMd_a1U-DyyoOS03_2KwTYkhQI0YnXS9xancsdWXwK9g" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-11-28T14:41:51Z", + "mac": "ENC[AES256_GCM,data:Umg7BLjeiSk1FSp+ozRgtM/EAmf4SD0wvTJvlrNpmv7hi5g+rn1V2/OoyS7xxnQg4eqDNOJSs3mDfcdHfMffYs2mNxNl8H91SYYkgH85VZYHKShUVS4o5bKwAvyDPmB4qRJ/aAlFGUWMVobGUuBSDP1/GT0Md7Ic4qeYaaepN9k=,iv:ZfMS6ik70+Ctv+/wmy4gfWvrH1+5QIHkp1v+K6n0wbQ=,tag:bAW+DPq9SLrvjvSOXleczw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/src/domains/payopt-secrets/secret/itn-uat/secret.ini b/src/domains/payopt-secrets/secret/itn-uat/secret.ini new file mode 100644 index 0000000000..c16aa7f137 --- /dev/null +++ b/src/domains/payopt-secrets/secret/itn-uat/secret.ini @@ -0,0 +1,3 @@ +file_crypted="noedit_secret_enc.json" +kv_name="pagopa-u-itn-payopt-kv" +kv_sops_key_name="pagopa-u-payopt-sops-key" diff --git a/src/domains/paymentoptions-secrets/sops.sh b/src/domains/payopt-secrets/sops.sh similarity index 100% rename from src/domains/paymentoptions-secrets/sops.sh rename to src/domains/payopt-secrets/sops.sh diff --git a/src/domains/paymentoptions-secrets/terraform.sh b/src/domains/payopt-secrets/terraform.sh similarity index 100% rename from src/domains/paymentoptions-secrets/terraform.sh rename to src/domains/payopt-secrets/terraform.sh diff --git a/src/domains/paymentoptions-secrets/terrasops.sh b/src/domains/payopt-secrets/terrasops.sh similarity index 100% rename from src/domains/paymentoptions-secrets/terrasops.sh rename to src/domains/payopt-secrets/terrasops.sh diff --git a/src/domains/printit-app/.terraform.lock.hcl b/src/domains/printit-app/.terraform.lock.hcl deleted file mode 100644 index 83852abcd4..0000000000 --- a/src/domains/printit-app/.terraform.lock.hcl +++ /dev/null @@ -1,122 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.47.0" - constraints = "<= 2.47.0" - hashes = [ - "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=", - "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", - "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", - "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=", - "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", - "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", - "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", - "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", - "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", - "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", - "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", - "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", - "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", - "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.116.0" - constraints = "~> 3.30, ~> 3.95, ~> 3.116.0, <= 3.116.0" - hashes = [ - "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", - "h1:3v5wgHWHRB3J5sByxhgkPEOmL9H4GeFIasitGI36bkM=", - "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", - "h1:SJM/KQDW9blKFmLMaupsZVYtcZ0fYpjLHEriMgCBGCY=", - "h1:jwwbQ09fH1RdcNsknt1AkvfSUbULsl7nZQn6S8fabFI=", - "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", - "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", - "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", - "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", - "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", - "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", - "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", - "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", - "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", - "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.12.1" - constraints = "~> 2.12, <= 2.12.1" - hashes = [ - "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", - "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", - "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", - "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=", - "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", - "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", - "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", - "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", - "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", - "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", - "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", - "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", - "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", - "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", - "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", - "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.29.0" - constraints = "~> 2.27, <= 2.29.0" - hashes = [ - "h1:+YCSx70JPlL2PX+yO53gzy1v0Bj61QMhq0N8U0DjK6c=", - "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=", - "h1:Igs0JTtmzn5q7RHqrvrTMCD/DCSLPMinvUnhYZ2oITw=", - "h1:oUDANZ62j22EWXtXUDAJe4HFq6BZhrYa4VLk49u7Om0=", - "h1:uM3M6zkZ7Tjr91SJaHz+ce+rmGtfUDih2fN3ogV+eYA=", - "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113", - "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578", - "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195", - "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac", - "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff", - "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25", - "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723", - "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3", - "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226", - "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a", - "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "~> 3.2, <= 3.2.1" - hashes = [ - "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", - "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", - "h1:wqgRvlyVIbkCeCQs+5jj6zVuQL0KDxZZtNofGqqlSdI=", - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", - ] -}