From 329382edb87051a2854ec1ab64ee1d851cc68b10 Mon Sep 17 00:00:00 2001 From: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> Date: Thu, 28 Nov 2024 15:59:27 +0100 Subject: [PATCH 01/13] chore(pay-wallet-common): enable public access to cosmos DB for dev env (#2618) --- src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars b/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars index 6d966c7f63..90add576be 100644 --- a/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars +++ b/src/domains/pay-wallet-common/env/itn-dev/terraform.tfvars @@ -67,7 +67,7 @@ cosmos_mongo_db_params = { is_virtual_network_filter_enabled = false enable_provisioned_throughput_exceeded_alert = false backup_continuous_enabled = false - ip_range_filter = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26,13.88.56.148,40.91.218.243,13.91.105.215,4.210.172.107,40.80.152.199,13.95.130.121,20.245.81.54,40.118.23.126" + ip_range_filter = null } cosmos_mongo_db_pay_wallet_params = { From e90eea9b8d8c9b2450f5744953867b3c4c4622f4 Mon Sep 17 00:00:00 2001 From: Simone infante <52280205+infantesimone@users.noreply.github.com> Date: Thu, 28 Nov 2024 17:20:43 +0100 Subject: [PATCH 02/13] feat: upgrade recaptcha token named value (#2607) --- .../api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl | 2 +- .../api/ecommerce-checkout/v1/_transaction_policy.xml.tpl | 2 +- .../api/ecommerce-checkout/v2/_transaction_policy.xml.tpl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl index a00ceef3f6..20f6fa6cad 100644 --- a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl @@ -1,7 +1,7 @@ - + diff --git a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl index 0f949c30a4..a4fd8a9e85 100644 --- a/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl @@ -1,7 +1,7 @@ - + diff --git a/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl b/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl index e747d56f7b..f381de268b 100644 --- a/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl @@ -2,7 +2,7 @@ - + From aa5646b6d48d57ae9c7f8b54f1ad95fd75ce8d4c Mon Sep 17 00:00:00 2001 From: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com> Date: Thu, 28 Nov 2024 17:24:46 +0100 Subject: [PATCH 03/13] chore: Fix payopt domain (#2620) fix payopt domain --- .../.terraform.lock.hcl | 5 ----- .../secret/itn-dev/configs.json | 2 +- .../secret/itn-dev/noedit_secret_enc.json | 22 +++++++++++++++++++ .../secret/itn-dev/secret.ini | 4 ++-- .../secret/itn-prod/configs.json | 3 +-- .../secret/itn-prod/secret.ini | 4 ++-- .../secret/itn-uat/configs.json | 3 +-- .../secret/itn-uat/noedit_secret_enc.json | 22 +++++++++++++++++++ .../secret/itn-uat/secret.ini | 4 ++-- 9 files changed, 53 insertions(+), 16 deletions(-) create mode 100644 src/domains/paymentoptions-secrets/secret/itn-dev/noedit_secret_enc.json create mode 100644 src/domains/paymentoptions-secrets/secret/itn-uat/noedit_secret_enc.json diff --git a/src/domains/paymentoptions-secrets/.terraform.lock.hcl b/src/domains/paymentoptions-secrets/.terraform.lock.hcl index a389468af5..e6e5cedf47 100644 --- a/src/domains/paymentoptions-secrets/.terraform.lock.hcl +++ b/src/domains/paymentoptions-secrets/.terraform.lock.hcl @@ -6,7 +6,6 @@ provider "registry.terraform.io/hashicorp/azuread" { constraints = "<= 2.47.0" hashes = [ "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", @@ -27,7 +26,6 @@ provider "registry.terraform.io/hashicorp/azurerm" { constraints = "~> 3.30, <= 3.106.0" hashes = [ "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=", - "h1:Mxe1/I27IZK3BP6cm84Gt0+7PXd2EDaDUMxuljm/rUA=", "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47", "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038", "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055", @@ -48,7 +46,6 @@ provider "registry.terraform.io/hashicorp/external" { constraints = "<= 2.2.3" hashes = [ "h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=", - "h1:D2RKjqoU26isFINpmeKG9NS0LvkPmrQkNXeYO2TdgyA=", "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", @@ -68,7 +65,6 @@ provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.16.1" constraints = "<= 2.16.1" hashes = [ - "h1:PO4Ye/+lu5hCaUEOtwNOldQYoA0dqL1bcBICIpdlcd8=", "h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=", "zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c", "zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f", @@ -89,7 +85,6 @@ provider "registry.terraform.io/hashicorp/null" { version = "3.2.1" constraints = "~> 3.2, <= 3.2.1" hashes = [ - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json b/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json index 0967ef424b..9e26dfeeb6 100644 --- a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json +++ b/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json @@ -1 +1 @@ -{} +{} \ No newline at end of file diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/noedit_secret_enc.json b/src/domains/paymentoptions-secrets/secret/itn-dev/noedit_secret_enc.json new file mode 100644 index 0000000000..6c3c1af837 --- /dev/null +++ b/src/domains/paymentoptions-secrets/secret/itn-dev/noedit_secret_enc.json @@ -0,0 +1,22 @@ +{ + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-d-itn-payopt-kv.vault.azure.net", + "name": "pagopa-d-payopt-sops-key", + "version": "3cfc1dcd61ee4a9bb4bff1fd4e5d45f1", + "created_at": "2024-11-28T14:36:24Z", + "enc": "vpf4sFWuobCrXfjbD0TXrg8Tv31mVZngHunMNN_tL_wMI38V11PI1yJtx9XiHiC1Mf84mlKCq8OeOwB9kMQacsngGuVtE1hTMBIGqd2mbmXoKKHXQfyoczXOMTgUGCtrpAHBvO86BX6ONbRIz9WFYnXBntDk6CkVDFYVTwiViO77nSo6LpxG_PG9cBS_Am_gdzDZxM1gMJx3OrIxuEIaQ_l9LuO35Wtx1DW8hrD95xSNEaRUOxZr9bzAHtZYvKEeWdj2AzZCxkL8ikMVB1fpi5qpOzpnEDl9HMylxExET7E6Nhbl8eUXNRJi00MCNC6HeOcPdYd8gPHYtHdefThmVg" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-11-28T14:36:26Z", + "mac": "ENC[AES256_GCM,data:hkNbqIGNsyia2OK0mRXYMD3sLz4Sgc8mLuUaVCVmuVw8XSFBjrVDK5Vn1Z77xh34a9PFhW7ovWndeAO0tCwWVrFoL3vO9UhHGhoihUGy81SbmawJruF4DR+f3BTrk1lEIE39nAUHbikS97GknfTH8aZbOFupAd+hCXFO1DkHZ5g=,iv:QZEf/HHOtth8xX5+d0/omA3LAzSlzFLO5tdz6B6ZJ9o=,tag:+FnEej6YVzQ5vFLd1MwbCA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini index 067019d64d..1cf65b61b0 100644 --- a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini +++ b/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini @@ -1,3 +1,3 @@ file_crypted="noedit_secret_enc.json" -kv_name="pagopa-d-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-d-paymentoptions-sops-key" +kv_name="pagopa-d-itn-payopt-kv" +kv_sops_key_name="pagopa-d-payopt-sops-key" diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json b/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json index 2c63c08510..9e26dfeeb6 100644 --- a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json +++ b/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json @@ -1,2 +1 @@ -{ -} +{} \ No newline at end of file diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini index a83c6d693e..61a2254ac6 100644 --- a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini +++ b/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini @@ -1,3 +1,3 @@ file_crypted="noedit_secret_enc.json" -kv_name="pagopa-p-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-p-paymentoptions-sops-key" +kv_name="pagopa-p-itn-payopt-kv" +kv_sops_key_name="pagopa-p-payopt-sops-key" diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json b/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json index 2c63c08510..9e26dfeeb6 100644 --- a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json +++ b/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json @@ -1,2 +1 @@ -{ -} +{} \ No newline at end of file diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/noedit_secret_enc.json b/src/domains/paymentoptions-secrets/secret/itn-uat/noedit_secret_enc.json new file mode 100644 index 0000000000..878e035cff --- /dev/null +++ b/src/domains/paymentoptions-secrets/secret/itn-uat/noedit_secret_enc.json @@ -0,0 +1,22 @@ +{ + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-u-itn-payopt-kv.vault.azure.net", + "name": "pagopa-u-payopt-sops-key", + "version": "391d59d66b2e4c118246648bf60dc813", + "created_at": "2024-11-28T14:41:50Z", + "enc": "dyWl_4p70QqcfQsqmIABzVxCWauyBDVZIg9WsqjoAfhNWbCbYvzXbjCiIJhOUJK_4H-EHDb70bnIG4HyIhNmEoNhQD69R9YDkQvJs146WOfBeUT4EO7xcXcM0wZEwjkeQq0PwkVRVvufColcIhlNKg0VMDCK6K2vRijAHAT4P9-gWrVukCnLYP2mlgXKmjX51CQVOV9S97LJEXzl4ki3mI8DGrGYX9qY9uZb6har_8MJaxAAAwcCkz5OYeAImDnz4f_t3ZcIpy4LeG1rubJCNnAxBLCXxL7lt4m-nwcclLQMd_a1U-DyyoOS03_2KwTYkhQI0YnXS9xancsdWXwK9g" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-11-28T14:41:51Z", + "mac": "ENC[AES256_GCM,data:Umg7BLjeiSk1FSp+ozRgtM/EAmf4SD0wvTJvlrNpmv7hi5g+rn1V2/OoyS7xxnQg4eqDNOJSs3mDfcdHfMffYs2mNxNl8H91SYYkgH85VZYHKShUVS4o5bKwAvyDPmB4qRJ/aAlFGUWMVobGUuBSDP1/GT0Md7Ic4qeYaaepN9k=,iv:ZfMS6ik70+Ctv+/wmy4gfWvrH1+5QIHkp1v+K6n0wbQ=,tag:bAW+DPq9SLrvjvSOXleczw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini index e5b5471c37..c16aa7f137 100644 --- a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini +++ b/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini @@ -1,3 +1,3 @@ file_crypted="noedit_secret_enc.json" -kv_name="pagopa-u-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-u-paymentoptions-sops-key" +kv_name="pagopa-u-itn-payopt-kv" +kv_sops_key_name="pagopa-u-payopt-sops-key" From 4f303ebc1fee4e119007f8e119bbd90612c8592b Mon Sep 17 00:00:00 2001 From: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com> Date: Fri, 29 Nov 2024 08:29:39 +0100 Subject: [PATCH 04/13] chore: Rename domain payopt (#2621) rename domain payopt --- .../05_aks_middleware_tools.tf | 49 ------------------- .../.terraform.lock.hcl | 0 .../00_alerts.tf | 0 .../00_data.tf | 0 .../00_keyvault.tf | 0 .../00_monitor.tf | 0 .../00_network.tf | 0 .../01_network.tf | 0 .../02_namespace.tf | 0 .../03_serviceaccounts_azure_devops.tf | 0 .../04_apim_payment_options.tf | 0 .../04_apim_payment_options_mock.tf | 0 .../payopt-app/05_aks_middleware_tools.tf | 49 +++++++++++++++++++ .../05_subkey.tf | 0 .../06_keyvault.tf | 0 .../07_gh_runner.tf | 0 .../90_pdb.tf | 0 .../99_locals.tf | 0 .../99_main.tf | 0 .../99_variables.tf | 0 .../README.md | 0 .../api/payment-options-mock/_base_policy.xml | 0 .../_get_payment_options_policy.xml | 0 .../payment-options-mock/_openapi.json.tpl | 0 .../api_product/_base_policy.xml | 0 .../env/itn-dev/backend.ini | 0 .../env/itn-dev/backend.tfvars | 0 .../env/itn-dev/terraform.tfvars | 0 .../env/itn-prod/backend.ini | 0 .../env/itn-prod/backend.tfvars | 0 .../env/itn-prod/terraform.tfvars | 0 .../env/itn-uat/backend.ini | 0 .../env/itn-uat/backend.tfvars | 0 .../env/itn-uat/terraform.tfvars | 0 .../helm/cert-mounter.yaml.tpl | 0 .../terraform.sh | 0 .../.terraform.lock.hcl | 0 .../00_data.tf | 0 .../00_monitor.tf | 0 .../00_network.tf | 0 .../01_network.tf | 0 .../03_eventhub.tf | 0 .../10_github_identity.tf | 0 .../99_locals.tf | 0 .../99_main.tf | 0 .../99_variables.tf | 0 .../README.md | 0 .../env/itn-dev/backend.ini | 0 .../env/itn-dev/backend.tfvars | 0 .../env/itn-dev/terraform.tfvars | 0 .../env/itn-prod/backend.ini | 0 .../env/itn-prod/backend.tfvars | 0 .../env/itn-prod/terraform.tfvars | 0 .../env/itn-uat/backend.ini | 0 .../env/itn-uat/backend.tfvars | 0 .../env/itn-uat/terraform.tfvars | 0 .../terraform.sh | 0 .../.terraform.lock.hcl | 0 .../00_azuread.tf | 0 .../01_keyvault.tf | 0 .../02_azdo.tf | 0 .../02_init_sops.tf | 0 .../03_sops_secrets.tf | 0 .../99_locals.tf | 0 .../99_main.tf | 0 .../99_variables.tf | 0 .../README.md | 0 .../env/itn-dev/backend.ini | 0 .../env/itn-dev/backend.tfvars | 0 .../env/itn-dev/terraform.tfvars | 0 .../env/itn-prod/backend.ini | 0 .../env/itn-prod/backend.tfvars | 0 .../env/itn-prod/terraform.tfvars | 0 .../env/itn-uat/backend.ini | 0 .../env/itn-uat/backend.tfvars | 0 .../env/itn-uat/terraform.tfvars | 0 .../secret/itn-dev/configs.json | 0 .../secret/itn-dev/noedit_secret_enc.json | 0 .../secret/itn-dev/secret.ini | 0 .../secret/itn-prod/configs.json | 0 .../secret/itn-prod/secret.ini | 0 .../secret/itn-uat/configs.json | 0 .../secret/itn-uat/noedit_secret_enc.json | 0 .../secret/itn-uat/secret.ini | 0 .../sops.sh | 0 .../terraform.sh | 0 .../terrasops.sh | 0 87 files changed, 49 insertions(+), 49 deletions(-) delete mode 100644 src/domains/paymentoptions-app/05_aks_middleware_tools.tf rename src/domains/{paymentoptions-app => payopt-app}/.terraform.lock.hcl (100%) rename src/domains/{paymentoptions-app => payopt-app}/00_alerts.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/00_data.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/00_keyvault.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/00_monitor.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/00_network.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/01_network.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/02_namespace.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/03_serviceaccounts_azure_devops.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/04_apim_payment_options.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/04_apim_payment_options_mock.tf (100%) create mode 100644 src/domains/payopt-app/05_aks_middleware_tools.tf rename src/domains/{paymentoptions-app => payopt-app}/05_subkey.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/06_keyvault.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/07_gh_runner.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/90_pdb.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/99_locals.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/99_main.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/99_variables.tf (100%) rename src/domains/{paymentoptions-app => payopt-app}/README.md (100%) rename src/domains/{paymentoptions-app => payopt-app}/api/payment-options-mock/_base_policy.xml (100%) rename src/domains/{paymentoptions-app => payopt-app}/api/payment-options-mock/_get_payment_options_policy.xml (100%) rename src/domains/{paymentoptions-app => payopt-app}/api/payment-options-mock/_openapi.json.tpl (100%) rename src/domains/{paymentoptions-app => payopt-app}/api_product/_base_policy.xml (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-dev/backend.ini (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-dev/backend.tfvars (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-dev/terraform.tfvars (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-prod/backend.ini (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-prod/backend.tfvars (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-prod/terraform.tfvars (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-uat/backend.ini (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-uat/backend.tfvars (100%) rename src/domains/{paymentoptions-app => payopt-app}/env/itn-uat/terraform.tfvars (100%) rename src/domains/{paymentoptions-app => payopt-app}/helm/cert-mounter.yaml.tpl (100%) rename src/domains/{paymentoptions-app => payopt-app}/terraform.sh (100%) rename src/domains/{paymentoptions-common => payopt-common}/.terraform.lock.hcl (100%) rename src/domains/{paymentoptions-common => payopt-common}/00_data.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/00_monitor.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/00_network.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/01_network.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/03_eventhub.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/10_github_identity.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/99_locals.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/99_main.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/99_variables.tf (100%) rename src/domains/{paymentoptions-common => payopt-common}/README.md (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-dev/backend.ini (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-dev/backend.tfvars (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-dev/terraform.tfvars (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-prod/backend.ini (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-prod/backend.tfvars (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-prod/terraform.tfvars (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-uat/backend.ini (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-uat/backend.tfvars (100%) rename src/domains/{paymentoptions-common => payopt-common}/env/itn-uat/terraform.tfvars (100%) rename src/domains/{paymentoptions-common => payopt-common}/terraform.sh (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/.terraform.lock.hcl (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/00_azuread.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/01_keyvault.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/02_azdo.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/02_init_sops.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/03_sops_secrets.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/99_locals.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/99_main.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/99_variables.tf (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/README.md (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-dev/backend.ini (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-dev/backend.tfvars (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-dev/terraform.tfvars (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-prod/backend.ini (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-prod/backend.tfvars (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-prod/terraform.tfvars (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-uat/backend.ini (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-uat/backend.tfvars (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/env/itn-uat/terraform.tfvars (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-dev/configs.json (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-dev/noedit_secret_enc.json (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-dev/secret.ini (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-prod/configs.json (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-prod/secret.ini (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-uat/configs.json (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-uat/noedit_secret_enc.json (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/secret/itn-uat/secret.ini (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/sops.sh (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/terraform.sh (100%) rename src/domains/{paymentoptions-secrets => payopt-secrets}/terrasops.sh (100%) diff --git a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf deleted file mode 100644 index 83624cc77e..0000000000 --- a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf +++ /dev/null @@ -1,49 +0,0 @@ -module "tls_checker" { - source = "./.terraform/modules/__v3__/tls_checker" - - https_endpoint = local.domain_hostname - alert_name = local.domain_hostname - alert_enabled = true - helm_chart_present = true - namespace = kubernetes_namespace.namespace.metadata[0].name - location_string = var.location_string - kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" - application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name - application_insights_id = data.azurerm_application_insights.application_insights_italy.id - application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] - keyvault_name = data.azurerm_key_vault.kv.name - keyvault_tenant_id = data.azurerm_client_config.current.tenant_id -} - -resource "helm_release" "cert_mounter" { - name = "cert-mounter-blueprint" - repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint" - chart = "cert-mounter-blueprint" - version = "1.0.4" - namespace = var.domain - timeout = 120 - force_update = true - - values = [ - templatefile("${path.root}/helm/cert-mounter.yaml.tpl", { - NAMESPACE = var.domain, - DOMAIN = var.domain, - CERTIFICATE_NAME = replace(local.domain_hostname, ".", "-"), - ENV_SHORT = var.env_short, - KV_NAME = data.azurerm_key_vault.kv.name - }) - ] -} - -resource "helm_release" "reloader" { - name = "reloader" - repository = "https://stakater.github.io/stakater-charts" - chart = "reloader" - version = "v1.0.69" - namespace = kubernetes_namespace.namespace.metadata[0].name - - set { - name = "reloader.watchGlobally" - value = "false" - } -} diff --git a/src/domains/paymentoptions-app/.terraform.lock.hcl b/src/domains/payopt-app/.terraform.lock.hcl similarity index 100% rename from src/domains/paymentoptions-app/.terraform.lock.hcl rename to src/domains/payopt-app/.terraform.lock.hcl diff --git a/src/domains/paymentoptions-app/00_alerts.tf b/src/domains/payopt-app/00_alerts.tf similarity index 100% rename from src/domains/paymentoptions-app/00_alerts.tf rename to src/domains/payopt-app/00_alerts.tf diff --git a/src/domains/paymentoptions-app/00_data.tf b/src/domains/payopt-app/00_data.tf similarity index 100% rename from src/domains/paymentoptions-app/00_data.tf rename to src/domains/payopt-app/00_data.tf diff --git a/src/domains/paymentoptions-app/00_keyvault.tf b/src/domains/payopt-app/00_keyvault.tf similarity index 100% rename from src/domains/paymentoptions-app/00_keyvault.tf rename to src/domains/payopt-app/00_keyvault.tf diff --git a/src/domains/paymentoptions-app/00_monitor.tf b/src/domains/payopt-app/00_monitor.tf similarity index 100% rename from src/domains/paymentoptions-app/00_monitor.tf rename to src/domains/payopt-app/00_monitor.tf diff --git a/src/domains/paymentoptions-app/00_network.tf b/src/domains/payopt-app/00_network.tf similarity index 100% rename from src/domains/paymentoptions-app/00_network.tf rename to src/domains/payopt-app/00_network.tf diff --git a/src/domains/paymentoptions-app/01_network.tf b/src/domains/payopt-app/01_network.tf similarity index 100% rename from src/domains/paymentoptions-app/01_network.tf rename to src/domains/payopt-app/01_network.tf diff --git a/src/domains/paymentoptions-app/02_namespace.tf b/src/domains/payopt-app/02_namespace.tf similarity index 100% rename from src/domains/paymentoptions-app/02_namespace.tf rename to src/domains/payopt-app/02_namespace.tf diff --git a/src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf b/src/domains/payopt-app/03_serviceaccounts_azure_devops.tf similarity index 100% rename from src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf rename to src/domains/payopt-app/03_serviceaccounts_azure_devops.tf diff --git a/src/domains/paymentoptions-app/04_apim_payment_options.tf b/src/domains/payopt-app/04_apim_payment_options.tf similarity index 100% rename from src/domains/paymentoptions-app/04_apim_payment_options.tf rename to src/domains/payopt-app/04_apim_payment_options.tf diff --git a/src/domains/paymentoptions-app/04_apim_payment_options_mock.tf b/src/domains/payopt-app/04_apim_payment_options_mock.tf similarity index 100% rename from src/domains/paymentoptions-app/04_apim_payment_options_mock.tf rename to src/domains/payopt-app/04_apim_payment_options_mock.tf diff --git a/src/domains/payopt-app/05_aks_middleware_tools.tf b/src/domains/payopt-app/05_aks_middleware_tools.tf new file mode 100644 index 0000000000..1caf12b260 --- /dev/null +++ b/src/domains/payopt-app/05_aks_middleware_tools.tf @@ -0,0 +1,49 @@ +# module "tls_checker" { +# source = "./.terraform/modules/__v3__/tls_checker" + +# https_endpoint = local.domain_hostname +# alert_name = local.domain_hostname +# alert_enabled = true +# helm_chart_present = true +# namespace = kubernetes_namespace.namespace.metadata[0].name +# location_string = var.location_string +# kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" +# application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name +# application_insights_id = data.azurerm_application_insights.application_insights_italy.id +# application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] +# keyvault_name = data.azurerm_key_vault.kv.name +# keyvault_tenant_id = data.azurerm_client_config.current.tenant_id +# } + +# resource "helm_release" "cert_mounter" { +# name = "cert-mounter-blueprint" +# repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint" +# chart = "cert-mounter-blueprint" +# version = "1.0.4" +# namespace = var.domain +# timeout = 120 +# force_update = true + +# values = [ +# templatefile("${path.root}/helm/cert-mounter.yaml.tpl", { +# NAMESPACE = var.domain, +# DOMAIN = var.domain, +# CERTIFICATE_NAME = replace(local.domain_hostname, ".", "-"), +# ENV_SHORT = var.env_short, +# KV_NAME = data.azurerm_key_vault.kv.name +# }) +# ] +# } + +# resource "helm_release" "reloader" { +# name = "reloader" +# repository = "https://stakater.github.io/stakater-charts" +# chart = "reloader" +# version = "v1.0.69" +# namespace = kubernetes_namespace.namespace.metadata[0].name + +# set { +# name = "reloader.watchGlobally" +# value = "false" +# } +# } diff --git a/src/domains/paymentoptions-app/05_subkey.tf b/src/domains/payopt-app/05_subkey.tf similarity index 100% rename from src/domains/paymentoptions-app/05_subkey.tf rename to src/domains/payopt-app/05_subkey.tf diff --git a/src/domains/paymentoptions-app/06_keyvault.tf b/src/domains/payopt-app/06_keyvault.tf similarity index 100% rename from src/domains/paymentoptions-app/06_keyvault.tf rename to src/domains/payopt-app/06_keyvault.tf diff --git a/src/domains/paymentoptions-app/07_gh_runner.tf b/src/domains/payopt-app/07_gh_runner.tf similarity index 100% rename from src/domains/paymentoptions-app/07_gh_runner.tf rename to src/domains/payopt-app/07_gh_runner.tf diff --git a/src/domains/paymentoptions-app/90_pdb.tf b/src/domains/payopt-app/90_pdb.tf similarity index 100% rename from src/domains/paymentoptions-app/90_pdb.tf rename to src/domains/payopt-app/90_pdb.tf diff --git a/src/domains/paymentoptions-app/99_locals.tf b/src/domains/payopt-app/99_locals.tf similarity index 100% rename from src/domains/paymentoptions-app/99_locals.tf rename to src/domains/payopt-app/99_locals.tf diff --git a/src/domains/paymentoptions-app/99_main.tf b/src/domains/payopt-app/99_main.tf similarity index 100% rename from src/domains/paymentoptions-app/99_main.tf rename to src/domains/payopt-app/99_main.tf diff --git a/src/domains/paymentoptions-app/99_variables.tf b/src/domains/payopt-app/99_variables.tf similarity index 100% rename from src/domains/paymentoptions-app/99_variables.tf rename to src/domains/payopt-app/99_variables.tf diff --git a/src/domains/paymentoptions-app/README.md b/src/domains/payopt-app/README.md similarity index 100% rename from src/domains/paymentoptions-app/README.md rename to src/domains/payopt-app/README.md diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml b/src/domains/payopt-app/api/payment-options-mock/_base_policy.xml similarity index 100% rename from src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml rename to src/domains/payopt-app/api/payment-options-mock/_base_policy.xml diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml b/src/domains/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml similarity index 100% rename from src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml rename to src/domains/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl b/src/domains/payopt-app/api/payment-options-mock/_openapi.json.tpl similarity index 100% rename from src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl rename to src/domains/payopt-app/api/payment-options-mock/_openapi.json.tpl diff --git a/src/domains/paymentoptions-app/api_product/_base_policy.xml b/src/domains/payopt-app/api_product/_base_policy.xml similarity index 100% rename from src/domains/paymentoptions-app/api_product/_base_policy.xml rename to src/domains/payopt-app/api_product/_base_policy.xml diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.ini b/src/domains/payopt-app/env/itn-dev/backend.ini similarity index 100% rename from src/domains/paymentoptions-app/env/itn-dev/backend.ini rename to src/domains/payopt-app/env/itn-dev/backend.ini diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.tfvars b/src/domains/payopt-app/env/itn-dev/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-dev/backend.tfvars rename to src/domains/payopt-app/env/itn-dev/backend.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars b/src/domains/payopt-app/env/itn-dev/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars rename to src/domains/payopt-app/env/itn-dev/terraform.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.ini b/src/domains/payopt-app/env/itn-prod/backend.ini similarity index 100% rename from src/domains/paymentoptions-app/env/itn-prod/backend.ini rename to src/domains/payopt-app/env/itn-prod/backend.ini diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.tfvars b/src/domains/payopt-app/env/itn-prod/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-prod/backend.tfvars rename to src/domains/payopt-app/env/itn-prod/backend.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars b/src/domains/payopt-app/env/itn-prod/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars rename to src/domains/payopt-app/env/itn-prod/terraform.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.ini b/src/domains/payopt-app/env/itn-uat/backend.ini similarity index 100% rename from src/domains/paymentoptions-app/env/itn-uat/backend.ini rename to src/domains/payopt-app/env/itn-uat/backend.ini diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.tfvars b/src/domains/payopt-app/env/itn-uat/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-uat/backend.tfvars rename to src/domains/payopt-app/env/itn-uat/backend.tfvars diff --git a/src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars b/src/domains/payopt-app/env/itn-uat/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars rename to src/domains/payopt-app/env/itn-uat/terraform.tfvars diff --git a/src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl b/src/domains/payopt-app/helm/cert-mounter.yaml.tpl similarity index 100% rename from src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl rename to src/domains/payopt-app/helm/cert-mounter.yaml.tpl diff --git a/src/domains/paymentoptions-app/terraform.sh b/src/domains/payopt-app/terraform.sh similarity index 100% rename from src/domains/paymentoptions-app/terraform.sh rename to src/domains/payopt-app/terraform.sh diff --git a/src/domains/paymentoptions-common/.terraform.lock.hcl b/src/domains/payopt-common/.terraform.lock.hcl similarity index 100% rename from src/domains/paymentoptions-common/.terraform.lock.hcl rename to src/domains/payopt-common/.terraform.lock.hcl diff --git a/src/domains/paymentoptions-common/00_data.tf b/src/domains/payopt-common/00_data.tf similarity index 100% rename from src/domains/paymentoptions-common/00_data.tf rename to src/domains/payopt-common/00_data.tf diff --git a/src/domains/paymentoptions-common/00_monitor.tf b/src/domains/payopt-common/00_monitor.tf similarity index 100% rename from src/domains/paymentoptions-common/00_monitor.tf rename to src/domains/payopt-common/00_monitor.tf diff --git a/src/domains/paymentoptions-common/00_network.tf b/src/domains/payopt-common/00_network.tf similarity index 100% rename from src/domains/paymentoptions-common/00_network.tf rename to src/domains/payopt-common/00_network.tf diff --git a/src/domains/paymentoptions-common/01_network.tf b/src/domains/payopt-common/01_network.tf similarity index 100% rename from src/domains/paymentoptions-common/01_network.tf rename to src/domains/payopt-common/01_network.tf diff --git a/src/domains/paymentoptions-common/03_eventhub.tf b/src/domains/payopt-common/03_eventhub.tf similarity index 100% rename from src/domains/paymentoptions-common/03_eventhub.tf rename to src/domains/payopt-common/03_eventhub.tf diff --git a/src/domains/paymentoptions-common/10_github_identity.tf b/src/domains/payopt-common/10_github_identity.tf similarity index 100% rename from src/domains/paymentoptions-common/10_github_identity.tf rename to src/domains/payopt-common/10_github_identity.tf diff --git a/src/domains/paymentoptions-common/99_locals.tf b/src/domains/payopt-common/99_locals.tf similarity index 100% rename from src/domains/paymentoptions-common/99_locals.tf rename to src/domains/payopt-common/99_locals.tf diff --git a/src/domains/paymentoptions-common/99_main.tf b/src/domains/payopt-common/99_main.tf similarity index 100% rename from src/domains/paymentoptions-common/99_main.tf rename to src/domains/payopt-common/99_main.tf diff --git a/src/domains/paymentoptions-common/99_variables.tf b/src/domains/payopt-common/99_variables.tf similarity index 100% rename from src/domains/paymentoptions-common/99_variables.tf rename to src/domains/payopt-common/99_variables.tf diff --git a/src/domains/paymentoptions-common/README.md b/src/domains/payopt-common/README.md similarity index 100% rename from src/domains/paymentoptions-common/README.md rename to src/domains/payopt-common/README.md diff --git a/src/domains/paymentoptions-common/env/itn-dev/backend.ini b/src/domains/payopt-common/env/itn-dev/backend.ini similarity index 100% rename from src/domains/paymentoptions-common/env/itn-dev/backend.ini rename to src/domains/payopt-common/env/itn-dev/backend.ini diff --git a/src/domains/paymentoptions-common/env/itn-dev/backend.tfvars b/src/domains/payopt-common/env/itn-dev/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-dev/backend.tfvars rename to src/domains/payopt-common/env/itn-dev/backend.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-dev/terraform.tfvars b/src/domains/payopt-common/env/itn-dev/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-dev/terraform.tfvars rename to src/domains/payopt-common/env/itn-dev/terraform.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-prod/backend.ini b/src/domains/payopt-common/env/itn-prod/backend.ini similarity index 100% rename from src/domains/paymentoptions-common/env/itn-prod/backend.ini rename to src/domains/payopt-common/env/itn-prod/backend.ini diff --git a/src/domains/paymentoptions-common/env/itn-prod/backend.tfvars b/src/domains/payopt-common/env/itn-prod/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-prod/backend.tfvars rename to src/domains/payopt-common/env/itn-prod/backend.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-prod/terraform.tfvars b/src/domains/payopt-common/env/itn-prod/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-prod/terraform.tfvars rename to src/domains/payopt-common/env/itn-prod/terraform.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-uat/backend.ini b/src/domains/payopt-common/env/itn-uat/backend.ini similarity index 100% rename from src/domains/paymentoptions-common/env/itn-uat/backend.ini rename to src/domains/payopt-common/env/itn-uat/backend.ini diff --git a/src/domains/paymentoptions-common/env/itn-uat/backend.tfvars b/src/domains/payopt-common/env/itn-uat/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-uat/backend.tfvars rename to src/domains/payopt-common/env/itn-uat/backend.tfvars diff --git a/src/domains/paymentoptions-common/env/itn-uat/terraform.tfvars b/src/domains/payopt-common/env/itn-uat/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-common/env/itn-uat/terraform.tfvars rename to src/domains/payopt-common/env/itn-uat/terraform.tfvars diff --git a/src/domains/paymentoptions-common/terraform.sh b/src/domains/payopt-common/terraform.sh similarity index 100% rename from src/domains/paymentoptions-common/terraform.sh rename to src/domains/payopt-common/terraform.sh diff --git a/src/domains/paymentoptions-secrets/.terraform.lock.hcl b/src/domains/payopt-secrets/.terraform.lock.hcl similarity index 100% rename from src/domains/paymentoptions-secrets/.terraform.lock.hcl rename to src/domains/payopt-secrets/.terraform.lock.hcl diff --git a/src/domains/paymentoptions-secrets/00_azuread.tf b/src/domains/payopt-secrets/00_azuread.tf similarity index 100% rename from src/domains/paymentoptions-secrets/00_azuread.tf rename to src/domains/payopt-secrets/00_azuread.tf diff --git a/src/domains/paymentoptions-secrets/01_keyvault.tf b/src/domains/payopt-secrets/01_keyvault.tf similarity index 100% rename from src/domains/paymentoptions-secrets/01_keyvault.tf rename to src/domains/payopt-secrets/01_keyvault.tf diff --git a/src/domains/paymentoptions-secrets/02_azdo.tf b/src/domains/payopt-secrets/02_azdo.tf similarity index 100% rename from src/domains/paymentoptions-secrets/02_azdo.tf rename to src/domains/payopt-secrets/02_azdo.tf diff --git a/src/domains/paymentoptions-secrets/02_init_sops.tf b/src/domains/payopt-secrets/02_init_sops.tf similarity index 100% rename from src/domains/paymentoptions-secrets/02_init_sops.tf rename to src/domains/payopt-secrets/02_init_sops.tf diff --git a/src/domains/paymentoptions-secrets/03_sops_secrets.tf b/src/domains/payopt-secrets/03_sops_secrets.tf similarity index 100% rename from src/domains/paymentoptions-secrets/03_sops_secrets.tf rename to src/domains/payopt-secrets/03_sops_secrets.tf diff --git a/src/domains/paymentoptions-secrets/99_locals.tf b/src/domains/payopt-secrets/99_locals.tf similarity index 100% rename from src/domains/paymentoptions-secrets/99_locals.tf rename to src/domains/payopt-secrets/99_locals.tf diff --git a/src/domains/paymentoptions-secrets/99_main.tf b/src/domains/payopt-secrets/99_main.tf similarity index 100% rename from src/domains/paymentoptions-secrets/99_main.tf rename to src/domains/payopt-secrets/99_main.tf diff --git a/src/domains/paymentoptions-secrets/99_variables.tf b/src/domains/payopt-secrets/99_variables.tf similarity index 100% rename from src/domains/paymentoptions-secrets/99_variables.tf rename to src/domains/payopt-secrets/99_variables.tf diff --git a/src/domains/paymentoptions-secrets/README.md b/src/domains/payopt-secrets/README.md similarity index 100% rename from src/domains/paymentoptions-secrets/README.md rename to src/domains/payopt-secrets/README.md diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.ini b/src/domains/payopt-secrets/env/itn-dev/backend.ini similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-dev/backend.ini rename to src/domains/payopt-secrets/env/itn-dev/backend.ini diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars b/src/domains/payopt-secrets/env/itn-dev/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars rename to src/domains/payopt-secrets/env/itn-dev/backend.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars b/src/domains/payopt-secrets/env/itn-dev/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars rename to src/domains/payopt-secrets/env/itn-dev/terraform.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.ini b/src/domains/payopt-secrets/env/itn-prod/backend.ini similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-prod/backend.ini rename to src/domains/payopt-secrets/env/itn-prod/backend.ini diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars b/src/domains/payopt-secrets/env/itn-prod/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars rename to src/domains/payopt-secrets/env/itn-prod/backend.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars b/src/domains/payopt-secrets/env/itn-prod/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars rename to src/domains/payopt-secrets/env/itn-prod/terraform.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.ini b/src/domains/payopt-secrets/env/itn-uat/backend.ini similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-uat/backend.ini rename to src/domains/payopt-secrets/env/itn-uat/backend.ini diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars b/src/domains/payopt-secrets/env/itn-uat/backend.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars rename to src/domains/payopt-secrets/env/itn-uat/backend.tfvars diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars b/src/domains/payopt-secrets/env/itn-uat/terraform.tfvars similarity index 100% rename from src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars rename to src/domains/payopt-secrets/env/itn-uat/terraform.tfvars diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json b/src/domains/payopt-secrets/secret/itn-dev/configs.json similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-dev/configs.json rename to src/domains/payopt-secrets/secret/itn-dev/configs.json diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/noedit_secret_enc.json b/src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-dev/noedit_secret_enc.json rename to src/domains/payopt-secrets/secret/itn-dev/noedit_secret_enc.json diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini b/src/domains/payopt-secrets/secret/itn-dev/secret.ini similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini rename to src/domains/payopt-secrets/secret/itn-dev/secret.ini diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json b/src/domains/payopt-secrets/secret/itn-prod/configs.json similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-prod/configs.json rename to src/domains/payopt-secrets/secret/itn-prod/configs.json diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini b/src/domains/payopt-secrets/secret/itn-prod/secret.ini similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini rename to src/domains/payopt-secrets/secret/itn-prod/secret.ini diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json b/src/domains/payopt-secrets/secret/itn-uat/configs.json similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-uat/configs.json rename to src/domains/payopt-secrets/secret/itn-uat/configs.json diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/noedit_secret_enc.json b/src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-uat/noedit_secret_enc.json rename to src/domains/payopt-secrets/secret/itn-uat/noedit_secret_enc.json diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini b/src/domains/payopt-secrets/secret/itn-uat/secret.ini similarity index 100% rename from src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini rename to src/domains/payopt-secrets/secret/itn-uat/secret.ini diff --git a/src/domains/paymentoptions-secrets/sops.sh b/src/domains/payopt-secrets/sops.sh similarity index 100% rename from src/domains/paymentoptions-secrets/sops.sh rename to src/domains/payopt-secrets/sops.sh diff --git a/src/domains/paymentoptions-secrets/terraform.sh b/src/domains/payopt-secrets/terraform.sh similarity index 100% rename from src/domains/paymentoptions-secrets/terraform.sh rename to src/domains/payopt-secrets/terraform.sh diff --git a/src/domains/paymentoptions-secrets/terrasops.sh b/src/domains/payopt-secrets/terrasops.sh similarity index 100% rename from src/domains/paymentoptions-secrets/terrasops.sh rename to src/domains/payopt-secrets/terrasops.sh From df0a6593fda00e982580b4abfbf99bc2c8fe2ccc Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis <117269497+andrea-deri@users.noreply.github.com> Date: Mon, 2 Dec 2024 08:17:44 +0100 Subject: [PATCH 05/13] feat: [PAGOPA-2425] add alert on D-WISP's redirect API availability (#2616) * [PAGOPA-2425] feat: add alert on D-WISP's redirect API availability * [PAGOPA-2425] feat: add alert on D-WISP's redirect API availability * [PAGOPA-2425] fix: removing D-WISP client errors from alert * [PAGOPA-2425] feat: tuning on D-WISP's /payments alert --- .../nodo-app/00_alert_wisp_dismantling.tf | 49 ++++++++++++++++++- src/domains/nodo-app/README.md | 1 + 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/src/domains/nodo-app/00_alert_wisp_dismantling.tf b/src/domains/nodo-app/00_alert_wisp_dismantling.tf index a0abc1f625..1b88189b5d 100644 --- a/src/domains/nodo-app/00_alert_wisp_dismantling.tf +++ b/src/domains/nodo-app/00_alert_wisp_dismantling.tf @@ -34,6 +34,53 @@ AzureDiagnostics } } +// Query explanation: https://pagopa.atlassian.net/wiki/spaces/I/pages/574751186/Razionalizzazione+Alert +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-converter-redirect-availability" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-wisp-converter-redirect-availability" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Alert pagopa-wisp-converter-redirect-availability" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim.id + description = "Availability for https://api.platform.pagopa.it/wisp-converter/redirect/api/v1/payments is less than or equal to threshold - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-wisp-converter" + enabled = true + query = (<<-QUERY +let lowTrafficThreshold = 70; // the lower threshold that can be calculated regarding the number of invocations +let highTrafficThreshold = 95; // the upper threshold that can be calculated regarding the number of invocations +let trafficMin = 100; // the minimum number of invocations (traffic) below which 'lowTrafficThreshold' guideline is used +let trafficLinear = 500; // the minimum number of invocations (traffic) above which 'highTrafficThreshold' guideline is used +let thresholdDelta = trafficLinear - trafficMin; // the difference of the traffic guideline on which the expected availability is calculated +let availabilityDelta = highTrafficThreshold - lowTrafficThreshold; // the difference of the threshold limits on which the expected availability is calculated +// ----------------------------------------- +AzureDiagnostics +| where url_s startswith "https://api.platform.pagopa.it/wisp-converter/redirect/api/v1/payments" +| summarize + total=count(), + success=count(responseCode_d == 302) + by timeslot = bin(TimeGenerated, 5m) +| extend trafficUp = total - trafficMin +| extend deltaRatio = todouble(todouble(trafficUp) / todouble(thresholdDelta)) +| extend expectedAvailability = iff(total >= trafficLinear, toreal(highTrafficThreshold), iff(total <= trafficMin, toreal(lowTrafficThreshold), (deltaRatio * (availabilityDelta)) + lowTrafficThreshold)) +| extend availability = ((success * 1.0) / total) * 100 +| project timeslot, availability, threshold=expectedAvailability +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + // These API invoking and result are logged only on application insight // [receiptKo, receiptOk, createTimer, deleteTimer] resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-converter-ai-availability" { @@ -126,7 +173,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-wisp-convert let errorsToExclude = dynamic([ "WIC-1300", // payment position already paid "WIC-2001", // RPT timer creation - "WIC-3001", "WIC-3002", "WIC-3003", "WIC-3004", "WIC-3005", "WIC-3006" // client errors + "WIC-3004" // CLIENT_CHECKOUT error ]); traces | where cloud_RoleName == "pagopawispconverter" diff --git a/src/domains/nodo-app/README.md b/src/domains/nodo-app/README.md index bbe25279f2..dcfb87913e 100644 --- a/src/domains/nodo-app/README.md +++ b/src/domains/nodo-app/README.md @@ -206,6 +206,7 @@ | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-ai-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-ai-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | +| [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-redirect-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_monitor_scheduled_query_rules_alert.opex_pagopa-wisp-converter-wic-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | | [azurerm_resource_group.nodo_re_to_datastore_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.vmss_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | From ba907e1676cce27e30134dfaebf3c6e9cc1593c5 Mon Sep 17 00:00:00 2001 From: ciuffagianluca <113357981+ciuffagianluca@users.noreply.github.com> Date: Mon, 2 Dec 2024 14:29:01 +0100 Subject: [PATCH 06/13] feat: CHK-3585 update openapi ecommerce-for-io-outcomes (#2605) * update openapi ecommerce-for-io-outcomes * restore generic error * fix error description for code 99 --------- Co-authored-by: Gianluca Ciuffa Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> Co-authored-by: Simone infante <52280205+infantesimone@users.noreply.github.com> --- .../api/ecommerce-io-outcomes/v1/_openapi.json.tpl | 14 ++++++++++---- .../api/ecommerce-io/v2/_openapi.json.tpl | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl index 40ba066357..a6a1b062d0 100644 --- a/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl @@ -3,7 +3,7 @@ "info": { "version": "0.0.1", "title": "Pagopa eCommerce services for app IO outcomes", - "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)", + "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)\n- TAKEN_IN_CHARGE(17) → Waiting for outcome \n- PSP_ERROR(25) → Error from psp\n- BE_KO(99) → Backend Error\n- BALANCE_NOT_AVAILABLE(116) → Balance not available\n- CVV_ERROR(117) → Security code error\n- LIMIT_EXCEDEED(121) → Limit excedeed", "contact": { "name": "pagoPA - Touchpoints team" } @@ -50,10 +50,16 @@ "11", "12", "13", - "14" + "14", + "17", + "25", + "99", + "116", + "117", + "121" ] }, - "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session\n", + "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session `17` - Taken in charge `25` - PSP Error `99` - Backend Error `116` - Balance not available `117` - CVV Error `121` - Limit exceeded\n", "required": true } ], @@ -75,4 +81,4 @@ } } } -} \ No newline at end of file +} diff --git a/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl index 7ff19f49a1..fc23a19ef6 100644 --- a/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl +++ b/src/domains/ecommerce-app/api/ecommerce-io/v2/_openapi.json.tpl @@ -3,7 +3,7 @@ "info": { "version": "0.0.1", "title": "Pagopa eCommerce services for app IO with payment wallet", - "description": "API's exposed from eCommerce services to app IO to allow pagoPA payment with payment wallet.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)", + "description": "API's exposed from eCommerce services to app IO to allow pagoPA payment with payment wallet.", "contact": { "name": "pagoPA - Touchpoints team" } From 09e95c140528566632bff88dc82e7d4b76fa916d Mon Sep 17 00:00:00 2001 From: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:07:47 +0100 Subject: [PATCH 07/13] feat: Add payopt workload identity (#2623) * payopt workload identity * fix * fix * fix --- src/aks-leonardo/03_aks_0.tf | 3 + src/aks-leonardo/99_variables.tf | 5 + src/aks-leonardo/env/itn-dev/terraform.tfvars | 8 +- .../env/itn-prod/terraform.tfvars | 10 +- src/aks-leonardo/env/itn-uat/terraform.tfvars | 10 +- src/domains/payopt-app/.terraform.lock.hcl | 114 ++++++++-------- src/domains/payopt-app/02_namespace.tf | 39 ++++-- .../payopt-app/05_aks_middleware_tools.tf | 104 ++++++++------- src/domains/payopt-app/99_main.tf | 8 +- src/domains/payopt-common/03_eventhub.tf | 4 +- .../payopt-common/10_github_identity.tf | 17 ++- src/domains/payopt-common/99_main.tf | 5 + src/domains/payopt-secrets/01_keyvault.tf | 4 +- src/domains/payopt-secrets/99_main.tf | 5 + src/domains/printit-app/.terraform.lock.hcl | 122 ------------------ 15 files changed, 198 insertions(+), 260 deletions(-) delete mode 100644 src/domains/printit-app/.terraform.lock.hcl diff --git a/src/aks-leonardo/03_aks_0.tf b/src/aks-leonardo/03_aks_0.tf index f7359b2fb0..cad32dc45c 100644 --- a/src/aks-leonardo/03_aks_0.tf +++ b/src/aks-leonardo/03_aks_0.tf @@ -55,6 +55,9 @@ module "aks_leonardo" { addon_azure_policy_enabled = true addon_azure_key_vault_secrets_provider_enabled = true addon_azure_pod_identity_enabled = true + workload_identity_enabled = var.aks_enable_workload_identity + oidc_issuer_enabled = var.aks_enable_workload_identity + alerts_enabled = var.aks_alerts_enabled # custom_metric_alerts = local.aks_metrics_alerts diff --git a/src/aks-leonardo/99_variables.tf b/src/aks-leonardo/99_variables.tf index 3c615d556f..1d4c0e2d00 100644 --- a/src/aks-leonardo/99_variables.tf +++ b/src/aks-leonardo/99_variables.tf @@ -566,3 +566,8 @@ variable "monitor_appinsights_name" { type = string description = "App insight in europe name" } + +variable "aks_enable_workload_identity" { + type = bool + default = false +} \ No newline at end of file diff --git a/src/aks-leonardo/env/itn-dev/terraform.tfvars b/src/aks-leonardo/env/itn-dev/terraform.tfvars index 2983974d05..63381ca858 100644 --- a/src/aks-leonardo/env/itn-dev/terraform.tfvars +++ b/src/aks-leonardo/env/itn-dev/terraform.tfvars @@ -38,9 +38,11 @@ monitor_appinsights_name = "pagopa-d-appinsights" # # ⛴ AKS # -aks_private_cluster_enabled = false -aks_alerts_enabled = false -aks_kubernetes_version = "1.29.4" +aks_private_cluster_enabled = false +aks_alerts_enabled = false +aks_kubernetes_version = "1.29.4" +aks_enable_workload_identity = true + aks_system_node_pool = { name = "padaksleosys", vm_size = "Standard_B2ms", diff --git a/src/aks-leonardo/env/itn-prod/terraform.tfvars b/src/aks-leonardo/env/itn-prod/terraform.tfvars index 71ccc407af..c6997560ea 100644 --- a/src/aks-leonardo/env/itn-prod/terraform.tfvars +++ b/src/aks-leonardo/env/itn-prod/terraform.tfvars @@ -39,10 +39,12 @@ monitor_appinsights_name = "pagopa-p-appinsights" # # ⛴ AKS # -aks_private_cluster_enabled = true -aks_alerts_enabled = false -aks_kubernetes_version = "1.29.4" -aks_sku_tier = "Standard" +aks_private_cluster_enabled = true +aks_alerts_enabled = false +aks_kubernetes_version = "1.29.4" +aks_sku_tier = "Standard" +aks_enable_workload_identity = false + aks_system_node_pool = { name = "papaksleosys", vm_size = "Standard_D2ds_v5", diff --git a/src/aks-leonardo/env/itn-uat/terraform.tfvars b/src/aks-leonardo/env/itn-uat/terraform.tfvars index 10b77c9724..8cb8833e9b 100644 --- a/src/aks-leonardo/env/itn-uat/terraform.tfvars +++ b/src/aks-leonardo/env/itn-uat/terraform.tfvars @@ -38,10 +38,12 @@ monitor_appinsights_name = "pagopa-u-appinsights" # # ⛴ AKS # -aks_private_cluster_enabled = true -aks_alerts_enabled = false -aks_kubernetes_version = "1.29.4" -aks_sku_tier = "Standard" +aks_private_cluster_enabled = true +aks_alerts_enabled = false +aks_kubernetes_version = "1.29.4" +aks_sku_tier = "Standard" +aks_enable_workload_identity = true + aks_system_node_pool = { name = "pauaksleosys", vm_size = "Standard_D2ds_v5", diff --git a/src/domains/payopt-app/.terraform.lock.hcl b/src/domains/payopt-app/.terraform.lock.hcl index bb731a804e..5ff319e7d6 100644 --- a/src/domains/payopt-app/.terraform.lock.hcl +++ b/src/domains/payopt-app/.terraform.lock.hcl @@ -2,28 +2,28 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azuread" { - version = "2.47.0" - constraints = "<= 2.47.0" + version = "3.0.2" + constraints = "<= 3.0.2" hashes = [ - "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "h1:yQqvUtgtrYKGpIygdM8P6N+pvMWJJWIsVdPow29VE20=", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", - "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", - "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", - "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", - "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", - "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", - "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", - "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", - "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", - "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", ] } provider "registry.terraform.io/hashicorp/azurerm" { version = "3.116.0" - constraints = "~> 3.30, ~> 3.116.0, <= 3.116.0" + constraints = "~> 3.30, ~> 3.110, ~> 3.116.0, <= 3.116.0" hashes = [ "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", @@ -42,61 +42,61 @@ provider "registry.terraform.io/hashicorp/azurerm" { } provider "registry.terraform.io/hashicorp/helm" { - version = "2.12.1" - constraints = "~> 2.12, <= 2.12.1" + version = "2.16.0" + constraints = "~> 2.12, <= 2.16.0" hashes = [ - "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", - "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", - "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", - "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", - "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", - "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", - "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", - "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", - "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", - "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", - "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", - "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", + "h1:zk+1yjCh9RKDsugek6X2JXtLywtdIeS1DeOLjzypU70=", + "zh:0fa970817bab7a8411ff443d51004dc2974c0ef4aad082a514f8b56559db3113", + "zh:333b9ac02fcbf9dcf4825dc1e4fc373ef4571b1dd00b79f5c8ea24e1c79992f0", + "zh:792e1e9c409dd76e3eabf3b0c0a6b5a3c3ef42adfc578f7899def46a81e994ef", + "zh:8eca4a52d43ca97d944a8c5d0f2ee60bcbefcb3ccee51d5620bde9047b8ea9c7", + "zh:90969e6a0f7127b0cb75c8790f63f4d050576ffe9bd722887a11d885430624cd", + "zh:a9d72fb106f16ab4f68c779a2c59124929cbc1cb0dbc47ed5ef380c6205f70bb", + "zh:c28bc1a2c0f8f11626baf905a888b2600663ba8dbb33ce4203efcafa16c77fc5", + "zh:c5d6c72a8c5513ff868209ceda9e6000723b02d21811d05909d26614784d4db6", + "zh:d105d40b1a217120332f65a93b24470d18e355868bfa99f0cdeeff5869cff9fb", + "zh:e6c78637c8c6081b8817f61658de8d0163b92157336ac3236cf183b5834f9487", + "zh:edef68729e4f263df3a6737fc73b14e1ee952b800d72d0c6f2cb524bc1ad7ec8", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.29.0" - constraints = "~> 2.27, <= 2.29.0" + version = "2.33.0" + constraints = "~> 2.27, ~> 2.30, <= 2.33.0" hashes = [ - "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=", - "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113", - "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578", - "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195", - "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac", - "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff", - "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25", - "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723", - "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3", - "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226", - "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a", - "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e", + "h1:HDyytvOlqNw5fJ0SB/nzgqCWniK4LAZNx23LaPavQq8=", + "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", + "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", + "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", + "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", + "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", + "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", + "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", + "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", + "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", + "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", + "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "~> 3.2, <= 3.2.1" + version = "3.2.3" + constraints = "~> 3.2, <= 3.2.3" hashes = [ - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", ] } diff --git a/src/domains/payopt-app/02_namespace.tf b/src/domains/payopt-app/02_namespace.tf index 73e2653de5..7d9fcc5c42 100644 --- a/src/domains/payopt-app/02_namespace.tf +++ b/src/domains/payopt-app/02_namespace.tf @@ -4,17 +4,36 @@ resource "kubernetes_namespace" "namespace" { } } -module "pod_identity" { - source = "./.terraform/modules/__v3__/kubernetes_pod_identity" +# module "pod_identity" { +# source = "./.terraform/modules/__v3__/kubernetes_pod_identity" - resource_group_name = local.aks_resource_group_name - location = var.location - tenant_id = data.azurerm_subscription.current.tenant_id - cluster_name = local.aks_name +# resource_group_name = local.aks_resource_group_name +# location = var.location +# tenant_id = data.azurerm_subscription.current.tenant_id +# cluster_name = local.aks_name - identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" - namespace = kubernetes_namespace.namespace.metadata[0].name - key_vault_id = data.azurerm_key_vault.kv.id +# identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" +# namespace = kubernetes_namespace.namespace.metadata[0].name +# key_vault_id = data.azurerm_key_vault.kv.id - secret_permissions = ["Get"] +# secret_permissions = ["Get"] +# } + + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity +module "workload_identity" { + source = "./.terraform/modules/__v3__/kubernetes_workload_identity_configuration" + + workload_identity_name_prefix = var.domain + workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + aks_name = data.azurerm_kubernetes_cluster.aks.name + aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + namespace = var.domain + + key_vault_id = data.azurerm_key_vault.kv.id + key_vault_certificate_permissions = ["Get"] + key_vault_key_permissions = ["Get"] + key_vault_secret_permissions = ["Get"] } diff --git a/src/domains/payopt-app/05_aks_middleware_tools.tf b/src/domains/payopt-app/05_aks_middleware_tools.tf index 1caf12b260..0afc20f24f 100644 --- a/src/domains/payopt-app/05_aks_middleware_tools.tf +++ b/src/domains/payopt-app/05_aks_middleware_tools.tf @@ -1,49 +1,55 @@ -# module "tls_checker" { -# source = "./.terraform/modules/__v3__/tls_checker" - -# https_endpoint = local.domain_hostname -# alert_name = local.domain_hostname -# alert_enabled = true -# helm_chart_present = true -# namespace = kubernetes_namespace.namespace.metadata[0].name -# location_string = var.location_string -# kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" -# application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name -# application_insights_id = data.azurerm_application_insights.application_insights_italy.id -# application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] -# keyvault_name = data.azurerm_key_vault.kv.name -# keyvault_tenant_id = data.azurerm_client_config.current.tenant_id -# } - -# resource "helm_release" "cert_mounter" { -# name = "cert-mounter-blueprint" -# repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint" -# chart = "cert-mounter-blueprint" -# version = "1.0.4" -# namespace = var.domain -# timeout = 120 -# force_update = true - -# values = [ -# templatefile("${path.root}/helm/cert-mounter.yaml.tpl", { -# NAMESPACE = var.domain, -# DOMAIN = var.domain, -# CERTIFICATE_NAME = replace(local.domain_hostname, ".", "-"), -# ENV_SHORT = var.env_short, -# KV_NAME = data.azurerm_key_vault.kv.name -# }) -# ] -# } - -# resource "helm_release" "reloader" { -# name = "reloader" -# repository = "https://stakater.github.io/stakater-charts" -# chart = "reloader" -# version = "v1.0.69" -# namespace = kubernetes_namespace.namespace.metadata[0].name - -# set { -# name = "reloader.watchGlobally" -# value = "false" -# } -# } + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%F0%9F%94%AE-tls-cheker +module "tls_checker" { + source = "./.terraform/modules/__v3__/tls_checker" + + https_endpoint = local.domain_hostname + alert_name = local.domain_hostname + alert_enabled = true + helm_chart_present = true + namespace = kubernetes_namespace.namespace.metadata[0].name + location_string = var.location_string + kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" + application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name + application_insights_id = data.azurerm_application_insights.application_insights_italy.id + application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] + keyvault_name = data.azurerm_key_vault.kv.name + keyvault_tenant_id = data.azurerm_client_config.current.tenant_id + + workload_identity_enabled = true + workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name + workload_identity_client_id = module.workload_identity.workload_identity_client_id + + depends_on = [module.workload_identity] +} + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%3Acertificate%3A-cert-mounter +module "cert_mounter" { + source = "./.terraform/modules/__v3__/cert_mounter" + + namespace = var.domain + certificate_name = replace(local.domain_hostname, ".", "-") + kv_name = data.azurerm_key_vault.kv.name + tenant_id = data.azurerm_subscription.current.tenant_id + + workload_identity_enabled = true + workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name + workload_identity_client_id = module.workload_identity.workload_identity_client_id + + depends_on = [module.workload_identity] +} +resource "helm_release" "reloader" { + name = "reloader" + repository = "https://stakater.github.io/stakater-charts" + chart = "reloader" + version = "v1.0.69" + namespace = kubernetes_namespace.namespace.metadata[0].name + + set { + name = "reloader.watchGlobally" + value = "false" + } +} diff --git a/src/domains/payopt-app/99_main.tf b/src/domains/payopt-app/99_main.tf index 7c1a14d9e9..27e3029347 100644 --- a/src/domains/payopt-app/99_main.tf +++ b/src/domains/payopt-app/99_main.tf @@ -7,19 +7,19 @@ terraform { } azuread = { source = "hashicorp/azuread" - version = "<= 2.47.0" + version = "<= 3.0.2" } null = { source = "hashicorp/null" - version = "<= 3.2.1" + version = "<= 3.2.3" } kubernetes = { source = "hashicorp/kubernetes" - version = "<= 2.29.0" + version = "<= 2.33.0" } helm = { source = "hashicorp/helm" - version = "<= 2.12.1" + version = "<= 2.16.0" } } diff --git a/src/domains/payopt-common/03_eventhub.tf b/src/domains/payopt-common/03_eventhub.tf index b2693b1ba8..e8d3ee1f9e 100644 --- a/src/domains/payopt-common/03_eventhub.tf +++ b/src/domains/payopt-common/03_eventhub.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "eventhub_ita_rg" { } module "eventhub_namespace" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub?ref=v8.22.0" + source = "./.terraform/modules/__v3__/eventhub" name = "${local.project}-evh" location = var.location resource_group_name = azurerm_resource_group.eventhub_ita_rg.name @@ -52,7 +52,7 @@ module "eventhub_namespace" { # CONFIGURATION # module "eventhub_paymentoptions_configuration" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub_configuration?ref=v8.22.0" + source = "./.terraform/modules/__v3__/eventhub_configuration" count = var.is_feature_enabled.eventhub ? 1 : 0 event_hub_namespace_name = module.eventhub_namespace.name diff --git a/src/domains/payopt-common/10_github_identity.tf b/src/domains/payopt-common/10_github_identity.tf index 41e54948b3..36a3cd077b 100644 --- a/src/domains/payopt-common/10_github_identity.tf +++ b/src/domains/payopt-common/10_github_identity.tf @@ -59,7 +59,7 @@ locals { # create a module for each 20 repos module "identity_cd_01" { - source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.22.0" + source = "./.terraform/modules/__v3__/github_federated_identity" # pagopa---github--identity prefix = var.prefix env_short = var.env_short @@ -131,7 +131,7 @@ resource "null_resource" "github_runner_app_permissions_to_namespace_cd_01" { # create a module for each 20 repos module "identity_pr_01" { - source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.22.0" + source = "./.terraform/modules/__v3__/github_federated_identity" prefix = var.prefix env_short = var.env_short domain = "${var.domain}-01-pr" @@ -170,7 +170,7 @@ resource "azurerm_key_vault_access_policy" "gha_pr_iac_managed_identities" { # create a module for each 20 repos module "identity_ref_01" { - source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.36.1" + source = "./.terraform/modules/__v3__/github_federated_identity" prefix = var.prefix env_short = var.env_short domain = "${var.domain}-01-ref" @@ -205,3 +205,14 @@ resource "azurerm_key_vault_access_policy" "gha_ref_iac_managed_identities" { storage_permissions = [] } + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity +module "workload_identity" { + source = "./.terraform/modules/__v3__/kubernetes_workload_identity_init" + + workload_identity_name_prefix = var.domain + workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + workload_identity_location = var.location +} \ No newline at end of file diff --git a/src/domains/payopt-common/99_main.tf b/src/domains/payopt-common/99_main.tf index 4908073540..95f5c16d5e 100644 --- a/src/domains/payopt-common/99_main.tf +++ b/src/domains/payopt-common/99_main.tf @@ -29,3 +29,8 @@ provider "azurerm" { data "azurerm_subscription" "current" {} data "azurerm_client_config" "current" {} + +module "__v3__" { + # v8.60.0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" +} diff --git a/src/domains/payopt-secrets/01_keyvault.tf b/src/domains/payopt-secrets/01_keyvault.tf index 28af4e56e2..c91ffe6e9c 100644 --- a/src/domains/payopt-secrets/01_keyvault.tf +++ b/src/domains/payopt-secrets/01_keyvault.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" { } module "key_vault" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.22.0" + source = "./.terraform/modules/__v3__/key_vault" name = "${local.product}-${var.location_short}-${var.domain}-kv" location = azurerm_resource_group.sec_rg.location @@ -92,7 +92,7 @@ resource "azurerm_key_vault_access_policy" "azdevops_iac_policy" { # create json letsencrypt inside kv # requierd: Docker module "letsencrypt_paymentoptions" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git///letsencrypt_credential?ref=v8.44.0" + source = "./.terraform/modules/__v3__/letsencrypt_credential" prefix = var.prefix env = var.env_short diff --git a/src/domains/payopt-secrets/99_main.tf b/src/domains/payopt-secrets/99_main.tf index 93ec8f61ca..9d3239722c 100644 --- a/src/domains/payopt-secrets/99_main.tf +++ b/src/domains/payopt-secrets/99_main.tf @@ -41,3 +41,8 @@ provider "kubernetes" { data "azurerm_subscription" "current" {} data "azurerm_client_config" "current" {} + +module "__v3__" { + # v8.60.0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" +} diff --git a/src/domains/printit-app/.terraform.lock.hcl b/src/domains/printit-app/.terraform.lock.hcl deleted file mode 100644 index 83852abcd4..0000000000 --- a/src/domains/printit-app/.terraform.lock.hcl +++ /dev/null @@ -1,122 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.47.0" - constraints = "<= 2.47.0" - hashes = [ - "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=", - "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", - "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", - "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=", - "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", - "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", - "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", - "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", - "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", - "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", - "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", - "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", - "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", - "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.116.0" - constraints = "~> 3.30, ~> 3.95, ~> 3.116.0, <= 3.116.0" - hashes = [ - "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", - "h1:3v5wgHWHRB3J5sByxhgkPEOmL9H4GeFIasitGI36bkM=", - "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", - "h1:SJM/KQDW9blKFmLMaupsZVYtcZ0fYpjLHEriMgCBGCY=", - "h1:jwwbQ09fH1RdcNsknt1AkvfSUbULsl7nZQn6S8fabFI=", - "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", - "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", - "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", - "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", - "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", - "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", - "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", - "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", - "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", - "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.12.1" - constraints = "~> 2.12, <= 2.12.1" - hashes = [ - "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", - "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", - "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", - "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=", - "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", - "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", - "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", - "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", - "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", - "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", - "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", - "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", - "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", - "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", - "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", - "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.29.0" - constraints = "~> 2.27, <= 2.29.0" - hashes = [ - "h1:+YCSx70JPlL2PX+yO53gzy1v0Bj61QMhq0N8U0DjK6c=", - "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=", - "h1:Igs0JTtmzn5q7RHqrvrTMCD/DCSLPMinvUnhYZ2oITw=", - "h1:oUDANZ62j22EWXtXUDAJe4HFq6BZhrYa4VLk49u7Om0=", - "h1:uM3M6zkZ7Tjr91SJaHz+ce+rmGtfUDih2fN3ogV+eYA=", - "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113", - "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578", - "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195", - "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac", - "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff", - "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25", - "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723", - "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3", - "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226", - "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a", - "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "~> 3.2, <= 3.2.1" - hashes = [ - "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", - "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", - "h1:wqgRvlyVIbkCeCQs+5jj6zVuQL0KDxZZtNofGqqlSdI=", - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", - ] -} From cefe95c72c7f38c91aa719d2edf1379d8cfcfb5f Mon Sep 17 00:00:00 2001 From: svariant Date: Mon, 2 Dec 2024 16:31:44 +0100 Subject: [PATCH 08/13] [PPANTT-190] chore: Clean delete payopt --- src/domains/paymentoptions-app/00_alerts.tf | 72 --- src/domains/paymentoptions-app/00_keyvault.tf | 10 - src/domains/paymentoptions-app/00_monitor.tf | 35 -- src/domains/paymentoptions-app/00_network.tf | 15 - src/domains/paymentoptions-app/01_network.tf | 9 - .../paymentoptions-app/02_namespace.tf | 20 - .../03_serviceaccounts_azure_devops.tf | 67 --- .../04_apim_payment_options.tf | 25 - .../04_apim_payment_options_mock.tf | 74 --- .../05_aks_middleware_tools.tf | 49 -- src/domains/paymentoptions-app/05_subkey.tf | 30 -- src/domains/paymentoptions-app/06_keyvault.tf | 81 ---- src/domains/paymentoptions-app/90_pdb.tf | 15 - src/domains/paymentoptions-app/99_locals.tf | 43 -- .../paymentoptions-app/99_variables.tf | 160 ------- .../api/payment-options-mock/_base_policy.xml | 14 - .../_get_payment_options_policy.xml | 444 ------------------ .../payment-options-mock/_openapi.json.tpl | 99 ---- .../api_product/_base_policy.xml | 14 - .../env/itn-dev/backend.ini | 1 - .../env/itn-dev/backend.tfvars | 4 - .../env/itn-dev/terraform.tfvars | 39 -- .../env/itn-prod/backend.ini | 1 - .../env/itn-prod/backend.tfvars | 4 - .../env/itn-prod/terraform.tfvars | 48 -- .../env/itn-uat/backend.ini | 1 - .../env/itn-uat/backend.tfvars | 4 - .../env/itn-uat/terraform.tfvars | 39 -- .../helm/cert-mounter.yaml.tpl | 13 - src/domains/paymentoptions-app/terraform.sh | 324 ------------- src/domains/paymentoptions-common/00_data.tf | 4 - .../paymentoptions-common/00_monitor.tf | 45 -- .../paymentoptions-common/00_network.tf | 37 -- .../paymentoptions-common/01_network.tf | 14 - .../paymentoptions-common/99_locals.tf | 32 -- .../paymentoptions-common/99_variables.tf | 219 --------- .../env/itn-dev/backend.ini | 1 - .../env/itn-dev/backend.tfvars | 4 - .../env/itn-dev/terraform.tfvars | 106 ----- .../env/itn-prod/backend.ini | 1 - .../env/itn-prod/backend.tfvars | 4 - .../env/itn-prod/terraform.tfvars | 106 ----- .../env/itn-uat/backend.ini | 1 - .../env/itn-uat/backend.tfvars | 4 - .../env/itn-uat/terraform.tfvars | 106 ----- .../paymentoptions-common/terraform.sh | 324 ------------- .../paymentoptions-secrets/00_azuread.tf | 16 - src/domains/paymentoptions-secrets/02_azdo.tf | 23 - .../paymentoptions-secrets/02_init_sops.tf | 21 - .../paymentoptions-secrets/03_sops_secrets.tf | 54 --- .../paymentoptions-secrets/99_locals.tf | 11 - .../paymentoptions-secrets/99_variables.tf | 101 ---- src/domains/paymentoptions-secrets/README.md | 65 --- .../env/itn-dev/backend.ini | 1 - .../env/itn-dev/backend.tfvars | 4 - .../env/itn-dev/terraform.tfvars | 30 -- .../env/itn-prod/backend.ini | 1 - .../env/itn-prod/backend.tfvars | 4 - .../env/itn-prod/terraform.tfvars | 30 -- .../env/itn-uat/backend.ini | 1 - .../env/itn-uat/backend.tfvars | 4 - .../env/itn-uat/terraform.tfvars | 27 -- .../secret/itn-dev/configs.json | 1 - .../secret/itn-dev/secret.ini | 3 - .../secret/itn-prod/configs.json | 2 - .../secret/itn-prod/secret.ini | 3 - .../secret/itn-uat/configs.json | 2 - .../secret/itn-uat/secret.ini | 3 - src/domains/paymentoptions-secrets/sops.sh | 137 ------ .../paymentoptions-secrets/terraform.sh | 324 ------------- .../paymentoptions-secrets/terrasops.sh | 29 -- 71 files changed, 3659 deletions(-) delete mode 100644 src/domains/paymentoptions-app/00_alerts.tf delete mode 100644 src/domains/paymentoptions-app/00_keyvault.tf delete mode 100644 src/domains/paymentoptions-app/00_monitor.tf delete mode 100644 src/domains/paymentoptions-app/00_network.tf delete mode 100644 src/domains/paymentoptions-app/01_network.tf delete mode 100644 src/domains/paymentoptions-app/02_namespace.tf delete mode 100644 src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf delete mode 100644 src/domains/paymentoptions-app/04_apim_payment_options.tf delete mode 100644 src/domains/paymentoptions-app/04_apim_payment_options_mock.tf delete mode 100644 src/domains/paymentoptions-app/05_aks_middleware_tools.tf delete mode 100644 src/domains/paymentoptions-app/05_subkey.tf delete mode 100644 src/domains/paymentoptions-app/06_keyvault.tf delete mode 100644 src/domains/paymentoptions-app/90_pdb.tf delete mode 100644 src/domains/paymentoptions-app/99_locals.tf delete mode 100644 src/domains/paymentoptions-app/99_variables.tf delete mode 100644 src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml delete mode 100644 src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml delete mode 100644 src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl delete mode 100644 src/domains/paymentoptions-app/api_product/_base_policy.xml delete mode 100644 src/domains/paymentoptions-app/env/itn-dev/backend.ini delete mode 100644 src/domains/paymentoptions-app/env/itn-dev/backend.tfvars delete mode 100644 src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars delete mode 100644 src/domains/paymentoptions-app/env/itn-prod/backend.ini delete mode 100644 src/domains/paymentoptions-app/env/itn-prod/backend.tfvars delete mode 100644 src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars delete mode 100644 src/domains/paymentoptions-app/env/itn-uat/backend.ini delete mode 100644 src/domains/paymentoptions-app/env/itn-uat/backend.tfvars delete mode 100644 src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars delete mode 100644 src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl delete mode 100755 src/domains/paymentoptions-app/terraform.sh delete mode 100644 src/domains/paymentoptions-common/00_data.tf delete mode 100644 src/domains/paymentoptions-common/00_monitor.tf delete mode 100644 src/domains/paymentoptions-common/00_network.tf delete mode 100644 src/domains/paymentoptions-common/01_network.tf delete mode 100644 src/domains/paymentoptions-common/99_locals.tf delete mode 100644 src/domains/paymentoptions-common/99_variables.tf delete mode 100644 src/domains/paymentoptions-common/env/itn-dev/backend.ini delete mode 100644 src/domains/paymentoptions-common/env/itn-dev/backend.tfvars delete mode 100644 src/domains/paymentoptions-common/env/itn-dev/terraform.tfvars delete mode 100644 src/domains/paymentoptions-common/env/itn-prod/backend.ini delete mode 100644 src/domains/paymentoptions-common/env/itn-prod/backend.tfvars delete mode 100644 src/domains/paymentoptions-common/env/itn-prod/terraform.tfvars delete mode 100644 src/domains/paymentoptions-common/env/itn-uat/backend.ini delete mode 100644 src/domains/paymentoptions-common/env/itn-uat/backend.tfvars delete mode 100644 src/domains/paymentoptions-common/env/itn-uat/terraform.tfvars delete mode 100755 src/domains/paymentoptions-common/terraform.sh delete mode 100644 src/domains/paymentoptions-secrets/00_azuread.tf delete mode 100644 src/domains/paymentoptions-secrets/02_azdo.tf delete mode 100644 src/domains/paymentoptions-secrets/02_init_sops.tf delete mode 100644 src/domains/paymentoptions-secrets/03_sops_secrets.tf delete mode 100644 src/domains/paymentoptions-secrets/99_locals.tf delete mode 100644 src/domains/paymentoptions-secrets/99_variables.tf delete mode 100644 src/domains/paymentoptions-secrets/README.md delete mode 100644 src/domains/paymentoptions-secrets/env/itn-dev/backend.ini delete mode 100644 src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars delete mode 100644 src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars delete mode 100644 src/domains/paymentoptions-secrets/env/itn-prod/backend.ini delete mode 100644 src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars delete mode 100644 src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars delete mode 100644 src/domains/paymentoptions-secrets/env/itn-uat/backend.ini delete mode 100644 src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars delete mode 100644 src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars delete mode 100644 src/domains/paymentoptions-secrets/secret/itn-dev/configs.json delete mode 100644 src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini delete mode 100644 src/domains/paymentoptions-secrets/secret/itn-prod/configs.json delete mode 100644 src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini delete mode 100644 src/domains/paymentoptions-secrets/secret/itn-uat/configs.json delete mode 100644 src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini delete mode 100755 src/domains/paymentoptions-secrets/sops.sh delete mode 100755 src/domains/paymentoptions-secrets/terraform.sh delete mode 100644 src/domains/paymentoptions-secrets/terrasops.sh diff --git a/src/domains/paymentoptions-app/00_alerts.tf b/src/domains/paymentoptions-app/00_alerts.tf deleted file mode 100644 index f6c5b8f409..0000000000 --- a/src/domains/paymentoptions-app/00_alerts.tf +++ /dev/null @@ -1,72 +0,0 @@ -## Print Notice Service ## - -resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-payment-options-service-responsetime-upd" { - count = var.env_short == "p" ? 1 : 0 - resource_group_name = "dashboards" - name = "pagopa-${var.env_short}-pagopa-print-payment-notice-service-rest-responsetime @ _payment-options-service" - location = var.location - - action { - action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] - email_subject = "Email Header" - custom_webhook_payload = "{}" - } - - data_source_id = data.azurerm_api_management.apim.id - description = "Response time for /payment-options is less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-payment-options" - enabled = true - query = (<<-QUERY -let threshold = 1500; -AzureDiagnostics -| where url_s matches regex "/payment-options" -| summarize - watermark=threshold, - duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) -| where duration_percentile_95 > threshold - QUERY - ) - severity = 2 - frequency = 5 - time_window = 10 - trigger { - operator = "GreaterThanOrEqual" - threshold = 2 - } -} - -resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-payment-options-rest-availability-upd" { - count = var.env_short == "p" ? 1 : 0 - resource_group_name = "dashboards" - name = "pagopa-${var.env_short}-pagopa-payment-options-rest-availability @ _print-payment-options" - location = var.location - - action { - action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] - email_subject = "Email Header" - custom_webhook_payload = "{}" - } - - data_source_id = data.azurerm_api_management.apim.id - description = "Availability for /payment-options is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-payment-options" - enabled = true - query = (<<-QUERY -let threshold = 0.99; -AzureDiagnostics -| where url_s matches regex "/payment-options'" -| summarize - Total=count(), - Success=count(responseCode_d < 500) - by bin(TimeGenerated, 5m) -| extend availability=toreal(Success) / Total -| where availability < threshold - QUERY - ) - severity = 1 - frequency = 5 - time_window = 5 - trigger { - operator = "GreaterThanOrEqual" - threshold = 1 - } -} - diff --git a/src/domains/paymentoptions-app/00_keyvault.tf b/src/domains/paymentoptions-app/00_keyvault.tf deleted file mode 100644 index c94a899cca..0000000000 --- a/src/domains/paymentoptions-app/00_keyvault.tf +++ /dev/null @@ -1,10 +0,0 @@ -data "azurerm_key_vault" "kv" { - name = "${local.project}-kv" - resource_group_name = "${local.project}-sec-rg" -} - - -data "azurerm_kubernetes_cluster" "aks" { - name = local.aks_name - resource_group_name = local.aks_resource_group_name -} diff --git a/src/domains/paymentoptions-app/00_monitor.tf b/src/domains/paymentoptions-app/00_monitor.tf deleted file mode 100644 index 311dc4ff7d..0000000000 --- a/src/domains/paymentoptions-app/00_monitor.tf +++ /dev/null @@ -1,35 +0,0 @@ -# -# 🇮🇹 Monitor Italy -# -data "azurerm_resource_group" "monitor_italy_rg" { - name = var.monitor_italy_resource_group_name -} - -data "azurerm_log_analytics_workspace" "log_analytics_italy" { - name = var.log_analytics_italy_workspace_name - resource_group_name = var.log_analytics_italy_workspace_resource_group_name -} - -data "azurerm_application_insights" "application_insights_italy" { - name = local.monitor_appinsights_italy_name - resource_group_name = data.azurerm_resource_group.monitor_italy_rg.name -} - -# -# Actions Group -# -data "azurerm_monitor_action_group" "slack" { - name = local.monitor_action_group_slack_name - resource_group_name = var.monitor_italy_resource_group_name -} - -data "azurerm_monitor_action_group" "email" { - resource_group_name = var.monitor_italy_resource_group_name - name = local.monitor_action_group_email_name -} - -data "azurerm_monitor_action_group" "opsgenie" { - count = var.env_short == "p" ? 1 : 0 - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_opsgenie_name -} diff --git a/src/domains/paymentoptions-app/00_network.tf b/src/domains/paymentoptions-app/00_network.tf deleted file mode 100644 index 355c8e2333..0000000000 --- a/src/domains/paymentoptions-app/00_network.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "azurerm_virtual_network" "vnet" { - name = local.vnet_name - resource_group_name = local.vnet_resource_group_name -} - -data "azurerm_private_dns_zone" "internal" { - name = local.internal_dns_zone_name - resource_group_name = local.internal_dns_zone_resource_group_name -} - -data "azurerm_subnet" "apim_vnet" { - name = local.pagopa_apim_snet - resource_group_name = local.pagopa_vnet_rg - virtual_network_name = local.pagopa_vnet_integration -} diff --git a/src/domains/paymentoptions-app/01_network.tf b/src/domains/paymentoptions-app/01_network.tf deleted file mode 100644 index 73614770ca..0000000000 --- a/src/domains/paymentoptions-app/01_network.tf +++ /dev/null @@ -1,9 +0,0 @@ -#-------------------------------------------------- - -resource "azurerm_private_dns_a_record" "ingress" { - name = local.ingress_hostname - zone_name = data.azurerm_private_dns_zone.internal.name - resource_group_name = local.internal_dns_zone_resource_group_name - ttl = 3600 - records = [var.ingress_load_balancer_ip] -} diff --git a/src/domains/paymentoptions-app/02_namespace.tf b/src/domains/paymentoptions-app/02_namespace.tf deleted file mode 100644 index 73e2653de5..0000000000 --- a/src/domains/paymentoptions-app/02_namespace.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "kubernetes_namespace" "namespace" { - metadata { - name = var.domain - } -} - -module "pod_identity" { - source = "./.terraform/modules/__v3__/kubernetes_pod_identity" - - resource_group_name = local.aks_resource_group_name - location = var.location - tenant_id = data.azurerm_subscription.current.tenant_id - cluster_name = local.aks_name - - identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" - namespace = kubernetes_namespace.namespace.metadata[0].name - key_vault_id = data.azurerm_key_vault.kv.id - - secret_permissions = ["Get"] -} diff --git a/src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf b/src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf deleted file mode 100644 index cfdc7c2574..0000000000 --- a/src/domains/paymentoptions-app/03_serviceaccounts_azure_devops.tf +++ /dev/null @@ -1,67 +0,0 @@ -resource "kubernetes_namespace" "namespace_system" { - metadata { - name = "${var.domain}-system" - } -} - -module "kubernetes_service_account" { - source = "./.terraform/modules/__v3__/kubernetes_service_account" - name = "azure-devops" - namespace = "${var.domain}-system" -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "azure_devops_sa_token" { - depends_on = [module.kubernetes_service_account] - name = "${local.aks_name}-azure-devops-sa-token" - value = module.kubernetes_service_account.sa_token # base64 value - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "azure_devops_sa_cacrt" { - depends_on = [module.kubernetes_service_account] - name = "${local.aks_name}-azure-devops-sa-cacrt" - value = module.kubernetes_service_account.sa_ca_cert # base64 value - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -#-------------------------------------------------------------------------------------------------- - -resource "kubernetes_role_binding" "deployer_binding" { - metadata { - name = "deployer-binding" - namespace = kubernetes_namespace.namespace.metadata[0].name - } - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "cluster-deployer" - } - subject { - kind = "ServiceAccount" - name = "azure-devops" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } -} - -resource "kubernetes_role_binding" "system_deployer_binding" { - metadata { - name = "system-deployer-binding" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "system-cluster-deployer" - } - subject { - kind = "ServiceAccount" - name = "azure-devops" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } -} diff --git a/src/domains/paymentoptions-app/04_apim_payment_options.tf b/src/domains/paymentoptions-app/04_apim_payment_options.tf deleted file mode 100644 index 3e7f22da2e..0000000000 --- a/src/domains/paymentoptions-app/04_apim_payment_options.tf +++ /dev/null @@ -1,25 +0,0 @@ -locals { - apim_payment_options_pagopa_api = { - display_name = "Payment Options Product pagoPA" - description = "API for Payment Options" - } -} - -module "apim_payment_options_product" { - source = "./.terraform/modules/__v3__/api_management_product" - count = var.is_feature_enabled.paymentoptions ? 1 : 0 - - product_id = "pagopa_payment_options" - display_name = local.apim_payment_options_pagopa_api.display_name - description = local.apim_payment_options_pagopa_api.description - - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg - - published = false - subscription_required = true - approval_required = false - # subscriptions_limit = 1000 - - policy_xml = file("./api_product/_base_policy.xml") -} diff --git a/src/domains/paymentoptions-app/04_apim_payment_options_mock.tf b/src/domains/paymentoptions-app/04_apim_payment_options_mock.tf deleted file mode 100644 index e142259ae6..0000000000 --- a/src/domains/paymentoptions-app/04_apim_payment_options_mock.tf +++ /dev/null @@ -1,74 +0,0 @@ -locals { - apim_payment_options_mock_pagopa_api = { - display_name = "Mock Payment Options Product pagoPA" - description = "Mock API for Payment Options" - } -} - -module "apim_payment_options_mock_product" { - source = "./.terraform/modules/__v3__/api_management_product" - count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 - - product_id = "pagopa-payment-options-mock" - display_name = local.apim_payment_options_mock_pagopa_api.display_name - description = local.apim_payment_options_mock_pagopa_api.description - - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg - - published = false - subscription_required = false - approval_required = false - # subscriptions_limit = 1000 - - policy_xml = file("./api_product/_base_policy.xml") -} - -resource "azurerm_api_management_api_version_set" "payment_options_mock_api" { - count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 - - name = format("%s-payment-options-mock-api", var.env_short) - resource_group_name = local.pagopa_apim_rg - api_management_name = local.pagopa_apim_name - display_name = "Payment Options Mock" - versioning_scheme = "Segment" -} - - -module "apim_api_pay_opt_mock_api" { - source = "./.terraform/modules/__v3__/api_management_api" - count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 - - name = format("%s-pay-opt-mock-api", local.project) - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg - product_ids = [module.apim_payment_options_mock_product[0].product_id] - subscription_required = false - version_set_id = azurerm_api_management_api_version_set.payment_options_mock_api[0].id - api_version = "v1" - - description = local.apim_payment_options_mock_pagopa_api.description - display_name = local.apim_payment_options_mock_pagopa_api.display_name - path = "payopt-mock" - protocols = ["https"] - service_url = null - - content_format = "openapi" - content_value = templatefile("./api/payment-options-mock/_openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./api/payment-options-mock/_base_policy.xml", { - hostname = local.hostname - }) - - api_operation_policies = [ - { - operation_id = "get-payment-options", - xml_content = templatefile("./api/payment-options-mock/_get_payment_options_policy.xml", { - hostname = local.hostname - }) - }, - ] - -} diff --git a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf b/src/domains/paymentoptions-app/05_aks_middleware_tools.tf deleted file mode 100644 index 83624cc77e..0000000000 --- a/src/domains/paymentoptions-app/05_aks_middleware_tools.tf +++ /dev/null @@ -1,49 +0,0 @@ -module "tls_checker" { - source = "./.terraform/modules/__v3__/tls_checker" - - https_endpoint = local.domain_hostname - alert_name = local.domain_hostname - alert_enabled = true - helm_chart_present = true - namespace = kubernetes_namespace.namespace.metadata[0].name - location_string = var.location_string - kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" - application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name - application_insights_id = data.azurerm_application_insights.application_insights_italy.id - application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] - keyvault_name = data.azurerm_key_vault.kv.name - keyvault_tenant_id = data.azurerm_client_config.current.tenant_id -} - -resource "helm_release" "cert_mounter" { - name = "cert-mounter-blueprint" - repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint" - chart = "cert-mounter-blueprint" - version = "1.0.4" - namespace = var.domain - timeout = 120 - force_update = true - - values = [ - templatefile("${path.root}/helm/cert-mounter.yaml.tpl", { - NAMESPACE = var.domain, - DOMAIN = var.domain, - CERTIFICATE_NAME = replace(local.domain_hostname, ".", "-"), - ENV_SHORT = var.env_short, - KV_NAME = data.azurerm_key_vault.kv.name - }) - ] -} - -resource "helm_release" "reloader" { - name = "reloader" - repository = "https://stakater.github.io/stakater-charts" - chart = "reloader" - version = "v1.0.69" - namespace = kubernetes_namespace.namespace.metadata[0].name - - set { - name = "reloader.watchGlobally" - value = "false" - } -} diff --git a/src/domains/paymentoptions-app/05_subkey.tf b/src/domains/paymentoptions-app/05_subkey.tf deleted file mode 100644 index 15fba182f4..0000000000 --- a/src/domains/paymentoptions-app/05_subkey.tf +++ /dev/null @@ -1,30 +0,0 @@ -resource "azurerm_api_management_subscription" "api_config_subkey" { - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = data.azurerm_api_management_product.apim_api_config_product.id - display_name = "Subscription for Api Config APIM" - allow_tracing = false - state = "active" -} - -resource "azurerm_api_management_subscription" "forwarder_subkey" { - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = data.azurerm_api_management_product.apim_forwarder_product.id - display_name = "Subscription for Forwarder APIM" - allow_tracing = false - state = "active" -} - -resource "azurerm_api_management_subscription" "service_payment_options_subkey" { - count = var.env_short != "p" ? 1 : 0 - - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = module.apim_payment_options_product[0].id - display_name = "Subscription for Payments Options APIM" - allow_tracing = false - state = "active" -} - - diff --git a/src/domains/paymentoptions-app/06_keyvault.tf b/src/domains/paymentoptions-app/06_keyvault.tf deleted file mode 100644 index 83f09e182e..0000000000 --- a/src/domains/paymentoptions-app/06_keyvault.tf +++ /dev/null @@ -1,81 +0,0 @@ -locals { - aks_api_url = var.env_short == "d" ? data.azurerm_kubernetes_cluster.aks.fqdn : data.azurerm_kubernetes_cluster.aks.private_fqdn -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "aks_apiserver_url" { - name = "${local.aks_name}-apiserver-url" - value = "https://${local.aks_api_url}:443" - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -## Manual secrets - -resource "azurerm_key_vault_secret" "application_insights_connection_string" { - name = "app-insight-connection-string" - value = data.azurerm_application_insights.application_insights_italy.connection_string - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - - -resource "azurerm_key_vault_secret" "tenant_id" { - name = "tenant-id" - value = data.azurerm_subscription.current.tenant_id - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -# Event Hub - -resource "azurerm_key_vault_secret" "ehub_payment-options-re_jaas_config" { - name = "ehub-${var.env_short}-payment-options-re-jaas-config" - value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.payment_options_re_authorization_rule_writer.primary_connection_string}\";" - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "ehub_nodo_pagamenti_cache_jaas_config" { - name = "ehub-${var.env_short}-nodo-pagamenti-cache-jaas-config" - value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_cache_sync_reader.primary_connection_string}\";" - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "ehub_nodo-dei-pagamenti-verify-ko_jaas_config" { - name = "ehub-${var.env_short}-nodo-dei-pagamenti-verify-ko-jaas-config" - value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_verify_ko_writer.primary_connection_string}\";" - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "api_config_subscription_key" { - name = "api-config-sub-key" - value = azurerm_api_management_subscription.api_config_subkey.primary_key - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "forwarder_subscription_key" { - name = "forwarder-sub-key" - value = azurerm_api_management_subscription.forwarder_subkey.primary_key - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "service_payment_options_subscription_key" { - count = var.env_short != "p" ? 1 : 0 - - name = "apikey-service-payment-options" - value = azurerm_api_management_subscription.service_payment_options_subkey[0].primary_key - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - - - diff --git a/src/domains/paymentoptions-app/90_pdb.tf b/src/domains/paymentoptions-app/90_pdb.tf deleted file mode 100644 index b88494a798..0000000000 --- a/src/domains/paymentoptions-app/90_pdb.tf +++ /dev/null @@ -1,15 +0,0 @@ -resource "kubernetes_pod_disruption_budget_v1" "payment_options" { - - for_each = var.pod_disruption_budgets - - metadata { - namespace = kubernetes_namespace.namespace.metadata[0].name - name = each.key - } - spec { - min_available = each.value.minAvailable - selector { - match_labels = each.value.matchLabels - } - } -} diff --git a/src/domains/paymentoptions-app/99_locals.tf b/src/domains/paymentoptions-app/99_locals.tf deleted file mode 100644 index 9b8dffcb17..0000000000 --- a/src/domains/paymentoptions-app/99_locals.tf +++ /dev/null @@ -1,43 +0,0 @@ -locals { - product = "${var.prefix}-${var.env_short}" - project_short = "${var.prefix}-${var.env_short}-${var.domain}" - project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" - - location_short_weu = "weu" - project_short_weu = "${var.prefix}-${var.env_short}-${local.location_short_weu}" - - project_core_itn = "${var.prefix}-${var.env_short}-${var.location_short}-core" - - - monitor_action_group_slack_name = "SlackPagoPA" - monitor_action_group_email_name = "PagoPA" - monitor_action_group_opsgenie_name = "Opsgenie" - monitor_appinsights_name = "${local.product}-appinsights" - monitor_appinsights_italy_name = "${local.project_core_itn}-appinsights" - - vnet_name = "${var.prefix}-${var.env_short}-${var.location_short}-vnet" - vnet_resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-vnet-rg" - - aks_name = "${local.product}-${var.location_short}-${var.instance}-aks" - aks_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg" - - ingress_hostname = "${var.domain}.itn" - internal_dns_zone_name = "${var.dns_zone_internal_prefix}.${var.external_domain}" - internal_dns_zone_resource_group_name = "${local.product}-vnet-rg" - - pagopa_apim_snet = "${local.product}-apim-snet" - pagopa_vnet_integration = "pagopa-${var.env_short}-vnet-integration" - pagopa_vnet_rg = "pagopa-${var.env_short}-vnet-rg" - - domain_hostname = "${var.dns_zone_prefix}.${local.internal_dns_zone_name}" - - pagopa_apim_name = "${local.product}-apim" - pagopa_apim_rg = "${local.product}-api-rg" - - apim_hostname = "api.${var.apim_dns_zone_prefix}.${var.external_domain}" - hostname = var.env == "prod" ? "${var.domain}.itn.internal.platform.pagopa.it" : "${var.domain}.itn.internal.${var.env}.platform.pagopa.it" - - - evt_hub_location = "${local.location_short_weu}-core" - -} diff --git a/src/domains/paymentoptions-app/99_variables.tf b/src/domains/paymentoptions-app/99_variables.tf deleted file mode 100644 index b2c2b38a27..0000000000 --- a/src/domains/paymentoptions-app/99_variables.tf +++ /dev/null @@ -1,160 +0,0 @@ -# general - -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) <= 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of wue, neu" -} - -variable "location_string" { - type = string - description = "One of West Europe, North Europe" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -### Features flags - -variable "is_feature_enabled" { - type = object({ - paymentoptions = bool - paymentoptions_mock = bool - }) - default = { - paymentoptions = false - paymentoptions_mock = false - } -} -### External resources - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} - -variable "log_analytics_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace." -} - -variable "log_analytics_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace is located in." -} - -variable "monitor_italy_resource_group_name" { - type = string - description = "Monitor Italy resource group name" -} - -variable "log_analytics_italy_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace Italy." -} - -variable "log_analytics_italy_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace Italy is located in." -} - - -### Aks -variable "ingress_load_balancer_ip" { - type = string -} - -variable "k8s_kube_config_path_prefix" { - type = string - default = "~/.kube" -} - -variable "external_domain" { - type = string - default = null - description = "Domain for delegation" -} - -variable "dns_zone_internal_prefix" { - type = string - default = null - description = "The dns subdomain." -} - -variable "apim_dns_zone_prefix" { - type = string - default = null - description = "The dns subdomain for apim." -} - -# DNS - -variable "dns_zone_prefix" { - type = string - default = null - description = "The wallet dns subdomain." -} - -### PDB -variable "pod_disruption_budgets" { - type = map(object({ - name = optional(string, null) - minAvailable = optional(number, null) - matchLabels = optional(map(any), {}) - })) - description = "Pod disruption budget for domain namespace" - default = {} -} diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml b/src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml deleted file mode 100644 index 59ce29e724..0000000000 --- a/src/domains/paymentoptions-app/api/payment-options-mock/_base_policy.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - - - - diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml b/src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml deleted file mode 100644 index 018a492ebf..0000000000 --- a/src/domains/paymentoptions-app/api/payment-options-mock/_get_payment_options_policy.xml +++ /dev/null @@ -1,444 +0,0 @@ - - - - - - - - - - - - - - application/json - - - - - { - "paTaxCode": "77777777777", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - Opzione 1 - Soluzione Unica", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111112", - "iuv": "11111111111111112", - "amount": 120, - "description": "Test Opt Inst - soluzione unica", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 2 - Piano Rateale", - "numberOfInstallments": 3, - "amount": 120, - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagatp", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111113", - "iuv": "11111111111111113", - "amount": 40, - "description": "rata 1", - "dueDate": "2024-10-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111114", - "iuv": "311111111111111114", - "amount": 40, - "description": "rata 2", - "dueDate": "2024-11-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111115", - "iuv": "11111111111111115", - "amount": 40, - "description": "rata 3", - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - } - ] - } - - - - - { - "paTaxCode": "99999000013", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - Opzione 1 - Soluzione Unica", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111112", - "iuv": "11111111111111112", - "amount": 120, - "description": "Test Opt Inst - soluzione unica", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 2 - Piano Rateale", - "numberOfInstallments": 3, - "amount": 120, - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagatp", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111113", - "iuv": "11111111111111113", - "amount": 40, - "description": "rata 1", - "dueDate": "2024-10-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111114", - "iuv": "311111111111111114", - "amount": 40, - "description": "rata 2", - "dueDate": "2024-11-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111115", - "iuv": "11111111111111115", - "amount": 40, - "description": "rata 3", - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 3 - Piano Rateale - 5 rate", - "numberOfInstallments": 5, - "amount": 90, - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111120", - "iuv": "311111111111111120", - "amount": 18, - "description": "rata 1", - "dueDate": "2024-10-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111121", - "iuv": "311111111111111121", - "amount": 18, - "description": "rata 2", - "dueDate": "2024-11-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111122", - "iuv": "311111111111111122", - "amount": 18, - "description": "rata 3", - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111123", - "iuv": "311111111111111123", - "amount": 18, - "description": "rata 4", - "dueDate": "2025-01-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111124", - "iuv": "311111111111111124", - "amount": 18, - "description": "rata 5", - "dueDate": "2025-02-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - } - ] - } - ] - } - - - - { - "paTaxCode": "77777777777", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - unica opzione", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom": "2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non Pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111111", - "iuv": "311111111111111111", - "amount": 120, - "description": "Test Opt Inst - unica opzione", - "dueDate": "2024-10-30T23:59:59", - "validFrom": "2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non Pagato" - } - ] - } - ] - } - - - { - "paTaxCode": "99999000013", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - Opzione 1 - CO-Obbligato 1", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111125", - "iuv": "311111111111111125", - "amount": 120, - "description": "Test PayOpt - Opzione 1 - CO-Obbligato 1", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 2 - CO-Obbligato 2", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111126", - "iuv": "311111111111111126", - "amount": 120, - "description": "Test PayOpt - Opzione 2 - CO-Obbligato 2", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - } - ] - } - ] - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_SINTASSI", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore di sintassi del modello nella risposta" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_SCONOSCIUTO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento sconosciuto" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_ID_DOMINIO_ERRATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per id dominio errato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_ID_INTERMEDIARIO_ERRATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per id intermediario errato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_ANNULLATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento annullato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_DUPLICATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento duplicato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_IN_CORSO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento ancora in corso" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_SCADUTO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento scaduto" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_SEMANTICA", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore semantica" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_STAZIONE_INT_ERRATA", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per stazione errata" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_SYSTEM_ERROR", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore generico" - } - - - - - - - - diff --git a/src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl b/src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl deleted file mode 100644 index ef7b46e20a..0000000000 --- a/src/domains/paymentoptions-app/api/payment-options-mock/_openapi.json.tpl +++ /dev/null @@ -1,99 +0,0 @@ -{ - "openapi": "3.0.1", - "info": { - "title": "Mocker Payopts", - "description": "", - "version": "1.0" - }, - "servers": [ - { - "url": "https://api.dev.platform.pagopa.it/payopt-mock" - } - ], - "paths": { - "/payment-options/organizations/{fiscal-code}/notices/{notice-number}": { - "post": { - "summary": "Get Payment Options", - "operationId": "get-payment-options", - "parameters": [ - { - "name": "fiscal-code", - "in": "path", - "required": true, - "schema": { - "type": "" - } - }, - { - "name": "notice-number", - "in": "path", - "required": true, - "schema": { - "type": "" - } - } - ], - "responses": { - "200": { - "description": "Single Opt Response", - "content": { - "application/json": { - "example": { - "paTaxCode": "77777777777", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - unica opzione", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59.0000000+00:00", - "validFrom": "2024-09-30T23:59:59.0000000+00:00", - "status": "non pagato", - "status reason": "desc", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111111", - "iuv": "311111111111111111", - "amount": 120, - "description": "Test Opt Inst - unica opzione", - "dueDate": "2024-10-30T23:59:59.0000000+00:00", - "validFrom": "2024-09-30T23:59:59.0000000+00:00", - "status": "non pagato", - "status reason": "desc" - } - ] - } - ] - } - } - } - } - } - } - } - }, - "components": { - "securitySchemes": { - "apiKeyHeader": { - "type": "apiKey", - "name": "Ocp-Apim-Subscription-Key", - "in": "header" - }, - "apiKeyQuery": { - "type": "apiKey", - "name": "subscription-key", - "in": "query" - } - } - }, - "security": [ - { - "apiKeyHeader": [] - }, - { - "apiKeyQuery": [] - } - ] -} \ No newline at end of file diff --git a/src/domains/paymentoptions-app/api_product/_base_policy.xml b/src/domains/paymentoptions-app/api_product/_base_policy.xml deleted file mode 100644 index ce18a37436..0000000000 --- a/src/domains/paymentoptions-app/api_product/_base_policy.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - - - - diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.ini b/src/domains/paymentoptions-app/env/itn-dev/backend.ini deleted file mode 100644 index f3ea2d530c..0000000000 --- a/src/domains/paymentoptions-app/env/itn-dev/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/domains/paymentoptions-app/env/itn-dev/backend.tfvars b/src/domains/paymentoptions-app/env/itn-dev/backend.tfvars deleted file mode 100644 index 34401b3ea9..0000000000 --- a/src/domains/paymentoptions-app/env/itn-dev/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfdevpagopa" -container_name = "terraform-state" -key = "paymentoptions-app-dev.terraform.tfstate" diff --git a/src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars b/src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars deleted file mode 100644 index a05aa001bb..0000000000 --- a/src/domains/paymentoptions-app/env/itn-dev/terraform.tfvars +++ /dev/null @@ -1,39 +0,0 @@ -prefix = "pagopa" -env_short = "d" -env = "dev" -domain = "payopt" -location = "italynorth" -location_short = "itn" -location_string = "Italy North" -instance = "dev" - -tags = { - CreatedBy = "Terraform" - Environment = "Dev" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-d-monitor-rg" -log_analytics_workspace_name = "pagopa-d-law" -log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.dev.platform" -dns_zone_prefix = "payopt.itn" -apim_dns_zone_prefix = "dev.platform" -### Aks - -ingress_load_balancer_ip = "10.3.2.250" - -is_feature_enabled = { - paymentoptions = true - paymentoptions_mock = true -} diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.ini b/src/domains/paymentoptions-app/env/itn-prod/backend.ini deleted file mode 100644 index ddda4bb50f..0000000000 --- a/src/domains/paymentoptions-app/env/itn-prod/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=prod-pagoPA diff --git a/src/domains/paymentoptions-app/env/itn-prod/backend.tfvars b/src/domains/paymentoptions-app/env/itn-prod/backend.tfvars deleted file mode 100644 index 184ba40d9d..0000000000 --- a/src/domains/paymentoptions-app/env/itn-prod/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodpagopa" -container_name = "terraform-state" -key = "paymentoptions-app-prod.terraform.tfstate" diff --git a/src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars b/src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars deleted file mode 100644 index 674ca7b069..0000000000 --- a/src/domains/paymentoptions-app/env/itn-prod/terraform.tfvars +++ /dev/null @@ -1,48 +0,0 @@ -prefix = "pagopa" -env_short = "p" -env = "prod" -domain = "payopt" -location = "italynorth" -location_short = "itn" -location_string = "Italy North" -instance = "prod" - -tags = { - CreatedBy = "Terraform" - Environment = "prod" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-p-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-p-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-p-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-p-monitor-rg" -log_analytics_workspace_name = "pagopa-p-law" -log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.platform" -dns_zone_prefix = "payopt.itn" -apim_dns_zone_prefix = "platform" -### Aks - -ingress_load_balancer_ip = "10.3.2.250" - -is_feature_enabled = { - paymentoptions = true - paymentoptions_mock = false -} - -pod_disruption_budgets = { - "payment-options-service" = { - minAvailable = 2 - matchLabels = { - "app.kubernetes.io/instance" = "payment-options-service" - } - }, -} diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.ini b/src/domains/paymentoptions-app/env/itn-uat/backend.ini deleted file mode 100644 index 1759a0ca0d..0000000000 --- a/src/domains/paymentoptions-app/env/itn-uat/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=UAT-pagoPA \ No newline at end of file diff --git a/src/domains/paymentoptions-app/env/itn-uat/backend.tfvars b/src/domains/paymentoptions-app/env/itn-uat/backend.tfvars deleted file mode 100644 index 3fa5ce28c3..0000000000 --- a/src/domains/paymentoptions-app/env/itn-uat/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfuatpagopa" -container_name = "terraform-state" -key = "paymentoptions-app-uat.terraform.tfstate" diff --git a/src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars b/src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars deleted file mode 100644 index c0219aa389..0000000000 --- a/src/domains/paymentoptions-app/env/itn-uat/terraform.tfvars +++ /dev/null @@ -1,39 +0,0 @@ -prefix = "pagopa" -env_short = "u" -env = "uat" -domain = "payopt" -location = "italynorth" -location_short = "itn" -location_string = "Italy North" -instance = "uat" - -tags = { - CreatedBy = "Terraform" - Environment = "Uat" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-u-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-u-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-u-monitor-rg" -log_analytics_workspace_name = "pagopa-u-law" -log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.uat.platform" -dns_zone_prefix = "payopt.itn" -apim_dns_zone_prefix = "uat.platform" -### Aks - -ingress_load_balancer_ip = "10.3.2.250" - -is_feature_enabled = { - paymentoptions = true - paymentoptions_mock = true -} diff --git a/src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl b/src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl deleted file mode 100644 index 73ee05d737..0000000000 --- a/src/domains/paymentoptions-app/helm/cert-mounter.yaml.tpl +++ /dev/null @@ -1,13 +0,0 @@ -namespace: ${NAMESPACE} -nameOverride: "" -fullnameOverride: "" - -deployment: - create: true - -kvCertificatesName: - - ${CERTIFICATE_NAME} - -keyvault: - name: "${KV_NAME}" - tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d" diff --git a/src/domains/paymentoptions-app/terraform.sh b/src/domains/paymentoptions-app/terraform.sh deleted file mode 100755 index 047a7512d0..0000000000 --- a/src/domains/paymentoptions-app/terraform.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/bin/bash -############################################################ -# Terraform script for managing infrastructure on Azure -# Fingerprint: d2hhdHlvdXdhbnQ/Cg== -############################################################ -# Global variables -# Version format x.y accepted -vers="1.11" -script_name=$(basename "$0") -git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" -tmp_file="${script_name}.new" -# Check if the third parameter exists and is a file -if [ -n "$3" ] && [ -f "$3" ]; then - FILE_ACTION=true -else - FILE_ACTION=false -fi - -# Define functions -function clean_environment() { - rm -rf .terraform - rm tfplan 2>/dev/null - echo "cleaned!" -} - -function download_tool() { - #default value - cpu_type="intel" - os_type=$(uname) - - # only on MacOS - if [ "$os_type" == "Darwin" ]; then - cpu_brand=$(sysctl -n machdep.cpu.brand_string) - if grep -q -i "intel" <<< "$cpu_brand"; then - cpu_type="intel" - else - cpu_type="arm" - fi - fi - - echo $cpu_type - tool=$1 - git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" - if ! command -v $tool &> /dev/null; then - if ! curl -sL "$git_repo" -o "$tool"; then - echo "Error downloading ${tool}" - return 1 - else - chmod +x $tool - echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. -You need to do it yourself!" - read -p "Press enter to continue" - - - fi - fi -} - -function extract_resources() { - TF_FILE=$1 - ENV=$2 - TARGETS="" - - # Check if the file exists - if [ ! -f "$TF_FILE" ]; then - echo "File $TF_FILE does not exist." - exit 1 - fi - - # Check if the directory exists - if [ ! -d "./env/$ENV" ]; then - echo "Directory ./env/$ENV does not exist." - exit 1 - fi - - TMP_FILE=$(mktemp) - grep -E '^resource|^module' $TF_FILE > $TMP_FILE - - while read -r line ; do - TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') - if [ "$TYPE" == "module" ]; then - NAME=$(echo $line | cut -d '"' -f 2) - TARGETS+=" -target=\"$TYPE.$NAME\"" - else - NAME1=$(echo $line | cut -d '"' -f 2) - NAME2=$(echo $line | cut -d '"' -f 4) - TARGETS+=" -target=\"$NAME1.$NAME2\"" - fi - done < $TMP_FILE - - rm $TMP_FILE - - echo "./terraform.sh $action $ENV $TARGETS" -} - -function help_usage() { - echo "terraform.sh Version ${vers}" - echo - echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" - echo "es. ACTION: init, apply, plan, etc." - echo "es. ENV: dev, uat, prod, etc." - echo - echo "Available actions:" - echo " clean Remove .terraform* folders and tfplan files" - echo " help This help" - echo " list List every environment available" - echo " update Update this script if possible" - echo " summ Generate summary of Terraform plan" - echo " tflist Generate an improved output of terraform state list" - echo " tlock Generate or update the dependency lock file" - echo " * any terraform option" -} - -function init_terraform() { - if [ -n "$env" ]; then - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - else - echo "ERROR: no env configured!" - exit 1 - fi -} - -function list_env() { - # Check if env directory exists - if [ ! -d "./env" ]; then - echo "No environment directory found" - exit 1 - fi - - # List subdirectories under env directory - env_list=$(ls -d ./env/*/ 2>/dev/null) - - # Check if there are any subdirectories - if [ -z "$env_list" ]; then - echo "No environments found" - exit 1 - fi - - # Print the list of environments - echo "Available environments:" - for env in $env_list; do - env_name=$(echo "$env" | sed 's#./env/##;s#/##') - echo "- $env_name" - done -} - -function other_actions() { - if [ -n "$env" ] && [ -n "$action" ]; then - terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other - else - echo "ERROR: no env or action configured!" - exit 1 - fi -} - -function state_output_taint_actions() { - if [ "$action" == "tflist" ]; then - # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, - # attempt to download the 'tflist' tool - if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then - download_tool "tflist" - if [ $? -ne 0 ]; then - echo "Error: Failed to download tflist!!" - exit 1 - else - echo "tflist downloaded!" - fi - fi - if command -v tflist &> /dev/null; then - terraform state list | tflist - else - terraform state list | ./tflist - fi - else - terraform $action $other - fi -} - - -function parse_tfplan_option() { - # Create an array to contain arguments that do not start with '-tfplan=' - local other_args=() - - # Loop over all arguments - for arg in "$@"; do - # If the argument starts with '-tfplan=', extract the file name - if [[ "$arg" =~ ^-tfplan= ]]; then - echo "${arg#*=}" - else - # If the argument does not start with '-tfplan=', add it to the other_args array - other_args+=("$arg") - fi - done - - # Print all arguments in other_args separated by spaces - echo "${other_args[@]}" -} - -function tfsummary() { - local plan_file - plan_file=$(parse_tfplan_option "$@") - if [ -z "$plan_file" ]; then - plan_file="tfplan" - fi - action="plan" - other="-out=${plan_file}" - other_actions - if [ -n "$(command -v tf-summarize)" ]; then - tf-summarize -tree "${plan_file}" - else - echo "tf-summarize is not installed" - fi - if [ "$plan_file" == "tfplan" ]; then - rm $plan_file - fi -} - -function update_script() { - # Check if the repository was cloned successfully - if ! curl -sL "$git_repo" -o "$tmp_file"; then - echo "Error cloning the repository" - rm "$tmp_file" 2>/dev/null - return 1 - fi - - # Check if a newer version exists - remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") - if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then - echo "The local script version is equal to or newer than the remote version." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Check the fingerprint - local_fingerprint=$(sed -n '4p' "$0") - remote_fingerprint=$(sed -n '4p' "$tmp_file") - - if [ "$local_fingerprint" != "$remote_fingerprint" ]; then - echo "The local and remote file fingerprints do not match." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Show the current and available versions to the user - echo "Current script version: $vers" - echo "Available script version: $remote_vers" - - # Ask the user if they want to update the script - read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer - - if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then - # Replace the local script with the updated version - cp "$tmp_file" "$script_name" - chmod +x "$script_name" - rm "$tmp_file" 2>/dev/null - - echo "Script successfully updated to version $remote_vers" - else - echo "Update canceled by the user" - fi - - rm "$tmp_file" 2>/dev/null -} - -# Check arguments number -if [ "$#" -lt 1 ]; then - help_usage - exit 0 -fi - -# Parse arguments -action=$1 -env=$2 -filetf=$3 -shift 2 -other=$@ - -if [ -n "$env" ]; then - # shellcheck source=/dev/null - source "./env/$env/backend.ini" - if [ -z "$(command -v az)" ]; then - echo "az not found, cannot proceed" - exit 1 - fi - az account set -s "${subscription}" -fi - -# Call appropriate function based on action -case $action in - clean) - clean_environment - ;; - ?|help|-h) - help_usage - ;; - init) - init_terraform "$other" - ;; - list) - list_env - ;; - output|state|taint|tflist) - init_terraform - state_output_taint_actions $other - ;; - summ) - init_terraform - tfsummary "$other" - ;; - tlock) - terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 - ;; - update) - update_script - ;; - *) - if [ "$FILE_ACTION" = true ]; then - extract_resources "$filetf" "$env" - else - init_terraform - other_actions "$other" - fi - ;; -esac diff --git a/src/domains/paymentoptions-common/00_data.tf b/src/domains/paymentoptions-common/00_data.tf deleted file mode 100644 index 453409f78e..0000000000 --- a/src/domains/paymentoptions-common/00_data.tf +++ /dev/null @@ -1,4 +0,0 @@ -data "azurerm_key_vault" "kv" { - name = "${local.project}-kv" - resource_group_name = "${local.project}-sec-rg" -} diff --git a/src/domains/paymentoptions-common/00_monitor.tf b/src/domains/paymentoptions-common/00_monitor.tf deleted file mode 100644 index 3be0e0c27b..0000000000 --- a/src/domains/paymentoptions-common/00_monitor.tf +++ /dev/null @@ -1,45 +0,0 @@ -# -# 🇮🇹 Monitor Italy -# -data "azurerm_resource_group" "monitor_italy_rg" { - name = var.monitor_italy_resource_group_name -} - -data "azurerm_log_analytics_workspace" "log_analytics_italy" { - name = var.log_analytics_italy_workspace_name - resource_group_name = var.log_analytics_italy_workspace_resource_group_name -} - -data "azurerm_application_insights" "application_insights_italy" { - name = local.monitor_appinsights_italy_name - resource_group_name = data.azurerm_resource_group.monitor_italy_rg.name -} - -# ### 🇪🇺 -# data "azurerm_resource_group" "monitor_rg" { -# name = var.monitor_resource_group_name -# } -# -# data "azurerm_log_analytics_workspace" "log_analytics" { -# name = var.log_analytics_workspace_name -# resource_group_name = var.log_analytics_workspace_resource_group_name -# } -# -# data "azurerm_application_insights" "application_insights" { -# name = local.monitor_appinsights_name -# resource_group_name = data.azurerm_resource_group.monitor_rg.name -# } - -# -# Action Groups -# -data "azurerm_monitor_action_group" "slack" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_slack_name -} - -data "azurerm_monitor_action_group" "email" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_email_name -} - diff --git a/src/domains/paymentoptions-common/00_network.tf b/src/domains/paymentoptions-common/00_network.tf deleted file mode 100644 index 73fad2990a..0000000000 --- a/src/domains/paymentoptions-common/00_network.tf +++ /dev/null @@ -1,37 +0,0 @@ -data "azurerm_virtual_network" "vnet_italy" { - name = local.vnet_italy_name - resource_group_name = local.vnet_italy_resource_group_name -} - -data "azurerm_resource_group" "rg_vnet_italy" { - name = local.vnet_italy_resource_group_name -} - -# -# Subnets -# -data "azurerm_subnet" "aks_subnet" { - name = local.aks_subnet_name - virtual_network_name = local.vnet_italy_name - resource_group_name = local.vnet_italy_resource_group_name -} - -# -# Private DNS Zones -# -data "azurerm_private_dns_zone" "internal" { - name = local.internal_dns_zone_name - resource_group_name = local.internal_dns_zone_resource_group_name -} - -# -# Eventhub -# -data "azurerm_private_dns_zone" "eventhub" { - name = "privatelink.servicebus.windows.net" - resource_group_name = local.msg_resource_group_name -} - -data "azurerm_resource_group" "rg_event_private_dns_zone" { - name = local.msg_resource_group_name -} diff --git a/src/domains/paymentoptions-common/01_network.tf b/src/domains/paymentoptions-common/01_network.tf deleted file mode 100644 index 202f24163e..0000000000 --- a/src/domains/paymentoptions-common/01_network.tf +++ /dev/null @@ -1,14 +0,0 @@ -resource "azurerm_private_dns_a_record" "ingress" { - name = local.ingress_hostname - zone_name = data.azurerm_private_dns_zone.internal.name - resource_group_name = local.internal_dns_zone_resource_group_name - ttl = 3600 - records = [var.ingress_load_balancer_ip] -} - -resource "azurerm_subnet" "eventhub_italy" { - name = "${local.project}-eventhub-snet" - resource_group_name = data.azurerm_resource_group.rg_vnet_italy.name - virtual_network_name = data.azurerm_virtual_network.vnet_italy.name - address_prefixes = var.cidr_paymentoptions_eventhub_italy -} diff --git a/src/domains/paymentoptions-common/99_locals.tf b/src/domains/paymentoptions-common/99_locals.tf deleted file mode 100644 index 7395fbe148..0000000000 --- a/src/domains/paymentoptions-common/99_locals.tf +++ /dev/null @@ -1,32 +0,0 @@ -locals { - product = "${var.prefix}-${var.env_short}" - project_short = "${var.prefix}-${var.env_short}-${var.domain}" - project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" - - project_core_itn = "${var.prefix}-${var.env_short}-${var.location_short}-core" - - monitor_appinsights_name = "${local.product}-appinsights" - monitor_appinsights_italy_name = "${local.project_core_itn}-appinsights" - monitor_action_group_slack_name = "SlackPagoPA" - monitor_action_group_email_name = "PagoPA" - - vnet_italy_name = "${local.product}-itn-vnet" - vnet_italy_resource_group_name = "${local.product}-itn-vnet-rg" - vnet_core_resource_group_name = "${local.product}-vnet-rg" - - aks_subnet_name = "${local.product}-${var.location_short}-${var.env}-user-aks" - - ingress_hostname = "${var.location_short}.${var.domain}" - - internal_dns_zone_name = "${var.dns_zone_internal_prefix}.${var.external_domain}" - internal_dns_zone_resource_group_name = "${local.product}-vnet-rg" - - azdo_managed_identity_rg_name = "pagopa-${var.env_short}-identity-rg" - azdo_iac_managed_identities = toset( - ["azdo-${var.env}-pagopa-iac-deploy", - "azdo-${var.env}-pagopa-iac-plan"] - ) - - msg_resource_group_name = "${local.product}-msg-rg" - eventhub_resource_group_name = "${local.project}-evh-rg" -} diff --git a/src/domains/paymentoptions-common/99_variables.tf b/src/domains/paymentoptions-common/99_variables.tf deleted file mode 100644 index d6d8bc2cc3..0000000000 --- a/src/domains/paymentoptions-common/99_variables.tf +++ /dev/null @@ -1,219 +0,0 @@ -### Features flags - -variable "is_feature_enabled" { - type = object({ - eventhub = bool - }) - default = { - eventhub = false - } -} - -# general -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) <= 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of wue, neu" - default = "itn" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -# -# CIRDs -# - -variable "cidr_paymentoptions_eventhub_italy" { - type = list(string) - description = "Address prefixes for all evh accounts in italy." -} - -### External resources - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} - -variable "log_analytics_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace." -} - -variable "log_analytics_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace is located in." -} - -variable "monitor_italy_resource_group_name" { - type = string - description = "Monitor Italy resource group name" -} - -variable "log_analytics_italy_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace Italy." -} - -variable "log_analytics_italy_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace Italy is located in." -} - -# DNS - -variable "dns_zone_prefix" { - type = string - default = null - description = "The wallet dns subdomain." -} - -variable "external_domain" { - type = string - default = null - description = "Domain for delegation" -} - -variable "dns_zone_platform" { - type = string - default = null - description = "The platform dns subdomain." -} - -variable "dns_zone_internal_prefix" { - type = string - default = null - description = "The dns subdomain." -} - -variable "ingress_load_balancer_ip" { - type = string -} - -# -# Eventhub -# - -variable "ehns_public_network_access" { - type = bool - description = "(Required) enables public network access to the event hubs" -} - -variable "ehns_private_endpoint_is_present" { - type = bool - description = "(Required) create private endpoint to the event hubs" -} - -variable "ehns_sku_name" { - type = string - description = "Defines which tier to use." -} - -variable "ehns_capacity" { - type = number - description = "Specifies the Capacity / Throughput Units for a Standard SKU namespace." -} - -variable "ehns_maximum_throughput_units" { - type = number - description = "Specifies the maximum number of throughput units when Auto Inflate is Enabled" -} - -variable "ehns_auto_inflate_enabled" { - type = bool - description = "Is Auto Inflate enabled for the EventHub Namespace?" -} - -variable "ehns_zone_redundant" { - type = bool - description = "Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones)." -} - -variable "ehns_alerts_enabled" { - type = bool - description = "Event hub alerts enabled?" -} - -variable "ehns_metric_alerts" { - default = {} - - description = </dev/null - echo "cleaned!" -} - -function download_tool() { - #default value - cpu_type="intel" - os_type=$(uname) - - # only on MacOS - if [ "$os_type" == "Darwin" ]; then - cpu_brand=$(sysctl -n machdep.cpu.brand_string) - if grep -q -i "intel" <<< "$cpu_brand"; then - cpu_type="intel" - else - cpu_type="arm" - fi - fi - - echo $cpu_type - tool=$1 - git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" - if ! command -v $tool &> /dev/null; then - if ! curl -sL "$git_repo" -o "$tool"; then - echo "Error downloading ${tool}" - return 1 - else - chmod +x $tool - echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. -You need to do it yourself!" - read -p "Press enter to continue" - - - fi - fi -} - -function extract_resources() { - TF_FILE=$1 - ENV=$2 - TARGETS="" - - # Check if the file exists - if [ ! -f "$TF_FILE" ]; then - echo "File $TF_FILE does not exist." - exit 1 - fi - - # Check if the directory exists - if [ ! -d "./env/$ENV" ]; then - echo "Directory ./env/$ENV does not exist." - exit 1 - fi - - TMP_FILE=$(mktemp) - grep -E '^resource|^module' $TF_FILE > $TMP_FILE - - while read -r line ; do - TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') - if [ "$TYPE" == "module" ]; then - NAME=$(echo $line | cut -d '"' -f 2) - TARGETS+=" -target=\"$TYPE.$NAME\"" - else - NAME1=$(echo $line | cut -d '"' -f 2) - NAME2=$(echo $line | cut -d '"' -f 4) - TARGETS+=" -target=\"$NAME1.$NAME2\"" - fi - done < $TMP_FILE - - rm $TMP_FILE - - echo "./terraform.sh $action $ENV $TARGETS" -} - -function help_usage() { - echo "terraform.sh Version ${vers}" - echo - echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" - echo "es. ACTION: init, apply, plan, etc." - echo "es. ENV: dev, uat, prod, etc." - echo - echo "Available actions:" - echo " clean Remove .terraform* folders and tfplan files" - echo " help This help" - echo " list List every environment available" - echo " update Update this script if possible" - echo " summ Generate summary of Terraform plan" - echo " tflist Generate an improved output of terraform state list" - echo " tlock Generate or update the dependency lock file" - echo " * any terraform option" -} - -function init_terraform() { - if [ -n "$env" ]; then - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - else - echo "ERROR: no env configured!" - exit 1 - fi -} - -function list_env() { - # Check if env directory exists - if [ ! -d "./env" ]; then - echo "No environment directory found" - exit 1 - fi - - # List subdirectories under env directory - env_list=$(ls -d ./env/*/ 2>/dev/null) - - # Check if there are any subdirectories - if [ -z "$env_list" ]; then - echo "No environments found" - exit 1 - fi - - # Print the list of environments - echo "Available environments:" - for env in $env_list; do - env_name=$(echo "$env" | sed 's#./env/##;s#/##') - echo "- $env_name" - done -} - -function other_actions() { - if [ -n "$env" ] && [ -n "$action" ]; then - terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other - else - echo "ERROR: no env or action configured!" - exit 1 - fi -} - -function state_output_taint_actions() { - if [ "$action" == "tflist" ]; then - # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, - # attempt to download the 'tflist' tool - if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then - download_tool "tflist" - if [ $? -ne 0 ]; then - echo "Error: Failed to download tflist!!" - exit 1 - else - echo "tflist downloaded!" - fi - fi - if command -v tflist &> /dev/null; then - terraform state list | tflist - else - terraform state list | ./tflist - fi - else - terraform $action $other - fi -} - - -function parse_tfplan_option() { - # Create an array to contain arguments that do not start with '-tfplan=' - local other_args=() - - # Loop over all arguments - for arg in "$@"; do - # If the argument starts with '-tfplan=', extract the file name - if [[ "$arg" =~ ^-tfplan= ]]; then - echo "${arg#*=}" - else - # If the argument does not start with '-tfplan=', add it to the other_args array - other_args+=("$arg") - fi - done - - # Print all arguments in other_args separated by spaces - echo "${other_args[@]}" -} - -function tfsummary() { - local plan_file - plan_file=$(parse_tfplan_option "$@") - if [ -z "$plan_file" ]; then - plan_file="tfplan" - fi - action="plan" - other="-out=${plan_file}" - other_actions - if [ -n "$(command -v tf-summarize)" ]; then - tf-summarize -tree "${plan_file}" - else - echo "tf-summarize is not installed" - fi - if [ "$plan_file" == "tfplan" ]; then - rm $plan_file - fi -} - -function update_script() { - # Check if the repository was cloned successfully - if ! curl -sL "$git_repo" -o "$tmp_file"; then - echo "Error cloning the repository" - rm "$tmp_file" 2>/dev/null - return 1 - fi - - # Check if a newer version exists - remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") - if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then - echo "The local script version is equal to or newer than the remote version." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Check the fingerprint - local_fingerprint=$(sed -n '4p' "$0") - remote_fingerprint=$(sed -n '4p' "$tmp_file") - - if [ "$local_fingerprint" != "$remote_fingerprint" ]; then - echo "The local and remote file fingerprints do not match." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Show the current and available versions to the user - echo "Current script version: $vers" - echo "Available script version: $remote_vers" - - # Ask the user if they want to update the script - read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer - - if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then - # Replace the local script with the updated version - cp "$tmp_file" "$script_name" - chmod +x "$script_name" - rm "$tmp_file" 2>/dev/null - - echo "Script successfully updated to version $remote_vers" - else - echo "Update canceled by the user" - fi - - rm "$tmp_file" 2>/dev/null -} - -# Check arguments number -if [ "$#" -lt 1 ]; then - help_usage - exit 0 -fi - -# Parse arguments -action=$1 -env=$2 -filetf=$3 -shift 2 -other=$@ - -if [ -n "$env" ]; then - # shellcheck source=/dev/null - source "./env/$env/backend.ini" - if [ -z "$(command -v az)" ]; then - echo "az not found, cannot proceed" - exit 1 - fi - az account set -s "${subscription}" -fi - -# Call appropriate function based on action -case $action in - clean) - clean_environment - ;; - ?|help|-h) - help_usage - ;; - init) - init_terraform "$other" - ;; - list) - list_env - ;; - output|state|taint|tflist) - init_terraform - state_output_taint_actions $other - ;; - summ) - init_terraform - tfsummary "$other" - ;; - tlock) - terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 - ;; - update) - update_script - ;; - *) - if [ "$FILE_ACTION" = true ]; then - extract_resources "$filetf" "$env" - else - init_terraform - other_actions "$other" - fi - ;; -esac diff --git a/src/domains/paymentoptions-secrets/00_azuread.tf b/src/domains/paymentoptions-secrets/00_azuread.tf deleted file mode 100644 index 14a0893a9f..0000000000 --- a/src/domains/paymentoptions-secrets/00_azuread.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Azure AD -data "azuread_group" "adgroup_admin" { - display_name = "${local.product}-adgroup-admin" -} - -data "azuread_group" "adgroup_developers" { - display_name = "${local.product}-adgroup-developers" -} - -data "azuread_group" "adgroup_externals" { - display_name = "${local.product}-adgroup-externals" -} - -data "azuread_group" "adgroup_security" { - display_name = "${local.product}-adgroup-security" -} \ No newline at end of file diff --git a/src/domains/paymentoptions-secrets/02_azdo.tf b/src/domains/paymentoptions-secrets/02_azdo.tf deleted file mode 100644 index 5683ffec89..0000000000 --- a/src/domains/paymentoptions-secrets/02_azdo.tf +++ /dev/null @@ -1,23 +0,0 @@ -# -# Policy -# - -data "azurerm_user_assigned_identity" "iac_federated_azdo" { - for_each = local.azdo_iac_managed_identities - name = each.key - resource_group_name = local.azdo_managed_identity_rg_name -} - -resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" { - for_each = local.azdo_iac_managed_identities - - key_vault_id = module.key_vault.id - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id - - secret_permissions = ["Get", "List", "Set", ] - - certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"] - - storage_permissions = [] -} diff --git a/src/domains/paymentoptions-secrets/02_init_sops.tf b/src/domains/paymentoptions-secrets/02_init_sops.tf deleted file mode 100644 index e93d0651a0..0000000000 --- a/src/domains/paymentoptions-secrets/02_init_sops.tf +++ /dev/null @@ -1,21 +0,0 @@ -moved { - from = azurerm_key_vault_key.generated - to = azurerm_key_vault_key.sops_key -} - -resource "azurerm_key_vault_key" "sops_key" { - name = "${local.product}-${var.domain}-sops-key" - key_vault_id = module.key_vault.id - key_type = "RSA" - key_size = 2048 - - key_opts = [ - "decrypt", - "encrypt", - ] - - depends_on = [ - azurerm_key_vault_access_policy.adgroup_developers_policy, - azurerm_key_vault_access_policy.ad_group_policy, - ] -} diff --git a/src/domains/paymentoptions-secrets/03_sops_secrets.tf b/src/domains/paymentoptions-secrets/03_sops_secrets.tf deleted file mode 100644 index aa759d304e..0000000000 --- a/src/domains/paymentoptions-secrets/03_sops_secrets.tf +++ /dev/null @@ -1,54 +0,0 @@ -moved { - from = data.external.external2 - to = data.external.terrasops -} - -data "external" "terrasops" { - program = [ - "bash", "terrasops.sh" - ] - query = { - env = "${var.location_short}-${var.env}" - } - -} - -locals { - all_enc_secrets_value = can(data.external.terrasops.result) ? flatten([ - for k, v in data.external.terrasops.result : { - valore = v - chiave = k - } - ]) : [] - - config_secret_data = jsondecode(file(var.input_file)) - all_config_secrets_value = flatten([ - for kc, vc in local.config_secret_data : { - valore = vc - chiave = kc - } - ]) - - all_secrets_value = concat(local.all_config_secrets_value, local.all_enc_secrets_value) -} - -## SOPS secrets - -## Upload all encrypted secrets -resource "azurerm_key_vault_secret" "secret" { - for_each = { for i, v in local.all_secrets_value : local.all_secrets_value[i].chiave => i } - - key_vault_id = module.key_vault.id - name = local.all_secrets_value[each.value].chiave - value = local.all_secrets_value[each.value].valore - - depends_on = [ - module.key_vault, - azurerm_key_vault_key.sops_key, - data.external.terrasops, - azurerm_key_vault_access_policy.adgroup_developers_policy, - azurerm_key_vault_access_policy.ad_group_policy, - ] -} - -# ⚠️ The secrets from resources are set in paymentoptions-app to avoid circular dependency diff --git a/src/domains/paymentoptions-secrets/99_locals.tf b/src/domains/paymentoptions-secrets/99_locals.tf deleted file mode 100644 index 084cb86f0c..0000000000 --- a/src/domains/paymentoptions-secrets/99_locals.tf +++ /dev/null @@ -1,11 +0,0 @@ -locals { - project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" - product = "${var.prefix}-${var.env_short}" - - - subscription_name = "${var.env}-${var.prefix}" - - azdo_managed_identity_rg_name = "pagopa-${var.env_short}-identity-rg" - azdo_iac_managed_identities = toset(["azdo-${var.env}-pagopa-iac-deploy", "azdo-${var.env}-pagopa-iac-plan"]) - -} diff --git a/src/domains/paymentoptions-secrets/99_variables.tf b/src/domains/paymentoptions-secrets/99_variables.tf deleted file mode 100644 index 3a7cff7fcf..0000000000 --- a/src/domains/paymentoptions-secrets/99_variables.tf +++ /dev/null @@ -1,101 +0,0 @@ -# general - -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) <= 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of weu, itn" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -### - -variable "input_file" { - type = string - description = "secret json file" -} - -variable "enable_iac_pipeline" { - type = bool - description = "If true create the key vault policy to allow used by azure devops iac pipelines." - default = false -} - - -variable "kv-key-permissions-read" { - type = list(string) - description = "List of read key permissions" - default = ["Get", "List"] -} - -variable "kv-secret-permissions-read" { - type = list(string) - description = "List of read secret permissions" - default = ["Get", "List"] -} - -variable "kv-certificate-permissions-read" { - type = list(string) - description = "List of read certificate permissions" - default = ["Get", "GetIssuers", "List", "ListIssuers"] -} - -variable "kv-storage-permissions-read" { - type = list(string) - description = "List of read storage permissions" - default = ["Get", "GetSAS", "List", "ListSAS"] -} diff --git a/src/domains/paymentoptions-secrets/README.md b/src/domains/paymentoptions-secrets/README.md deleted file mode 100644 index d167e6b2e7..0000000000 --- a/src/domains/paymentoptions-secrets/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# paymentoptions-secrets - - -## Requirements - -| Name | Version | -|------|---------| -| [azuread](#requirement\_azuread) | <= 2.47.0 | -| [azurerm](#requirement\_azurerm) | <= 3.106.0 | -| [external](#requirement\_external) | <= 2.2.3 | -| [kubernetes](#requirement\_kubernetes) | <= 2.16.1 | -| [null](#requirement\_null) | <= 3.2.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.22.0 | -| [letsencrypt\_paymentoptions](#module\_letsencrypt\_paymentoptions) | git::https://github.com/pagopa/terraform-azurerm-v3.git///letsencrypt_credential | v8.44.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_key_vault_access_policy.ad_group_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.adgroup_developers_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.adgroup_externals_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.azdevops_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.azdevops_iac_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_key.sops_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource | -| [azurerm_key_vault_secret.secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_service_principal.iac_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_user_assigned_identity.iac_federated_azdo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | -| [external_external.terrasops](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | -| [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | 
[
  "Get",
  "GetIssuers",
  "List",
  "ListIssuers"
]
| no | -| [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | 
[
  "Get",
  "List"
]
| no | -| [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | 
[
  "Get",
  "List"
]
| no | -| [kv-storage-permissions-read](#input\_kv-storage-permissions-read) | List of read storage permissions | `list(string)` | 
[
  "Get",
  "GetSAS",
  "List",
  "ListSAS"
]
| no | -| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | -| [location\_short](#input\_location\_short) | One of weu, itn | `string` | n/a | yes | -| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | - -## Outputs - -No outputs. - diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.ini b/src/domains/paymentoptions-secrets/env/itn-dev/backend.ini deleted file mode 100644 index f3ea2d530c..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-dev/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars b/src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars deleted file mode 100644 index 324e5f4b9d..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-dev/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfdevpagopa" -container_name = "terraform-state" -key = "paymentoptions-secret-dev.terraform.tfstate" diff --git a/src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars b/src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars deleted file mode 100644 index 4cb569abdb..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-dev/terraform.tfvars +++ /dev/null @@ -1,30 +0,0 @@ -prefix = "pagopa" -env_short = "d" -env = "dev" -domain = "payopt" -location = "italynorth" -location_short = "itn" -instance = "dev" - -tags = { - CreatedBy = "Terraform" - Environment = "Dev" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -input_file = "./secret/itn-dev/configs.json" - -enable_iac_pipeline = true - - - - - diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.ini b/src/domains/paymentoptions-secrets/env/itn-prod/backend.ini deleted file mode 100644 index 6318425346..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-prod/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-pagoPA diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars b/src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars deleted file mode 100644 index 9b18697702..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-prod/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodpagopa" -container_name = "terraform-state" -key = "paymentoptions-secret-prod.terraform.tfstate" diff --git a/src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars b/src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars deleted file mode 100644 index 4e852fe9cf..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-prod/terraform.tfvars +++ /dev/null @@ -1,30 +0,0 @@ -prefix = "pagopa" -env_short = "p" -env = "prod" -domain = "paymentoptns" -location = "payopt" -location_short = "itn" -instance = "prod" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -input_file = "./secret/itn-prod/configs.json" - -enable_iac_pipeline = true - - - - - diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.ini b/src/domains/paymentoptions-secrets/env/itn-uat/backend.ini deleted file mode 100644 index 1a014151dc..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-uat/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=UAT-pagoPA diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars b/src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars deleted file mode 100644 index 2f949683b5..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-uat/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfuatpagopa" -container_name = "terraform-state" -key = "paymentoptions-secret-uat.terraform.tfstate" diff --git a/src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars b/src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars deleted file mode 100644 index 170edb7557..0000000000 --- a/src/domains/paymentoptions-secrets/env/itn-uat/terraform.tfvars +++ /dev/null @@ -1,27 +0,0 @@ -prefix = "pagopa" -env_short = "u" -env = "uat" -domain = "payopt" -location = "italynorth" -location_short = "itn" -instance = "uat" - -tags = { - CreatedBy = "Terraform" - Environment = "Uat" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -input_file = "./secret/itn-uat/configs.json" - -enable_iac_pipeline = true - -force = "v1" diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json b/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json deleted file mode 100644 index 0967ef424b..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-dev/configs.json +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini deleted file mode 100644 index 067019d64d..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-dev/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-d-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-d-paymentoptions-sops-key" diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json b/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json deleted file mode 100644 index 2c63c08510..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-prod/configs.json +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini deleted file mode 100644 index a83c6d693e..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-prod/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-p-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-p-paymentoptions-sops-key" diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json b/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json deleted file mode 100644 index 2c63c08510..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-uat/configs.json +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini b/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini deleted file mode 100644 index e5b5471c37..0000000000 --- a/src/domains/paymentoptions-secrets/secret/itn-uat/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-u-itn-paymentoptions-kv" -kv_sops_key_name="pagopa-u-paymentoptions-sops-key" diff --git a/src/domains/paymentoptions-secrets/sops.sh b/src/domains/paymentoptions-secrets/sops.sh deleted file mode 100755 index 347b11d0ef..0000000000 --- a/src/domains/paymentoptions-secrets/sops.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -# set -x # Uncomment this line to enable debug mode - -# -# how to use `sh sops.sh` -# ℹ️ This script allows you to create a sops file with the relative azure key, -# it also allows you to edit the secrets and add them with the script. -# ℹ️ This script also uses an inventory file under the "./secret//secret.ini" -# directory to load environment variables. -# - -action=$1 -env=$2 -shift 2 -# shellcheck disable=SC2034 -other=( "$@" ) - -if [ -z "$action" ]; then - helpmessage=$(cat < -> decrypt json file in specified environment - example: ./sops.sh d itn-dev - example: ./sops.sh decrypt itn-dev - -./sops.sh s -> search in enc file in specified environment - example: ./sops.sh s itn-dev - example: ./sops.sh search itn-dev - -./sops.sh n -> create new file enc json template in specified environment - example: ./sops.sh n itn-dev - example: ./sops.sh new itn-dev - -./sops.sh a -> add new secret record to enc json in specified environment - example: ./sops.sh a itn-dev - example: ./sops.sh add itn-dev - -./sops.sh e -> edit enc json record in specified environment - example: ./sops.sh e itn-dev - example: ./sops.sh edit itn-dev - -./sops.sh f -> enc a json file in a specified environment - example: ./sops.sh f itn-dev - -EOF -) - echo "$helpmessage" - exit 0 -fi - -if [ -z "$env" ]; then - echo "env should be something like: itn-dev, itn-uat or itn-prod." - exit 0 -fi - -echo "🔨 Mandatory variables are correct" -file_crypted="" -kv_name="" -kv_sops_key_name="" - -# shellcheck disable=SC1090 -source "./secret/$env/secret.ini" - -echo "🔨 All variables loaded" - -# Check if kv_name and file_crypted variables are not empty -if [ -z "${kv_name}" ]; then - echo "❌ Error: kv_name variable is not defined correctly." - exit 1 -fi - -if [ -z "$file_crypted" ]; then - echo "❌ Error: file_crypted variable is not defined correctly." - exit 1 -fi - -encrypted_file_path="./secret/$env/$file_crypted" - -# Check if the key exists in the Key Vault -# shellcheck disable=SC2154 -kv_key_url=$(az keyvault key show --vault-name "$kv_name" --name "$kv_sops_key_name" --query "key.kid" -o tsv) -if [ -z "$kv_key_url" ]; then - echo "❌ The key does not exist." - exit 1 -fi -echo "[INFO] Key URL: $kv_key_url" - -echo "🔨 Key URL loaded correctly" - -if echo "d decrypt a add s search n new e edit f" | grep -w "$action" > /dev/null; then - case $action in - "d"|"decrypt") - sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path" - if [ $? -eq 1 ]; then - echo "❌ File $encrypted_file_path NOT encrypted" - exit 0 - fi - ;; - "s"|"search") - read -r -p 'key: ' key - sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path" | grep -i "$key" - ;; - "a"|"add") - read -r -p 'key: ' key - read -r -p 'value: ' value - sops -i --set '["'"$key"'"] "'"$value"'"' --azure-kv "$kv_key_url" "$encrypted_file_path" - echo "✅ Added key" - ;; - "n"|"new") - if [ -f "$encrypted_file_path" ]; then - echo "⚠️ file $encrypted_file_path already exists" - exit 0 - fi - echo "{}" > "$encrypted_file_path" - sops --encrypt -i --azure-kv "$kv_key_url" "$encrypted_file_path" - echo "✅ created new file for sops" - ;; - "e"|"edit") - if [ ! -f "$encrypted_file_path" ]; then - echo "⚠️ file $encrypted_file_path not found" - exit 1 - fi - - sops --azure-kv "$kv_key_url" "$encrypted_file_path" - echo "✅ edit file completed" - - ;; - "f") - read -r -p 'file: ' file - sops --encrypt --azure-kv "$kv_key_url" "./secret/$env/$file" > "$encrypted_file_path" - ;; - esac -else - echo "⚠️ Action not allowed." - exit 1 -fi diff --git a/src/domains/paymentoptions-secrets/terraform.sh b/src/domains/paymentoptions-secrets/terraform.sh deleted file mode 100755 index 047a7512d0..0000000000 --- a/src/domains/paymentoptions-secrets/terraform.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/bin/bash -############################################################ -# Terraform script for managing infrastructure on Azure -# Fingerprint: d2hhdHlvdXdhbnQ/Cg== -############################################################ -# Global variables -# Version format x.y accepted -vers="1.11" -script_name=$(basename "$0") -git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" -tmp_file="${script_name}.new" -# Check if the third parameter exists and is a file -if [ -n "$3" ] && [ -f "$3" ]; then - FILE_ACTION=true -else - FILE_ACTION=false -fi - -# Define functions -function clean_environment() { - rm -rf .terraform - rm tfplan 2>/dev/null - echo "cleaned!" -} - -function download_tool() { - #default value - cpu_type="intel" - os_type=$(uname) - - # only on MacOS - if [ "$os_type" == "Darwin" ]; then - cpu_brand=$(sysctl -n machdep.cpu.brand_string) - if grep -q -i "intel" <<< "$cpu_brand"; then - cpu_type="intel" - else - cpu_type="arm" - fi - fi - - echo $cpu_type - tool=$1 - git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" - if ! command -v $tool &> /dev/null; then - if ! curl -sL "$git_repo" -o "$tool"; then - echo "Error downloading ${tool}" - return 1 - else - chmod +x $tool - echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. -You need to do it yourself!" - read -p "Press enter to continue" - - - fi - fi -} - -function extract_resources() { - TF_FILE=$1 - ENV=$2 - TARGETS="" - - # Check if the file exists - if [ ! -f "$TF_FILE" ]; then - echo "File $TF_FILE does not exist." - exit 1 - fi - - # Check if the directory exists - if [ ! -d "./env/$ENV" ]; then - echo "Directory ./env/$ENV does not exist." - exit 1 - fi - - TMP_FILE=$(mktemp) - grep -E '^resource|^module' $TF_FILE > $TMP_FILE - - while read -r line ; do - TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') - if [ "$TYPE" == "module" ]; then - NAME=$(echo $line | cut -d '"' -f 2) - TARGETS+=" -target=\"$TYPE.$NAME\"" - else - NAME1=$(echo $line | cut -d '"' -f 2) - NAME2=$(echo $line | cut -d '"' -f 4) - TARGETS+=" -target=\"$NAME1.$NAME2\"" - fi - done < $TMP_FILE - - rm $TMP_FILE - - echo "./terraform.sh $action $ENV $TARGETS" -} - -function help_usage() { - echo "terraform.sh Version ${vers}" - echo - echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" - echo "es. ACTION: init, apply, plan, etc." - echo "es. ENV: dev, uat, prod, etc." - echo - echo "Available actions:" - echo " clean Remove .terraform* folders and tfplan files" - echo " help This help" - echo " list List every environment available" - echo " update Update this script if possible" - echo " summ Generate summary of Terraform plan" - echo " tflist Generate an improved output of terraform state list" - echo " tlock Generate or update the dependency lock file" - echo " * any terraform option" -} - -function init_terraform() { - if [ -n "$env" ]; then - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - else - echo "ERROR: no env configured!" - exit 1 - fi -} - -function list_env() { - # Check if env directory exists - if [ ! -d "./env" ]; then - echo "No environment directory found" - exit 1 - fi - - # List subdirectories under env directory - env_list=$(ls -d ./env/*/ 2>/dev/null) - - # Check if there are any subdirectories - if [ -z "$env_list" ]; then - echo "No environments found" - exit 1 - fi - - # Print the list of environments - echo "Available environments:" - for env in $env_list; do - env_name=$(echo "$env" | sed 's#./env/##;s#/##') - echo "- $env_name" - done -} - -function other_actions() { - if [ -n "$env" ] && [ -n "$action" ]; then - terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other - else - echo "ERROR: no env or action configured!" - exit 1 - fi -} - -function state_output_taint_actions() { - if [ "$action" == "tflist" ]; then - # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, - # attempt to download the 'tflist' tool - if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then - download_tool "tflist" - if [ $? -ne 0 ]; then - echo "Error: Failed to download tflist!!" - exit 1 - else - echo "tflist downloaded!" - fi - fi - if command -v tflist &> /dev/null; then - terraform state list | tflist - else - terraform state list | ./tflist - fi - else - terraform $action $other - fi -} - - -function parse_tfplan_option() { - # Create an array to contain arguments that do not start with '-tfplan=' - local other_args=() - - # Loop over all arguments - for arg in "$@"; do - # If the argument starts with '-tfplan=', extract the file name - if [[ "$arg" =~ ^-tfplan= ]]; then - echo "${arg#*=}" - else - # If the argument does not start with '-tfplan=', add it to the other_args array - other_args+=("$arg") - fi - done - - # Print all arguments in other_args separated by spaces - echo "${other_args[@]}" -} - -function tfsummary() { - local plan_file - plan_file=$(parse_tfplan_option "$@") - if [ -z "$plan_file" ]; then - plan_file="tfplan" - fi - action="plan" - other="-out=${plan_file}" - other_actions - if [ -n "$(command -v tf-summarize)" ]; then - tf-summarize -tree "${plan_file}" - else - echo "tf-summarize is not installed" - fi - if [ "$plan_file" == "tfplan" ]; then - rm $plan_file - fi -} - -function update_script() { - # Check if the repository was cloned successfully - if ! curl -sL "$git_repo" -o "$tmp_file"; then - echo "Error cloning the repository" - rm "$tmp_file" 2>/dev/null - return 1 - fi - - # Check if a newer version exists - remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") - if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then - echo "The local script version is equal to or newer than the remote version." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Check the fingerprint - local_fingerprint=$(sed -n '4p' "$0") - remote_fingerprint=$(sed -n '4p' "$tmp_file") - - if [ "$local_fingerprint" != "$remote_fingerprint" ]; then - echo "The local and remote file fingerprints do not match." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Show the current and available versions to the user - echo "Current script version: $vers" - echo "Available script version: $remote_vers" - - # Ask the user if they want to update the script - read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer - - if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then - # Replace the local script with the updated version - cp "$tmp_file" "$script_name" - chmod +x "$script_name" - rm "$tmp_file" 2>/dev/null - - echo "Script successfully updated to version $remote_vers" - else - echo "Update canceled by the user" - fi - - rm "$tmp_file" 2>/dev/null -} - -# Check arguments number -if [ "$#" -lt 1 ]; then - help_usage - exit 0 -fi - -# Parse arguments -action=$1 -env=$2 -filetf=$3 -shift 2 -other=$@ - -if [ -n "$env" ]; then - # shellcheck source=/dev/null - source "./env/$env/backend.ini" - if [ -z "$(command -v az)" ]; then - echo "az not found, cannot proceed" - exit 1 - fi - az account set -s "${subscription}" -fi - -# Call appropriate function based on action -case $action in - clean) - clean_environment - ;; - ?|help|-h) - help_usage - ;; - init) - init_terraform "$other" - ;; - list) - list_env - ;; - output|state|taint|tflist) - init_terraform - state_output_taint_actions $other - ;; - summ) - init_terraform - tfsummary "$other" - ;; - tlock) - terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 - ;; - update) - update_script - ;; - *) - if [ "$FILE_ACTION" = true ]; then - extract_resources "$filetf" "$env" - else - init_terraform - other_actions "$other" - fi - ;; -esac diff --git a/src/domains/paymentoptions-secrets/terrasops.sh b/src/domains/paymentoptions-secrets/terrasops.sh deleted file mode 100644 index 32be3bd04f..0000000000 --- a/src/domains/paymentoptions-secrets/terrasops.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# set -x # Uncomment this line to enable debug mode - -# -# ℹ️ This script is used by terraform, to decrypt all secrets on sops and export them to json. -# This way it can loop through them and use them to insert them inside the KV -# ⚠️ Do not add additional echos to the script in case of golden path, -# as the script only needs to return a json -# - -eval "$(jq -r '@sh "export terrasops_env=\(.env)"')" - -# shellcheck disable=SC1090 -source "./secret/$terrasops_env/secret.ini" -encrypted_file_path="./secret/$terrasops_env/$file_crypted" - -if [ -f "$encrypted_file_path" ]; then - # Load the values of azure_kv.vault_url and azure_kv.name from the JSON file - azure_kv_vault_url=$(jq -r '.sops.azure_kv[0].vault_url' "$encrypted_file_path") - azure_kv_name=$(jq -r '.sops.azure_kv[0].name' "$encrypted_file_path") - - if [ -z "$azure_kv_vault_url" ] || [ -z "$azure_kv_name" ]; then - echo "❌ Error: Unable to load the values of azure_kv.vault_url and azure_kv.name from the JSON file" >&2 - exit 1 - fi - sops -d --azure-kv "azure_kv_vault_url" "$encrypted_file_path" | jq -c -else - echo "{}" | jq -c -fi From 72653b29fa4e80c230a1a5b21ff44db6029511ca Mon Sep 17 00:00:00 2001 From: svariant Date: Mon, 2 Dec 2024 16:35:01 +0100 Subject: [PATCH 09/13] Revert "fix" This reverts commit 5988b96ea1267f8ff56eb1d1e430fc7c4d41cc53. --- src/aks-leonardo/.terraform.lock.hcl | 144 +++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 src/aks-leonardo/.terraform.lock.hcl diff --git a/src/aks-leonardo/.terraform.lock.hcl b/src/aks-leonardo/.terraform.lock.hcl new file mode 100644 index 0000000000..5fab8d9bde --- /dev/null +++ b/src/aks-leonardo/.terraform.lock.hcl @@ -0,0 +1,144 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/alekc/kubectl" { + version = "2.1.0" + constraints = "~> 2.0" + hashes = [ + "h1:fyE+ICPznpHaRAIT/GtIUdl7Z5MqBpXhnLH26+FlpT8=", + "zh:030d9aaaa251fb9f2b98640f343b1944a09924a3507340590552f5dfb037c1e2", + "zh:1a1672cd6a60d0a5296bd89d92b2113af9105ce933629c0195416013744db16f", + "zh:1cfc7bfbe6f145acd08fb52289f0fe4ed36f3a5e0d93f6b221e40236d164a5b2", + "zh:36e2620433b497f1538d84647e7041042bc43de9b3491febe5cb9ec0b47401b8", + "zh:5b301ff79f6b80869d6f5e54abdc63d7dde146af9b3c37340f7af922321cf316", + "zh:6f63ce78866dc3f5ea127825a70a11d53cb93f5dfa6187e8390592dd2f8857f9", + "zh:73e51fe86ec9263ab60507b3c811875074532613abf73154ab848fda181e078a", + "zh:8e65fe5b8465f25fadb4a7411981aeb307e2f482060b2642795fe371883efbb2", + "zh:91c07d9120687ba93f13af24f44cdf19d0c96429da90b384d10c4bf2bcf5725e", + "zh:c53cdefc0a25113e09bdf3c57a1c064d937b783fbcf9bb9228e9309d95294b9e", + "zh:c652849feab85900c881af20effaa26052bdadba5eaafefce9d09e15c8c6c32f", + "zh:c739f54428c0ad83f7031ae29d56c377026619912b814ba03ad37e92df558125", + "zh:d0cd843e29984889be06a61e0eebe6dccf669563f8130d1066f50552507db66f", + "zh:e9eb47fdda142d1f51cdd486ff46bf089a9c55ec93ac1c6d36d2e757ed217ee5", + ] +} + +provider "registry.terraform.io/hashicorp/azuread" { + version = "3.0.2" + constraints = "<= 3.0.2" + hashes = [ + "h1:HNrx7UJEDY5Kbx/r1LRQDWnziqvB6x3IU+pEA8Vq7dw=", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.116.0" + constraints = "~> 3.30, ~> 3.100, <= 3.116.0" + hashes = [ + "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", + ] +} + +provider "registry.terraform.io/hashicorp/external" { + version = "2.3.4" + constraints = "<= 2.3.4" + hashes = [ + "h1:U6W8rgrdmR2pZ2cicFoGOSQ4GXuIf/4EK7s0vTJN7is=", + "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb", + "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa", + "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0", + "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691", + "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb", + "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58", + "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f", + "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4", + "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202", + "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.16.0" + constraints = ">= 2.0.0, ~> 2.12, <= 2.16.0" + hashes = [ + "h1:uJs402IoDa/7+AnBQZC1txmO0jY4v9W1TMHAvRaCZkY=", + "zh:0fa970817bab7a8411ff443d51004dc2974c0ef4aad082a514f8b56559db3113", + "zh:333b9ac02fcbf9dcf4825dc1e4fc373ef4571b1dd00b79f5c8ea24e1c79992f0", + "zh:792e1e9c409dd76e3eabf3b0c0a6b5a3c3ef42adfc578f7899def46a81e994ef", + "zh:8eca4a52d43ca97d944a8c5d0f2ee60bcbefcb3ccee51d5620bde9047b8ea9c7", + "zh:90969e6a0f7127b0cb75c8790f63f4d050576ffe9bd722887a11d885430624cd", + "zh:a9d72fb106f16ab4f68c779a2c59124929cbc1cb0dbc47ed5ef380c6205f70bb", + "zh:c28bc1a2c0f8f11626baf905a888b2600663ba8dbb33ce4203efcafa16c77fc5", + "zh:c5d6c72a8c5513ff868209ceda9e6000723b02d21811d05909d26614784d4db6", + "zh:d105d40b1a217120332f65a93b24470d18e355868bfa99f0cdeeff5869cff9fb", + "zh:e6c78637c8c6081b8817f61658de8d0163b92157336ac3236cf183b5834f9487", + "zh:edef68729e4f263df3a6737fc73b14e1ee952b800d72d0c6f2cb524bc1ad7ec8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.33.0" + constraints = "~> 2.27, <= 2.33.0" + hashes = [ + "h1:44s6P+u1FUHyEclCAyko9UL+PB73rGp+REnCML3hyzg=", + "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", + "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", + "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", + "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", + "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", + "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", + "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", + "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", + "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", + "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", + "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.3" + constraints = "~> 3.2, <= 3.2.3" + hashes = [ + "h1:nKUqWEza6Lcv3xRlzeiRQrHtqvzX1BhIzjaOVXRYQXQ=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + ] +} From c67ba6eb8bb75ac288c8272cd0e4a88bc1b0f1f6 Mon Sep 17 00:00:00 2001 From: svariant Date: Mon, 2 Dec 2024 16:36:37 +0100 Subject: [PATCH 10/13] Revert "fix" This reverts commit 5988b96ea1267f8ff56eb1d1e430fc7c4d41cc53. --- src/aks-leonardo/.terraform.lock.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aks-leonardo/.terraform.lock.hcl b/src/aks-leonardo/.terraform.lock.hcl index 5fab8d9bde..7fba66cb2a 100644 --- a/src/aks-leonardo/.terraform.lock.hcl +++ b/src/aks-leonardo/.terraform.lock.hcl @@ -141,4 +141,4 @@ provider "registry.terraform.io/hashicorp/null" { "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", ] -} +} \ No newline at end of file From d51a34195fb53a70eebaa96db55878e846ee0cc3 Mon Sep 17 00:00:00 2001 From: svariant Date: Mon, 2 Dec 2024 16:39:29 +0100 Subject: [PATCH 11/13] Revert "fix" This reverts commit 5988b96ea1267f8ff56eb1d1e430fc7c4d41cc53. --- src/aks-leonardo/.terraform.lock.hcl | 228 +++++++++++++++------------ 1 file changed, 128 insertions(+), 100 deletions(-) diff --git a/src/aks-leonardo/.terraform.lock.hcl b/src/aks-leonardo/.terraform.lock.hcl index 7fba66cb2a..1e00c6e8a3 100644 --- a/src/aks-leonardo/.terraform.lock.hcl +++ b/src/aks-leonardo/.terraform.lock.hcl @@ -2,143 +2,171 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/alekc/kubectl" { - version = "2.1.0" + version = "2.1.3" constraints = "~> 2.0" hashes = [ - "h1:fyE+ICPznpHaRAIT/GtIUdl7Z5MqBpXhnLH26+FlpT8=", - "zh:030d9aaaa251fb9f2b98640f343b1944a09924a3507340590552f5dfb037c1e2", - "zh:1a1672cd6a60d0a5296bd89d92b2113af9105ce933629c0195416013744db16f", - "zh:1cfc7bfbe6f145acd08fb52289f0fe4ed36f3a5e0d93f6b221e40236d164a5b2", - "zh:36e2620433b497f1538d84647e7041042bc43de9b3491febe5cb9ec0b47401b8", - "zh:5b301ff79f6b80869d6f5e54abdc63d7dde146af9b3c37340f7af922321cf316", - "zh:6f63ce78866dc3f5ea127825a70a11d53cb93f5dfa6187e8390592dd2f8857f9", - "zh:73e51fe86ec9263ab60507b3c811875074532613abf73154ab848fda181e078a", - "zh:8e65fe5b8465f25fadb4a7411981aeb307e2f482060b2642795fe371883efbb2", - "zh:91c07d9120687ba93f13af24f44cdf19d0c96429da90b384d10c4bf2bcf5725e", - "zh:c53cdefc0a25113e09bdf3c57a1c064d937b783fbcf9bb9228e9309d95294b9e", - "zh:c652849feab85900c881af20effaa26052bdadba5eaafefce9d09e15c8c6c32f", - "zh:c739f54428c0ad83f7031ae29d56c377026619912b814ba03ad37e92df558125", - "zh:d0cd843e29984889be06a61e0eebe6dccf669563f8130d1066f50552507db66f", - "zh:e9eb47fdda142d1f51cdd486ff46bf089a9c55ec93ac1c6d36d2e757ed217ee5", + "h1:AymCb0DCWzmyLqn1qEhVs2pcFUZGT/kxPK+I/BObFH8=", + "h1:JlCnFOeGK8AkmA5eaW0qIWXKA1stD8Irij+cttcZLsk=", + "h1:LzkjMzVRQqwvbY+tF3b+Wxj9BDLZ6Qj9rpPKVppodDU=", + "h1:hImtuIg0fyXqKqi2ZPjESGsc/R1jls5VfSWtNyKRTMA=", + "h1:poWSAAtK4FI1x79C2OyLaNrvWUGTQdr1ZT58edDz+Rs=", + "zh:0e601ae36ebc32eb8c10aff4c48c1125e471fa09f5668465af7581c9057fa22c", + "zh:1773f08a412d1a5f89bac174fe1efdfd255ecdda92d31a2e31937e4abf843a2f", + "zh:1da2db1f940c5d34e31c2384c7bd7acba68725cc1d3ba6db0fec42efe80dbfb7", + "zh:20dc810fb09031bcfea4f276e1311e8286d8d55705f55433598418b7bcc76357", + "zh:326a01c86ba90f6c6eb121bacaabb85cfa9059d6587aea935a9bbb6d3d8e3f3f", + "zh:5a3737ea1e08421fe3e700dc833c6fd2c7b8c3f32f5444e844b3fe0c2352757b", + "zh:5f490acbd0348faefea273cb358db24e684cbdcac07c71002ee26b6cfd2c54a0", + "zh:777688cda955213ba637e2ac6b1994e438a5af4d127a34ecb9bb010a8254f8a8", + "zh:7acc32371053592f55ee0bcbbc2f696a8466415dea7f4bc5a6573f03953fc926", + "zh:81f0108e2efe5ae71e651a8826b61d0ce6918811ccfdc0e5b81b2cfb0f7f57fe", + "zh:88b785ea7185720cf40679cb8fa17e57b8b07fd6322cf2d4000b835282033d81", + "zh:89d833336b5cd027e671b46f9c5bc7d10c5109e95297639bbec8001da89aa2f7", + "zh:df108339a89d4372e5b13f77bd9d53c02a04362fb5d85e1d9b6b47292e30821c", + "zh:e8a2e3a5c50ca124e6014c361d72a9940d8e815f37ae2d1e9487ac77c3043013", ] } provider "registry.terraform.io/hashicorp/azuread" { - version = "3.0.2" - constraints = "<= 3.0.2" + version = "2.47.0" + constraints = "<= 2.47.0" hashes = [ - "h1:HNrx7UJEDY5Kbx/r1LRQDWnziqvB6x3IU+pEA8Vq7dw=", - "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", + "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=", + "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", + "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", - "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", - "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", - "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", - "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", - "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", - "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", - "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", - "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", - "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.116.0" - constraints = "~> 3.30, ~> 3.100, <= 3.116.0" + version = "3.110.0" + constraints = "~> 3.30, ~> 3.105, <= 3.110.0" hashes = [ - "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", - "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", - "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", - "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", - "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", - "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", - "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", - "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", - "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", - "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", - "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", + "h1:4QrrAcbVTUzX2xQIywvAZeM+lrCgcFbFGoADvTAXdhk=", + "h1:EY+IRabj+4NJ3tqB4kVg7dTjoTdwOMHUhIvIoddgRTI=", + "h1:ice1q9zU8gIFSpCvuO7NBvod/zV5FPoZHhaHvXlETss=", + "h1:sxJe/N9/r+UDNQmRMKRRbJN9N1zpijux3iCJYwWs20A=", + "h1:uxeKsqfI9LjvYkcMCiFwlDpQzZvrB83pVJIoG9s4t54=", + "zh:1a1fe9e1a4c08453f249352d135349f7a06f2973dbb839375c7b802523a87351", + "zh:25a9ddeb9b0e1d974aa45ecd67e3f7b8ee333565f0fd99e02b588acf55c46664", + "zh:3ef3f6ed554348b10a645342110baa7d5a4932857e66f20b2b258f9c1af57b0b", + "zh:443e05f7510de0992d7fd4912d2aa3ef477cf186e7c2796bbb699ea12e531b86", + "zh:815444b71a70e79a2c96995bb1970a860d9ce160e11d07c7e61dd284f9b9de8e", + "zh:839d6bc2344e64f0ae8c39c2fd76bedd86c96c3ea22d827492f797b114cb761a", + "zh:922ec196b32c2fe8cff13a58ebfd75929f3a500cf8730aa80d72e0074f00b7cd", + "zh:a818559d9d389b0d6d27bc2c9cea7b97c27451bd9a49f4e86d2221613b459e09", + "zh:e90979a9f2574a368c5857a19bbfa43718cfd4ba12cc3dff9f7ce8f782160d1b", + "zh:f1321caa0a77e7ffb68384b3e35d285fa0fa6c2a8202d2a37d8c321367060ac7", + "zh:f3ae86bf1cb82923595d389db220fd2039cb5fd3720d754abd5c06b6c705ac2c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", ] } provider "registry.terraform.io/hashicorp/external" { - version = "2.3.4" - constraints = "<= 2.3.4" + version = "2.3.3" + constraints = "<= 2.3.3" hashes = [ - "h1:U6W8rgrdmR2pZ2cicFoGOSQ4GXuIf/4EK7s0vTJN7is=", - "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb", - "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa", - "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0", - "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691", - "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb", - "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace", + "h1:/x65slrvO8YG5MKxE2DaU5udEbUxBu3BgEiO7EEM9bQ=", + "h1:H+3QlVPs/7CDa3I4KU/a23wYeGeJxeBlgvR7bfK1t1w=", + "h1:Qi72kOSrEYgEt5itloFhDfmiFZ7wnRy3+F74XsRuUOw=", + "h1:Up2xaIhiNYomK8Lhe29U2FcojpbRWZYDtSeS03OhI94=", + "h1:gShzO1rJtADK9tDZMvMgjciVAzsBh39LNjtThCwX1Hg=", + "zh:03d81462f9578ec91ce8e26f887e34151eda0e100f57e9772dbea86363588239", + "zh:37ec2a20f6a3ec3a0fd95d3f3de26da6cb9534b30488bc45723e118a0911c0d8", + "zh:4eb5b119179539f2749ce9de0e1b9629d025990f062f4f4dddc161562bb89d37", + "zh:5a31bb58414f41bee5e09b939012df5b88654120b0238a89dfd6691ba197619a", + "zh:6221a05e52a6a2d4f520ffe7cbc741f4f6080e0855061b0ed54e8be4a84eb9b7", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58", - "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f", - "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4", - "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202", - "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e", + "zh:8bb068496b4679bef625e4710d9f3432e301c3a56602271f04e60eadf7f8a94c", + "zh:94742aa5378bab626ce34f79bcef6a373e4f86ea7a8b762e9f71270a899e0d00", + "zh:a485831b5a525cd8f40e8982fa37da40ff70b1ae092c8b755fcde123f0b1238d", + "zh:a647ff16d071eabcabd87ea8183eb90a775a0294ddd735d742075d62fff09193", + "zh:b74710c5954aaa3faf262c18d36a8c2407862d9f842c63e7fa92fa4de3d29df6", + "zh:fa73d83edc92af2e551857594c2232ba6a9e3603ad34b0a5940865202c08d8d7", ] } provider "registry.terraform.io/hashicorp/helm" { - version = "2.16.0" - constraints = ">= 2.0.0, ~> 2.12, <= 2.16.0" + version = "2.12.1" + constraints = ">= 2.0.0, ~> 2.12, <= 2.12.1" hashes = [ - "h1:uJs402IoDa/7+AnBQZC1txmO0jY4v9W1TMHAvRaCZkY=", - "zh:0fa970817bab7a8411ff443d51004dc2974c0ef4aad082a514f8b56559db3113", - "zh:333b9ac02fcbf9dcf4825dc1e4fc373ef4571b1dd00b79f5c8ea24e1c79992f0", - "zh:792e1e9c409dd76e3eabf3b0c0a6b5a3c3ef42adfc578f7899def46a81e994ef", - "zh:8eca4a52d43ca97d944a8c5d0f2ee60bcbefcb3ccee51d5620bde9047b8ea9c7", - "zh:90969e6a0f7127b0cb75c8790f63f4d050576ffe9bd722887a11d885430624cd", - "zh:a9d72fb106f16ab4f68c779a2c59124929cbc1cb0dbc47ed5ef380c6205f70bb", - "zh:c28bc1a2c0f8f11626baf905a888b2600663ba8dbb33ce4203efcafa16c77fc5", - "zh:c5d6c72a8c5513ff868209ceda9e6000723b02d21811d05909d26614784d4db6", - "zh:d105d40b1a217120332f65a93b24470d18e355868bfa99f0cdeeff5869cff9fb", - "zh:e6c78637c8c6081b8817f61658de8d0163b92157336ac3236cf183b5834f9487", - "zh:edef68729e4f263df3a6737fc73b14e1ee952b800d72d0c6f2cb524bc1ad7ec8", + "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", + "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", + "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=", + "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.33.0" - constraints = "~> 2.27, <= 2.33.0" + version = "2.27.0" + constraints = "~> 2.27, <= 2.27.0" hashes = [ - "h1:44s6P+u1FUHyEclCAyko9UL+PB73rGp+REnCML3hyzg=", - "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", - "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", - "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", - "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", - "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", - "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", - "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", - "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", - "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", - "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", - "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", + "h1:/3kLyOR2jTaWS1MKso4xAztrocGBMxi8yVadWiqSWOg=", + "h1:GzU0FzYAT/+IgAhnSBcFH3bT+4I5N6oSga6iZgNJAus=", + "h1:TrlG/sofnDv8kAbzKOD5pIPeUiI5VQY61NuWH+cItDw=", + "h1:WuU4rl7szPJr9Nfu5OoQGF84k8yQf+gmS9zU2eZuxcc=", + "h1:w9ENsSqT/3Oj/yt4GcudG202ehSD2Ls5gwqOLoKrBUQ=", + "zh:3bdba30ae67c55dc7e9a317ac0da3b208ea7926fe9c2f0ae6587ee88dcc58d1f", + "zh:3f35138a831c00b188d2ffee27111dd0cf59afad2dd5653ed9e67d59646de12c", + "zh:64066d18f6ae9a316c2bc840ef3e641d7ab94e1ea3a41d12523e77345ad442ef", + "zh:653063d44b44881af3a480f7f8eaa94fa300e0229df2072d30f606bddcc9f025", + "zh:87f306e37efb61d13efa6da53a1e45e97e5996ebc0568b1caf8c3c5e54c05809", + "zh:8c428b9708f9634391e52300218771eab3fe942bb1295d8c0ad50ca4b33db3d9", + "zh:a44e87119a0337ded15479851786a13f412b413d9a463ba550d1210249206b0f", + "zh:aa2c4d110b0de6ef997c0d45f3f23f8a98f5530753095d6eff439a6d91a8ea31", + "zh:eb15ed8781ac6a0dec2f7d03cf090e23cfa05e3225806c6231ff2c574662fd63", + "zh:eb81c563f93bd3303f9620d11cd49f21f3f89ac3475c6d3e821b239feb9c217d", + "zh:f1a344a7f16131123577e4ec994d04a34ea458ec16c1ccac53fe7946bd817b18", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.3" - constraints = "~> 3.2, <= 3.2.3" + version = "3.2.2" + constraints = "~> 3.2, <= 3.2.2" hashes = [ - "h1:nKUqWEza6Lcv3xRlzeiRQrHtqvzX1BhIzjaOVXRYQXQ=", - "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", - "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", - "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", - "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", - "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "h1:Gef5VGfobY5uokA5nV/zFvWeMNR2Pmq79DH94QnNZPM=", + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=", + "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=", + "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", - "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", - "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", - "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", - "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", - "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", ] } \ No newline at end of file From 33323da63aa05f8cd8475395c14209d2bd4e99d4 Mon Sep 17 00:00:00 2001 From: svariant Date: Mon, 2 Dec 2024 16:42:40 +0100 Subject: [PATCH 12/13] [PPANTT-190] Revert payopt merge --- src/copy/payopt-app/.terraform.lock.hcl | 102 ++++ src/copy/payopt-app/00_alerts.tf | 72 +++ src/copy/payopt-app/00_data.tf | 43 ++ src/copy/payopt-app/00_keyvault.tf | 10 + src/copy/payopt-app/00_monitor.tf | 35 ++ src/copy/payopt-app/00_network.tf | 15 + src/copy/payopt-app/01_network.tf | 9 + src/copy/payopt-app/02_namespace.tf | 39 ++ .../03_serviceaccounts_azure_devops.tf | 67 +++ .../payopt-app/04_apim_payment_options.tf | 25 + .../04_apim_payment_options_mock.tf | 74 +++ .../payopt-app/05_aks_middleware_tools.tf | 55 +++ src/copy/payopt-app/05_subkey.tf | 30 ++ src/copy/payopt-app/06_keyvault.tf | 81 ++++ src/copy/payopt-app/07_gh_runner.tf | 43 ++ src/copy/payopt-app/90_pdb.tf | 15 + src/copy/payopt-app/99_locals.tf | 43 ++ src/copy/payopt-app/99_main.tf | 54 +++ src/copy/payopt-app/99_variables.tf | 160 +++++++ src/copy/payopt-app/README.md | 109 +++++ .../api/payment-options-mock/_base_policy.xml | 14 + .../_get_payment_options_policy.xml | 444 ++++++++++++++++++ .../payment-options-mock/_openapi.json.tpl | 99 ++++ .../payopt-app/api_product/_base_policy.xml | 14 + src/copy/payopt-app/env/itn-dev/backend.ini | 1 + .../payopt-app/env/itn-dev/backend.tfvars | 4 + .../payopt-app/env/itn-dev/terraform.tfvars | 39 ++ src/copy/payopt-app/env/itn-prod/backend.ini | 1 + .../payopt-app/env/itn-prod/backend.tfvars | 4 + .../payopt-app/env/itn-prod/terraform.tfvars | 48 ++ src/copy/payopt-app/env/itn-uat/backend.ini | 1 + .../payopt-app/env/itn-uat/backend.tfvars | 4 + .../payopt-app/env/itn-uat/terraform.tfvars | 39 ++ .../payopt-app/helm/cert-mounter.yaml.tpl | 13 + src/copy/payopt-app/terraform.sh | 324 +++++++++++++ src/copy/payopt-common/.terraform.lock.hcl | 62 +++ src/copy/payopt-common/00_data.tf | 4 + src/copy/payopt-common/00_monitor.tf | 45 ++ src/copy/payopt-common/00_network.tf | 37 ++ src/copy/payopt-common/01_network.tf | 14 + src/copy/payopt-common/03_eventhub.tf | 86 ++++ src/copy/payopt-common/10_github_identity.tf | 218 +++++++++ src/copy/payopt-common/99_locals.tf | 32 ++ src/copy/payopt-common/99_main.tf | 36 ++ src/copy/payopt-common/99_variables.tf | 219 +++++++++ src/copy/payopt-common/README.md | 90 ++++ .../payopt-common/env/itn-dev/backend.ini | 1 + .../payopt-common/env/itn-dev/backend.tfvars | 4 + .../env/itn-dev/terraform.tfvars | 106 +++++ .../payopt-common/env/itn-prod/backend.ini | 1 + .../payopt-common/env/itn-prod/backend.tfvars | 4 + .../env/itn-prod/terraform.tfvars | 106 +++++ .../payopt-common/env/itn-uat/backend.ini | 1 + .../payopt-common/env/itn-uat/backend.tfvars | 4 + .../env/itn-uat/terraform.tfvars | 106 +++++ src/copy/payopt-common/terraform.sh | 324 +++++++++++++ src/copy/payopt-secrets/.terraform.lock.hcl | 102 ++++ src/copy/payopt-secrets/00_azuread.tf | 16 + src/copy/payopt-secrets/01_keyvault.tf | 101 ++++ src/copy/payopt-secrets/02_azdo.tf | 23 + src/copy/payopt-secrets/02_init_sops.tf | 21 + src/copy/payopt-secrets/03_sops_secrets.tf | 54 +++ src/copy/payopt-secrets/99_locals.tf | 11 + src/copy/payopt-secrets/99_main.tf | 48 ++ src/copy/payopt-secrets/99_variables.tf | 101 ++++ src/copy/payopt-secrets/README.md | 65 +++ .../payopt-secrets/env/itn-dev/backend.ini | 1 + .../payopt-secrets/env/itn-dev/backend.tfvars | 4 + .../env/itn-dev/terraform.tfvars | 30 ++ .../payopt-secrets/env/itn-prod/backend.ini | 1 + .../env/itn-prod/backend.tfvars | 4 + .../env/itn-prod/terraform.tfvars | 30 ++ .../payopt-secrets/env/itn-uat/backend.ini | 1 + .../payopt-secrets/env/itn-uat/backend.tfvars | 4 + .../env/itn-uat/terraform.tfvars | 27 ++ .../secret/itn-dev/configs.json | 1 + .../secret/itn-dev/noedit_secret_enc.json | 22 + .../payopt-secrets/secret/itn-dev/secret.ini | 3 + .../secret/itn-prod/configs.json | 1 + .../payopt-secrets/secret/itn-prod/secret.ini | 3 + .../secret/itn-uat/configs.json | 1 + .../secret/itn-uat/noedit_secret_enc.json | 22 + .../payopt-secrets/secret/itn-uat/secret.ini | 3 + src/copy/payopt-secrets/sops.sh | 137 ++++++ src/copy/payopt-secrets/terraform.sh | 324 +++++++++++++ src/copy/payopt-secrets/terrasops.sh | 29 ++ src/domains/payopt-app/00_keyvault.tf | 1 + src/domains/payopt-app/05_subkey.tf | 22 +- src/domains/payopt-app/90_pdb.tf | 2 +- src/domains/payopt-app/99_locals.tf | 4 + src/domains/payopt-app/99_variables.tf | 12 + .../payopt-app/env/itn-dev/backend.tfvars | 2 +- .../payopt-app/env/itn-dev/terraform.tfvars | 11 +- .../payopt-app/env/itn-prod/backend.tfvars | 2 +- .../payopt-app/env/itn-prod/terraform.tfvars | 15 +- .../payopt-app/env/itn-uat/terraform.tfvars | 11 +- src/domains/payopt-common/00_network.tf | 8 + src/domains/payopt-common/01_network.tf | 7 + src/domains/payopt-common/99_locals.tf | 2 +- src/domains/payopt-common/99_main.tf | 8 +- src/domains/payopt-common/99_variables.tf | 94 ++++ .../payopt-common/env/itn-dev/backend.tfvars | 2 +- .../payopt-common/env/itn-prod/backend.tfvars | 2 +- .../payopt-common/env/itn-uat/backend.tfvars | 2 +- src/domains/payopt-secrets/99_main.tf | 14 +- .../payopt-secrets/env/itn-dev/backend.tfvars | 2 +- .../env/itn-dev/terraform.tfvars | 7 +- .../env/itn-prod/backend.tfvars | 2 +- .../env/itn-prod/terraform.tfvars | 15 +- .../payopt-secrets/env/itn-uat/backend.tfvars | 2 +- .../env/itn-uat/terraform.tfvars | 12 +- 111 files changed, 5022 insertions(+), 59 deletions(-) create mode 100644 src/copy/payopt-app/.terraform.lock.hcl create mode 100644 src/copy/payopt-app/00_alerts.tf create mode 100644 src/copy/payopt-app/00_data.tf create mode 100644 src/copy/payopt-app/00_keyvault.tf create mode 100644 src/copy/payopt-app/00_monitor.tf create mode 100644 src/copy/payopt-app/00_network.tf create mode 100644 src/copy/payopt-app/01_network.tf create mode 100644 src/copy/payopt-app/02_namespace.tf create mode 100644 src/copy/payopt-app/03_serviceaccounts_azure_devops.tf create mode 100644 src/copy/payopt-app/04_apim_payment_options.tf create mode 100644 src/copy/payopt-app/04_apim_payment_options_mock.tf create mode 100644 src/copy/payopt-app/05_aks_middleware_tools.tf create mode 100644 src/copy/payopt-app/05_subkey.tf create mode 100644 src/copy/payopt-app/06_keyvault.tf create mode 100644 src/copy/payopt-app/07_gh_runner.tf create mode 100644 src/copy/payopt-app/90_pdb.tf create mode 100644 src/copy/payopt-app/99_locals.tf create mode 100644 src/copy/payopt-app/99_main.tf create mode 100644 src/copy/payopt-app/99_variables.tf create mode 100644 src/copy/payopt-app/README.md create mode 100644 src/copy/payopt-app/api/payment-options-mock/_base_policy.xml create mode 100644 src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml create mode 100644 src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl create mode 100644 src/copy/payopt-app/api_product/_base_policy.xml create mode 100644 src/copy/payopt-app/env/itn-dev/backend.ini create mode 100644 src/copy/payopt-app/env/itn-dev/backend.tfvars create mode 100644 src/copy/payopt-app/env/itn-dev/terraform.tfvars create mode 100644 src/copy/payopt-app/env/itn-prod/backend.ini create mode 100644 src/copy/payopt-app/env/itn-prod/backend.tfvars create mode 100644 src/copy/payopt-app/env/itn-prod/terraform.tfvars create mode 100644 src/copy/payopt-app/env/itn-uat/backend.ini create mode 100644 src/copy/payopt-app/env/itn-uat/backend.tfvars create mode 100644 src/copy/payopt-app/env/itn-uat/terraform.tfvars create mode 100644 src/copy/payopt-app/helm/cert-mounter.yaml.tpl create mode 100755 src/copy/payopt-app/terraform.sh create mode 100644 src/copy/payopt-common/.terraform.lock.hcl create mode 100644 src/copy/payopt-common/00_data.tf create mode 100644 src/copy/payopt-common/00_monitor.tf create mode 100644 src/copy/payopt-common/00_network.tf create mode 100644 src/copy/payopt-common/01_network.tf create mode 100644 src/copy/payopt-common/03_eventhub.tf create mode 100644 src/copy/payopt-common/10_github_identity.tf create mode 100644 src/copy/payopt-common/99_locals.tf create mode 100644 src/copy/payopt-common/99_main.tf create mode 100644 src/copy/payopt-common/99_variables.tf create mode 100644 src/copy/payopt-common/README.md create mode 100644 src/copy/payopt-common/env/itn-dev/backend.ini create mode 100644 src/copy/payopt-common/env/itn-dev/backend.tfvars create mode 100644 src/copy/payopt-common/env/itn-dev/terraform.tfvars create mode 100644 src/copy/payopt-common/env/itn-prod/backend.ini create mode 100644 src/copy/payopt-common/env/itn-prod/backend.tfvars create mode 100644 src/copy/payopt-common/env/itn-prod/terraform.tfvars create mode 100644 src/copy/payopt-common/env/itn-uat/backend.ini create mode 100644 src/copy/payopt-common/env/itn-uat/backend.tfvars create mode 100644 src/copy/payopt-common/env/itn-uat/terraform.tfvars create mode 100755 src/copy/payopt-common/terraform.sh create mode 100644 src/copy/payopt-secrets/.terraform.lock.hcl create mode 100644 src/copy/payopt-secrets/00_azuread.tf create mode 100644 src/copy/payopt-secrets/01_keyvault.tf create mode 100644 src/copy/payopt-secrets/02_azdo.tf create mode 100644 src/copy/payopt-secrets/02_init_sops.tf create mode 100644 src/copy/payopt-secrets/03_sops_secrets.tf create mode 100644 src/copy/payopt-secrets/99_locals.tf create mode 100644 src/copy/payopt-secrets/99_main.tf create mode 100644 src/copy/payopt-secrets/99_variables.tf create mode 100644 src/copy/payopt-secrets/README.md create mode 100644 src/copy/payopt-secrets/env/itn-dev/backend.ini create mode 100644 src/copy/payopt-secrets/env/itn-dev/backend.tfvars create mode 100644 src/copy/payopt-secrets/env/itn-dev/terraform.tfvars create mode 100644 src/copy/payopt-secrets/env/itn-prod/backend.ini create mode 100644 src/copy/payopt-secrets/env/itn-prod/backend.tfvars create mode 100644 src/copy/payopt-secrets/env/itn-prod/terraform.tfvars create mode 100644 src/copy/payopt-secrets/env/itn-uat/backend.ini create mode 100644 src/copy/payopt-secrets/env/itn-uat/backend.tfvars create mode 100644 src/copy/payopt-secrets/env/itn-uat/terraform.tfvars create mode 100644 src/copy/payopt-secrets/secret/itn-dev/configs.json create mode 100644 src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json create mode 100644 src/copy/payopt-secrets/secret/itn-dev/secret.ini create mode 100644 src/copy/payopt-secrets/secret/itn-prod/configs.json create mode 100644 src/copy/payopt-secrets/secret/itn-prod/secret.ini create mode 100644 src/copy/payopt-secrets/secret/itn-uat/configs.json create mode 100644 src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json create mode 100644 src/copy/payopt-secrets/secret/itn-uat/secret.ini create mode 100755 src/copy/payopt-secrets/sops.sh create mode 100755 src/copy/payopt-secrets/terraform.sh create mode 100644 src/copy/payopt-secrets/terrasops.sh diff --git a/src/copy/payopt-app/.terraform.lock.hcl b/src/copy/payopt-app/.terraform.lock.hcl new file mode 100644 index 0000000000..5ff319e7d6 --- /dev/null +++ b/src/copy/payopt-app/.terraform.lock.hcl @@ -0,0 +1,102 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "3.0.2" + constraints = "<= 3.0.2" + hashes = [ + "h1:yQqvUtgtrYKGpIygdM8P6N+pvMWJJWIsVdPow29VE20=", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.116.0" + constraints = "~> 3.30, ~> 3.110, ~> 3.116.0, <= 3.116.0" + hashes = [ + "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", + ] +} + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.16.0" + constraints = "~> 2.12, <= 2.16.0" + hashes = [ + "h1:zk+1yjCh9RKDsugek6X2JXtLywtdIeS1DeOLjzypU70=", + "zh:0fa970817bab7a8411ff443d51004dc2974c0ef4aad082a514f8b56559db3113", + "zh:333b9ac02fcbf9dcf4825dc1e4fc373ef4571b1dd00b79f5c8ea24e1c79992f0", + "zh:792e1e9c409dd76e3eabf3b0c0a6b5a3c3ef42adfc578f7899def46a81e994ef", + "zh:8eca4a52d43ca97d944a8c5d0f2ee60bcbefcb3ccee51d5620bde9047b8ea9c7", + "zh:90969e6a0f7127b0cb75c8790f63f4d050576ffe9bd722887a11d885430624cd", + "zh:a9d72fb106f16ab4f68c779a2c59124929cbc1cb0dbc47ed5ef380c6205f70bb", + "zh:c28bc1a2c0f8f11626baf905a888b2600663ba8dbb33ce4203efcafa16c77fc5", + "zh:c5d6c72a8c5513ff868209ceda9e6000723b02d21811d05909d26614784d4db6", + "zh:d105d40b1a217120332f65a93b24470d18e355868bfa99f0cdeeff5869cff9fb", + "zh:e6c78637c8c6081b8817f61658de8d0163b92157336ac3236cf183b5834f9487", + "zh:edef68729e4f263df3a6737fc73b14e1ee952b800d72d0c6f2cb524bc1ad7ec8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.33.0" + constraints = "~> 2.27, ~> 2.30, <= 2.33.0" + hashes = [ + "h1:HDyytvOlqNw5fJ0SB/nzgqCWniK4LAZNx23LaPavQq8=", + "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", + "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", + "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", + "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", + "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", + "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", + "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", + "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", + "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", + "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", + "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.3" + constraints = "~> 3.2, <= 3.2.3" + hashes = [ + "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", + ] +} diff --git a/src/copy/payopt-app/00_alerts.tf b/src/copy/payopt-app/00_alerts.tf new file mode 100644 index 0000000000..f6c5b8f409 --- /dev/null +++ b/src/copy/payopt-app/00_alerts.tf @@ -0,0 +1,72 @@ +## Print Notice Service ## + +resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-payment-options-service-responsetime-upd" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-pagopa-print-payment-notice-service-rest-responsetime @ _payment-options-service" + location = var.location + + action { + action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim.id + description = "Response time for /payment-options is less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-payment-options" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/payment-options" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-payment-options-rest-availability-upd" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-pagopa-payment-options-rest-availability @ _print-payment-options" + location = var.location + + action { + action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim.id + description = "Availability for /payment-options is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-payment-options" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/payment-options'" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + diff --git a/src/copy/payopt-app/00_data.tf b/src/copy/payopt-app/00_data.tf new file mode 100644 index 0000000000..ba3c5868cb --- /dev/null +++ b/src/copy/payopt-app/00_data.tf @@ -0,0 +1,43 @@ +### EVH +data "azurerm_eventhub_authorization_rule" "payment_options_re_authorization_rule_writer" { + name = "${local.project}-payment-options-re-tx" + resource_group_name = "${local.project}-evh-rg" + eventhub_name = "pagopa-payopt-evh" + namespace_name = "${local.project}-evh" +} + +data "azurerm_eventhub_authorization_rule" "pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_cache_sync_reader" { + name = "nodo-dei-pagamenti-cache-sync-rx" + namespace_name = "${local.product}-${local.evt_hub_location}-evh-ns04" + eventhub_name = "nodo-dei-pagamenti-cache" + resource_group_name = "${local.product}-msg-rg" +} + +data "azurerm_eventhub_authorization_rule" "pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_verify_ko_writer" { + name = "nodo-dei-pagamenti-verify-ko-tx" + namespace_name = "${local.product}-${local.evt_hub_location}-evh-ns03" + eventhub_name = "nodo-dei-pagamenti-verify-ko" + resource_group_name = "${local.product}-msg-rg" +} + +data "azurerm_api_management" "apim" { + name = "${var.prefix}-${var.env_short}-apim" + resource_group_name = "${var.prefix}-${var.env_short}-api-rg" +} + +data "azurerm_api_management_product" "apim_api_config_product" { + product_id = "apiconfig-cache" + api_management_name = local.pagopa_apim_name + resource_group_name = local.pagopa_apim_rg +} + +data "azurerm_api_management_product" "apim_forwarder_product" { + product_id = "product-node-forwarder" + api_management_name = local.pagopa_apim_name + resource_group_name = local.pagopa_apim_rg +} + + +data "azurerm_resource_group" "identity_rg" { + name = "${local.product}-identity-rg" +} diff --git a/src/copy/payopt-app/00_keyvault.tf b/src/copy/payopt-app/00_keyvault.tf new file mode 100644 index 0000000000..c94a899cca --- /dev/null +++ b/src/copy/payopt-app/00_keyvault.tf @@ -0,0 +1,10 @@ +data "azurerm_key_vault" "kv" { + name = "${local.project}-kv" + resource_group_name = "${local.project}-sec-rg" +} + + +data "azurerm_kubernetes_cluster" "aks" { + name = local.aks_name + resource_group_name = local.aks_resource_group_name +} diff --git a/src/copy/payopt-app/00_monitor.tf b/src/copy/payopt-app/00_monitor.tf new file mode 100644 index 0000000000..311dc4ff7d --- /dev/null +++ b/src/copy/payopt-app/00_monitor.tf @@ -0,0 +1,35 @@ +# +# 🇮🇹 Monitor Italy +# +data "azurerm_resource_group" "monitor_italy_rg" { + name = var.monitor_italy_resource_group_name +} + +data "azurerm_log_analytics_workspace" "log_analytics_italy" { + name = var.log_analytics_italy_workspace_name + resource_group_name = var.log_analytics_italy_workspace_resource_group_name +} + +data "azurerm_application_insights" "application_insights_italy" { + name = local.monitor_appinsights_italy_name + resource_group_name = data.azurerm_resource_group.monitor_italy_rg.name +} + +# +# Actions Group +# +data "azurerm_monitor_action_group" "slack" { + name = local.monitor_action_group_slack_name + resource_group_name = var.monitor_italy_resource_group_name +} + +data "azurerm_monitor_action_group" "email" { + resource_group_name = var.monitor_italy_resource_group_name + name = local.monitor_action_group_email_name +} + +data "azurerm_monitor_action_group" "opsgenie" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = var.monitor_resource_group_name + name = local.monitor_action_group_opsgenie_name +} diff --git a/src/copy/payopt-app/00_network.tf b/src/copy/payopt-app/00_network.tf new file mode 100644 index 0000000000..355c8e2333 --- /dev/null +++ b/src/copy/payopt-app/00_network.tf @@ -0,0 +1,15 @@ +data "azurerm_virtual_network" "vnet" { + name = local.vnet_name + resource_group_name = local.vnet_resource_group_name +} + +data "azurerm_private_dns_zone" "internal" { + name = local.internal_dns_zone_name + resource_group_name = local.internal_dns_zone_resource_group_name +} + +data "azurerm_subnet" "apim_vnet" { + name = local.pagopa_apim_snet + resource_group_name = local.pagopa_vnet_rg + virtual_network_name = local.pagopa_vnet_integration +} diff --git a/src/copy/payopt-app/01_network.tf b/src/copy/payopt-app/01_network.tf new file mode 100644 index 0000000000..73614770ca --- /dev/null +++ b/src/copy/payopt-app/01_network.tf @@ -0,0 +1,9 @@ +#-------------------------------------------------- + +resource "azurerm_private_dns_a_record" "ingress" { + name = local.ingress_hostname + zone_name = data.azurerm_private_dns_zone.internal.name + resource_group_name = local.internal_dns_zone_resource_group_name + ttl = 3600 + records = [var.ingress_load_balancer_ip] +} diff --git a/src/copy/payopt-app/02_namespace.tf b/src/copy/payopt-app/02_namespace.tf new file mode 100644 index 0000000000..7d9fcc5c42 --- /dev/null +++ b/src/copy/payopt-app/02_namespace.tf @@ -0,0 +1,39 @@ +resource "kubernetes_namespace" "namespace" { + metadata { + name = var.domain + } +} + +# module "pod_identity" { +# source = "./.terraform/modules/__v3__/kubernetes_pod_identity" + +# resource_group_name = local.aks_resource_group_name +# location = var.location +# tenant_id = data.azurerm_subscription.current.tenant_id +# cluster_name = local.aks_name + +# identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" +# namespace = kubernetes_namespace.namespace.metadata[0].name +# key_vault_id = data.azurerm_key_vault.kv.id + +# secret_permissions = ["Get"] +# } + + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity +module "workload_identity" { + source = "./.terraform/modules/__v3__/kubernetes_workload_identity_configuration" + + workload_identity_name_prefix = var.domain + workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + aks_name = data.azurerm_kubernetes_cluster.aks.name + aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name + namespace = var.domain + + key_vault_id = data.azurerm_key_vault.kv.id + key_vault_certificate_permissions = ["Get"] + key_vault_key_permissions = ["Get"] + key_vault_secret_permissions = ["Get"] +} diff --git a/src/copy/payopt-app/03_serviceaccounts_azure_devops.tf b/src/copy/payopt-app/03_serviceaccounts_azure_devops.tf new file mode 100644 index 0000000000..cfdc7c2574 --- /dev/null +++ b/src/copy/payopt-app/03_serviceaccounts_azure_devops.tf @@ -0,0 +1,67 @@ +resource "kubernetes_namespace" "namespace_system" { + metadata { + name = "${var.domain}-system" + } +} + +module "kubernetes_service_account" { + source = "./.terraform/modules/__v3__/kubernetes_service_account" + name = "azure-devops" + namespace = "${var.domain}-system" +} + +#tfsec:ignore:AZU023 +resource "azurerm_key_vault_secret" "azure_devops_sa_token" { + depends_on = [module.kubernetes_service_account] + name = "${local.aks_name}-azure-devops-sa-token" + value = module.kubernetes_service_account.sa_token # base64 value + content_type = "text/plain" + + key_vault_id = data.azurerm_key_vault.kv.id +} + +#tfsec:ignore:AZU023 +resource "azurerm_key_vault_secret" "azure_devops_sa_cacrt" { + depends_on = [module.kubernetes_service_account] + name = "${local.aks_name}-azure-devops-sa-cacrt" + value = module.kubernetes_service_account.sa_ca_cert # base64 value + content_type = "text/plain" + + key_vault_id = data.azurerm_key_vault.kv.id +} + +#-------------------------------------------------------------------------------------------------- + +resource "kubernetes_role_binding" "deployer_binding" { + metadata { + name = "deployer-binding" + namespace = kubernetes_namespace.namespace.metadata[0].name + } + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "cluster-deployer" + } + subject { + kind = "ServiceAccount" + name = "azure-devops" + namespace = kubernetes_namespace.namespace_system.metadata[0].name + } +} + +resource "kubernetes_role_binding" "system_deployer_binding" { + metadata { + name = "system-deployer-binding" + namespace = kubernetes_namespace.namespace_system.metadata[0].name + } + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "system-cluster-deployer" + } + subject { + kind = "ServiceAccount" + name = "azure-devops" + namespace = kubernetes_namespace.namespace_system.metadata[0].name + } +} diff --git a/src/copy/payopt-app/04_apim_payment_options.tf b/src/copy/payopt-app/04_apim_payment_options.tf new file mode 100644 index 0000000000..3e7f22da2e --- /dev/null +++ b/src/copy/payopt-app/04_apim_payment_options.tf @@ -0,0 +1,25 @@ +locals { + apim_payment_options_pagopa_api = { + display_name = "Payment Options Product pagoPA" + description = "API for Payment Options" + } +} + +module "apim_payment_options_product" { + source = "./.terraform/modules/__v3__/api_management_product" + count = var.is_feature_enabled.paymentoptions ? 1 : 0 + + product_id = "pagopa_payment_options" + display_name = local.apim_payment_options_pagopa_api.display_name + description = local.apim_payment_options_pagopa_api.description + + api_management_name = local.pagopa_apim_name + resource_group_name = local.pagopa_apim_rg + + published = false + subscription_required = true + approval_required = false + # subscriptions_limit = 1000 + + policy_xml = file("./api_product/_base_policy.xml") +} diff --git a/src/copy/payopt-app/04_apim_payment_options_mock.tf b/src/copy/payopt-app/04_apim_payment_options_mock.tf new file mode 100644 index 0000000000..e142259ae6 --- /dev/null +++ b/src/copy/payopt-app/04_apim_payment_options_mock.tf @@ -0,0 +1,74 @@ +locals { + apim_payment_options_mock_pagopa_api = { + display_name = "Mock Payment Options Product pagoPA" + description = "Mock API for Payment Options" + } +} + +module "apim_payment_options_mock_product" { + source = "./.terraform/modules/__v3__/api_management_product" + count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 + + product_id = "pagopa-payment-options-mock" + display_name = local.apim_payment_options_mock_pagopa_api.display_name + description = local.apim_payment_options_mock_pagopa_api.description + + api_management_name = local.pagopa_apim_name + resource_group_name = local.pagopa_apim_rg + + published = false + subscription_required = false + approval_required = false + # subscriptions_limit = 1000 + + policy_xml = file("./api_product/_base_policy.xml") +} + +resource "azurerm_api_management_api_version_set" "payment_options_mock_api" { + count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 + + name = format("%s-payment-options-mock-api", var.env_short) + resource_group_name = local.pagopa_apim_rg + api_management_name = local.pagopa_apim_name + display_name = "Payment Options Mock" + versioning_scheme = "Segment" +} + + +module "apim_api_pay_opt_mock_api" { + source = "./.terraform/modules/__v3__/api_management_api" + count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 + + name = format("%s-pay-opt-mock-api", local.project) + api_management_name = local.pagopa_apim_name + resource_group_name = local.pagopa_apim_rg + product_ids = [module.apim_payment_options_mock_product[0].product_id] + subscription_required = false + version_set_id = azurerm_api_management_api_version_set.payment_options_mock_api[0].id + api_version = "v1" + + description = local.apim_payment_options_mock_pagopa_api.description + display_name = local.apim_payment_options_mock_pagopa_api.display_name + path = "payopt-mock" + protocols = ["https"] + service_url = null + + content_format = "openapi" + content_value = templatefile("./api/payment-options-mock/_openapi.json.tpl", { + host = local.apim_hostname + }) + + xml_content = templatefile("./api/payment-options-mock/_base_policy.xml", { + hostname = local.hostname + }) + + api_operation_policies = [ + { + operation_id = "get-payment-options", + xml_content = templatefile("./api/payment-options-mock/_get_payment_options_policy.xml", { + hostname = local.hostname + }) + }, + ] + +} diff --git a/src/copy/payopt-app/05_aks_middleware_tools.tf b/src/copy/payopt-app/05_aks_middleware_tools.tf new file mode 100644 index 0000000000..0afc20f24f --- /dev/null +++ b/src/copy/payopt-app/05_aks_middleware_tools.tf @@ -0,0 +1,55 @@ + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%F0%9F%94%AE-tls-cheker +module "tls_checker" { + source = "./.terraform/modules/__v3__/tls_checker" + + https_endpoint = local.domain_hostname + alert_name = local.domain_hostname + alert_enabled = true + helm_chart_present = true + namespace = kubernetes_namespace.namespace.metadata[0].name + location_string = var.location_string + kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" + application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name + application_insights_id = data.azurerm_application_insights.application_insights_italy.id + application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] + keyvault_name = data.azurerm_key_vault.kv.name + keyvault_tenant_id = data.azurerm_client_config.current.tenant_id + + workload_identity_enabled = true + workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name + workload_identity_client_id = module.workload_identity.workload_identity_client_id + + depends_on = [module.workload_identity] +} + + +# WL-IDENTITY +# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%3Acertificate%3A-cert-mounter +module "cert_mounter" { + source = "./.terraform/modules/__v3__/cert_mounter" + + namespace = var.domain + certificate_name = replace(local.domain_hostname, ".", "-") + kv_name = data.azurerm_key_vault.kv.name + tenant_id = data.azurerm_subscription.current.tenant_id + + workload_identity_enabled = true + workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name + workload_identity_client_id = module.workload_identity.workload_identity_client_id + + depends_on = [module.workload_identity] +} +resource "helm_release" "reloader" { + name = "reloader" + repository = "https://stakater.github.io/stakater-charts" + chart = "reloader" + version = "v1.0.69" + namespace = kubernetes_namespace.namespace.metadata[0].name + + set { + name = "reloader.watchGlobally" + value = "false" + } +} diff --git a/src/copy/payopt-app/05_subkey.tf b/src/copy/payopt-app/05_subkey.tf new file mode 100644 index 0000000000..15fba182f4 --- /dev/null +++ b/src/copy/payopt-app/05_subkey.tf @@ -0,0 +1,30 @@ +resource "azurerm_api_management_subscription" "api_config_subkey" { + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_api_management.apim.resource_group_name + product_id = data.azurerm_api_management_product.apim_api_config_product.id + display_name = "Subscription for Api Config APIM" + allow_tracing = false + state = "active" +} + +resource "azurerm_api_management_subscription" "forwarder_subkey" { + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_api_management.apim.resource_group_name + product_id = data.azurerm_api_management_product.apim_forwarder_product.id + display_name = "Subscription for Forwarder APIM" + allow_tracing = false + state = "active" +} + +resource "azurerm_api_management_subscription" "service_payment_options_subkey" { + count = var.env_short != "p" ? 1 : 0 + + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_api_management.apim.resource_group_name + product_id = module.apim_payment_options_product[0].id + display_name = "Subscription for Payments Options APIM" + allow_tracing = false + state = "active" +} + + diff --git a/src/copy/payopt-app/06_keyvault.tf b/src/copy/payopt-app/06_keyvault.tf new file mode 100644 index 0000000000..83f09e182e --- /dev/null +++ b/src/copy/payopt-app/06_keyvault.tf @@ -0,0 +1,81 @@ +locals { + aks_api_url = var.env_short == "d" ? data.azurerm_kubernetes_cluster.aks.fqdn : data.azurerm_kubernetes_cluster.aks.private_fqdn +} + +#tfsec:ignore:AZU023 +resource "azurerm_key_vault_secret" "aks_apiserver_url" { + name = "${local.aks_name}-apiserver-url" + value = "https://${local.aks_api_url}:443" + content_type = "text/plain" + + key_vault_id = data.azurerm_key_vault.kv.id +} + +## Manual secrets + +resource "azurerm_key_vault_secret" "application_insights_connection_string" { + name = "app-insight-connection-string" + value = data.azurerm_application_insights.application_insights_italy.connection_string + content_type = "text/plain" + key_vault_id = data.azurerm_key_vault.kv.id +} + + +resource "azurerm_key_vault_secret" "tenant_id" { + name = "tenant-id" + value = data.azurerm_subscription.current.tenant_id + content_type = "text/plain" + key_vault_id = data.azurerm_key_vault.kv.id +} + +# Event Hub + +resource "azurerm_key_vault_secret" "ehub_payment-options-re_jaas_config" { + name = "ehub-${var.env_short}-payment-options-re-jaas-config" + value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.payment_options_re_authorization_rule_writer.primary_connection_string}\";" + content_type = "text/plain" + key_vault_id = data.azurerm_key_vault.kv.id +} + +resource "azurerm_key_vault_secret" "ehub_nodo_pagamenti_cache_jaas_config" { + name = "ehub-${var.env_short}-nodo-pagamenti-cache-jaas-config" + value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_cache_sync_reader.primary_connection_string}\";" + content_type = "text/plain" + key_vault_id = data.azurerm_key_vault.kv.id +} + +resource "azurerm_key_vault_secret" "ehub_nodo-dei-pagamenti-verify-ko_jaas_config" { + name = "ehub-${var.env_short}-nodo-dei-pagamenti-verify-ko-jaas-config" + value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_verify_ko_writer.primary_connection_string}\";" + content_type = "text/plain" + key_vault_id = data.azurerm_key_vault.kv.id +} + +resource "azurerm_key_vault_secret" "api_config_subscription_key" { + name = "api-config-sub-key" + value = azurerm_api_management_subscription.api_config_subkey.primary_key + content_type = "text/plain" + + key_vault_id = data.azurerm_key_vault.kv.id +} + +resource "azurerm_key_vault_secret" "forwarder_subscription_key" { + name = "forwarder-sub-key" + value = azurerm_api_management_subscription.forwarder_subkey.primary_key + content_type = "text/plain" + + key_vault_id = data.azurerm_key_vault.kv.id +} + +resource "azurerm_key_vault_secret" "service_payment_options_subscription_key" { + count = var.env_short != "p" ? 1 : 0 + + name = "apikey-service-payment-options" + value = azurerm_api_management_subscription.service_payment_options_subkey[0].primary_key + content_type = "text/plain" + + key_vault_id = data.azurerm_key_vault.kv.id +} + + + diff --git a/src/copy/payopt-app/07_gh_runner.tf b/src/copy/payopt-app/07_gh_runner.tf new file mode 100644 index 0000000000..cf5d9cfbbf --- /dev/null +++ b/src/copy/payopt-app/07_gh_runner.tf @@ -0,0 +1,43 @@ +locals { + tools_cae_name = "${local.product}-${var.location_short}-core-tools-cae" + tools_cae_rg = "${local.product}-${var.location_short}-core-tools-rg" +} + +module "gh_runner_job" { + source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup" + + domain_name = var.domain + env_short = var.env_short + environment_name = local.tools_cae_name + environment_rg = local.tools_cae_rg + gh_identity_suffix = "job-01" + runner_labels = ["self-hosted-job"] + gh_repositories = [ + { + name : "pagopa-payment-options-service", + short_name : "payopt-svc" + } + ] + job = { + name = var.domain + } + job_meta = {} + key_vault = { + name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret + rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret + secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret + } + kubernetes_deploy = { + enabled = true + namespaces = [kubernetes_namespace.namespace.metadata[0].name] + cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks" + rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg" + } + + location = var.location + prefix = var.prefix + resource_group_name = data.azurerm_resource_group.identity_rg.name + + tags = var.tags + +} diff --git a/src/copy/payopt-app/90_pdb.tf b/src/copy/payopt-app/90_pdb.tf new file mode 100644 index 0000000000..b88494a798 --- /dev/null +++ b/src/copy/payopt-app/90_pdb.tf @@ -0,0 +1,15 @@ +resource "kubernetes_pod_disruption_budget_v1" "payment_options" { + + for_each = var.pod_disruption_budgets + + metadata { + namespace = kubernetes_namespace.namespace.metadata[0].name + name = each.key + } + spec { + min_available = each.value.minAvailable + selector { + match_labels = each.value.matchLabels + } + } +} diff --git a/src/copy/payopt-app/99_locals.tf b/src/copy/payopt-app/99_locals.tf new file mode 100644 index 0000000000..9b8dffcb17 --- /dev/null +++ b/src/copy/payopt-app/99_locals.tf @@ -0,0 +1,43 @@ +locals { + product = "${var.prefix}-${var.env_short}" + project_short = "${var.prefix}-${var.env_short}-${var.domain}" + project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" + + location_short_weu = "weu" + project_short_weu = "${var.prefix}-${var.env_short}-${local.location_short_weu}" + + project_core_itn = "${var.prefix}-${var.env_short}-${var.location_short}-core" + + + monitor_action_group_slack_name = "SlackPagoPA" + monitor_action_group_email_name = "PagoPA" + monitor_action_group_opsgenie_name = "Opsgenie" + monitor_appinsights_name = "${local.product}-appinsights" + monitor_appinsights_italy_name = "${local.project_core_itn}-appinsights" + + vnet_name = "${var.prefix}-${var.env_short}-${var.location_short}-vnet" + vnet_resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-vnet-rg" + + aks_name = "${local.product}-${var.location_short}-${var.instance}-aks" + aks_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg" + + ingress_hostname = "${var.domain}.itn" + internal_dns_zone_name = "${var.dns_zone_internal_prefix}.${var.external_domain}" + internal_dns_zone_resource_group_name = "${local.product}-vnet-rg" + + pagopa_apim_snet = "${local.product}-apim-snet" + pagopa_vnet_integration = "pagopa-${var.env_short}-vnet-integration" + pagopa_vnet_rg = "pagopa-${var.env_short}-vnet-rg" + + domain_hostname = "${var.dns_zone_prefix}.${local.internal_dns_zone_name}" + + pagopa_apim_name = "${local.product}-apim" + pagopa_apim_rg = "${local.product}-api-rg" + + apim_hostname = "api.${var.apim_dns_zone_prefix}.${var.external_domain}" + hostname = var.env == "prod" ? "${var.domain}.itn.internal.platform.pagopa.it" : "${var.domain}.itn.internal.${var.env}.platform.pagopa.it" + + + evt_hub_location = "${local.location_short_weu}-core" + +} diff --git a/src/copy/payopt-app/99_main.tf b/src/copy/payopt-app/99_main.tf new file mode 100644 index 0000000000..27e3029347 --- /dev/null +++ b/src/copy/payopt-app/99_main.tf @@ -0,0 +1,54 @@ +terraform { + required_version = ">= 1.6.0" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<= 3.116.0" + } + azuread = { + source = "hashicorp/azuread" + version = "<= 3.0.2" + } + null = { + source = "hashicorp/null" + version = "<= 3.2.3" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "<= 2.33.0" + } + helm = { + source = "hashicorp/helm" + version = "<= 2.16.0" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features { + key_vault { + purge_soft_delete_on_destroy = false + } + } +} + +data "azurerm_subscription" "current" {} + +data "azurerm_client_config" "current" {} + +provider "kubernetes" { + config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" +} + +provider "helm" { + kubernetes { + config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" + } +} + +module "__v3__" { + # v8.60.0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" +} diff --git a/src/copy/payopt-app/99_variables.tf b/src/copy/payopt-app/99_variables.tf new file mode 100644 index 0000000000..b2c2b38a27 --- /dev/null +++ b/src/copy/payopt-app/99_variables.tf @@ -0,0 +1,160 @@ +# general + +variable "prefix" { + type = string + validation { + condition = ( + length(var.prefix) <= 6 + ) + error_message = "Max length is 6 chars." + } +} + +variable "env" { + type = string +} + +variable "env_short" { + type = string + validation { + condition = ( + length(var.env_short) == 1 + ) + error_message = "Length must be 1 chars." + } +} + +variable "domain" { + type = string + validation { + condition = ( + length(var.domain) <= 12 + ) + error_message = "Max length is 12 chars." + } +} + +variable "location" { + type = string + description = "One of westeurope, northeurope" +} + +variable "location_short" { + type = string + validation { + condition = ( + length(var.location_short) == 3 + ) + error_message = "Length must be 3 chars." + } + description = "One of wue, neu" +} + +variable "location_string" { + type = string + description = "One of West Europe, North Europe" +} + +variable "instance" { + type = string + description = "One of beta, prod01, prod02" +} + +variable "tags" { + type = map(any) + default = { + CreatedBy = "Terraform" + } +} + +### Features flags + +variable "is_feature_enabled" { + type = object({ + paymentoptions = bool + paymentoptions_mock = bool + }) + default = { + paymentoptions = false + paymentoptions_mock = false + } +} +### External resources + +variable "monitor_resource_group_name" { + type = string + description = "Monitor resource group name" +} + +variable "log_analytics_workspace_name" { + type = string + description = "Specifies the name of the Log Analytics Workspace." +} + +variable "log_analytics_workspace_resource_group_name" { + type = string + description = "The name of the resource group in which the Log Analytics workspace is located in." +} + +variable "monitor_italy_resource_group_name" { + type = string + description = "Monitor Italy resource group name" +} + +variable "log_analytics_italy_workspace_name" { + type = string + description = "Specifies the name of the Log Analytics Workspace Italy." +} + +variable "log_analytics_italy_workspace_resource_group_name" { + type = string + description = "The name of the resource group in which the Log Analytics workspace Italy is located in." +} + + +### Aks +variable "ingress_load_balancer_ip" { + type = string +} + +variable "k8s_kube_config_path_prefix" { + type = string + default = "~/.kube" +} + +variable "external_domain" { + type = string + default = null + description = "Domain for delegation" +} + +variable "dns_zone_internal_prefix" { + type = string + default = null + description = "The dns subdomain." +} + +variable "apim_dns_zone_prefix" { + type = string + default = null + description = "The dns subdomain for apim." +} + +# DNS + +variable "dns_zone_prefix" { + type = string + default = null + description = "The wallet dns subdomain." +} + +### PDB +variable "pod_disruption_budgets" { + type = map(object({ + name = optional(string, null) + minAvailable = optional(number, null) + matchLabels = optional(map(any), {}) + })) + description = "Pod disruption budget for domain namespace" + default = {} +} diff --git a/src/copy/payopt-app/README.md b/src/copy/payopt-app/README.md new file mode 100644 index 0000000000..6cbabfb2d3 --- /dev/null +++ b/src/copy/payopt-app/README.md @@ -0,0 +1,109 @@ +# paymentoptions-app + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.6.0 | +| [azuread](#requirement\_azuread) | <= 2.47.0 | +| [azurerm](#requirement\_azurerm) | <= 3.116.0 | +| [helm](#requirement\_helm) | <= 2.12.1 | +| [kubernetes](#requirement\_kubernetes) | <= 2.29.0 | +| [null](#requirement\_null) | <= 3.2.1 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a | +| [apim\_api\_pay\_opt\_mock\_api](#module\_apim\_api\_pay\_opt\_mock\_api) | ./.terraform/modules/__v3__/api_management_api | n/a | +| [apim\_payment\_options\_mock\_product](#module\_apim\_payment\_options\_mock\_product) | ./.terraform/modules/__v3__/api_management_product | n/a | +| [apim\_payment\_options\_product](#module\_apim\_payment\_options\_product) | ./.terraform/modules/__v3__/api_management_product | n/a | +| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a | +| [kubernetes\_service\_account](#module\_kubernetes\_service\_account) | ./.terraform/modules/__v3__/kubernetes_service_account | n/a | +| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a | +| [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_api_management_api_version_set.payment_options_mock_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | +| [azurerm_api_management_subscription.api_config_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | +| [azurerm_api_management_subscription.forwarder_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | +| [azurerm_api_management_subscription.service_payment_options_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | +| [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.api_config_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.application_insights_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.azure_devops_sa_cacrt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.azure_devops_sa_token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.ehub_nodo-dei-pagamenti-verify-ko_jaas_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.ehub_nodo_pagamenti_cache_jaas_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.ehub_payment-options-re_jaas_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.forwarder_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.service_payment_options_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.tenant_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_monitor_scheduled_query_rules_alert.pagopa-payment-options-rest-availability-upd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | +| [azurerm_monitor_scheduled_query_rules_alert.pagopa-payment-options-service-responsetime-upd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | +| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | +| [helm_release.cert_mounter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.namespace_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_pod_disruption_budget_v1.payment_options](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod_disruption_budget_v1) | resource | +| [kubernetes_role_binding.deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource | +| [kubernetes_role_binding.system_deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource | +| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source | +| [azurerm_api_management_product.apim_api_config_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source | +| [azurerm_api_management_product.apim_forwarder_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source | +| [azurerm_application_insights.application_insights_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_cache_sync_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source | +| [azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_verify_ko_writer](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source | +| [azurerm_eventhub_authorization_rule.payment_options_re_authorization_rule_writer](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source | +| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_kubernetes_cluster.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source | +| [azurerm_log_analytics_workspace.log_analytics_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | +| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_subnet.apim_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | +| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [apim\_dns\_zone\_prefix](#input\_apim\_dns\_zone\_prefix) | The dns subdomain for apim. | `string` | `null` | no | +| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no | +| [dns\_zone\_prefix](#input\_dns\_zone\_prefix) | The wallet dns subdomain. | `string` | `null` | no | +| [domain](#input\_domain) | n/a | `string` | n/a | yes | +| [env](#input\_env) | n/a | `string` | n/a | yes | +| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | +| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | +| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | ## Aks | `string` | n/a | yes | +| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [is\_feature\_enabled](#input\_is\_feature\_enabled) | n/a | 
object({
    paymentoptions      = bool
    paymentoptions_mock = bool
  })
| 
{
  "paymentoptions": false,
  "paymentoptions_mock": false
}
| no | +| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | +| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | +| [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | +| [location\_string](#input\_location\_string) | One of West Europe, North Europe | `string` | n/a | yes | +| [log\_analytics\_italy\_workspace\_name](#input\_log\_analytics\_italy\_workspace\_name) | Specifies the name of the Log Analytics Workspace Italy. | `string` | n/a | yes | +| [log\_analytics\_italy\_workspace\_resource\_group\_name](#input\_log\_analytics\_italy\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace Italy is located in. | `string` | n/a | yes | +| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | +| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | +| [monitor\_italy\_resource\_group\_name](#input\_monitor\_italy\_resource\_group\_name) | Monitor Italy resource group name | `string` | n/a | yes | +| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | +| [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | 
map(object({
    name         = optional(string, null)
    minAvailable = optional(number, null)
    matchLabels  = optional(map(any), {})
  }))
| `{}` | no | +| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | + +## Outputs + +No outputs. + diff --git a/src/copy/payopt-app/api/payment-options-mock/_base_policy.xml b/src/copy/payopt-app/api/payment-options-mock/_base_policy.xml new file mode 100644 index 0000000000..59ce29e724 --- /dev/null +++ b/src/copy/payopt-app/api/payment-options-mock/_base_policy.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + diff --git a/src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml b/src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml new file mode 100644 index 0000000000..018a492ebf --- /dev/null +++ b/src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml @@ -0,0 +1,444 @@ + + + + + + + + + + + + + + application/json + + + + + { + "paTaxCode": "77777777777", + "paFullName": "EC", + "paOfficeName": "EC", + "paymentOptions": [ + { + "description": "Test PayOpt - Opzione 1 - Soluzione Unica", + "numberOfInstallments": 1, + "amount": 120, + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"PO_UNPAID", + "statusReason":"Non pagato", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111112", + "iuv": "11111111111111112", + "amount": 120, + "description": "Test Opt Inst - soluzione unica", + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + } + ] + }, + { + "description": "Test PayOpt - Opzione 2 - Piano Rateale", + "numberOfInstallments": 3, + "amount": 120, + "dueDate": "2024-12-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"PO_UNPAID", + "statusReason":"Non pagatp", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111113", + "iuv": "11111111111111113", + "amount": 40, + "description": "rata 1", + "dueDate": "2024-10-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + }, + { + "nav": "311111111111111114", + "iuv": "311111111111111114", + "amount": 40, + "description": "rata 2", + "dueDate": "2024-11-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + }, + { + "nav": "311111111111111115", + "iuv": "11111111111111115", + "amount": 40, + "description": "rata 3", + "dueDate": "2024-12-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + } + ] + } + ] + } + + + + + { + "paTaxCode": "99999000013", + "paFullName": "EC", + "paOfficeName": "EC", + "paymentOptions": [ + { + "description": "Test PayOpt - Opzione 1 - Soluzione Unica", + "numberOfInstallments": 1, + "amount": 120, + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"PO_UNPAID", + "statusReason":"Non pagato", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111112", + "iuv": "11111111111111112", + "amount": 120, + "description": "Test Opt Inst - soluzione unica", + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + } + ] + }, + { + "description": "Test PayOpt - Opzione 2 - Piano Rateale", + "numberOfInstallments": 3, + "amount": 120, + "dueDate": "2024-12-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"PO_UNPAID", + "statusReason":"Non pagatp", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111113", + "iuv": "11111111111111113", + "amount": 40, + "description": "rata 1", + "dueDate": "2024-10-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + }, + { + "nav": "311111111111111114", + "iuv": "311111111111111114", + "amount": 40, + "description": "rata 2", + "dueDate": "2024-11-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + }, + { + "nav": "311111111111111115", + "iuv": "11111111111111115", + "amount": 40, + "description": "rata 3", + "dueDate": "2024-12-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status":"POI_UNPAID", + "statusReason":"Non pagato" + } + ] + }, + { + "description": "Test PayOpt - Opzione 3 - Piano Rateale - 5 rate", + "numberOfInstallments": 5, + "amount": 90, + "dueDate": "2024-12-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "PO_UNPAID", + "statusReason": "Non pagato", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111120", + "iuv": "311111111111111120", + "amount": 18, + "description": "rata 1", + "dueDate": "2024-10-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non pagato" + }, + { + "nav": "311111111111111121", + "iuv": "311111111111111121", + "amount": 18, + "description": "rata 2", + "dueDate": "2024-11-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non pagato" + }, + { + "nav": "311111111111111122", + "iuv": "311111111111111122", + "amount": 18, + "description": "rata 3", + "dueDate": "2024-12-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non pagato" + }, + { + "nav": "311111111111111123", + "iuv": "311111111111111123", + "amount": 18, + "description": "rata 4", + "dueDate": "2025-01-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non pagato" + }, + { + "nav": "311111111111111124", + "iuv": "311111111111111124", + "amount": 18, + "description": "rata 5", + "dueDate": "2025-02-31T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non pagato" + } + ] + } + ] + } + + + + { + "paTaxCode": "77777777777", + "paFullName": "EC", + "paOfficeName": "EC", + "paymentOptions": [ + { + "description": "Test PayOpt - unica opzione", + "numberOfInstallments": 1, + "amount": 120, + "dueDate": "2024-10-30T23:59:59", + "validFrom": "2024-09-30T23:59:59", + "status": "PO_UNPAID", + "statusReason": "Non Pagato", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111111", + "iuv": "311111111111111111", + "amount": 120, + "description": "Test Opt Inst - unica opzione", + "dueDate": "2024-10-30T23:59:59", + "validFrom": "2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non Pagato" + } + ] + } + ] + } + + + { + "paTaxCode": "99999000013", + "paFullName": "EC", + "paOfficeName": "EC", + "paymentOptions": [ + { + "description": "Test PayOpt - Opzione 1 - CO-Obbligato 1", + "numberOfInstallments": 1, + "amount": 120, + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "PO_UNPAID", + "statusReason": "Non pagato", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111125", + "iuv": "311111111111111125", + "amount": 120, + "description": "Test PayOpt - Opzione 1 - CO-Obbligato 1", + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non pagato" + } + ] + }, + { + "description": "Test PayOpt - Opzione 2 - CO-Obbligato 2", + "numberOfInstallments": 1, + "amount": 120, + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "PO_UNPAID", + "statusReason": "Non pagato", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111126", + "iuv": "311111111111111126", + "amount": 120, + "description": "Test PayOpt - Opzione 2 - CO-Obbligato 2", + "dueDate": "2024-10-30T23:59:59", + "validFrom":"2024-09-30T23:59:59", + "status": "POI_UNPAID", + "statusReason": "Non pagato" + } + ] + } + ] + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_SINTASSI", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore di sintassi del modello nella risposta" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_PAGAMENTO_SCONOSCIUTO", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per pagamento sconosciuto" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_ID_DOMINIO_ERRATO", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per id dominio errato" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_ID_INTERMEDIARIO_ERRATO", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per id intermediario errato" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_PAGAMENTO_ANNULLATO", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per pagamento annullato" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_PAGAMENTO_DUPLICATO", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per pagamento duplicato" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_PAGAMENTO_IN_CORSO", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per pagamento ancora in corso" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_PAGAMENTO_SCADUTO", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per pagamento scaduto" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_SEMANTICA", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore semantica" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_STAZIONE_INT_ERRATA", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore per stazione errata" + } + + + + { + "httpStatusCode": 400, + "httpStatusDescription": "ND", + "appErrorCode": "PAA_SYSTEM_ERROR", + "timestamp": 1724425035, + "dateTime": "2024-08-23T14:57:15.635528", + "errorMessage": "Errore generico" + } + + + + + + + + diff --git a/src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl b/src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl new file mode 100644 index 0000000000..ef7b46e20a --- /dev/null +++ b/src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl @@ -0,0 +1,99 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "Mocker Payopts", + "description": "", + "version": "1.0" + }, + "servers": [ + { + "url": "https://api.dev.platform.pagopa.it/payopt-mock" + } + ], + "paths": { + "/payment-options/organizations/{fiscal-code}/notices/{notice-number}": { + "post": { + "summary": "Get Payment Options", + "operationId": "get-payment-options", + "parameters": [ + { + "name": "fiscal-code", + "in": "path", + "required": true, + "schema": { + "type": "" + } + }, + { + "name": "notice-number", + "in": "path", + "required": true, + "schema": { + "type": "" + } + } + ], + "responses": { + "200": { + "description": "Single Opt Response", + "content": { + "application/json": { + "example": { + "paTaxCode": "77777777777", + "paFullName": "EC", + "paOfficeName": "EC", + "paymentOptions": [ + { + "description": "Test PayOpt - unica opzione", + "numberOfInstallments": 1, + "amount": 120, + "dueDate": "2024-10-30T23:59:59.0000000+00:00", + "validFrom": "2024-09-30T23:59:59.0000000+00:00", + "status": "non pagato", + "status reason": "desc", + "allCCP": "false", + "installments": [ + { + "nav": "311111111111111111", + "iuv": "311111111111111111", + "amount": 120, + "description": "Test Opt Inst - unica opzione", + "dueDate": "2024-10-30T23:59:59.0000000+00:00", + "validFrom": "2024-09-30T23:59:59.0000000+00:00", + "status": "non pagato", + "status reason": "desc" + } + ] + } + ] + } + } + } + } + } + } + } + }, + "components": { + "securitySchemes": { + "apiKeyHeader": { + "type": "apiKey", + "name": "Ocp-Apim-Subscription-Key", + "in": "header" + }, + "apiKeyQuery": { + "type": "apiKey", + "name": "subscription-key", + "in": "query" + } + } + }, + "security": [ + { + "apiKeyHeader": [] + }, + { + "apiKeyQuery": [] + } + ] +} \ No newline at end of file diff --git a/src/copy/payopt-app/api_product/_base_policy.xml b/src/copy/payopt-app/api_product/_base_policy.xml new file mode 100644 index 0000000000..ce18a37436 --- /dev/null +++ b/src/copy/payopt-app/api_product/_base_policy.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + diff --git a/src/copy/payopt-app/env/itn-dev/backend.ini b/src/copy/payopt-app/env/itn-dev/backend.ini new file mode 100644 index 0000000000..f3ea2d530c --- /dev/null +++ b/src/copy/payopt-app/env/itn-dev/backend.ini @@ -0,0 +1 @@ +subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-app/env/itn-dev/backend.tfvars b/src/copy/payopt-app/env/itn-dev/backend.tfvars new file mode 100644 index 0000000000..34401b3ea9 --- /dev/null +++ b/src/copy/payopt-app/env/itn-dev/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfdevpagopa" +container_name = "terraform-state" +key = "paymentoptions-app-dev.terraform.tfstate" diff --git a/src/copy/payopt-app/env/itn-dev/terraform.tfvars b/src/copy/payopt-app/env/itn-dev/terraform.tfvars new file mode 100644 index 0000000000..a05aa001bb --- /dev/null +++ b/src/copy/payopt-app/env/itn-dev/terraform.tfvars @@ -0,0 +1,39 @@ +prefix = "pagopa" +env_short = "d" +env = "dev" +domain = "payopt" +location = "italynorth" +location_short = "itn" +location_string = "Italy North" +instance = "dev" + +tags = { + CreatedBy = "Terraform" + Environment = "Dev" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### External resources + +monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" + +monitor_resource_group_name = "pagopa-d-monitor-rg" +log_analytics_workspace_name = "pagopa-d-law" +log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg" + +external_domain = "pagopa.it" +dns_zone_internal_prefix = "internal.dev.platform" +dns_zone_prefix = "payopt.itn" +apim_dns_zone_prefix = "dev.platform" +### Aks + +ingress_load_balancer_ip = "10.3.2.250" + +is_feature_enabled = { + paymentoptions = true + paymentoptions_mock = true +} diff --git a/src/copy/payopt-app/env/itn-prod/backend.ini b/src/copy/payopt-app/env/itn-prod/backend.ini new file mode 100644 index 0000000000..ddda4bb50f --- /dev/null +++ b/src/copy/payopt-app/env/itn-prod/backend.ini @@ -0,0 +1 @@ +subscription=prod-pagoPA diff --git a/src/copy/payopt-app/env/itn-prod/backend.tfvars b/src/copy/payopt-app/env/itn-prod/backend.tfvars new file mode 100644 index 0000000000..184ba40d9d --- /dev/null +++ b/src/copy/payopt-app/env/itn-prod/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfprodpagopa" +container_name = "terraform-state" +key = "paymentoptions-app-prod.terraform.tfstate" diff --git a/src/copy/payopt-app/env/itn-prod/terraform.tfvars b/src/copy/payopt-app/env/itn-prod/terraform.tfvars new file mode 100644 index 0000000000..674ca7b069 --- /dev/null +++ b/src/copy/payopt-app/env/itn-prod/terraform.tfvars @@ -0,0 +1,48 @@ +prefix = "pagopa" +env_short = "p" +env = "prod" +domain = "payopt" +location = "italynorth" +location_short = "itn" +location_string = "Italy North" +instance = "prod" + +tags = { + CreatedBy = "Terraform" + Environment = "prod" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### External resources + +monitor_italy_resource_group_name = "pagopa-p-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-p-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-p-itn-core-monitor-rg" + +monitor_resource_group_name = "pagopa-p-monitor-rg" +log_analytics_workspace_name = "pagopa-p-law" +log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg" + +external_domain = "pagopa.it" +dns_zone_internal_prefix = "internal.platform" +dns_zone_prefix = "payopt.itn" +apim_dns_zone_prefix = "platform" +### Aks + +ingress_load_balancer_ip = "10.3.2.250" + +is_feature_enabled = { + paymentoptions = true + paymentoptions_mock = false +} + +pod_disruption_budgets = { + "payment-options-service" = { + minAvailable = 2 + matchLabels = { + "app.kubernetes.io/instance" = "payment-options-service" + } + }, +} diff --git a/src/copy/payopt-app/env/itn-uat/backend.ini b/src/copy/payopt-app/env/itn-uat/backend.ini new file mode 100644 index 0000000000..1759a0ca0d --- /dev/null +++ b/src/copy/payopt-app/env/itn-uat/backend.ini @@ -0,0 +1 @@ +subscription=UAT-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-app/env/itn-uat/backend.tfvars b/src/copy/payopt-app/env/itn-uat/backend.tfvars new file mode 100644 index 0000000000..3fa5ce28c3 --- /dev/null +++ b/src/copy/payopt-app/env/itn-uat/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfuatpagopa" +container_name = "terraform-state" +key = "paymentoptions-app-uat.terraform.tfstate" diff --git a/src/copy/payopt-app/env/itn-uat/terraform.tfvars b/src/copy/payopt-app/env/itn-uat/terraform.tfvars new file mode 100644 index 0000000000..c0219aa389 --- /dev/null +++ b/src/copy/payopt-app/env/itn-uat/terraform.tfvars @@ -0,0 +1,39 @@ +prefix = "pagopa" +env_short = "u" +env = "uat" +domain = "payopt" +location = "italynorth" +location_short = "itn" +location_string = "Italy North" +instance = "uat" + +tags = { + CreatedBy = "Terraform" + Environment = "Uat" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### External resources + +monitor_italy_resource_group_name = "pagopa-u-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-u-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg" + +monitor_resource_group_name = "pagopa-u-monitor-rg" +log_analytics_workspace_name = "pagopa-u-law" +log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg" + +external_domain = "pagopa.it" +dns_zone_internal_prefix = "internal.uat.platform" +dns_zone_prefix = "payopt.itn" +apim_dns_zone_prefix = "uat.platform" +### Aks + +ingress_load_balancer_ip = "10.3.2.250" + +is_feature_enabled = { + paymentoptions = true + paymentoptions_mock = true +} diff --git a/src/copy/payopt-app/helm/cert-mounter.yaml.tpl b/src/copy/payopt-app/helm/cert-mounter.yaml.tpl new file mode 100644 index 0000000000..73ee05d737 --- /dev/null +++ b/src/copy/payopt-app/helm/cert-mounter.yaml.tpl @@ -0,0 +1,13 @@ +namespace: ${NAMESPACE} +nameOverride: "" +fullnameOverride: "" + +deployment: + create: true + +kvCertificatesName: + - ${CERTIFICATE_NAME} + +keyvault: + name: "${KV_NAME}" + tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d" diff --git a/src/copy/payopt-app/terraform.sh b/src/copy/payopt-app/terraform.sh new file mode 100755 index 0000000000..047a7512d0 --- /dev/null +++ b/src/copy/payopt-app/terraform.sh @@ -0,0 +1,324 @@ +#!/bin/bash +############################################################ +# Terraform script for managing infrastructure on Azure +# Fingerprint: d2hhdHlvdXdhbnQ/Cg== +############################################################ +# Global variables +# Version format x.y accepted +vers="1.11" +script_name=$(basename "$0") +git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" +tmp_file="${script_name}.new" +# Check if the third parameter exists and is a file +if [ -n "$3" ] && [ -f "$3" ]; then + FILE_ACTION=true +else + FILE_ACTION=false +fi + +# Define functions +function clean_environment() { + rm -rf .terraform + rm tfplan 2>/dev/null + echo "cleaned!" +} + +function download_tool() { + #default value + cpu_type="intel" + os_type=$(uname) + + # only on MacOS + if [ "$os_type" == "Darwin" ]; then + cpu_brand=$(sysctl -n machdep.cpu.brand_string) + if grep -q -i "intel" <<< "$cpu_brand"; then + cpu_type="intel" + else + cpu_type="arm" + fi + fi + + echo $cpu_type + tool=$1 + git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" + if ! command -v $tool &> /dev/null; then + if ! curl -sL "$git_repo" -o "$tool"; then + echo "Error downloading ${tool}" + return 1 + else + chmod +x $tool + echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. +You need to do it yourself!" + read -p "Press enter to continue" + + + fi + fi +} + +function extract_resources() { + TF_FILE=$1 + ENV=$2 + TARGETS="" + + # Check if the file exists + if [ ! -f "$TF_FILE" ]; then + echo "File $TF_FILE does not exist." + exit 1 + fi + + # Check if the directory exists + if [ ! -d "./env/$ENV" ]; then + echo "Directory ./env/$ENV does not exist." + exit 1 + fi + + TMP_FILE=$(mktemp) + grep -E '^resource|^module' $TF_FILE > $TMP_FILE + + while read -r line ; do + TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') + if [ "$TYPE" == "module" ]; then + NAME=$(echo $line | cut -d '"' -f 2) + TARGETS+=" -target=\"$TYPE.$NAME\"" + else + NAME1=$(echo $line | cut -d '"' -f 2) + NAME2=$(echo $line | cut -d '"' -f 4) + TARGETS+=" -target=\"$NAME1.$NAME2\"" + fi + done < $TMP_FILE + + rm $TMP_FILE + + echo "./terraform.sh $action $ENV $TARGETS" +} + +function help_usage() { + echo "terraform.sh Version ${vers}" + echo + echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" + echo "es. ACTION: init, apply, plan, etc." + echo "es. ENV: dev, uat, prod, etc." + echo + echo "Available actions:" + echo " clean Remove .terraform* folders and tfplan files" + echo " help This help" + echo " list List every environment available" + echo " update Update this script if possible" + echo " summ Generate summary of Terraform plan" + echo " tflist Generate an improved output of terraform state list" + echo " tlock Generate or update the dependency lock file" + echo " * any terraform option" +} + +function init_terraform() { + if [ -n "$env" ]; then + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" + else + echo "ERROR: no env configured!" + exit 1 + fi +} + +function list_env() { + # Check if env directory exists + if [ ! -d "./env" ]; then + echo "No environment directory found" + exit 1 + fi + + # List subdirectories under env directory + env_list=$(ls -d ./env/*/ 2>/dev/null) + + # Check if there are any subdirectories + if [ -z "$env_list" ]; then + echo "No environments found" + exit 1 + fi + + # Print the list of environments + echo "Available environments:" + for env in $env_list; do + env_name=$(echo "$env" | sed 's#./env/##;s#/##') + echo "- $env_name" + done +} + +function other_actions() { + if [ -n "$env" ] && [ -n "$action" ]; then + terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other + else + echo "ERROR: no env or action configured!" + exit 1 + fi +} + +function state_output_taint_actions() { + if [ "$action" == "tflist" ]; then + # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, + # attempt to download the 'tflist' tool + if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then + download_tool "tflist" + if [ $? -ne 0 ]; then + echo "Error: Failed to download tflist!!" + exit 1 + else + echo "tflist downloaded!" + fi + fi + if command -v tflist &> /dev/null; then + terraform state list | tflist + else + terraform state list | ./tflist + fi + else + terraform $action $other + fi +} + + +function parse_tfplan_option() { + # Create an array to contain arguments that do not start with '-tfplan=' + local other_args=() + + # Loop over all arguments + for arg in "$@"; do + # If the argument starts with '-tfplan=', extract the file name + if [[ "$arg" =~ ^-tfplan= ]]; then + echo "${arg#*=}" + else + # If the argument does not start with '-tfplan=', add it to the other_args array + other_args+=("$arg") + fi + done + + # Print all arguments in other_args separated by spaces + echo "${other_args[@]}" +} + +function tfsummary() { + local plan_file + plan_file=$(parse_tfplan_option "$@") + if [ -z "$plan_file" ]; then + plan_file="tfplan" + fi + action="plan" + other="-out=${plan_file}" + other_actions + if [ -n "$(command -v tf-summarize)" ]; then + tf-summarize -tree "${plan_file}" + else + echo "tf-summarize is not installed" + fi + if [ "$plan_file" == "tfplan" ]; then + rm $plan_file + fi +} + +function update_script() { + # Check if the repository was cloned successfully + if ! curl -sL "$git_repo" -o "$tmp_file"; then + echo "Error cloning the repository" + rm "$tmp_file" 2>/dev/null + return 1 + fi + + # Check if a newer version exists + remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") + if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then + echo "The local script version is equal to or newer than the remote version." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Check the fingerprint + local_fingerprint=$(sed -n '4p' "$0") + remote_fingerprint=$(sed -n '4p' "$tmp_file") + + if [ "$local_fingerprint" != "$remote_fingerprint" ]; then + echo "The local and remote file fingerprints do not match." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Show the current and available versions to the user + echo "Current script version: $vers" + echo "Available script version: $remote_vers" + + # Ask the user if they want to update the script + read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer + + if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then + # Replace the local script with the updated version + cp "$tmp_file" "$script_name" + chmod +x "$script_name" + rm "$tmp_file" 2>/dev/null + + echo "Script successfully updated to version $remote_vers" + else + echo "Update canceled by the user" + fi + + rm "$tmp_file" 2>/dev/null +} + +# Check arguments number +if [ "$#" -lt 1 ]; then + help_usage + exit 0 +fi + +# Parse arguments +action=$1 +env=$2 +filetf=$3 +shift 2 +other=$@ + +if [ -n "$env" ]; then + # shellcheck source=/dev/null + source "./env/$env/backend.ini" + if [ -z "$(command -v az)" ]; then + echo "az not found, cannot proceed" + exit 1 + fi + az account set -s "${subscription}" +fi + +# Call appropriate function based on action +case $action in + clean) + clean_environment + ;; + ?|help|-h) + help_usage + ;; + init) + init_terraform "$other" + ;; + list) + list_env + ;; + output|state|taint|tflist) + init_terraform + state_output_taint_actions $other + ;; + summ) + init_terraform + tfsummary "$other" + ;; + tlock) + terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 + ;; + update) + update_script + ;; + *) + if [ "$FILE_ACTION" = true ]; then + extract_resources "$filetf" "$env" + else + init_terraform + other_actions "$other" + fi + ;; +esac diff --git a/src/copy/payopt-common/.terraform.lock.hcl b/src/copy/payopt-common/.terraform.lock.hcl new file mode 100644 index 0000000000..412a66cdaf --- /dev/null +++ b/src/copy/payopt-common/.terraform.lock.hcl @@ -0,0 +1,62 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.47.0" + constraints = "<= 2.47.0" + hashes = [ + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.116.0" + constraints = "~> 3.30, ~> 3.116.0, < 4.0.0" + hashes = [ + "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + constraints = "<= 3.2.2" + hashes = [ + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + ] +} diff --git a/src/copy/payopt-common/00_data.tf b/src/copy/payopt-common/00_data.tf new file mode 100644 index 0000000000..453409f78e --- /dev/null +++ b/src/copy/payopt-common/00_data.tf @@ -0,0 +1,4 @@ +data "azurerm_key_vault" "kv" { + name = "${local.project}-kv" + resource_group_name = "${local.project}-sec-rg" +} diff --git a/src/copy/payopt-common/00_monitor.tf b/src/copy/payopt-common/00_monitor.tf new file mode 100644 index 0000000000..3be0e0c27b --- /dev/null +++ b/src/copy/payopt-common/00_monitor.tf @@ -0,0 +1,45 @@ +# +# 🇮🇹 Monitor Italy +# +data "azurerm_resource_group" "monitor_italy_rg" { + name = var.monitor_italy_resource_group_name +} + +data "azurerm_log_analytics_workspace" "log_analytics_italy" { + name = var.log_analytics_italy_workspace_name + resource_group_name = var.log_analytics_italy_workspace_resource_group_name +} + +data "azurerm_application_insights" "application_insights_italy" { + name = local.monitor_appinsights_italy_name + resource_group_name = data.azurerm_resource_group.monitor_italy_rg.name +} + +# ### 🇪🇺 +# data "azurerm_resource_group" "monitor_rg" { +# name = var.monitor_resource_group_name +# } +# +# data "azurerm_log_analytics_workspace" "log_analytics" { +# name = var.log_analytics_workspace_name +# resource_group_name = var.log_analytics_workspace_resource_group_name +# } +# +# data "azurerm_application_insights" "application_insights" { +# name = local.monitor_appinsights_name +# resource_group_name = data.azurerm_resource_group.monitor_rg.name +# } + +# +# Action Groups +# +data "azurerm_monitor_action_group" "slack" { + resource_group_name = var.monitor_resource_group_name + name = local.monitor_action_group_slack_name +} + +data "azurerm_monitor_action_group" "email" { + resource_group_name = var.monitor_resource_group_name + name = local.monitor_action_group_email_name +} + diff --git a/src/copy/payopt-common/00_network.tf b/src/copy/payopt-common/00_network.tf new file mode 100644 index 0000000000..73fad2990a --- /dev/null +++ b/src/copy/payopt-common/00_network.tf @@ -0,0 +1,37 @@ +data "azurerm_virtual_network" "vnet_italy" { + name = local.vnet_italy_name + resource_group_name = local.vnet_italy_resource_group_name +} + +data "azurerm_resource_group" "rg_vnet_italy" { + name = local.vnet_italy_resource_group_name +} + +# +# Subnets +# +data "azurerm_subnet" "aks_subnet" { + name = local.aks_subnet_name + virtual_network_name = local.vnet_italy_name + resource_group_name = local.vnet_italy_resource_group_name +} + +# +# Private DNS Zones +# +data "azurerm_private_dns_zone" "internal" { + name = local.internal_dns_zone_name + resource_group_name = local.internal_dns_zone_resource_group_name +} + +# +# Eventhub +# +data "azurerm_private_dns_zone" "eventhub" { + name = "privatelink.servicebus.windows.net" + resource_group_name = local.msg_resource_group_name +} + +data "azurerm_resource_group" "rg_event_private_dns_zone" { + name = local.msg_resource_group_name +} diff --git a/src/copy/payopt-common/01_network.tf b/src/copy/payopt-common/01_network.tf new file mode 100644 index 0000000000..202f24163e --- /dev/null +++ b/src/copy/payopt-common/01_network.tf @@ -0,0 +1,14 @@ +resource "azurerm_private_dns_a_record" "ingress" { + name = local.ingress_hostname + zone_name = data.azurerm_private_dns_zone.internal.name + resource_group_name = local.internal_dns_zone_resource_group_name + ttl = 3600 + records = [var.ingress_load_balancer_ip] +} + +resource "azurerm_subnet" "eventhub_italy" { + name = "${local.project}-eventhub-snet" + resource_group_name = data.azurerm_resource_group.rg_vnet_italy.name + virtual_network_name = data.azurerm_virtual_network.vnet_italy.name + address_prefixes = var.cidr_paymentoptions_eventhub_italy +} diff --git a/src/copy/payopt-common/03_eventhub.tf b/src/copy/payopt-common/03_eventhub.tf new file mode 100644 index 0000000000..e8d3ee1f9e --- /dev/null +++ b/src/copy/payopt-common/03_eventhub.tf @@ -0,0 +1,86 @@ +resource "azurerm_resource_group" "eventhub_ita_rg" { + name = local.eventhub_resource_group_name + location = var.location + + tags = var.tags +} + +module "eventhub_namespace" { + source = "./.terraform/modules/__v3__/eventhub" + name = "${local.project}-evh" + location = var.location + resource_group_name = azurerm_resource_group.eventhub_ita_rg.name + auto_inflate_enabled = var.ehns_auto_inflate_enabled + sku = var.ehns_sku_name + capacity = var.ehns_capacity + maximum_throughput_units = var.ehns_maximum_throughput_units + #zone_redundat is always true + + virtual_network_ids = [data.azurerm_virtual_network.vnet_italy.id] + private_endpoint_subnet_id = azurerm_subnet.eventhub_italy.id + public_network_access_enabled = var.ehns_public_network_access + private_endpoint_created = var.ehns_private_endpoint_is_present + + private_endpoint_resource_group_name = azurerm_resource_group.eventhub_ita_rg.name + + private_dns_zones = { + id = [data.azurerm_private_dns_zone.eventhub.id] + name = [data.azurerm_private_dns_zone.eventhub.name] + resource_group_name = data.azurerm_resource_group.rg_event_private_dns_zone.name + } + + private_dns_zone_record_A_name = "${var.domain}.${var.location_short}" + + action = [ + { + action_group_id = data.azurerm_monitor_action_group.slack.id + webhook_properties = null + }, + { + action_group_id = data.azurerm_monitor_action_group.email.id + webhook_properties = null + } + ] + + metric_alerts_create = var.ehns_alerts_enabled + metric_alerts = var.ehns_metric_alerts + + tags = var.tags +} + +# +# CONFIGURATION +# +module "eventhub_paymentoptions_configuration" { + source = "./.terraform/modules/__v3__/eventhub_configuration" + count = var.is_feature_enabled.eventhub ? 1 : 0 + + event_hub_namespace_name = module.eventhub_namespace.name + event_hub_namespace_resource_group_name = azurerm_resource_group.eventhub_ita_rg.name + + eventhubs = [ + { + name = "${var.prefix}-${var.domain}-evh" + partitions = 1 + message_retention = 1 + consumers = [ + "${local.project}-payment-options-re-rx", + ] + keys = [ + { + name = "${local.project}-payment-options-re-tx" + listen = false + send = true + manage = false + }, + { + name = "${local.project}-payment-options-re-rx" # internal use + listen = true + send = false + manage = false + } + ] + }, + ] +} + diff --git a/src/copy/payopt-common/10_github_identity.tf b/src/copy/payopt-common/10_github_identity.tf new file mode 100644 index 0000000000..36a3cd077b --- /dev/null +++ b/src/copy/payopt-common/10_github_identity.tf @@ -0,0 +1,218 @@ +data "azurerm_resource_group" "identity_rg" { + name = "${local.product}-identity-rg" +} + +data "azurerm_kubernetes_cluster" "aks" { + name = "${local.product}-${var.location_short}-${var.instance}-aks" + resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg" +} + +data "azurerm_key_vault" "key_vault" { + name = "${local.product}-${var.location_short}-${var.domain}-kv" + resource_group_name = "${local.product}-${var.location_short}-${var.domain}-sec-rg" +} + +# repos must be lower than 20 items +locals { + repos_01 = [ + "pagopa-payment-options-service", + ] + + federations_01 = [ + for repo in local.repos_01 : { + repository = repo + subject = var.env + } + ] + + federations_01_pr = [ + for repo in local.repos_01 : { + repository = repo + subject = "pull_request" + } + ] + + federations_01_ref = [ + for repo in local.repos_01 : { + repository = repo + credentials_scope = "ref" + subject = "refs/heads/main" + } + ] + + + # to avoid subscription Contributor -> https://github.com/microsoft/azure-container-apps/issues/35 + environment_cd_roles = { + subscription = [ + "Contributor", + ] + resource_groups = { + "${local.product}-${var.location_short}-${var.domain}-sec-rg" = [ + "Key Vault Reader" + ], + "${local.product}-${var.location_short}-${var.env}-aks-rg" = [ + "Contributor" + ], + } + } +} + +# create a module for each 20 repos +module "identity_cd_01" { + source = "./.terraform/modules/__v3__/github_federated_identity" + # pagopa---github--identity + prefix = var.prefix + env_short = var.env_short + domain = "${var.domain}-01" + + identity_role = "cd" + + github_federations = local.federations_01 + + cd_rbac_roles = { + subscription_roles = local.environment_cd_roles.subscription + resource_groups = local.environment_cd_roles.resource_groups + } + + tags = var.tags + + depends_on = [ + data.azurerm_resource_group.identity_rg + ] +} + +resource "azurerm_key_vault_access_policy" "gha_iac_managed_identities" { + key_vault_id = data.azurerm_key_vault.key_vault.id + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = module.identity_cd_01.identity_principal_id + + secret_permissions = ["Get", "List", "Set", ] + + certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"] + key_permissions = [ + "Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "GetRotationPolicy" + ] + + storage_permissions = [] +} + +resource "null_resource" "github_runner_app_permissions_to_namespace_cd_01" { + triggers = { + aks_id = data.azurerm_kubernetes_cluster.aks.id + service_principal_id = module.identity_cd_01.identity_client_id + namespace = var.domain + version = "v2" + } + + provisioner "local-exec" { + command = < +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.6 | +| [azuread](#requirement\_azuread) | <= 2.47.0 | +| [azurerm](#requirement\_azurerm) | < 4.0.0 | +| [null](#requirement\_null) | <= 3.2.2 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [eventhub\_namespace](#module\_eventhub\_namespace) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v8.22.0 | +| [eventhub\_paymentoptions\_configuration](#module\_eventhub\_paymentoptions\_configuration) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub_configuration | v8.22.0 | +| [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 | +| [identity\_pr\_01](#module\_identity\_pr\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 | +| [identity\_ref\_01](#module\_identity\_ref\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.36.1 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_key_vault_access_policy.gha_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.gha_pr_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.gha_ref_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | +| [azurerm_resource_group.eventhub_ita_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_subnet.eventhub_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [azurerm_application_insights.application_insights_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_key_vault.key_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_kubernetes_cluster.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source | +| [azurerm_log_analytics_workspace.log_analytics_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | +| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_private_dns_zone.eventhub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_resource_group.rg_event_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_resource_group.rg_vnet_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_subnet.aks_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | +| [azurerm_virtual_network.vnet_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cidr\_paymentoptions\_eventhub\_italy](#input\_cidr\_paymentoptions\_eventhub\_italy) | Address prefixes for all evh accounts in italy. | `list(string)` | n/a | yes | +| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no | +| [dns\_zone\_platform](#input\_dns\_zone\_platform) | The platform dns subdomain. | `string` | `null` | no | +| [dns\_zone\_prefix](#input\_dns\_zone\_prefix) | The wallet dns subdomain. | `string` | `null` | no | +| [domain](#input\_domain) | n/a | `string` | n/a | yes | +| [ehns\_alerts\_enabled](#input\_ehns\_alerts\_enabled) | Event hub alerts enabled? | `bool` | n/a | yes | +| [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | n/a | yes | +| [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | n/a | yes | +| [ehns\_maximum\_throughput\_units](#input\_ehns\_maximum\_throughput\_units) | Specifies the maximum number of throughput units when Auto Inflate is Enabled | `number` | n/a | yes | +| [ehns\_metric\_alerts](#input\_ehns\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    metric_name = string
    description = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string

    dimension = list(object(
      {
        name     = string
        operator = string
        values   = list(string)
      }
    ))
  }))
| `{}` | no | +| [ehns\_private\_endpoint\_is\_present](#input\_ehns\_private\_endpoint\_is\_present) | (Required) create private endpoint to the event hubs | `bool` | n/a | yes | +| [ehns\_public\_network\_access](#input\_ehns\_public\_network\_access) | (Required) enables public network access to the event hubs | `bool` | n/a | yes | +| [ehns\_sku\_name](#input\_ehns\_sku\_name) | Defines which tier to use. | `string` | n/a | yes | +| [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | n/a | yes | +| [env](#input\_env) | n/a | `string` | n/a | yes | +| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | +| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | +| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | +| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [is\_feature\_enabled](#input\_is\_feature\_enabled) | n/a | 
object({
    eventhub = bool
  })
| 
{
  "eventhub": false
}
| no | +| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | +| [location\_short](#input\_location\_short) | One of wue, neu | `string` | `"itn"` | no | +| [log\_analytics\_italy\_workspace\_name](#input\_log\_analytics\_italy\_workspace\_name) | Specifies the name of the Log Analytics Workspace Italy. | `string` | n/a | yes | +| [log\_analytics\_italy\_workspace\_resource\_group\_name](#input\_log\_analytics\_italy\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace Italy is located in. | `string` | n/a | yes | +| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | +| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | +| [monitor\_italy\_resource\_group\_name](#input\_monitor\_italy\_resource\_group\_name) | Monitor Italy resource group name | `string` | n/a | yes | +| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | +| [prefix](#input\_prefix) | general | `string` | n/a | yes | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | + +## Outputs + +No outputs. + diff --git a/src/copy/payopt-common/env/itn-dev/backend.ini b/src/copy/payopt-common/env/itn-dev/backend.ini new file mode 100644 index 0000000000..f3ea2d530c --- /dev/null +++ b/src/copy/payopt-common/env/itn-dev/backend.ini @@ -0,0 +1 @@ +subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-common/env/itn-dev/backend.tfvars b/src/copy/payopt-common/env/itn-dev/backend.tfvars new file mode 100644 index 0000000000..d651547925 --- /dev/null +++ b/src/copy/payopt-common/env/itn-dev/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfdevpagopa" +container_name = "terraform-state" +key = "paymentoptions-common-dev.terraform.tfstate" diff --git a/src/copy/payopt-common/env/itn-dev/terraform.tfvars b/src/copy/payopt-common/env/itn-dev/terraform.tfvars new file mode 100644 index 0000000000..b6da44353b --- /dev/null +++ b/src/copy/payopt-common/env/itn-dev/terraform.tfvars @@ -0,0 +1,106 @@ +prefix = "pagopa" +env_short = "d" +env = "dev" +domain = "payopt" +location = "italynorth" +location_short = "itn" +instance = "dev" + +tags = { + CreatedBy = "Terraform" + Environment = "Dev" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### 🚩Features flags + +is_feature_enabled = { + eventhub = true +} + +### CIRDs + +cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"] + +### External resources + +monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" + +monitor_resource_group_name = "pagopa-d-monitor-rg" +log_analytics_workspace_name = "pagopa-d-law" +log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg" + +### Aks + +ingress_load_balancer_ip = "10.3.100.250" + +external_domain = "pagopa.it" +dns_zone_internal_prefix = "internal.dev.platform" + +# +# EventHub +# +ehns_sku_name = "Standard" + +# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002 +ehns_auto_inflate_enabled = false +ehns_maximum_throughput_units = 5 +ehns_capacity = 1 +ehns_alerts_enabled = false +ehns_zone_redundant = false + +ehns_public_network_access = true +ehns_private_endpoint_is_present = false + +ehns_metric_alerts = { + no_trx = { + aggregation = "Total" + metric_name = "IncomingMessages" + description = "No transactions received from acquirer in the last 24h" + operator = "LessThanOrEqual" + threshold = 1000 + frequency = "PT1H" + window_size = "P1D" + dimension = [ + { + name = "EntityName" + operator = "Include" + values = ["rtd-trx"] + } + ], + }, + active_connections = { + aggregation = "Average" + metric_name = "ActiveConnections" + description = null + operator = "LessThanOrEqual" + threshold = 0 + frequency = "PT5M" + window_size = "PT15M" + dimension = [], + }, + error_trx = { + aggregation = "Total" + metric_name = "IncomingMessages" + description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately" + operator = "GreaterThan" + threshold = 0 + frequency = "PT5M" + window_size = "PT30M" + dimension = [ + { + name = "EntityName" + operator = "Include" + values = [ + "nodo-dei-pagamenti-log", + "nodo-dei-pagamenti-re" + ] + } + ], + }, +} + diff --git a/src/copy/payopt-common/env/itn-prod/backend.ini b/src/copy/payopt-common/env/itn-prod/backend.ini new file mode 100644 index 0000000000..432abea37c --- /dev/null +++ b/src/copy/payopt-common/env/itn-prod/backend.ini @@ -0,0 +1 @@ +subscription=PROD-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-common/env/itn-prod/backend.tfvars b/src/copy/payopt-common/env/itn-prod/backend.tfvars new file mode 100644 index 0000000000..5532d8232f --- /dev/null +++ b/src/copy/payopt-common/env/itn-prod/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfprodpagopa" +container_name = "terraform-state" +key = "paymentoptions-common-prod.terraform.tfstate" diff --git a/src/copy/payopt-common/env/itn-prod/terraform.tfvars b/src/copy/payopt-common/env/itn-prod/terraform.tfvars new file mode 100644 index 0000000000..a70e0827de --- /dev/null +++ b/src/copy/payopt-common/env/itn-prod/terraform.tfvars @@ -0,0 +1,106 @@ +prefix = "pagopa" +env_short = "p" +env = "prod" +domain = "payopt" +location = "italynorth" +location_short = "itn" +instance = "prod" + +tags = { + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### 🚩Features flags + +is_feature_enabled = { + eventhub = true +} + +### CIRDs + +cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"] + +### External resources + +monitor_italy_resource_group_name = "pagopa-p-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-p-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-p-itn-core-monitor-rg" + +monitor_resource_group_name = "pagopa-p-monitor-rg" +log_analytics_workspace_name = "pagopa-p-law" +log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg" + +### Aks + +ingress_load_balancer_ip = "10.3.100.250" + +external_domain = "pagopa.it" +dns_zone_internal_prefix = "internal.platform" + +# +# EventHub +# +ehns_sku_name = "Standard" + +# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002 +ehns_auto_inflate_enabled = true +ehns_maximum_throughput_units = 5 +ehns_capacity = 5 +ehns_alerts_enabled = true +ehns_zone_redundant = true + +ehns_public_network_access = false +ehns_private_endpoint_is_present = true + +ehns_metric_alerts = { + no_trx = { + aggregation = "Total" + metric_name = "IncomingMessages" + description = "No transactions received from acquirer in the last 24h" + operator = "LessThanOrEqual" + threshold = 1000 + frequency = "PT1H" + window_size = "P1D" + dimension = [ + { + name = "EntityName" + operator = "Include" + values = ["rtd-trx"] + } + ], + }, + active_connections = { + aggregation = "Average" + metric_name = "ActiveConnections" + description = null + operator = "LessThanOrEqual" + threshold = 0 + frequency = "PT5M" + window_size = "PT15M" + dimension = [], + }, + error_trx = { + aggregation = "Total" + metric_name = "IncomingMessages" + description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately" + operator = "GreaterThan" + threshold = 0 + frequency = "PT5M" + window_size = "PT30M" + dimension = [ + { + name = "EntityName" + operator = "Include" + values = [ + "nodo-dei-pagamenti-log", + "nodo-dei-pagamenti-re" + ] + } + ], + }, +} + diff --git a/src/copy/payopt-common/env/itn-uat/backend.ini b/src/copy/payopt-common/env/itn-uat/backend.ini new file mode 100644 index 0000000000..1759a0ca0d --- /dev/null +++ b/src/copy/payopt-common/env/itn-uat/backend.ini @@ -0,0 +1 @@ +subscription=UAT-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-common/env/itn-uat/backend.tfvars b/src/copy/payopt-common/env/itn-uat/backend.tfvars new file mode 100644 index 0000000000..d1c07b27ff --- /dev/null +++ b/src/copy/payopt-common/env/itn-uat/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfuatpagopa" +container_name = "terraform-state" +key = "paymentoptions-common-uat.terraform.tfstate" diff --git a/src/copy/payopt-common/env/itn-uat/terraform.tfvars b/src/copy/payopt-common/env/itn-uat/terraform.tfvars new file mode 100644 index 0000000000..da838589de --- /dev/null +++ b/src/copy/payopt-common/env/itn-uat/terraform.tfvars @@ -0,0 +1,106 @@ +prefix = "pagopa" +env_short = "u" +env = "uat" +domain = "payopt" +location = "italynorth" +location_short = "itn" +instance = "uat" + +tags = { + CreatedBy = "Terraform" + Environment = "Uat" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### 🚩Features flags + +is_feature_enabled = { + eventhub = true +} + +### CIRDs + +cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"] + +### External resources + +monitor_italy_resource_group_name = "pagopa-u-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-u-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg" + +monitor_resource_group_name = "pagopa-u-monitor-rg" +log_analytics_workspace_name = "pagopa-u-law" +log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg" + +### Aks + +ingress_load_balancer_ip = "10.3.100.250" + +external_domain = "pagopa.it" +dns_zone_internal_prefix = "internal.uat.platform" + +# +# EventHub +# +ehns_sku_name = "Standard" + +# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002 +ehns_auto_inflate_enabled = true +ehns_maximum_throughput_units = 5 +ehns_capacity = 1 +ehns_alerts_enabled = false +ehns_zone_redundant = false + +ehns_public_network_access = false +ehns_private_endpoint_is_present = true + +ehns_metric_alerts = { + no_trx = { + aggregation = "Total" + metric_name = "IncomingMessages" + description = "No transactions received from acquirer in the last 24h" + operator = "LessThanOrEqual" + threshold = 1000 + frequency = "PT1H" + window_size = "P1D" + dimension = [ + { + name = "EntityName" + operator = "Include" + values = ["rtd-trx"] + } + ], + }, + active_connections = { + aggregation = "Average" + metric_name = "ActiveConnections" + description = null + operator = "LessThanOrEqual" + threshold = 0 + frequency = "PT5M" + window_size = "PT15M" + dimension = [], + }, + error_trx = { + aggregation = "Total" + metric_name = "IncomingMessages" + description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately" + operator = "GreaterThan" + threshold = 0 + frequency = "PT5M" + window_size = "PT30M" + dimension = [ + { + name = "EntityName" + operator = "Include" + values = [ + "nodo-dei-pagamenti-log", + "nodo-dei-pagamenti-re" + ] + } + ], + }, +} + diff --git a/src/copy/payopt-common/terraform.sh b/src/copy/payopt-common/terraform.sh new file mode 100755 index 0000000000..047a7512d0 --- /dev/null +++ b/src/copy/payopt-common/terraform.sh @@ -0,0 +1,324 @@ +#!/bin/bash +############################################################ +# Terraform script for managing infrastructure on Azure +# Fingerprint: d2hhdHlvdXdhbnQ/Cg== +############################################################ +# Global variables +# Version format x.y accepted +vers="1.11" +script_name=$(basename "$0") +git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" +tmp_file="${script_name}.new" +# Check if the third parameter exists and is a file +if [ -n "$3" ] && [ -f "$3" ]; then + FILE_ACTION=true +else + FILE_ACTION=false +fi + +# Define functions +function clean_environment() { + rm -rf .terraform + rm tfplan 2>/dev/null + echo "cleaned!" +} + +function download_tool() { + #default value + cpu_type="intel" + os_type=$(uname) + + # only on MacOS + if [ "$os_type" == "Darwin" ]; then + cpu_brand=$(sysctl -n machdep.cpu.brand_string) + if grep -q -i "intel" <<< "$cpu_brand"; then + cpu_type="intel" + else + cpu_type="arm" + fi + fi + + echo $cpu_type + tool=$1 + git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" + if ! command -v $tool &> /dev/null; then + if ! curl -sL "$git_repo" -o "$tool"; then + echo "Error downloading ${tool}" + return 1 + else + chmod +x $tool + echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. +You need to do it yourself!" + read -p "Press enter to continue" + + + fi + fi +} + +function extract_resources() { + TF_FILE=$1 + ENV=$2 + TARGETS="" + + # Check if the file exists + if [ ! -f "$TF_FILE" ]; then + echo "File $TF_FILE does not exist." + exit 1 + fi + + # Check if the directory exists + if [ ! -d "./env/$ENV" ]; then + echo "Directory ./env/$ENV does not exist." + exit 1 + fi + + TMP_FILE=$(mktemp) + grep -E '^resource|^module' $TF_FILE > $TMP_FILE + + while read -r line ; do + TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') + if [ "$TYPE" == "module" ]; then + NAME=$(echo $line | cut -d '"' -f 2) + TARGETS+=" -target=\"$TYPE.$NAME\"" + else + NAME1=$(echo $line | cut -d '"' -f 2) + NAME2=$(echo $line | cut -d '"' -f 4) + TARGETS+=" -target=\"$NAME1.$NAME2\"" + fi + done < $TMP_FILE + + rm $TMP_FILE + + echo "./terraform.sh $action $ENV $TARGETS" +} + +function help_usage() { + echo "terraform.sh Version ${vers}" + echo + echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" + echo "es. ACTION: init, apply, plan, etc." + echo "es. ENV: dev, uat, prod, etc." + echo + echo "Available actions:" + echo " clean Remove .terraform* folders and tfplan files" + echo " help This help" + echo " list List every environment available" + echo " update Update this script if possible" + echo " summ Generate summary of Terraform plan" + echo " tflist Generate an improved output of terraform state list" + echo " tlock Generate or update the dependency lock file" + echo " * any terraform option" +} + +function init_terraform() { + if [ -n "$env" ]; then + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" + else + echo "ERROR: no env configured!" + exit 1 + fi +} + +function list_env() { + # Check if env directory exists + if [ ! -d "./env" ]; then + echo "No environment directory found" + exit 1 + fi + + # List subdirectories under env directory + env_list=$(ls -d ./env/*/ 2>/dev/null) + + # Check if there are any subdirectories + if [ -z "$env_list" ]; then + echo "No environments found" + exit 1 + fi + + # Print the list of environments + echo "Available environments:" + for env in $env_list; do + env_name=$(echo "$env" | sed 's#./env/##;s#/##') + echo "- $env_name" + done +} + +function other_actions() { + if [ -n "$env" ] && [ -n "$action" ]; then + terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other + else + echo "ERROR: no env or action configured!" + exit 1 + fi +} + +function state_output_taint_actions() { + if [ "$action" == "tflist" ]; then + # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, + # attempt to download the 'tflist' tool + if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then + download_tool "tflist" + if [ $? -ne 0 ]; then + echo "Error: Failed to download tflist!!" + exit 1 + else + echo "tflist downloaded!" + fi + fi + if command -v tflist &> /dev/null; then + terraform state list | tflist + else + terraform state list | ./tflist + fi + else + terraform $action $other + fi +} + + +function parse_tfplan_option() { + # Create an array to contain arguments that do not start with '-tfplan=' + local other_args=() + + # Loop over all arguments + for arg in "$@"; do + # If the argument starts with '-tfplan=', extract the file name + if [[ "$arg" =~ ^-tfplan= ]]; then + echo "${arg#*=}" + else + # If the argument does not start with '-tfplan=', add it to the other_args array + other_args+=("$arg") + fi + done + + # Print all arguments in other_args separated by spaces + echo "${other_args[@]}" +} + +function tfsummary() { + local plan_file + plan_file=$(parse_tfplan_option "$@") + if [ -z "$plan_file" ]; then + plan_file="tfplan" + fi + action="plan" + other="-out=${plan_file}" + other_actions + if [ -n "$(command -v tf-summarize)" ]; then + tf-summarize -tree "${plan_file}" + else + echo "tf-summarize is not installed" + fi + if [ "$plan_file" == "tfplan" ]; then + rm $plan_file + fi +} + +function update_script() { + # Check if the repository was cloned successfully + if ! curl -sL "$git_repo" -o "$tmp_file"; then + echo "Error cloning the repository" + rm "$tmp_file" 2>/dev/null + return 1 + fi + + # Check if a newer version exists + remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") + if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then + echo "The local script version is equal to or newer than the remote version." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Check the fingerprint + local_fingerprint=$(sed -n '4p' "$0") + remote_fingerprint=$(sed -n '4p' "$tmp_file") + + if [ "$local_fingerprint" != "$remote_fingerprint" ]; then + echo "The local and remote file fingerprints do not match." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Show the current and available versions to the user + echo "Current script version: $vers" + echo "Available script version: $remote_vers" + + # Ask the user if they want to update the script + read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer + + if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then + # Replace the local script with the updated version + cp "$tmp_file" "$script_name" + chmod +x "$script_name" + rm "$tmp_file" 2>/dev/null + + echo "Script successfully updated to version $remote_vers" + else + echo "Update canceled by the user" + fi + + rm "$tmp_file" 2>/dev/null +} + +# Check arguments number +if [ "$#" -lt 1 ]; then + help_usage + exit 0 +fi + +# Parse arguments +action=$1 +env=$2 +filetf=$3 +shift 2 +other=$@ + +if [ -n "$env" ]; then + # shellcheck source=/dev/null + source "./env/$env/backend.ini" + if [ -z "$(command -v az)" ]; then + echo "az not found, cannot proceed" + exit 1 + fi + az account set -s "${subscription}" +fi + +# Call appropriate function based on action +case $action in + clean) + clean_environment + ;; + ?|help|-h) + help_usage + ;; + init) + init_terraform "$other" + ;; + list) + list_env + ;; + output|state|taint|tflist) + init_terraform + state_output_taint_actions $other + ;; + summ) + init_terraform + tfsummary "$other" + ;; + tlock) + terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 + ;; + update) + update_script + ;; + *) + if [ "$FILE_ACTION" = true ]; then + extract_resources "$filetf" "$env" + else + init_terraform + other_actions "$other" + fi + ;; +esac diff --git a/src/copy/payopt-secrets/.terraform.lock.hcl b/src/copy/payopt-secrets/.terraform.lock.hcl new file mode 100644 index 0000000000..e6e5cedf47 --- /dev/null +++ b/src/copy/payopt-secrets/.terraform.lock.hcl @@ -0,0 +1,102 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.47.0" + constraints = "<= 2.47.0" + hashes = [ + "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", + "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", + "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", + "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", + "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", + "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", + "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", + "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", + "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", + "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", + "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.106.0" + constraints = "~> 3.30, <= 3.106.0" + hashes = [ + "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=", + "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47", + "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038", + "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055", + "zh:5e234c0a2f3c9677ea72b2a6e6ca90defb99fab29ae565f5d1f70728ba4ba78f", + "zh:83fd042ece6977429d79affd03d6ce963d2f122604dbf15a1abf203d7a7bbc8a", + "zh:93027e1f66b3bf83398d572d4e6f6e7777330c78c54da3226dadd50fd868ada9", + "zh:ae3d1dd66140c303df97d93c47a60f16735ce17cf156f45475dcee4a7360af5b", + "zh:daf9d2eb89e785458a76b88bf2ef0696c472094c77cc9cff3b3ea4b885c5a482", + "zh:dd46370141651e6549da6d85e25c7a6770c47581bbaaa27eda2886d41d849747", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f77405c0d8f6e0d93d9da83256b3b02c164bad4c791ed9604310ff02ae086ad1", + "zh:ffa769147bda833aef8802e3a391bd175ec749862764d61cbdaa8200d5b8f893", + ] +} + +provider "registry.terraform.io/hashicorp/external" { + version = "2.2.3" + constraints = "<= 2.2.3" + hashes = [ + "h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=", + "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", + "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", + "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", + "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387", + "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a", + "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32", + "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353", + "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f", + "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a", + "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.16.1" + constraints = "<= 2.16.1" + hashes = [ + "h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=", + "zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c", + "zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f", + "zh:3a479014187af1d0aec3a1d3d9c09551b801956fe6dd29af1186dec86712731b", + "zh:73fb0a69f1abdb02858b6589f7fab6d989a0f422f7ad95ed662aaa84872d3473", + "zh:a33852cd382cbc8e06d3f6c018b468ad809d24d912d64722e037aed1f9bf39db", + "zh:b533ff2214dca90296b1d22eace7eaa7e3efe5a7ae9da66a112094abc932db4f", + "zh:ddf74d8bb1aeb01dc2c36ef40e2b283d32b2a96db73f6daaf179fa2f10949c80", + "zh:e720f3a15d34e795fa9ff90bc755e838ebb4aef894aa2a423fb16dfa6d6b0667", + "zh:e789ae70a658800cb0a19ef7e4e9b26b5a38a92b43d1f41d64fc8bb46539cefb", + "zh:e8aed7dc0bd8f843d607dee5f72640dbef6835a8b1c6ea12cea5b4ec53e463f7", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb3ac4f43c8b0dfc0b0103dd0f062ea72b3a34518d4c8808e3a44c9a3dd5f024", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + constraints = "~> 3.2, <= 3.2.1" + hashes = [ + "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} diff --git a/src/copy/payopt-secrets/00_azuread.tf b/src/copy/payopt-secrets/00_azuread.tf new file mode 100644 index 0000000000..14a0893a9f --- /dev/null +++ b/src/copy/payopt-secrets/00_azuread.tf @@ -0,0 +1,16 @@ +# Azure AD +data "azuread_group" "adgroup_admin" { + display_name = "${local.product}-adgroup-admin" +} + +data "azuread_group" "adgroup_developers" { + display_name = "${local.product}-adgroup-developers" +} + +data "azuread_group" "adgroup_externals" { + display_name = "${local.product}-adgroup-externals" +} + +data "azuread_group" "adgroup_security" { + display_name = "${local.product}-adgroup-security" +} \ No newline at end of file diff --git a/src/copy/payopt-secrets/01_keyvault.tf b/src/copy/payopt-secrets/01_keyvault.tf new file mode 100644 index 0000000000..c91ffe6e9c --- /dev/null +++ b/src/copy/payopt-secrets/01_keyvault.tf @@ -0,0 +1,101 @@ +resource "azurerm_resource_group" "sec_rg" { + name = "${local.product}-${var.location_short}-${var.domain}-sec-rg" + location = var.location + + tags = var.tags +} + +module "key_vault" { + source = "./.terraform/modules/__v3__/key_vault" + + name = "${local.product}-${var.location_short}-${var.domain}-kv" + location = azurerm_resource_group.sec_rg.location + resource_group_name = azurerm_resource_group.sec_rg.name + tenant_id = data.azurerm_client_config.current.tenant_id + soft_delete_retention_days = 90 + + tags = var.tags +} + +## ad group policy ## +resource "azurerm_key_vault_access_policy" "ad_group_policy" { + key_vault_id = module.key_vault.id + + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azuread_group.adgroup_admin.object_id + + key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Backup", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", "Release", "Rotate", "GetRotationPolicy", "SetRotationPolicy"] + secret_permissions = ["Get", "List", "Set", "Delete", "Backup", "Purge", "Recover", "Restore"] + storage_permissions = [] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Purge", "Recover", ] +} + +## ad group policy ## +resource "azurerm_key_vault_access_policy" "adgroup_developers_policy" { + count = var.env_short != "p" ? 1 : 0 + + key_vault_id = module.key_vault.id + + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azuread_group.adgroup_developers.object_id + + key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Recover", "Rotate", "GetRotationPolicy"] + secret_permissions = ["Get", "List", "Set", "Delete", "Recover", ] + storage_permissions = [] + certificate_permissions = [ + "Get", "List", "Update", "Create", "Import", + "Delete", "Restore", "Purge", "Recover" + ] +} + +## ad group policy ## +resource "azurerm_key_vault_access_policy" "adgroup_externals_policy" { + count = var.env_short != "p" ? 1 : 0 + + key_vault_id = module.key_vault.id + + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azuread_group.adgroup_externals.object_id + + key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Recover", "Rotate", "GetRotationPolicy"] + secret_permissions = ["Get", "List", "Set", "Delete", "Recover", ] + storage_permissions = [] + certificate_permissions = [ + "Get", "List", "Update", "Create", "Import", + "Delete", "Restore", "Purge", "Recover" + ] +} + +## ad group policy ## +data "azuread_service_principal" "iac_principal" { + count = var.enable_iac_pipeline ? 1 : 0 + display_name = "pagopaspa-pagoPA-iac-${data.azurerm_subscription.current.subscription_id}" +} + +resource "azurerm_key_vault_access_policy" "azdevops_iac_policy" { + count = var.enable_iac_pipeline ? 1 : 0 + key_vault_id = module.key_vault.id + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azuread_service_principal.iac_principal[0].object_id + + secret_permissions = ["Get", "List", "Set", ] + certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"] + key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt"] + + storage_permissions = [] +} + +################ +## Secrets ## +################ + +# create json letsencrypt inside kv +# requierd: Docker +module "letsencrypt_paymentoptions" { + source = "./.terraform/modules/__v3__/letsencrypt_credential" + + prefix = var.prefix + env = var.env_short + key_vault_name = module.key_vault.name + subscription_name = local.subscription_name +} diff --git a/src/copy/payopt-secrets/02_azdo.tf b/src/copy/payopt-secrets/02_azdo.tf new file mode 100644 index 0000000000..5683ffec89 --- /dev/null +++ b/src/copy/payopt-secrets/02_azdo.tf @@ -0,0 +1,23 @@ +# +# Policy +# + +data "azurerm_user_assigned_identity" "iac_federated_azdo" { + for_each = local.azdo_iac_managed_identities + name = each.key + resource_group_name = local.azdo_managed_identity_rg_name +} + +resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" { + for_each = local.azdo_iac_managed_identities + + key_vault_id = module.key_vault.id + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id + + secret_permissions = ["Get", "List", "Set", ] + + certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"] + + storage_permissions = [] +} diff --git a/src/copy/payopt-secrets/02_init_sops.tf b/src/copy/payopt-secrets/02_init_sops.tf new file mode 100644 index 0000000000..e93d0651a0 --- /dev/null +++ b/src/copy/payopt-secrets/02_init_sops.tf @@ -0,0 +1,21 @@ +moved { + from = azurerm_key_vault_key.generated + to = azurerm_key_vault_key.sops_key +} + +resource "azurerm_key_vault_key" "sops_key" { + name = "${local.product}-${var.domain}-sops-key" + key_vault_id = module.key_vault.id + key_type = "RSA" + key_size = 2048 + + key_opts = [ + "decrypt", + "encrypt", + ] + + depends_on = [ + azurerm_key_vault_access_policy.adgroup_developers_policy, + azurerm_key_vault_access_policy.ad_group_policy, + ] +} diff --git a/src/copy/payopt-secrets/03_sops_secrets.tf b/src/copy/payopt-secrets/03_sops_secrets.tf new file mode 100644 index 0000000000..aa759d304e --- /dev/null +++ b/src/copy/payopt-secrets/03_sops_secrets.tf @@ -0,0 +1,54 @@ +moved { + from = data.external.external2 + to = data.external.terrasops +} + +data "external" "terrasops" { + program = [ + "bash", "terrasops.sh" + ] + query = { + env = "${var.location_short}-${var.env}" + } + +} + +locals { + all_enc_secrets_value = can(data.external.terrasops.result) ? flatten([ + for k, v in data.external.terrasops.result : { + valore = v + chiave = k + } + ]) : [] + + config_secret_data = jsondecode(file(var.input_file)) + all_config_secrets_value = flatten([ + for kc, vc in local.config_secret_data : { + valore = vc + chiave = kc + } + ]) + + all_secrets_value = concat(local.all_config_secrets_value, local.all_enc_secrets_value) +} + +## SOPS secrets + +## Upload all encrypted secrets +resource "azurerm_key_vault_secret" "secret" { + for_each = { for i, v in local.all_secrets_value : local.all_secrets_value[i].chiave => i } + + key_vault_id = module.key_vault.id + name = local.all_secrets_value[each.value].chiave + value = local.all_secrets_value[each.value].valore + + depends_on = [ + module.key_vault, + azurerm_key_vault_key.sops_key, + data.external.terrasops, + azurerm_key_vault_access_policy.adgroup_developers_policy, + azurerm_key_vault_access_policy.ad_group_policy, + ] +} + +# ⚠️ The secrets from resources are set in paymentoptions-app to avoid circular dependency diff --git a/src/copy/payopt-secrets/99_locals.tf b/src/copy/payopt-secrets/99_locals.tf new file mode 100644 index 0000000000..084cb86f0c --- /dev/null +++ b/src/copy/payopt-secrets/99_locals.tf @@ -0,0 +1,11 @@ +locals { + project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" + product = "${var.prefix}-${var.env_short}" + + + subscription_name = "${var.env}-${var.prefix}" + + azdo_managed_identity_rg_name = "pagopa-${var.env_short}-identity-rg" + azdo_iac_managed_identities = toset(["azdo-${var.env}-pagopa-iac-deploy", "azdo-${var.env}-pagopa-iac-plan"]) + +} diff --git a/src/copy/payopt-secrets/99_main.tf b/src/copy/payopt-secrets/99_main.tf new file mode 100644 index 0000000000..9d3239722c --- /dev/null +++ b/src/copy/payopt-secrets/99_main.tf @@ -0,0 +1,48 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<= 3.106.0" + } + azuread = { + source = "hashicorp/azuread" + version = "<= 2.47.0" + } + null = { + source = "hashicorp/null" + version = "<= 3.2.1" + } + external = { + source = "hashicorp/external" + version = "<= 2.2.3" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "<= 2.16.1" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features { + key_vault { + purge_soft_delete_on_destroy = false + } + } +} + +provider "kubernetes" { + config_path = "~/.kube/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks" + config_context = "${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks" +} + +data "azurerm_subscription" "current" {} + +data "azurerm_client_config" "current" {} + +module "__v3__" { + # v8.60.0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" +} diff --git a/src/copy/payopt-secrets/99_variables.tf b/src/copy/payopt-secrets/99_variables.tf new file mode 100644 index 0000000000..3a7cff7fcf --- /dev/null +++ b/src/copy/payopt-secrets/99_variables.tf @@ -0,0 +1,101 @@ +# general + +variable "prefix" { + type = string + validation { + condition = ( + length(var.prefix) <= 6 + ) + error_message = "Max length is 6 chars." + } +} + +variable "env" { + type = string +} + +variable "env_short" { + type = string + validation { + condition = ( + length(var.env_short) == 1 + ) + error_message = "Length must be 1 chars." + } +} + +variable "domain" { + type = string + validation { + condition = ( + length(var.domain) <= 12 + ) + error_message = "Max length is 12 chars." + } +} + +variable "location" { + type = string + description = "One of westeurope, northeurope" +} + +variable "location_short" { + type = string + validation { + condition = ( + length(var.location_short) == 3 + ) + error_message = "Length must be 3 chars." + } + description = "One of weu, itn" +} + +variable "instance" { + type = string + description = "One of beta, prod01, prod02" +} + +variable "tags" { + type = map(any) + default = { + CreatedBy = "Terraform" + } +} + +### + +variable "input_file" { + type = string + description = "secret json file" +} + +variable "enable_iac_pipeline" { + type = bool + description = "If true create the key vault policy to allow used by azure devops iac pipelines." + default = false +} + + +variable "kv-key-permissions-read" { + type = list(string) + description = "List of read key permissions" + default = ["Get", "List"] +} + +variable "kv-secret-permissions-read" { + type = list(string) + description = "List of read secret permissions" + default = ["Get", "List"] +} + +variable "kv-certificate-permissions-read" { + type = list(string) + description = "List of read certificate permissions" + default = ["Get", "GetIssuers", "List", "ListIssuers"] +} + +variable "kv-storage-permissions-read" { + type = list(string) + description = "List of read storage permissions" + default = ["Get", "GetSAS", "List", "ListSAS"] +} diff --git a/src/copy/payopt-secrets/README.md b/src/copy/payopt-secrets/README.md new file mode 100644 index 0000000000..d167e6b2e7 --- /dev/null +++ b/src/copy/payopt-secrets/README.md @@ -0,0 +1,65 @@ +# paymentoptions-secrets + + +## Requirements + +| Name | Version | +|------|---------| +| [azuread](#requirement\_azuread) | <= 2.47.0 | +| [azurerm](#requirement\_azurerm) | <= 3.106.0 | +| [external](#requirement\_external) | <= 2.2.3 | +| [kubernetes](#requirement\_kubernetes) | <= 2.16.1 | +| [null](#requirement\_null) | <= 3.2.1 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.22.0 | +| [letsencrypt\_paymentoptions](#module\_letsencrypt\_paymentoptions) | git::https://github.com/pagopa/terraform-azurerm-v3.git///letsencrypt_credential | v8.44.0 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_key_vault_access_policy.ad_group_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.adgroup_developers_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.adgroup_externals_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.azdevops_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.azdevops_iac_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_key.sops_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource | +| [azurerm_key_vault_secret.secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | +| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | +| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | +| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | +| [azuread_service_principal.iac_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | +| [azurerm_user_assigned_identity.iac_federated_azdo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | +| [external_external.terrasops](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [domain](#input\_domain) | n/a | `string` | n/a | yes | +| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no | +| [env](#input\_env) | n/a | `string` | n/a | yes | +| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | +| [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes | +| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | 
[
  "Get",
  "GetIssuers",
  "List",
  "ListIssuers"
]
| no | +| [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | 
[
  "Get",
  "List"
]
| no | +| [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | 
[
  "Get",
  "List"
]
| no | +| [kv-storage-permissions-read](#input\_kv-storage-permissions-read) | List of read storage permissions | `list(string)` | 
[
  "Get",
  "GetSAS",
  "List",
  "ListSAS"
]
| no | +| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | +| [location\_short](#input\_location\_short) | One of weu, itn | `string` | n/a | yes | +| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | + +## Outputs + +No outputs. + diff --git a/src/copy/payopt-secrets/env/itn-dev/backend.ini b/src/copy/payopt-secrets/env/itn-dev/backend.ini new file mode 100644 index 0000000000..f3ea2d530c --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-dev/backend.ini @@ -0,0 +1 @@ +subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-secrets/env/itn-dev/backend.tfvars b/src/copy/payopt-secrets/env/itn-dev/backend.tfvars new file mode 100644 index 0000000000..324e5f4b9d --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-dev/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfdevpagopa" +container_name = "terraform-state" +key = "paymentoptions-secret-dev.terraform.tfstate" diff --git a/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars b/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars new file mode 100644 index 0000000000..4cb569abdb --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars @@ -0,0 +1,30 @@ +prefix = "pagopa" +env_short = "d" +env = "dev" +domain = "payopt" +location = "italynorth" +location_short = "itn" +instance = "dev" + +tags = { + CreatedBy = "Terraform" + Environment = "Dev" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### External resources + +monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" + +input_file = "./secret/itn-dev/configs.json" + +enable_iac_pipeline = true + + + + + diff --git a/src/copy/payopt-secrets/env/itn-prod/backend.ini b/src/copy/payopt-secrets/env/itn-prod/backend.ini new file mode 100644 index 0000000000..6318425346 --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-prod/backend.ini @@ -0,0 +1 @@ +subscription=PROD-pagoPA diff --git a/src/copy/payopt-secrets/env/itn-prod/backend.tfvars b/src/copy/payopt-secrets/env/itn-prod/backend.tfvars new file mode 100644 index 0000000000..9b18697702 --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-prod/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfprodpagopa" +container_name = "terraform-state" +key = "paymentoptions-secret-prod.terraform.tfstate" diff --git a/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars b/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars new file mode 100644 index 0000000000..4e852fe9cf --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars @@ -0,0 +1,30 @@ +prefix = "pagopa" +env_short = "p" +env = "prod" +domain = "paymentoptns" +location = "payopt" +location_short = "itn" +instance = "prod" + +tags = { + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### External resources + +monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" + +input_file = "./secret/itn-prod/configs.json" + +enable_iac_pipeline = true + + + + + diff --git a/src/copy/payopt-secrets/env/itn-uat/backend.ini b/src/copy/payopt-secrets/env/itn-uat/backend.ini new file mode 100644 index 0000000000..1a014151dc --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-uat/backend.ini @@ -0,0 +1 @@ +subscription=UAT-pagoPA diff --git a/src/copy/payopt-secrets/env/itn-uat/backend.tfvars b/src/copy/payopt-secrets/env/itn-uat/backend.tfvars new file mode 100644 index 0000000000..2f949683b5 --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-uat/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "terraform-state-rg" +storage_account_name = "tfinfuatpagopa" +container_name = "terraform-state" +key = "paymentoptions-secret-uat.terraform.tfstate" diff --git a/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars b/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars new file mode 100644 index 0000000000..170edb7557 --- /dev/null +++ b/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars @@ -0,0 +1,27 @@ +prefix = "pagopa" +env_short = "u" +env = "uat" +domain = "payopt" +location = "italynorth" +location_short = "itn" +instance = "uat" + +tags = { + CreatedBy = "Terraform" + Environment = "Uat" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} + +### External resources + +monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" + +input_file = "./secret/itn-uat/configs.json" + +enable_iac_pipeline = true + +force = "v1" diff --git a/src/copy/payopt-secrets/secret/itn-dev/configs.json b/src/copy/payopt-secrets/secret/itn-dev/configs.json new file mode 100644 index 0000000000..9e26dfeeb6 --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-dev/configs.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json b/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json new file mode 100644 index 0000000000..6c3c1af837 --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json @@ -0,0 +1,22 @@ +{ + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-d-itn-payopt-kv.vault.azure.net", + "name": "pagopa-d-payopt-sops-key", + "version": "3cfc1dcd61ee4a9bb4bff1fd4e5d45f1", + "created_at": "2024-11-28T14:36:24Z", + "enc": "vpf4sFWuobCrXfjbD0TXrg8Tv31mVZngHunMNN_tL_wMI38V11PI1yJtx9XiHiC1Mf84mlKCq8OeOwB9kMQacsngGuVtE1hTMBIGqd2mbmXoKKHXQfyoczXOMTgUGCtrpAHBvO86BX6ONbRIz9WFYnXBntDk6CkVDFYVTwiViO77nSo6LpxG_PG9cBS_Am_gdzDZxM1gMJx3OrIxuEIaQ_l9LuO35Wtx1DW8hrD95xSNEaRUOxZr9bzAHtZYvKEeWdj2AzZCxkL8ikMVB1fpi5qpOzpnEDl9HMylxExET7E6Nhbl8eUXNRJi00MCNC6HeOcPdYd8gPHYtHdefThmVg" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-11-28T14:36:26Z", + "mac": "ENC[AES256_GCM,data:hkNbqIGNsyia2OK0mRXYMD3sLz4Sgc8mLuUaVCVmuVw8XSFBjrVDK5Vn1Z77xh34a9PFhW7ovWndeAO0tCwWVrFoL3vO9UhHGhoihUGy81SbmawJruF4DR+f3BTrk1lEIE39nAUHbikS97GknfTH8aZbOFupAd+hCXFO1DkHZ5g=,iv:QZEf/HHOtth8xX5+d0/omA3LAzSlzFLO5tdz6B6ZJ9o=,tag:+FnEej6YVzQ5vFLd1MwbCA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-dev/secret.ini b/src/copy/payopt-secrets/secret/itn-dev/secret.ini new file mode 100644 index 0000000000..1cf65b61b0 --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-dev/secret.ini @@ -0,0 +1,3 @@ +file_crypted="noedit_secret_enc.json" +kv_name="pagopa-d-itn-payopt-kv" +kv_sops_key_name="pagopa-d-payopt-sops-key" diff --git a/src/copy/payopt-secrets/secret/itn-prod/configs.json b/src/copy/payopt-secrets/secret/itn-prod/configs.json new file mode 100644 index 0000000000..9e26dfeeb6 --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-prod/configs.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-prod/secret.ini b/src/copy/payopt-secrets/secret/itn-prod/secret.ini new file mode 100644 index 0000000000..61a2254ac6 --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-prod/secret.ini @@ -0,0 +1,3 @@ +file_crypted="noedit_secret_enc.json" +kv_name="pagopa-p-itn-payopt-kv" +kv_sops_key_name="pagopa-p-payopt-sops-key" diff --git a/src/copy/payopt-secrets/secret/itn-uat/configs.json b/src/copy/payopt-secrets/secret/itn-uat/configs.json new file mode 100644 index 0000000000..9e26dfeeb6 --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-uat/configs.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json b/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json new file mode 100644 index 0000000000..878e035cff --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json @@ -0,0 +1,22 @@ +{ + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-u-itn-payopt-kv.vault.azure.net", + "name": "pagopa-u-payopt-sops-key", + "version": "391d59d66b2e4c118246648bf60dc813", + "created_at": "2024-11-28T14:41:50Z", + "enc": "dyWl_4p70QqcfQsqmIABzVxCWauyBDVZIg9WsqjoAfhNWbCbYvzXbjCiIJhOUJK_4H-EHDb70bnIG4HyIhNmEoNhQD69R9YDkQvJs146WOfBeUT4EO7xcXcM0wZEwjkeQq0PwkVRVvufColcIhlNKg0VMDCK6K2vRijAHAT4P9-gWrVukCnLYP2mlgXKmjX51CQVOV9S97LJEXzl4ki3mI8DGrGYX9qY9uZb6har_8MJaxAAAwcCkz5OYeAImDnz4f_t3ZcIpy4LeG1rubJCNnAxBLCXxL7lt4m-nwcclLQMd_a1U-DyyoOS03_2KwTYkhQI0YnXS9xancsdWXwK9g" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-11-28T14:41:51Z", + "mac": "ENC[AES256_GCM,data:Umg7BLjeiSk1FSp+ozRgtM/EAmf4SD0wvTJvlrNpmv7hi5g+rn1V2/OoyS7xxnQg4eqDNOJSs3mDfcdHfMffYs2mNxNl8H91SYYkgH85VZYHKShUVS4o5bKwAvyDPmB4qRJ/aAlFGUWMVobGUuBSDP1/GT0Md7Ic4qeYaaepN9k=,iv:ZfMS6ik70+Ctv+/wmy4gfWvrH1+5QIHkp1v+K6n0wbQ=,tag:bAW+DPq9SLrvjvSOXleczw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-uat/secret.ini b/src/copy/payopt-secrets/secret/itn-uat/secret.ini new file mode 100644 index 0000000000..c16aa7f137 --- /dev/null +++ b/src/copy/payopt-secrets/secret/itn-uat/secret.ini @@ -0,0 +1,3 @@ +file_crypted="noedit_secret_enc.json" +kv_name="pagopa-u-itn-payopt-kv" +kv_sops_key_name="pagopa-u-payopt-sops-key" diff --git a/src/copy/payopt-secrets/sops.sh b/src/copy/payopt-secrets/sops.sh new file mode 100755 index 0000000000..347b11d0ef --- /dev/null +++ b/src/copy/payopt-secrets/sops.sh @@ -0,0 +1,137 @@ +#!/bin/bash + +# set -x # Uncomment this line to enable debug mode + +# +# how to use `sh sops.sh` +# ℹ️ This script allows you to create a sops file with the relative azure key, +# it also allows you to edit the secrets and add them with the script. +# ℹ️ This script also uses an inventory file under the "./secret//secret.ini" +# directory to load environment variables. +# + +action=$1 +env=$2 +shift 2 +# shellcheck disable=SC2034 +other=( "$@" ) + +if [ -z "$action" ]; then + helpmessage=$(cat < -> decrypt json file in specified environment + example: ./sops.sh d itn-dev + example: ./sops.sh decrypt itn-dev + +./sops.sh s -> search in enc file in specified environment + example: ./sops.sh s itn-dev + example: ./sops.sh search itn-dev + +./sops.sh n -> create new file enc json template in specified environment + example: ./sops.sh n itn-dev + example: ./sops.sh new itn-dev + +./sops.sh a -> add new secret record to enc json in specified environment + example: ./sops.sh a itn-dev + example: ./sops.sh add itn-dev + +./sops.sh e -> edit enc json record in specified environment + example: ./sops.sh e itn-dev + example: ./sops.sh edit itn-dev + +./sops.sh f -> enc a json file in a specified environment + example: ./sops.sh f itn-dev + +EOF +) + echo "$helpmessage" + exit 0 +fi + +if [ -z "$env" ]; then + echo "env should be something like: itn-dev, itn-uat or itn-prod." + exit 0 +fi + +echo "🔨 Mandatory variables are correct" +file_crypted="" +kv_name="" +kv_sops_key_name="" + +# shellcheck disable=SC1090 +source "./secret/$env/secret.ini" + +echo "🔨 All variables loaded" + +# Check if kv_name and file_crypted variables are not empty +if [ -z "${kv_name}" ]; then + echo "❌ Error: kv_name variable is not defined correctly." + exit 1 +fi + +if [ -z "$file_crypted" ]; then + echo "❌ Error: file_crypted variable is not defined correctly." + exit 1 +fi + +encrypted_file_path="./secret/$env/$file_crypted" + +# Check if the key exists in the Key Vault +# shellcheck disable=SC2154 +kv_key_url=$(az keyvault key show --vault-name "$kv_name" --name "$kv_sops_key_name" --query "key.kid" -o tsv) +if [ -z "$kv_key_url" ]; then + echo "❌ The key does not exist." + exit 1 +fi +echo "[INFO] Key URL: $kv_key_url" + +echo "🔨 Key URL loaded correctly" + +if echo "d decrypt a add s search n new e edit f" | grep -w "$action" > /dev/null; then + case $action in + "d"|"decrypt") + sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path" + if [ $? -eq 1 ]; then + echo "❌ File $encrypted_file_path NOT encrypted" + exit 0 + fi + ;; + "s"|"search") + read -r -p 'key: ' key + sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path" | grep -i "$key" + ;; + "a"|"add") + read -r -p 'key: ' key + read -r -p 'value: ' value + sops -i --set '["'"$key"'"] "'"$value"'"' --azure-kv "$kv_key_url" "$encrypted_file_path" + echo "✅ Added key" + ;; + "n"|"new") + if [ -f "$encrypted_file_path" ]; then + echo "⚠️ file $encrypted_file_path already exists" + exit 0 + fi + echo "{}" > "$encrypted_file_path" + sops --encrypt -i --azure-kv "$kv_key_url" "$encrypted_file_path" + echo "✅ created new file for sops" + ;; + "e"|"edit") + if [ ! -f "$encrypted_file_path" ]; then + echo "⚠️ file $encrypted_file_path not found" + exit 1 + fi + + sops --azure-kv "$kv_key_url" "$encrypted_file_path" + echo "✅ edit file completed" + + ;; + "f") + read -r -p 'file: ' file + sops --encrypt --azure-kv "$kv_key_url" "./secret/$env/$file" > "$encrypted_file_path" + ;; + esac +else + echo "⚠️ Action not allowed." + exit 1 +fi diff --git a/src/copy/payopt-secrets/terraform.sh b/src/copy/payopt-secrets/terraform.sh new file mode 100755 index 0000000000..047a7512d0 --- /dev/null +++ b/src/copy/payopt-secrets/terraform.sh @@ -0,0 +1,324 @@ +#!/bin/bash +############################################################ +# Terraform script for managing infrastructure on Azure +# Fingerprint: d2hhdHlvdXdhbnQ/Cg== +############################################################ +# Global variables +# Version format x.y accepted +vers="1.11" +script_name=$(basename "$0") +git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" +tmp_file="${script_name}.new" +# Check if the third parameter exists and is a file +if [ -n "$3" ] && [ -f "$3" ]; then + FILE_ACTION=true +else + FILE_ACTION=false +fi + +# Define functions +function clean_environment() { + rm -rf .terraform + rm tfplan 2>/dev/null + echo "cleaned!" +} + +function download_tool() { + #default value + cpu_type="intel" + os_type=$(uname) + + # only on MacOS + if [ "$os_type" == "Darwin" ]; then + cpu_brand=$(sysctl -n machdep.cpu.brand_string) + if grep -q -i "intel" <<< "$cpu_brand"; then + cpu_type="intel" + else + cpu_type="arm" + fi + fi + + echo $cpu_type + tool=$1 + git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" + if ! command -v $tool &> /dev/null; then + if ! curl -sL "$git_repo" -o "$tool"; then + echo "Error downloading ${tool}" + return 1 + else + chmod +x $tool + echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. +You need to do it yourself!" + read -p "Press enter to continue" + + + fi + fi +} + +function extract_resources() { + TF_FILE=$1 + ENV=$2 + TARGETS="" + + # Check if the file exists + if [ ! -f "$TF_FILE" ]; then + echo "File $TF_FILE does not exist." + exit 1 + fi + + # Check if the directory exists + if [ ! -d "./env/$ENV" ]; then + echo "Directory ./env/$ENV does not exist." + exit 1 + fi + + TMP_FILE=$(mktemp) + grep -E '^resource|^module' $TF_FILE > $TMP_FILE + + while read -r line ; do + TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') + if [ "$TYPE" == "module" ]; then + NAME=$(echo $line | cut -d '"' -f 2) + TARGETS+=" -target=\"$TYPE.$NAME\"" + else + NAME1=$(echo $line | cut -d '"' -f 2) + NAME2=$(echo $line | cut -d '"' -f 4) + TARGETS+=" -target=\"$NAME1.$NAME2\"" + fi + done < $TMP_FILE + + rm $TMP_FILE + + echo "./terraform.sh $action $ENV $TARGETS" +} + +function help_usage() { + echo "terraform.sh Version ${vers}" + echo + echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" + echo "es. ACTION: init, apply, plan, etc." + echo "es. ENV: dev, uat, prod, etc." + echo + echo "Available actions:" + echo " clean Remove .terraform* folders and tfplan files" + echo " help This help" + echo " list List every environment available" + echo " update Update this script if possible" + echo " summ Generate summary of Terraform plan" + echo " tflist Generate an improved output of terraform state list" + echo " tlock Generate or update the dependency lock file" + echo " * any terraform option" +} + +function init_terraform() { + if [ -n "$env" ]; then + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" + else + echo "ERROR: no env configured!" + exit 1 + fi +} + +function list_env() { + # Check if env directory exists + if [ ! -d "./env" ]; then + echo "No environment directory found" + exit 1 + fi + + # List subdirectories under env directory + env_list=$(ls -d ./env/*/ 2>/dev/null) + + # Check if there are any subdirectories + if [ -z "$env_list" ]; then + echo "No environments found" + exit 1 + fi + + # Print the list of environments + echo "Available environments:" + for env in $env_list; do + env_name=$(echo "$env" | sed 's#./env/##;s#/##') + echo "- $env_name" + done +} + +function other_actions() { + if [ -n "$env" ] && [ -n "$action" ]; then + terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other + else + echo "ERROR: no env or action configured!" + exit 1 + fi +} + +function state_output_taint_actions() { + if [ "$action" == "tflist" ]; then + # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, + # attempt to download the 'tflist' tool + if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then + download_tool "tflist" + if [ $? -ne 0 ]; then + echo "Error: Failed to download tflist!!" + exit 1 + else + echo "tflist downloaded!" + fi + fi + if command -v tflist &> /dev/null; then + terraform state list | tflist + else + terraform state list | ./tflist + fi + else + terraform $action $other + fi +} + + +function parse_tfplan_option() { + # Create an array to contain arguments that do not start with '-tfplan=' + local other_args=() + + # Loop over all arguments + for arg in "$@"; do + # If the argument starts with '-tfplan=', extract the file name + if [[ "$arg" =~ ^-tfplan= ]]; then + echo "${arg#*=}" + else + # If the argument does not start with '-tfplan=', add it to the other_args array + other_args+=("$arg") + fi + done + + # Print all arguments in other_args separated by spaces + echo "${other_args[@]}" +} + +function tfsummary() { + local plan_file + plan_file=$(parse_tfplan_option "$@") + if [ -z "$plan_file" ]; then + plan_file="tfplan" + fi + action="plan" + other="-out=${plan_file}" + other_actions + if [ -n "$(command -v tf-summarize)" ]; then + tf-summarize -tree "${plan_file}" + else + echo "tf-summarize is not installed" + fi + if [ "$plan_file" == "tfplan" ]; then + rm $plan_file + fi +} + +function update_script() { + # Check if the repository was cloned successfully + if ! curl -sL "$git_repo" -o "$tmp_file"; then + echo "Error cloning the repository" + rm "$tmp_file" 2>/dev/null + return 1 + fi + + # Check if a newer version exists + remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") + if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then + echo "The local script version is equal to or newer than the remote version." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Check the fingerprint + local_fingerprint=$(sed -n '4p' "$0") + remote_fingerprint=$(sed -n '4p' "$tmp_file") + + if [ "$local_fingerprint" != "$remote_fingerprint" ]; then + echo "The local and remote file fingerprints do not match." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Show the current and available versions to the user + echo "Current script version: $vers" + echo "Available script version: $remote_vers" + + # Ask the user if they want to update the script + read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer + + if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then + # Replace the local script with the updated version + cp "$tmp_file" "$script_name" + chmod +x "$script_name" + rm "$tmp_file" 2>/dev/null + + echo "Script successfully updated to version $remote_vers" + else + echo "Update canceled by the user" + fi + + rm "$tmp_file" 2>/dev/null +} + +# Check arguments number +if [ "$#" -lt 1 ]; then + help_usage + exit 0 +fi + +# Parse arguments +action=$1 +env=$2 +filetf=$3 +shift 2 +other=$@ + +if [ -n "$env" ]; then + # shellcheck source=/dev/null + source "./env/$env/backend.ini" + if [ -z "$(command -v az)" ]; then + echo "az not found, cannot proceed" + exit 1 + fi + az account set -s "${subscription}" +fi + +# Call appropriate function based on action +case $action in + clean) + clean_environment + ;; + ?|help|-h) + help_usage + ;; + init) + init_terraform "$other" + ;; + list) + list_env + ;; + output|state|taint|tflist) + init_terraform + state_output_taint_actions $other + ;; + summ) + init_terraform + tfsummary "$other" + ;; + tlock) + terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 + ;; + update) + update_script + ;; + *) + if [ "$FILE_ACTION" = true ]; then + extract_resources "$filetf" "$env" + else + init_terraform + other_actions "$other" + fi + ;; +esac diff --git a/src/copy/payopt-secrets/terrasops.sh b/src/copy/payopt-secrets/terrasops.sh new file mode 100644 index 0000000000..32be3bd04f --- /dev/null +++ b/src/copy/payopt-secrets/terrasops.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# set -x # Uncomment this line to enable debug mode + +# +# ℹ️ This script is used by terraform, to decrypt all secrets on sops and export them to json. +# This way it can loop through them and use them to insert them inside the KV +# ⚠️ Do not add additional echos to the script in case of golden path, +# as the script only needs to return a json +# + +eval "$(jq -r '@sh "export terrasops_env=\(.env)"')" + +# shellcheck disable=SC1090 +source "./secret/$terrasops_env/secret.ini" +encrypted_file_path="./secret/$terrasops_env/$file_crypted" + +if [ -f "$encrypted_file_path" ]; then + # Load the values of azure_kv.vault_url and azure_kv.name from the JSON file + azure_kv_vault_url=$(jq -r '.sops.azure_kv[0].vault_url' "$encrypted_file_path") + azure_kv_name=$(jq -r '.sops.azure_kv[0].name' "$encrypted_file_path") + + if [ -z "$azure_kv_vault_url" ] || [ -z "$azure_kv_name" ]; then + echo "❌ Error: Unable to load the values of azure_kv.vault_url and azure_kv.name from the JSON file" >&2 + exit 1 + fi + sops -d --azure-kv "azure_kv_vault_url" "$encrypted_file_path" | jq -c +else + echo "{}" | jq -c +fi diff --git a/src/domains/payopt-app/00_keyvault.tf b/src/domains/payopt-app/00_keyvault.tf index 0963fe87bc..c94a899cca 100644 --- a/src/domains/payopt-app/00_keyvault.tf +++ b/src/domains/payopt-app/00_keyvault.tf @@ -3,6 +3,7 @@ data "azurerm_key_vault" "kv" { resource_group_name = "${local.project}-sec-rg" } + data "azurerm_kubernetes_cluster" "aks" { name = local.aks_name resource_group_name = local.aks_resource_group_name diff --git a/src/domains/payopt-app/05_subkey.tf b/src/domains/payopt-app/05_subkey.tf index e1a7c1306e..15fba182f4 100644 --- a/src/domains/payopt-app/05_subkey.tf +++ b/src/domains/payopt-app/05_subkey.tf @@ -1,26 +1,30 @@ -resource "azurerm_api_management_subscription" "nodo_subkey" { +resource "azurerm_api_management_subscription" "api_config_subkey" { api_management_name = data.azurerm_api_management.apim.name resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = data.azurerm_api_management_product.apim_node_for_psp_product.id - display_name = "Subscription MDB Node for PSP APIM" + product_id = data.azurerm_api_management_product.apim_api_config_product.id + display_name = "Subscription for Api Config APIM" allow_tracing = false state = "active" } -resource "azurerm_api_management_subscription" "carts_subkey" { +resource "azurerm_api_management_subscription" "forwarder_subkey" { api_management_name = data.azurerm_api_management.apim.name resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = data.azurerm_api_management_product.apim_carts_product.id - display_name = "Subscription MDB for Cart APIM" + product_id = data.azurerm_api_management_product.apim_forwarder_product.id + display_name = "Subscription for Forwarder APIM" allow_tracing = false state = "active" } -resource "azurerm_api_management_subscription" "payments_subkey" { +resource "azurerm_api_management_subscription" "service_payment_options_subkey" { + count = var.env_short != "p" ? 1 : 0 + api_management_name = data.azurerm_api_management.apim.name resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = data.azurerm_api_management_product.apim_gpd_payments_rest.id - display_name = "Subscription MDB for Payments APIM" + product_id = module.apim_payment_options_product[0].id + display_name = "Subscription for Payments Options APIM" allow_tracing = false state = "active" } + + diff --git a/src/domains/payopt-app/90_pdb.tf b/src/domains/payopt-app/90_pdb.tf index b62055ddc4..b88494a798 100644 --- a/src/domains/payopt-app/90_pdb.tf +++ b/src/domains/payopt-app/90_pdb.tf @@ -1,4 +1,4 @@ -resource "kubernetes_pod_disruption_budget_v1" "ebollo" { +resource "kubernetes_pod_disruption_budget_v1" "payment_options" { for_each = var.pod_disruption_budgets diff --git a/src/domains/payopt-app/99_locals.tf b/src/domains/payopt-app/99_locals.tf index 1502169381..9b8dffcb17 100644 --- a/src/domains/payopt-app/99_locals.tf +++ b/src/domains/payopt-app/99_locals.tf @@ -8,6 +8,7 @@ locals { project_core_itn = "${var.prefix}-${var.env_short}-${var.location_short}-core" + monitor_action_group_slack_name = "SlackPagoPA" monitor_action_group_email_name = "PagoPA" monitor_action_group_opsgenie_name = "Opsgenie" @@ -36,4 +37,7 @@ locals { apim_hostname = "api.${var.apim_dns_zone_prefix}.${var.external_domain}" hostname = var.env == "prod" ? "${var.domain}.itn.internal.platform.pagopa.it" : "${var.domain}.itn.internal.${var.env}.platform.pagopa.it" + + evt_hub_location = "${local.location_short_weu}-core" + } diff --git a/src/domains/payopt-app/99_variables.tf b/src/domains/payopt-app/99_variables.tf index e4046e0b46..b2c2b38a27 100644 --- a/src/domains/payopt-app/99_variables.tf +++ b/src/domains/payopt-app/99_variables.tf @@ -67,6 +67,18 @@ variable "tags" { } } +### Features flags + +variable "is_feature_enabled" { + type = object({ + paymentoptions = bool + paymentoptions_mock = bool + }) + default = { + paymentoptions = false + paymentoptions_mock = false + } +} ### External resources variable "monitor_resource_group_name" { diff --git a/src/domains/payopt-app/env/itn-dev/backend.tfvars b/src/domains/payopt-app/env/itn-dev/backend.tfvars index 7430371e26..34401b3ea9 100644 --- a/src/domains/payopt-app/env/itn-dev/backend.tfvars +++ b/src/domains/payopt-app/env/itn-dev/backend.tfvars @@ -1,4 +1,4 @@ resource_group_name = "terraform-state-rg" storage_account_name = "tfinfdevpagopa" container_name = "terraform-state" -key = "ebollo-common-dev.terraform.tfstate" +key = "paymentoptions-app-dev.terraform.tfstate" diff --git a/src/domains/payopt-app/env/itn-dev/terraform.tfvars b/src/domains/payopt-app/env/itn-dev/terraform.tfvars index a77aec9b87..a05aa001bb 100644 --- a/src/domains/payopt-app/env/itn-dev/terraform.tfvars +++ b/src/domains/payopt-app/env/itn-dev/terraform.tfvars @@ -1,7 +1,7 @@ prefix = "pagopa" env_short = "d" env = "dev" -domain = "ebollo" +domain = "payopt" location = "italynorth" location_short = "itn" location_string = "Italy North" @@ -11,7 +11,7 @@ tags = { CreatedBy = "Terraform" Environment = "Dev" Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/ebollo-app" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" CostCenter = "TS310 - PAGAMENTI & SERVIZI" } @@ -27,8 +27,13 @@ log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg" external_domain = "pagopa.it" dns_zone_internal_prefix = "internal.dev.platform" -dns_zone_prefix = "ebollo.itn" +dns_zone_prefix = "payopt.itn" apim_dns_zone_prefix = "dev.platform" ### Aks ingress_load_balancer_ip = "10.3.2.250" + +is_feature_enabled = { + paymentoptions = true + paymentoptions_mock = true +} diff --git a/src/domains/payopt-app/env/itn-prod/backend.tfvars b/src/domains/payopt-app/env/itn-prod/backend.tfvars index f227fb9bf6..184ba40d9d 100644 --- a/src/domains/payopt-app/env/itn-prod/backend.tfvars +++ b/src/domains/payopt-app/env/itn-prod/backend.tfvars @@ -1,4 +1,4 @@ resource_group_name = "terraform-state-rg" storage_account_name = "tfinfprodpagopa" container_name = "terraform-state" -key = "ebollo-common-prod.terraform.tfstate" +key = "paymentoptions-app-prod.terraform.tfstate" diff --git a/src/domains/payopt-app/env/itn-prod/terraform.tfvars b/src/domains/payopt-app/env/itn-prod/terraform.tfvars index da99b13f60..674ca7b069 100644 --- a/src/domains/payopt-app/env/itn-prod/terraform.tfvars +++ b/src/domains/payopt-app/env/itn-prod/terraform.tfvars @@ -1,7 +1,7 @@ prefix = "pagopa" env_short = "p" env = "prod" -domain = "ebollo" +domain = "payopt" location = "italynorth" location_short = "itn" location_string = "Italy North" @@ -11,7 +11,7 @@ tags = { CreatedBy = "Terraform" Environment = "prod" Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/ebollo-app" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" CostCenter = "TS310 - PAGAMENTI & SERVIZI" } @@ -27,17 +27,22 @@ log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg" external_domain = "pagopa.it" dns_zone_internal_prefix = "internal.platform" -dns_zone_prefix = "ebollo.itn" +dns_zone_prefix = "payopt.itn" apim_dns_zone_prefix = "platform" ### Aks ingress_load_balancer_ip = "10.3.2.250" +is_feature_enabled = { + paymentoptions = true + paymentoptions_mock = false +} + pod_disruption_budgets = { - "mdb-service" = { + "payment-options-service" = { minAvailable = 2 matchLabels = { - "app.kubernetes.io/instance" = "mdb-service" + "app.kubernetes.io/instance" = "payment-options-service" } }, } diff --git a/src/domains/payopt-app/env/itn-uat/terraform.tfvars b/src/domains/payopt-app/env/itn-uat/terraform.tfvars index d090fcbf52..c0219aa389 100644 --- a/src/domains/payopt-app/env/itn-uat/terraform.tfvars +++ b/src/domains/payopt-app/env/itn-uat/terraform.tfvars @@ -1,7 +1,7 @@ prefix = "pagopa" env_short = "u" env = "uat" -domain = "ebollo" +domain = "payopt" location = "italynorth" location_short = "itn" location_string = "Italy North" @@ -11,7 +11,7 @@ tags = { CreatedBy = "Terraform" Environment = "Uat" Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/ebollo-app" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" CostCenter = "TS310 - PAGAMENTI & SERVIZI" } @@ -27,8 +27,13 @@ log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg" external_domain = "pagopa.it" dns_zone_internal_prefix = "internal.uat.platform" -dns_zone_prefix = "ebollo.itn" +dns_zone_prefix = "payopt.itn" apim_dns_zone_prefix = "uat.platform" ### Aks ingress_load_balancer_ip = "10.3.2.250" + +is_feature_enabled = { + paymentoptions = true + paymentoptions_mock = true +} diff --git a/src/domains/payopt-common/00_network.tf b/src/domains/payopt-common/00_network.tf index 1ad15379fa..73fad2990a 100644 --- a/src/domains/payopt-common/00_network.tf +++ b/src/domains/payopt-common/00_network.tf @@ -24,6 +24,14 @@ data "azurerm_private_dns_zone" "internal" { resource_group_name = local.internal_dns_zone_resource_group_name } +# +# Eventhub +# +data "azurerm_private_dns_zone" "eventhub" { + name = "privatelink.servicebus.windows.net" + resource_group_name = local.msg_resource_group_name +} + data "azurerm_resource_group" "rg_event_private_dns_zone" { name = local.msg_resource_group_name } diff --git a/src/domains/payopt-common/01_network.tf b/src/domains/payopt-common/01_network.tf index 664642c0b9..202f24163e 100644 --- a/src/domains/payopt-common/01_network.tf +++ b/src/domains/payopt-common/01_network.tf @@ -5,3 +5,10 @@ resource "azurerm_private_dns_a_record" "ingress" { ttl = 3600 records = [var.ingress_load_balancer_ip] } + +resource "azurerm_subnet" "eventhub_italy" { + name = "${local.project}-eventhub-snet" + resource_group_name = data.azurerm_resource_group.rg_vnet_italy.name + virtual_network_name = data.azurerm_virtual_network.vnet_italy.name + address_prefixes = var.cidr_paymentoptions_eventhub_italy +} diff --git a/src/domains/payopt-common/99_locals.tf b/src/domains/payopt-common/99_locals.tf index 639d687106..7395fbe148 100644 --- a/src/domains/payopt-common/99_locals.tf +++ b/src/domains/payopt-common/99_locals.tf @@ -28,5 +28,5 @@ locals { ) msg_resource_group_name = "${local.product}-msg-rg" - + eventhub_resource_group_name = "${local.project}-evh-rg" } diff --git a/src/domains/payopt-common/99_main.tf b/src/domains/payopt-common/99_main.tf index bca4787176..95f5c16d5e 100644 --- a/src/domains/payopt-common/99_main.tf +++ b/src/domains/payopt-common/99_main.tf @@ -7,11 +7,11 @@ terraform { } azuread = { source = "hashicorp/azuread" - version = "<= 3.0.2" + version = "<= 2.47.0" } null = { source = "hashicorp/null" - version = "<= 3.2.3" + version = "<= 3.2.2" } } @@ -31,10 +31,6 @@ data "azurerm_subscription" "current" {} data "azurerm_client_config" "current" {} module "__v3__" { -<<<<<<< HEAD:src/domains/paymentoptions-common/99_main.tf - source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=15bbe5eb512bc0fa8f06ed28e0cca754b868743a" -======= # v8.60.0 source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" ->>>>>>> main:src/domains/payopt-common/99_main.tf } diff --git a/src/domains/payopt-common/99_variables.tf b/src/domains/payopt-common/99_variables.tf index 90ed64c92b..d6d8bc2cc3 100644 --- a/src/domains/payopt-common/99_variables.tf +++ b/src/domains/payopt-common/99_variables.tf @@ -1,3 +1,14 @@ +### Features flags + +variable "is_feature_enabled" { + type = object({ + eventhub = bool + }) + default = { + eventhub = false + } +} + # general variable "prefix" { type = string @@ -62,6 +73,15 @@ variable "tags" { } } +# +# CIRDs +# + +variable "cidr_paymentoptions_eventhub_italy" { + type = list(string) + description = "Address prefixes for all evh accounts in italy." +} + ### External resources variable "monitor_resource_group_name" { @@ -123,3 +143,77 @@ variable "dns_zone_internal_prefix" { variable "ingress_load_balancer_ip" { type = string } + +# +# Eventhub +# + +variable "ehns_public_network_access" { + type = bool + description = "(Required) enables public network access to the event hubs" +} + +variable "ehns_private_endpoint_is_present" { + type = bool + description = "(Required) create private endpoint to the event hubs" +} + +variable "ehns_sku_name" { + type = string + description = "Defines which tier to use." +} + +variable "ehns_capacity" { + type = number + description = "Specifies the Capacity / Throughput Units for a Standard SKU namespace." +} + +variable "ehns_maximum_throughput_units" { + type = number + description = "Specifies the maximum number of throughput units when Auto Inflate is Enabled" +} + +variable "ehns_auto_inflate_enabled" { + type = bool + description = "Is Auto Inflate enabled for the EventHub Namespace?" +} + +variable "ehns_zone_redundant" { + type = bool + description = "Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones)." +} + +variable "ehns_alerts_enabled" { + type = bool + description = "Event hub alerts enabled?" +} + +variable "ehns_metric_alerts" { + default = {} + + description = <>>>>>> main:src/domains/payopt-secrets/99_main.tf } diff --git a/src/domains/payopt-secrets/env/itn-dev/backend.tfvars b/src/domains/payopt-secrets/env/itn-dev/backend.tfvars index 511b18fcac..324e5f4b9d 100644 --- a/src/domains/payopt-secrets/env/itn-dev/backend.tfvars +++ b/src/domains/payopt-secrets/env/itn-dev/backend.tfvars @@ -1,4 +1,4 @@ resource_group_name = "terraform-state-rg" storage_account_name = "tfinfdevpagopa" container_name = "terraform-state" -key = "ebollo-app-dev.terraform.tfstate" +key = "paymentoptions-secret-dev.terraform.tfstate" diff --git a/src/domains/payopt-secrets/env/itn-dev/terraform.tfvars b/src/domains/payopt-secrets/env/itn-dev/terraform.tfvars index b993d831dc..4cb569abdb 100644 --- a/src/domains/payopt-secrets/env/itn-dev/terraform.tfvars +++ b/src/domains/payopt-secrets/env/itn-dev/terraform.tfvars @@ -1,7 +1,7 @@ prefix = "pagopa" env_short = "d" env = "dev" -domain = "ebollo" +domain = "payopt" location = "italynorth" location_short = "itn" instance = "dev" @@ -10,7 +10,7 @@ tags = { CreatedBy = "Terraform" Environment = "Dev" Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/ebollo-secrets" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" CostCenter = "TS310 - PAGAMENTI & SERVIZI" } @@ -25,3 +25,6 @@ input_file = "./secret/itn-dev/configs.json" enable_iac_pipeline = true + + + diff --git a/src/domains/payopt-secrets/env/itn-prod/backend.tfvars b/src/domains/payopt-secrets/env/itn-prod/backend.tfvars index 103bbcc913..9b18697702 100644 --- a/src/domains/payopt-secrets/env/itn-prod/backend.tfvars +++ b/src/domains/payopt-secrets/env/itn-prod/backend.tfvars @@ -1,4 +1,4 @@ resource_group_name = "terraform-state-rg" storage_account_name = "tfinfprodpagopa" container_name = "terraform-state" -key = "ebollo-secret-prod.terraform.tfstate" +key = "paymentoptions-secret-prod.terraform.tfstate" diff --git a/src/domains/payopt-secrets/env/itn-prod/terraform.tfvars b/src/domains/payopt-secrets/env/itn-prod/terraform.tfvars index d6b8280b7e..4e852fe9cf 100644 --- a/src/domains/payopt-secrets/env/itn-prod/terraform.tfvars +++ b/src/domains/payopt-secrets/env/itn-prod/terraform.tfvars @@ -1,8 +1,8 @@ prefix = "pagopa" env_short = "p" env = "prod" -domain = "ebollo" -location = "italynorth" +domain = "paymentoptns" +location = "payopt" location_short = "itn" instance = "prod" @@ -10,18 +10,21 @@ tags = { CreatedBy = "Terraform" Environment = "Prod" Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/ebollo-secrets" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" CostCenter = "TS310 - PAGAMENTI & SERVIZI" } ### External resources -monitor_italy_resource_group_name = "pagopa-p-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-p-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-p-itn-core-monitor-rg" +monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" input_file = "./secret/itn-prod/configs.json" enable_iac_pipeline = true + + + diff --git a/src/domains/payopt-secrets/env/itn-uat/backend.tfvars b/src/domains/payopt-secrets/env/itn-uat/backend.tfvars index 6213b747b9..2f949683b5 100644 --- a/src/domains/payopt-secrets/env/itn-uat/backend.tfvars +++ b/src/domains/payopt-secrets/env/itn-uat/backend.tfvars @@ -1,4 +1,4 @@ resource_group_name = "terraform-state-rg" storage_account_name = "tfinfuatpagopa" container_name = "terraform-state" -key = "ebollo-common-uat.terraform.tfstate" +key = "paymentoptions-secret-uat.terraform.tfstate" diff --git a/src/domains/payopt-secrets/env/itn-uat/terraform.tfvars b/src/domains/payopt-secrets/env/itn-uat/terraform.tfvars index 7f1d16cd1c..170edb7557 100644 --- a/src/domains/payopt-secrets/env/itn-uat/terraform.tfvars +++ b/src/domains/payopt-secrets/env/itn-uat/terraform.tfvars @@ -1,7 +1,7 @@ prefix = "pagopa" env_short = "u" env = "uat" -domain = "ebollo" +domain = "payopt" location = "italynorth" location_short = "itn" instance = "uat" @@ -10,18 +10,18 @@ tags = { CreatedBy = "Terraform" Environment = "Uat" Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/ebollo-secrets" + Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" CostCenter = "TS310 - PAGAMENTI & SERVIZI" } ### External resources -monitor_italy_resource_group_name = "pagopa-u-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-u-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg" +monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" +log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" +log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" input_file = "./secret/itn-uat/configs.json" enable_iac_pipeline = true - +force = "v1" From ff721ee9652f79e5294bc57c656b688e4736d818 Mon Sep 17 00:00:00 2001 From: svariant Date: Mon, 2 Dec 2024 16:43:34 +0100 Subject: [PATCH 13/13] [PPANTT-190] Delete duplicated folder --- src/copy/payopt-app/.terraform.lock.hcl | 102 ---- src/copy/payopt-app/00_alerts.tf | 72 --- src/copy/payopt-app/00_data.tf | 43 -- src/copy/payopt-app/00_keyvault.tf | 10 - src/copy/payopt-app/00_monitor.tf | 35 -- src/copy/payopt-app/00_network.tf | 15 - src/copy/payopt-app/01_network.tf | 9 - src/copy/payopt-app/02_namespace.tf | 39 -- .../03_serviceaccounts_azure_devops.tf | 67 --- .../payopt-app/04_apim_payment_options.tf | 25 - .../04_apim_payment_options_mock.tf | 74 --- .../payopt-app/05_aks_middleware_tools.tf | 55 --- src/copy/payopt-app/05_subkey.tf | 30 -- src/copy/payopt-app/06_keyvault.tf | 81 ---- src/copy/payopt-app/07_gh_runner.tf | 43 -- src/copy/payopt-app/90_pdb.tf | 15 - src/copy/payopt-app/99_locals.tf | 43 -- src/copy/payopt-app/99_main.tf | 54 --- src/copy/payopt-app/99_variables.tf | 160 ------- src/copy/payopt-app/README.md | 109 ----- .../api/payment-options-mock/_base_policy.xml | 14 - .../_get_payment_options_policy.xml | 444 ------------------ .../payment-options-mock/_openapi.json.tpl | 99 ---- .../payopt-app/api_product/_base_policy.xml | 14 - src/copy/payopt-app/env/itn-dev/backend.ini | 1 - .../payopt-app/env/itn-dev/backend.tfvars | 4 - .../payopt-app/env/itn-dev/terraform.tfvars | 39 -- src/copy/payopt-app/env/itn-prod/backend.ini | 1 - .../payopt-app/env/itn-prod/backend.tfvars | 4 - .../payopt-app/env/itn-prod/terraform.tfvars | 48 -- src/copy/payopt-app/env/itn-uat/backend.ini | 1 - .../payopt-app/env/itn-uat/backend.tfvars | 4 - .../payopt-app/env/itn-uat/terraform.tfvars | 39 -- .../payopt-app/helm/cert-mounter.yaml.tpl | 13 - src/copy/payopt-app/terraform.sh | 324 ------------- src/copy/payopt-common/.terraform.lock.hcl | 62 --- src/copy/payopt-common/00_data.tf | 4 - src/copy/payopt-common/00_monitor.tf | 45 -- src/copy/payopt-common/00_network.tf | 37 -- src/copy/payopt-common/01_network.tf | 14 - src/copy/payopt-common/03_eventhub.tf | 86 ---- src/copy/payopt-common/10_github_identity.tf | 218 --------- src/copy/payopt-common/99_locals.tf | 32 -- src/copy/payopt-common/99_main.tf | 36 -- src/copy/payopt-common/99_variables.tf | 219 --------- src/copy/payopt-common/README.md | 90 ---- .../payopt-common/env/itn-dev/backend.ini | 1 - .../payopt-common/env/itn-dev/backend.tfvars | 4 - .../env/itn-dev/terraform.tfvars | 106 ----- .../payopt-common/env/itn-prod/backend.ini | 1 - .../payopt-common/env/itn-prod/backend.tfvars | 4 - .../env/itn-prod/terraform.tfvars | 106 ----- .../payopt-common/env/itn-uat/backend.ini | 1 - .../payopt-common/env/itn-uat/backend.tfvars | 4 - .../env/itn-uat/terraform.tfvars | 106 ----- src/copy/payopt-common/terraform.sh | 324 ------------- src/copy/payopt-secrets/.terraform.lock.hcl | 102 ---- src/copy/payopt-secrets/00_azuread.tf | 16 - src/copy/payopt-secrets/01_keyvault.tf | 101 ---- src/copy/payopt-secrets/02_azdo.tf | 23 - src/copy/payopt-secrets/02_init_sops.tf | 21 - src/copy/payopt-secrets/03_sops_secrets.tf | 54 --- src/copy/payopt-secrets/99_locals.tf | 11 - src/copy/payopt-secrets/99_main.tf | 48 -- src/copy/payopt-secrets/99_variables.tf | 101 ---- src/copy/payopt-secrets/README.md | 65 --- .../payopt-secrets/env/itn-dev/backend.ini | 1 - .../payopt-secrets/env/itn-dev/backend.tfvars | 4 - .../env/itn-dev/terraform.tfvars | 30 -- .../payopt-secrets/env/itn-prod/backend.ini | 1 - .../env/itn-prod/backend.tfvars | 4 - .../env/itn-prod/terraform.tfvars | 30 -- .../payopt-secrets/env/itn-uat/backend.ini | 1 - .../payopt-secrets/env/itn-uat/backend.tfvars | 4 - .../env/itn-uat/terraform.tfvars | 27 -- .../secret/itn-dev/configs.json | 1 - .../secret/itn-dev/noedit_secret_enc.json | 22 - .../payopt-secrets/secret/itn-dev/secret.ini | 3 - .../secret/itn-prod/configs.json | 1 - .../payopt-secrets/secret/itn-prod/secret.ini | 3 - .../secret/itn-uat/configs.json | 1 - .../secret/itn-uat/noedit_secret_enc.json | 22 - .../payopt-secrets/secret/itn-uat/secret.ini | 3 - src/copy/payopt-secrets/sops.sh | 137 ------ src/copy/payopt-secrets/terraform.sh | 324 ------------- src/copy/payopt-secrets/terrasops.sh | 29 -- 86 files changed, 4820 deletions(-) delete mode 100644 src/copy/payopt-app/.terraform.lock.hcl delete mode 100644 src/copy/payopt-app/00_alerts.tf delete mode 100644 src/copy/payopt-app/00_data.tf delete mode 100644 src/copy/payopt-app/00_keyvault.tf delete mode 100644 src/copy/payopt-app/00_monitor.tf delete mode 100644 src/copy/payopt-app/00_network.tf delete mode 100644 src/copy/payopt-app/01_network.tf delete mode 100644 src/copy/payopt-app/02_namespace.tf delete mode 100644 src/copy/payopt-app/03_serviceaccounts_azure_devops.tf delete mode 100644 src/copy/payopt-app/04_apim_payment_options.tf delete mode 100644 src/copy/payopt-app/04_apim_payment_options_mock.tf delete mode 100644 src/copy/payopt-app/05_aks_middleware_tools.tf delete mode 100644 src/copy/payopt-app/05_subkey.tf delete mode 100644 src/copy/payopt-app/06_keyvault.tf delete mode 100644 src/copy/payopt-app/07_gh_runner.tf delete mode 100644 src/copy/payopt-app/90_pdb.tf delete mode 100644 src/copy/payopt-app/99_locals.tf delete mode 100644 src/copy/payopt-app/99_main.tf delete mode 100644 src/copy/payopt-app/99_variables.tf delete mode 100644 src/copy/payopt-app/README.md delete mode 100644 src/copy/payopt-app/api/payment-options-mock/_base_policy.xml delete mode 100644 src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml delete mode 100644 src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl delete mode 100644 src/copy/payopt-app/api_product/_base_policy.xml delete mode 100644 src/copy/payopt-app/env/itn-dev/backend.ini delete mode 100644 src/copy/payopt-app/env/itn-dev/backend.tfvars delete mode 100644 src/copy/payopt-app/env/itn-dev/terraform.tfvars delete mode 100644 src/copy/payopt-app/env/itn-prod/backend.ini delete mode 100644 src/copy/payopt-app/env/itn-prod/backend.tfvars delete mode 100644 src/copy/payopt-app/env/itn-prod/terraform.tfvars delete mode 100644 src/copy/payopt-app/env/itn-uat/backend.ini delete mode 100644 src/copy/payopt-app/env/itn-uat/backend.tfvars delete mode 100644 src/copy/payopt-app/env/itn-uat/terraform.tfvars delete mode 100644 src/copy/payopt-app/helm/cert-mounter.yaml.tpl delete mode 100755 src/copy/payopt-app/terraform.sh delete mode 100644 src/copy/payopt-common/.terraform.lock.hcl delete mode 100644 src/copy/payopt-common/00_data.tf delete mode 100644 src/copy/payopt-common/00_monitor.tf delete mode 100644 src/copy/payopt-common/00_network.tf delete mode 100644 src/copy/payopt-common/01_network.tf delete mode 100644 src/copy/payopt-common/03_eventhub.tf delete mode 100644 src/copy/payopt-common/10_github_identity.tf delete mode 100644 src/copy/payopt-common/99_locals.tf delete mode 100644 src/copy/payopt-common/99_main.tf delete mode 100644 src/copy/payopt-common/99_variables.tf delete mode 100644 src/copy/payopt-common/README.md delete mode 100644 src/copy/payopt-common/env/itn-dev/backend.ini delete mode 100644 src/copy/payopt-common/env/itn-dev/backend.tfvars delete mode 100644 src/copy/payopt-common/env/itn-dev/terraform.tfvars delete mode 100644 src/copy/payopt-common/env/itn-prod/backend.ini delete mode 100644 src/copy/payopt-common/env/itn-prod/backend.tfvars delete mode 100644 src/copy/payopt-common/env/itn-prod/terraform.tfvars delete mode 100644 src/copy/payopt-common/env/itn-uat/backend.ini delete mode 100644 src/copy/payopt-common/env/itn-uat/backend.tfvars delete mode 100644 src/copy/payopt-common/env/itn-uat/terraform.tfvars delete mode 100755 src/copy/payopt-common/terraform.sh delete mode 100644 src/copy/payopt-secrets/.terraform.lock.hcl delete mode 100644 src/copy/payopt-secrets/00_azuread.tf delete mode 100644 src/copy/payopt-secrets/01_keyvault.tf delete mode 100644 src/copy/payopt-secrets/02_azdo.tf delete mode 100644 src/copy/payopt-secrets/02_init_sops.tf delete mode 100644 src/copy/payopt-secrets/03_sops_secrets.tf delete mode 100644 src/copy/payopt-secrets/99_locals.tf delete mode 100644 src/copy/payopt-secrets/99_main.tf delete mode 100644 src/copy/payopt-secrets/99_variables.tf delete mode 100644 src/copy/payopt-secrets/README.md delete mode 100644 src/copy/payopt-secrets/env/itn-dev/backend.ini delete mode 100644 src/copy/payopt-secrets/env/itn-dev/backend.tfvars delete mode 100644 src/copy/payopt-secrets/env/itn-dev/terraform.tfvars delete mode 100644 src/copy/payopt-secrets/env/itn-prod/backend.ini delete mode 100644 src/copy/payopt-secrets/env/itn-prod/backend.tfvars delete mode 100644 src/copy/payopt-secrets/env/itn-prod/terraform.tfvars delete mode 100644 src/copy/payopt-secrets/env/itn-uat/backend.ini delete mode 100644 src/copy/payopt-secrets/env/itn-uat/backend.tfvars delete mode 100644 src/copy/payopt-secrets/env/itn-uat/terraform.tfvars delete mode 100644 src/copy/payopt-secrets/secret/itn-dev/configs.json delete mode 100644 src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json delete mode 100644 src/copy/payopt-secrets/secret/itn-dev/secret.ini delete mode 100644 src/copy/payopt-secrets/secret/itn-prod/configs.json delete mode 100644 src/copy/payopt-secrets/secret/itn-prod/secret.ini delete mode 100644 src/copy/payopt-secrets/secret/itn-uat/configs.json delete mode 100644 src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json delete mode 100644 src/copy/payopt-secrets/secret/itn-uat/secret.ini delete mode 100755 src/copy/payopt-secrets/sops.sh delete mode 100755 src/copy/payopt-secrets/terraform.sh delete mode 100644 src/copy/payopt-secrets/terrasops.sh diff --git a/src/copy/payopt-app/.terraform.lock.hcl b/src/copy/payopt-app/.terraform.lock.hcl deleted file mode 100644 index 5ff319e7d6..0000000000 --- a/src/copy/payopt-app/.terraform.lock.hcl +++ /dev/null @@ -1,102 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "3.0.2" - constraints = "<= 3.0.2" - hashes = [ - "h1:yQqvUtgtrYKGpIygdM8P6N+pvMWJJWIsVdPow29VE20=", - "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", - "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", - "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", - "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", - "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", - "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", - "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", - "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", - "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", - "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.116.0" - constraints = "~> 3.30, ~> 3.110, ~> 3.116.0, <= 3.116.0" - hashes = [ - "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", - "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", - "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", - "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", - "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", - "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", - "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", - "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", - "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", - "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", - "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.16.0" - constraints = "~> 2.12, <= 2.16.0" - hashes = [ - "h1:zk+1yjCh9RKDsugek6X2JXtLywtdIeS1DeOLjzypU70=", - "zh:0fa970817bab7a8411ff443d51004dc2974c0ef4aad082a514f8b56559db3113", - "zh:333b9ac02fcbf9dcf4825dc1e4fc373ef4571b1dd00b79f5c8ea24e1c79992f0", - "zh:792e1e9c409dd76e3eabf3b0c0a6b5a3c3ef42adfc578f7899def46a81e994ef", - "zh:8eca4a52d43ca97d944a8c5d0f2ee60bcbefcb3ccee51d5620bde9047b8ea9c7", - "zh:90969e6a0f7127b0cb75c8790f63f4d050576ffe9bd722887a11d885430624cd", - "zh:a9d72fb106f16ab4f68c779a2c59124929cbc1cb0dbc47ed5ef380c6205f70bb", - "zh:c28bc1a2c0f8f11626baf905a888b2600663ba8dbb33ce4203efcafa16c77fc5", - "zh:c5d6c72a8c5513ff868209ceda9e6000723b02d21811d05909d26614784d4db6", - "zh:d105d40b1a217120332f65a93b24470d18e355868bfa99f0cdeeff5869cff9fb", - "zh:e6c78637c8c6081b8817f61658de8d0163b92157336ac3236cf183b5834f9487", - "zh:edef68729e4f263df3a6737fc73b14e1ee952b800d72d0c6f2cb524bc1ad7ec8", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.33.0" - constraints = "~> 2.27, ~> 2.30, <= 2.33.0" - hashes = [ - "h1:HDyytvOlqNw5fJ0SB/nzgqCWniK4LAZNx23LaPavQq8=", - "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", - "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", - "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", - "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", - "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", - "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", - "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", - "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", - "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", - "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", - "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.3" - constraints = "~> 3.2, <= 3.2.3" - hashes = [ - "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", - "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", - "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", - "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", - "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", - "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", - "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", - "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", - "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", - "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", - "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", - ] -} diff --git a/src/copy/payopt-app/00_alerts.tf b/src/copy/payopt-app/00_alerts.tf deleted file mode 100644 index f6c5b8f409..0000000000 --- a/src/copy/payopt-app/00_alerts.tf +++ /dev/null @@ -1,72 +0,0 @@ -## Print Notice Service ## - -resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-payment-options-service-responsetime-upd" { - count = var.env_short == "p" ? 1 : 0 - resource_group_name = "dashboards" - name = "pagopa-${var.env_short}-pagopa-print-payment-notice-service-rest-responsetime @ _payment-options-service" - location = var.location - - action { - action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] - email_subject = "Email Header" - custom_webhook_payload = "{}" - } - - data_source_id = data.azurerm_api_management.apim.id - description = "Response time for /payment-options is less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-payment-options" - enabled = true - query = (<<-QUERY -let threshold = 1500; -AzureDiagnostics -| where url_s matches regex "/payment-options" -| summarize - watermark=threshold, - duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) -| where duration_percentile_95 > threshold - QUERY - ) - severity = 2 - frequency = 5 - time_window = 10 - trigger { - operator = "GreaterThanOrEqual" - threshold = 2 - } -} - -resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-payment-options-rest-availability-upd" { - count = var.env_short == "p" ? 1 : 0 - resource_group_name = "dashboards" - name = "pagopa-${var.env_short}-pagopa-payment-options-rest-availability @ _print-payment-options" - location = var.location - - action { - action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] - email_subject = "Email Header" - custom_webhook_payload = "{}" - } - - data_source_id = data.azurerm_api_management.apim.id - description = "Availability for /payment-options is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-payment-options" - enabled = true - query = (<<-QUERY -let threshold = 0.99; -AzureDiagnostics -| where url_s matches regex "/payment-options'" -| summarize - Total=count(), - Success=count(responseCode_d < 500) - by bin(TimeGenerated, 5m) -| extend availability=toreal(Success) / Total -| where availability < threshold - QUERY - ) - severity = 1 - frequency = 5 - time_window = 5 - trigger { - operator = "GreaterThanOrEqual" - threshold = 1 - } -} - diff --git a/src/copy/payopt-app/00_data.tf b/src/copy/payopt-app/00_data.tf deleted file mode 100644 index ba3c5868cb..0000000000 --- a/src/copy/payopt-app/00_data.tf +++ /dev/null @@ -1,43 +0,0 @@ -### EVH -data "azurerm_eventhub_authorization_rule" "payment_options_re_authorization_rule_writer" { - name = "${local.project}-payment-options-re-tx" - resource_group_name = "${local.project}-evh-rg" - eventhub_name = "pagopa-payopt-evh" - namespace_name = "${local.project}-evh" -} - -data "azurerm_eventhub_authorization_rule" "pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_cache_sync_reader" { - name = "nodo-dei-pagamenti-cache-sync-rx" - namespace_name = "${local.product}-${local.evt_hub_location}-evh-ns04" - eventhub_name = "nodo-dei-pagamenti-cache" - resource_group_name = "${local.product}-msg-rg" -} - -data "azurerm_eventhub_authorization_rule" "pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_verify_ko_writer" { - name = "nodo-dei-pagamenti-verify-ko-tx" - namespace_name = "${local.product}-${local.evt_hub_location}-evh-ns03" - eventhub_name = "nodo-dei-pagamenti-verify-ko" - resource_group_name = "${local.product}-msg-rg" -} - -data "azurerm_api_management" "apim" { - name = "${var.prefix}-${var.env_short}-apim" - resource_group_name = "${var.prefix}-${var.env_short}-api-rg" -} - -data "azurerm_api_management_product" "apim_api_config_product" { - product_id = "apiconfig-cache" - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg -} - -data "azurerm_api_management_product" "apim_forwarder_product" { - product_id = "product-node-forwarder" - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg -} - - -data "azurerm_resource_group" "identity_rg" { - name = "${local.product}-identity-rg" -} diff --git a/src/copy/payopt-app/00_keyvault.tf b/src/copy/payopt-app/00_keyvault.tf deleted file mode 100644 index c94a899cca..0000000000 --- a/src/copy/payopt-app/00_keyvault.tf +++ /dev/null @@ -1,10 +0,0 @@ -data "azurerm_key_vault" "kv" { - name = "${local.project}-kv" - resource_group_name = "${local.project}-sec-rg" -} - - -data "azurerm_kubernetes_cluster" "aks" { - name = local.aks_name - resource_group_name = local.aks_resource_group_name -} diff --git a/src/copy/payopt-app/00_monitor.tf b/src/copy/payopt-app/00_monitor.tf deleted file mode 100644 index 311dc4ff7d..0000000000 --- a/src/copy/payopt-app/00_monitor.tf +++ /dev/null @@ -1,35 +0,0 @@ -# -# 🇮🇹 Monitor Italy -# -data "azurerm_resource_group" "monitor_italy_rg" { - name = var.monitor_italy_resource_group_name -} - -data "azurerm_log_analytics_workspace" "log_analytics_italy" { - name = var.log_analytics_italy_workspace_name - resource_group_name = var.log_analytics_italy_workspace_resource_group_name -} - -data "azurerm_application_insights" "application_insights_italy" { - name = local.monitor_appinsights_italy_name - resource_group_name = data.azurerm_resource_group.monitor_italy_rg.name -} - -# -# Actions Group -# -data "azurerm_monitor_action_group" "slack" { - name = local.monitor_action_group_slack_name - resource_group_name = var.monitor_italy_resource_group_name -} - -data "azurerm_monitor_action_group" "email" { - resource_group_name = var.monitor_italy_resource_group_name - name = local.monitor_action_group_email_name -} - -data "azurerm_monitor_action_group" "opsgenie" { - count = var.env_short == "p" ? 1 : 0 - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_opsgenie_name -} diff --git a/src/copy/payopt-app/00_network.tf b/src/copy/payopt-app/00_network.tf deleted file mode 100644 index 355c8e2333..0000000000 --- a/src/copy/payopt-app/00_network.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "azurerm_virtual_network" "vnet" { - name = local.vnet_name - resource_group_name = local.vnet_resource_group_name -} - -data "azurerm_private_dns_zone" "internal" { - name = local.internal_dns_zone_name - resource_group_name = local.internal_dns_zone_resource_group_name -} - -data "azurerm_subnet" "apim_vnet" { - name = local.pagopa_apim_snet - resource_group_name = local.pagopa_vnet_rg - virtual_network_name = local.pagopa_vnet_integration -} diff --git a/src/copy/payopt-app/01_network.tf b/src/copy/payopt-app/01_network.tf deleted file mode 100644 index 73614770ca..0000000000 --- a/src/copy/payopt-app/01_network.tf +++ /dev/null @@ -1,9 +0,0 @@ -#-------------------------------------------------- - -resource "azurerm_private_dns_a_record" "ingress" { - name = local.ingress_hostname - zone_name = data.azurerm_private_dns_zone.internal.name - resource_group_name = local.internal_dns_zone_resource_group_name - ttl = 3600 - records = [var.ingress_load_balancer_ip] -} diff --git a/src/copy/payopt-app/02_namespace.tf b/src/copy/payopt-app/02_namespace.tf deleted file mode 100644 index 7d9fcc5c42..0000000000 --- a/src/copy/payopt-app/02_namespace.tf +++ /dev/null @@ -1,39 +0,0 @@ -resource "kubernetes_namespace" "namespace" { - metadata { - name = var.domain - } -} - -# module "pod_identity" { -# source = "./.terraform/modules/__v3__/kubernetes_pod_identity" - -# resource_group_name = local.aks_resource_group_name -# location = var.location -# tenant_id = data.azurerm_subscription.current.tenant_id -# cluster_name = local.aks_name - -# identity_name = "${kubernetes_namespace.namespace.metadata[0].name}-pod-identity" -# namespace = kubernetes_namespace.namespace.metadata[0].name -# key_vault_id = data.azurerm_key_vault.kv.id - -# secret_permissions = ["Get"] -# } - - - -# WL-IDENTITY -# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#Init-workload-identity -module "workload_identity" { - source = "./.terraform/modules/__v3__/kubernetes_workload_identity_configuration" - - workload_identity_name_prefix = var.domain - workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name - aks_name = data.azurerm_kubernetes_cluster.aks.name - aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name - namespace = var.domain - - key_vault_id = data.azurerm_key_vault.kv.id - key_vault_certificate_permissions = ["Get"] - key_vault_key_permissions = ["Get"] - key_vault_secret_permissions = ["Get"] -} diff --git a/src/copy/payopt-app/03_serviceaccounts_azure_devops.tf b/src/copy/payopt-app/03_serviceaccounts_azure_devops.tf deleted file mode 100644 index cfdc7c2574..0000000000 --- a/src/copy/payopt-app/03_serviceaccounts_azure_devops.tf +++ /dev/null @@ -1,67 +0,0 @@ -resource "kubernetes_namespace" "namespace_system" { - metadata { - name = "${var.domain}-system" - } -} - -module "kubernetes_service_account" { - source = "./.terraform/modules/__v3__/kubernetes_service_account" - name = "azure-devops" - namespace = "${var.domain}-system" -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "azure_devops_sa_token" { - depends_on = [module.kubernetes_service_account] - name = "${local.aks_name}-azure-devops-sa-token" - value = module.kubernetes_service_account.sa_token # base64 value - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "azure_devops_sa_cacrt" { - depends_on = [module.kubernetes_service_account] - name = "${local.aks_name}-azure-devops-sa-cacrt" - value = module.kubernetes_service_account.sa_ca_cert # base64 value - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -#-------------------------------------------------------------------------------------------------- - -resource "kubernetes_role_binding" "deployer_binding" { - metadata { - name = "deployer-binding" - namespace = kubernetes_namespace.namespace.metadata[0].name - } - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "cluster-deployer" - } - subject { - kind = "ServiceAccount" - name = "azure-devops" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } -} - -resource "kubernetes_role_binding" "system_deployer_binding" { - metadata { - name = "system-deployer-binding" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } - role_ref { - api_group = "rbac.authorization.k8s.io" - kind = "ClusterRole" - name = "system-cluster-deployer" - } - subject { - kind = "ServiceAccount" - name = "azure-devops" - namespace = kubernetes_namespace.namespace_system.metadata[0].name - } -} diff --git a/src/copy/payopt-app/04_apim_payment_options.tf b/src/copy/payopt-app/04_apim_payment_options.tf deleted file mode 100644 index 3e7f22da2e..0000000000 --- a/src/copy/payopt-app/04_apim_payment_options.tf +++ /dev/null @@ -1,25 +0,0 @@ -locals { - apim_payment_options_pagopa_api = { - display_name = "Payment Options Product pagoPA" - description = "API for Payment Options" - } -} - -module "apim_payment_options_product" { - source = "./.terraform/modules/__v3__/api_management_product" - count = var.is_feature_enabled.paymentoptions ? 1 : 0 - - product_id = "pagopa_payment_options" - display_name = local.apim_payment_options_pagopa_api.display_name - description = local.apim_payment_options_pagopa_api.description - - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg - - published = false - subscription_required = true - approval_required = false - # subscriptions_limit = 1000 - - policy_xml = file("./api_product/_base_policy.xml") -} diff --git a/src/copy/payopt-app/04_apim_payment_options_mock.tf b/src/copy/payopt-app/04_apim_payment_options_mock.tf deleted file mode 100644 index e142259ae6..0000000000 --- a/src/copy/payopt-app/04_apim_payment_options_mock.tf +++ /dev/null @@ -1,74 +0,0 @@ -locals { - apim_payment_options_mock_pagopa_api = { - display_name = "Mock Payment Options Product pagoPA" - description = "Mock API for Payment Options" - } -} - -module "apim_payment_options_mock_product" { - source = "./.terraform/modules/__v3__/api_management_product" - count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 - - product_id = "pagopa-payment-options-mock" - display_name = local.apim_payment_options_mock_pagopa_api.display_name - description = local.apim_payment_options_mock_pagopa_api.description - - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg - - published = false - subscription_required = false - approval_required = false - # subscriptions_limit = 1000 - - policy_xml = file("./api_product/_base_policy.xml") -} - -resource "azurerm_api_management_api_version_set" "payment_options_mock_api" { - count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 - - name = format("%s-payment-options-mock-api", var.env_short) - resource_group_name = local.pagopa_apim_rg - api_management_name = local.pagopa_apim_name - display_name = "Payment Options Mock" - versioning_scheme = "Segment" -} - - -module "apim_api_pay_opt_mock_api" { - source = "./.terraform/modules/__v3__/api_management_api" - count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0 - - name = format("%s-pay-opt-mock-api", local.project) - api_management_name = local.pagopa_apim_name - resource_group_name = local.pagopa_apim_rg - product_ids = [module.apim_payment_options_mock_product[0].product_id] - subscription_required = false - version_set_id = azurerm_api_management_api_version_set.payment_options_mock_api[0].id - api_version = "v1" - - description = local.apim_payment_options_mock_pagopa_api.description - display_name = local.apim_payment_options_mock_pagopa_api.display_name - path = "payopt-mock" - protocols = ["https"] - service_url = null - - content_format = "openapi" - content_value = templatefile("./api/payment-options-mock/_openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./api/payment-options-mock/_base_policy.xml", { - hostname = local.hostname - }) - - api_operation_policies = [ - { - operation_id = "get-payment-options", - xml_content = templatefile("./api/payment-options-mock/_get_payment_options_policy.xml", { - hostname = local.hostname - }) - }, - ] - -} diff --git a/src/copy/payopt-app/05_aks_middleware_tools.tf b/src/copy/payopt-app/05_aks_middleware_tools.tf deleted file mode 100644 index 0afc20f24f..0000000000 --- a/src/copy/payopt-app/05_aks_middleware_tools.tf +++ /dev/null @@ -1,55 +0,0 @@ - -# WL-IDENTITY -# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%F0%9F%94%AE-tls-cheker -module "tls_checker" { - source = "./.terraform/modules/__v3__/tls_checker" - - https_endpoint = local.domain_hostname - alert_name = local.domain_hostname - alert_enabled = true - helm_chart_present = true - namespace = kubernetes_namespace.namespace.metadata[0].name - location_string = var.location_string - kv_secret_name_for_application_insights_connection_string = "app-insight-connection-string" - application_insights_resource_group = data.azurerm_resource_group.monitor_italy_rg.name - application_insights_id = data.azurerm_application_insights.application_insights_italy.id - application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] - keyvault_name = data.azurerm_key_vault.kv.name - keyvault_tenant_id = data.azurerm_client_config.current.tenant_id - - workload_identity_enabled = true - workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name - workload_identity_client_id = module.workload_identity.workload_identity_client_id - - depends_on = [module.workload_identity] -} - - -# WL-IDENTITY -# https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/1227751458/Migrazione+pod+Identity+vs+workload+Identity#%3Acertificate%3A-cert-mounter -module "cert_mounter" { - source = "./.terraform/modules/__v3__/cert_mounter" - - namespace = var.domain - certificate_name = replace(local.domain_hostname, ".", "-") - kv_name = data.azurerm_key_vault.kv.name - tenant_id = data.azurerm_subscription.current.tenant_id - - workload_identity_enabled = true - workload_identity_service_account_name = module.workload_identity.workload_identity_service_account_name - workload_identity_client_id = module.workload_identity.workload_identity_client_id - - depends_on = [module.workload_identity] -} -resource "helm_release" "reloader" { - name = "reloader" - repository = "https://stakater.github.io/stakater-charts" - chart = "reloader" - version = "v1.0.69" - namespace = kubernetes_namespace.namespace.metadata[0].name - - set { - name = "reloader.watchGlobally" - value = "false" - } -} diff --git a/src/copy/payopt-app/05_subkey.tf b/src/copy/payopt-app/05_subkey.tf deleted file mode 100644 index 15fba182f4..0000000000 --- a/src/copy/payopt-app/05_subkey.tf +++ /dev/null @@ -1,30 +0,0 @@ -resource "azurerm_api_management_subscription" "api_config_subkey" { - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = data.azurerm_api_management_product.apim_api_config_product.id - display_name = "Subscription for Api Config APIM" - allow_tracing = false - state = "active" -} - -resource "azurerm_api_management_subscription" "forwarder_subkey" { - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = data.azurerm_api_management_product.apim_forwarder_product.id - display_name = "Subscription for Forwarder APIM" - allow_tracing = false - state = "active" -} - -resource "azurerm_api_management_subscription" "service_payment_options_subkey" { - count = var.env_short != "p" ? 1 : 0 - - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_api_management.apim.resource_group_name - product_id = module.apim_payment_options_product[0].id - display_name = "Subscription for Payments Options APIM" - allow_tracing = false - state = "active" -} - - diff --git a/src/copy/payopt-app/06_keyvault.tf b/src/copy/payopt-app/06_keyvault.tf deleted file mode 100644 index 83f09e182e..0000000000 --- a/src/copy/payopt-app/06_keyvault.tf +++ /dev/null @@ -1,81 +0,0 @@ -locals { - aks_api_url = var.env_short == "d" ? data.azurerm_kubernetes_cluster.aks.fqdn : data.azurerm_kubernetes_cluster.aks.private_fqdn -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "aks_apiserver_url" { - name = "${local.aks_name}-apiserver-url" - value = "https://${local.aks_api_url}:443" - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -## Manual secrets - -resource "azurerm_key_vault_secret" "application_insights_connection_string" { - name = "app-insight-connection-string" - value = data.azurerm_application_insights.application_insights_italy.connection_string - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - - -resource "azurerm_key_vault_secret" "tenant_id" { - name = "tenant-id" - value = data.azurerm_subscription.current.tenant_id - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -# Event Hub - -resource "azurerm_key_vault_secret" "ehub_payment-options-re_jaas_config" { - name = "ehub-${var.env_short}-payment-options-re-jaas-config" - value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.payment_options_re_authorization_rule_writer.primary_connection_string}\";" - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "ehub_nodo_pagamenti_cache_jaas_config" { - name = "ehub-${var.env_short}-nodo-pagamenti-cache-jaas-config" - value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_cache_sync_reader.primary_connection_string}\";" - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "ehub_nodo-dei-pagamenti-verify-ko_jaas_config" { - name = "ehub-${var.env_short}-nodo-dei-pagamenti-verify-ko-jaas-config" - value = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"$ConnectionString\" password=\"${data.azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_verify_ko_writer.primary_connection_string}\";" - content_type = "text/plain" - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "api_config_subscription_key" { - name = "api-config-sub-key" - value = azurerm_api_management_subscription.api_config_subkey.primary_key - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "forwarder_subscription_key" { - name = "forwarder-sub-key" - value = azurerm_api_management_subscription.forwarder_subkey.primary_key - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - -resource "azurerm_key_vault_secret" "service_payment_options_subscription_key" { - count = var.env_short != "p" ? 1 : 0 - - name = "apikey-service-payment-options" - value = azurerm_api_management_subscription.service_payment_options_subkey[0].primary_key - content_type = "text/plain" - - key_vault_id = data.azurerm_key_vault.kv.id -} - - - diff --git a/src/copy/payopt-app/07_gh_runner.tf b/src/copy/payopt-app/07_gh_runner.tf deleted file mode 100644 index cf5d9cfbbf..0000000000 --- a/src/copy/payopt-app/07_gh_runner.tf +++ /dev/null @@ -1,43 +0,0 @@ -locals { - tools_cae_name = "${local.product}-${var.location_short}-core-tools-cae" - tools_cae_rg = "${local.product}-${var.location_short}-core-tools-rg" -} - -module "gh_runner_job" { - source = "./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup" - - domain_name = var.domain - env_short = var.env_short - environment_name = local.tools_cae_name - environment_rg = local.tools_cae_rg - gh_identity_suffix = "job-01" - runner_labels = ["self-hosted-job"] - gh_repositories = [ - { - name : "pagopa-payment-options-service", - short_name : "payopt-svc" - } - ] - job = { - name = var.domain - } - job_meta = {} - key_vault = { - name = "${local.product}-kv" # Name of the KeyVault which stores PAT as secret - rg = "${local.product}-sec-rg" # Resource group of the KeyVault which stores PAT as secret - secret_name = "gh-runner-job-pat" # Data of the KeyVault which stores PAT as secret - } - kubernetes_deploy = { - enabled = true - namespaces = [kubernetes_namespace.namespace.metadata[0].name] - cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks" - rg = "${local.product}-${var.location_short}-${var.instance}-aks-rg" - } - - location = var.location - prefix = var.prefix - resource_group_name = data.azurerm_resource_group.identity_rg.name - - tags = var.tags - -} diff --git a/src/copy/payopt-app/90_pdb.tf b/src/copy/payopt-app/90_pdb.tf deleted file mode 100644 index b88494a798..0000000000 --- a/src/copy/payopt-app/90_pdb.tf +++ /dev/null @@ -1,15 +0,0 @@ -resource "kubernetes_pod_disruption_budget_v1" "payment_options" { - - for_each = var.pod_disruption_budgets - - metadata { - namespace = kubernetes_namespace.namespace.metadata[0].name - name = each.key - } - spec { - min_available = each.value.minAvailable - selector { - match_labels = each.value.matchLabels - } - } -} diff --git a/src/copy/payopt-app/99_locals.tf b/src/copy/payopt-app/99_locals.tf deleted file mode 100644 index 9b8dffcb17..0000000000 --- a/src/copy/payopt-app/99_locals.tf +++ /dev/null @@ -1,43 +0,0 @@ -locals { - product = "${var.prefix}-${var.env_short}" - project_short = "${var.prefix}-${var.env_short}-${var.domain}" - project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" - - location_short_weu = "weu" - project_short_weu = "${var.prefix}-${var.env_short}-${local.location_short_weu}" - - project_core_itn = "${var.prefix}-${var.env_short}-${var.location_short}-core" - - - monitor_action_group_slack_name = "SlackPagoPA" - monitor_action_group_email_name = "PagoPA" - monitor_action_group_opsgenie_name = "Opsgenie" - monitor_appinsights_name = "${local.product}-appinsights" - monitor_appinsights_italy_name = "${local.project_core_itn}-appinsights" - - vnet_name = "${var.prefix}-${var.env_short}-${var.location_short}-vnet" - vnet_resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-vnet-rg" - - aks_name = "${local.product}-${var.location_short}-${var.instance}-aks" - aks_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg" - - ingress_hostname = "${var.domain}.itn" - internal_dns_zone_name = "${var.dns_zone_internal_prefix}.${var.external_domain}" - internal_dns_zone_resource_group_name = "${local.product}-vnet-rg" - - pagopa_apim_snet = "${local.product}-apim-snet" - pagopa_vnet_integration = "pagopa-${var.env_short}-vnet-integration" - pagopa_vnet_rg = "pagopa-${var.env_short}-vnet-rg" - - domain_hostname = "${var.dns_zone_prefix}.${local.internal_dns_zone_name}" - - pagopa_apim_name = "${local.product}-apim" - pagopa_apim_rg = "${local.product}-api-rg" - - apim_hostname = "api.${var.apim_dns_zone_prefix}.${var.external_domain}" - hostname = var.env == "prod" ? "${var.domain}.itn.internal.platform.pagopa.it" : "${var.domain}.itn.internal.${var.env}.platform.pagopa.it" - - - evt_hub_location = "${local.location_short_weu}-core" - -} diff --git a/src/copy/payopt-app/99_main.tf b/src/copy/payopt-app/99_main.tf deleted file mode 100644 index 27e3029347..0000000000 --- a/src/copy/payopt-app/99_main.tf +++ /dev/null @@ -1,54 +0,0 @@ -terraform { - required_version = ">= 1.6.0" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "<= 3.116.0" - } - azuread = { - source = "hashicorp/azuread" - version = "<= 3.0.2" - } - null = { - source = "hashicorp/null" - version = "<= 3.2.3" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "<= 2.33.0" - } - helm = { - source = "hashicorp/helm" - version = "<= 2.16.0" - } - } - - backend "azurerm" {} -} - -provider "azurerm" { - features { - key_vault { - purge_soft_delete_on_destroy = false - } - } -} - -data "azurerm_subscription" "current" {} - -data "azurerm_client_config" "current" {} - -provider "kubernetes" { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" -} - -provider "helm" { - kubernetes { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" - } -} - -module "__v3__" { - # v8.60.0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" -} diff --git a/src/copy/payopt-app/99_variables.tf b/src/copy/payopt-app/99_variables.tf deleted file mode 100644 index b2c2b38a27..0000000000 --- a/src/copy/payopt-app/99_variables.tf +++ /dev/null @@ -1,160 +0,0 @@ -# general - -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) <= 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of wue, neu" -} - -variable "location_string" { - type = string - description = "One of West Europe, North Europe" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -### Features flags - -variable "is_feature_enabled" { - type = object({ - paymentoptions = bool - paymentoptions_mock = bool - }) - default = { - paymentoptions = false - paymentoptions_mock = false - } -} -### External resources - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} - -variable "log_analytics_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace." -} - -variable "log_analytics_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace is located in." -} - -variable "monitor_italy_resource_group_name" { - type = string - description = "Monitor Italy resource group name" -} - -variable "log_analytics_italy_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace Italy." -} - -variable "log_analytics_italy_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace Italy is located in." -} - - -### Aks -variable "ingress_load_balancer_ip" { - type = string -} - -variable "k8s_kube_config_path_prefix" { - type = string - default = "~/.kube" -} - -variable "external_domain" { - type = string - default = null - description = "Domain for delegation" -} - -variable "dns_zone_internal_prefix" { - type = string - default = null - description = "The dns subdomain." -} - -variable "apim_dns_zone_prefix" { - type = string - default = null - description = "The dns subdomain for apim." -} - -# DNS - -variable "dns_zone_prefix" { - type = string - default = null - description = "The wallet dns subdomain." -} - -### PDB -variable "pod_disruption_budgets" { - type = map(object({ - name = optional(string, null) - minAvailable = optional(number, null) - matchLabels = optional(map(any), {}) - })) - description = "Pod disruption budget for domain namespace" - default = {} -} diff --git a/src/copy/payopt-app/README.md b/src/copy/payopt-app/README.md deleted file mode 100644 index 6cbabfb2d3..0000000000 --- a/src/copy/payopt-app/README.md +++ /dev/null @@ -1,109 +0,0 @@ -# paymentoptions-app - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.6.0 | -| [azuread](#requirement\_azuread) | <= 2.47.0 | -| [azurerm](#requirement\_azurerm) | <= 3.116.0 | -| [helm](#requirement\_helm) | <= 2.12.1 | -| [kubernetes](#requirement\_kubernetes) | <= 2.29.0 | -| [null](#requirement\_null) | <= 3.2.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a | -| [apim\_api\_pay\_opt\_mock\_api](#module\_apim\_api\_pay\_opt\_mock\_api) | ./.terraform/modules/__v3__/api_management_api | n/a | -| [apim\_payment\_options\_mock\_product](#module\_apim\_payment\_options\_mock\_product) | ./.terraform/modules/__v3__/api_management_product | n/a | -| [apim\_payment\_options\_product](#module\_apim\_payment\_options\_product) | ./.terraform/modules/__v3__/api_management_product | n/a | -| [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a | -| [kubernetes\_service\_account](#module\_kubernetes\_service\_account) | ./.terraform/modules/__v3__/kubernetes_service_account | n/a | -| [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a | -| [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_api_management_api_version_set.payment_options_mock_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | -| [azurerm_api_management_subscription.api_config_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | -| [azurerm_api_management_subscription.forwarder_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | -| [azurerm_api_management_subscription.service_payment_options_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource | -| [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.api_config_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.application_insights_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.azure_devops_sa_cacrt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.azure_devops_sa_token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.ehub_nodo-dei-pagamenti-verify-ko_jaas_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.ehub_nodo_pagamenti_cache_jaas_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.ehub_payment-options-re_jaas_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.forwarder_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.service_payment_options_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.tenant_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_monitor_scheduled_query_rules_alert.pagopa-payment-options-rest-availability-upd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | -| [azurerm_monitor_scheduled_query_rules_alert.pagopa-payment-options-service-responsetime-upd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource | -| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | -| [helm_release.cert_mounter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.namespace_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_pod_disruption_budget_v1.payment_options](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod_disruption_budget_v1) | resource | -| [kubernetes_role_binding.deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource | -| [kubernetes_role_binding.system_deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding) | resource | -| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source | -| [azurerm_api_management_product.apim_api_config_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source | -| [azurerm_api_management_product.apim_forwarder_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source | -| [azurerm_application_insights.application_insights_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_cache_sync_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source | -| [azurerm_eventhub_authorization_rule.pagopa_weu_core_evh_ns04_nodo_dei_pagamenti_verify_ko_writer](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source | -| [azurerm_eventhub_authorization_rule.payment_options_re_authorization_rule_writer](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source | -| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_kubernetes_cluster.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source | -| [azurerm_log_analytics_workspace.log_analytics_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | -| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_subnet.apim_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [apim\_dns\_zone\_prefix](#input\_apim\_dns\_zone\_prefix) | The dns subdomain for apim. | `string` | `null` | no | -| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no | -| [dns\_zone\_prefix](#input\_dns\_zone\_prefix) | The wallet dns subdomain. | `string` | `null` | no | -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | -| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | ## Aks | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | -| [is\_feature\_enabled](#input\_is\_feature\_enabled) | n/a | 
object({
    paymentoptions      = bool
    paymentoptions_mock = bool
  })
| 
{
  "paymentoptions": false,
  "paymentoptions_mock": false
}
| no | -| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | -| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | -| [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | -| [location\_string](#input\_location\_string) | One of West Europe, North Europe | `string` | n/a | yes | -| [log\_analytics\_italy\_workspace\_name](#input\_log\_analytics\_italy\_workspace\_name) | Specifies the name of the Log Analytics Workspace Italy. | `string` | n/a | yes | -| [log\_analytics\_italy\_workspace\_resource\_group\_name](#input\_log\_analytics\_italy\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace Italy is located in. | `string` | n/a | yes | -| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | -| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | -| [monitor\_italy\_resource\_group\_name](#input\_monitor\_italy\_resource\_group\_name) | Monitor Italy resource group name | `string` | n/a | yes | -| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | -| [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | 
map(object({
    name         = optional(string, null)
    minAvailable = optional(number, null)
    matchLabels  = optional(map(any), {})
  }))
| `{}` | no | -| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | - -## Outputs - -No outputs. - diff --git a/src/copy/payopt-app/api/payment-options-mock/_base_policy.xml b/src/copy/payopt-app/api/payment-options-mock/_base_policy.xml deleted file mode 100644 index 59ce29e724..0000000000 --- a/src/copy/payopt-app/api/payment-options-mock/_base_policy.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - - - - diff --git a/src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml b/src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml deleted file mode 100644 index 018a492ebf..0000000000 --- a/src/copy/payopt-app/api/payment-options-mock/_get_payment_options_policy.xml +++ /dev/null @@ -1,444 +0,0 @@ - - - - - - - - - - - - - - application/json - - - - - { - "paTaxCode": "77777777777", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - Opzione 1 - Soluzione Unica", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111112", - "iuv": "11111111111111112", - "amount": 120, - "description": "Test Opt Inst - soluzione unica", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 2 - Piano Rateale", - "numberOfInstallments": 3, - "amount": 120, - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagatp", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111113", - "iuv": "11111111111111113", - "amount": 40, - "description": "rata 1", - "dueDate": "2024-10-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111114", - "iuv": "311111111111111114", - "amount": 40, - "description": "rata 2", - "dueDate": "2024-11-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111115", - "iuv": "11111111111111115", - "amount": 40, - "description": "rata 3", - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - } - ] - } - - - - - { - "paTaxCode": "99999000013", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - Opzione 1 - Soluzione Unica", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111112", - "iuv": "11111111111111112", - "amount": 120, - "description": "Test Opt Inst - soluzione unica", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 2 - Piano Rateale", - "numberOfInstallments": 3, - "amount": 120, - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"PO_UNPAID", - "statusReason":"Non pagatp", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111113", - "iuv": "11111111111111113", - "amount": 40, - "description": "rata 1", - "dueDate": "2024-10-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111114", - "iuv": "311111111111111114", - "amount": 40, - "description": "rata 2", - "dueDate": "2024-11-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - }, - { - "nav": "311111111111111115", - "iuv": "11111111111111115", - "amount": 40, - "description": "rata 3", - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status":"POI_UNPAID", - "statusReason":"Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 3 - Piano Rateale - 5 rate", - "numberOfInstallments": 5, - "amount": 90, - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111120", - "iuv": "311111111111111120", - "amount": 18, - "description": "rata 1", - "dueDate": "2024-10-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111121", - "iuv": "311111111111111121", - "amount": 18, - "description": "rata 2", - "dueDate": "2024-11-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111122", - "iuv": "311111111111111122", - "amount": 18, - "description": "rata 3", - "dueDate": "2024-12-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111123", - "iuv": "311111111111111123", - "amount": 18, - "description": "rata 4", - "dueDate": "2025-01-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - }, - { - "nav": "311111111111111124", - "iuv": "311111111111111124", - "amount": 18, - "description": "rata 5", - "dueDate": "2025-02-31T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - } - ] - } - ] - } - - - - { - "paTaxCode": "77777777777", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - unica opzione", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom": "2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non Pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111111", - "iuv": "311111111111111111", - "amount": 120, - "description": "Test Opt Inst - unica opzione", - "dueDate": "2024-10-30T23:59:59", - "validFrom": "2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non Pagato" - } - ] - } - ] - } - - - { - "paTaxCode": "99999000013", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - Opzione 1 - CO-Obbligato 1", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111125", - "iuv": "311111111111111125", - "amount": 120, - "description": "Test PayOpt - Opzione 1 - CO-Obbligato 1", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - } - ] - }, - { - "description": "Test PayOpt - Opzione 2 - CO-Obbligato 2", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "PO_UNPAID", - "statusReason": "Non pagato", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111126", - "iuv": "311111111111111126", - "amount": 120, - "description": "Test PayOpt - Opzione 2 - CO-Obbligato 2", - "dueDate": "2024-10-30T23:59:59", - "validFrom":"2024-09-30T23:59:59", - "status": "POI_UNPAID", - "statusReason": "Non pagato" - } - ] - } - ] - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_SINTASSI", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore di sintassi del modello nella risposta" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_SCONOSCIUTO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento sconosciuto" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_ID_DOMINIO_ERRATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per id dominio errato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_ID_INTERMEDIARIO_ERRATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per id intermediario errato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_ANNULLATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento annullato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_DUPLICATO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento duplicato" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_IN_CORSO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento ancora in corso" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_PAGAMENTO_SCADUTO", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per pagamento scaduto" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_SEMANTICA", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore semantica" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_STAZIONE_INT_ERRATA", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore per stazione errata" - } - - - - { - "httpStatusCode": 400, - "httpStatusDescription": "ND", - "appErrorCode": "PAA_SYSTEM_ERROR", - "timestamp": 1724425035, - "dateTime": "2024-08-23T14:57:15.635528", - "errorMessage": "Errore generico" - } - - - - - - - - diff --git a/src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl b/src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl deleted file mode 100644 index ef7b46e20a..0000000000 --- a/src/copy/payopt-app/api/payment-options-mock/_openapi.json.tpl +++ /dev/null @@ -1,99 +0,0 @@ -{ - "openapi": "3.0.1", - "info": { - "title": "Mocker Payopts", - "description": "", - "version": "1.0" - }, - "servers": [ - { - "url": "https://api.dev.platform.pagopa.it/payopt-mock" - } - ], - "paths": { - "/payment-options/organizations/{fiscal-code}/notices/{notice-number}": { - "post": { - "summary": "Get Payment Options", - "operationId": "get-payment-options", - "parameters": [ - { - "name": "fiscal-code", - "in": "path", - "required": true, - "schema": { - "type": "" - } - }, - { - "name": "notice-number", - "in": "path", - "required": true, - "schema": { - "type": "" - } - } - ], - "responses": { - "200": { - "description": "Single Opt Response", - "content": { - "application/json": { - "example": { - "paTaxCode": "77777777777", - "paFullName": "EC", - "paOfficeName": "EC", - "paymentOptions": [ - { - "description": "Test PayOpt - unica opzione", - "numberOfInstallments": 1, - "amount": 120, - "dueDate": "2024-10-30T23:59:59.0000000+00:00", - "validFrom": "2024-09-30T23:59:59.0000000+00:00", - "status": "non pagato", - "status reason": "desc", - "allCCP": "false", - "installments": [ - { - "nav": "311111111111111111", - "iuv": "311111111111111111", - "amount": 120, - "description": "Test Opt Inst - unica opzione", - "dueDate": "2024-10-30T23:59:59.0000000+00:00", - "validFrom": "2024-09-30T23:59:59.0000000+00:00", - "status": "non pagato", - "status reason": "desc" - } - ] - } - ] - } - } - } - } - } - } - } - }, - "components": { - "securitySchemes": { - "apiKeyHeader": { - "type": "apiKey", - "name": "Ocp-Apim-Subscription-Key", - "in": "header" - }, - "apiKeyQuery": { - "type": "apiKey", - "name": "subscription-key", - "in": "query" - } - } - }, - "security": [ - { - "apiKeyHeader": [] - }, - { - "apiKeyQuery": [] - } - ] -} \ No newline at end of file diff --git a/src/copy/payopt-app/api_product/_base_policy.xml b/src/copy/payopt-app/api_product/_base_policy.xml deleted file mode 100644 index ce18a37436..0000000000 --- a/src/copy/payopt-app/api_product/_base_policy.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - - - - diff --git a/src/copy/payopt-app/env/itn-dev/backend.ini b/src/copy/payopt-app/env/itn-dev/backend.ini deleted file mode 100644 index f3ea2d530c..0000000000 --- a/src/copy/payopt-app/env/itn-dev/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-app/env/itn-dev/backend.tfvars b/src/copy/payopt-app/env/itn-dev/backend.tfvars deleted file mode 100644 index 34401b3ea9..0000000000 --- a/src/copy/payopt-app/env/itn-dev/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfdevpagopa" -container_name = "terraform-state" -key = "paymentoptions-app-dev.terraform.tfstate" diff --git a/src/copy/payopt-app/env/itn-dev/terraform.tfvars b/src/copy/payopt-app/env/itn-dev/terraform.tfvars deleted file mode 100644 index a05aa001bb..0000000000 --- a/src/copy/payopt-app/env/itn-dev/terraform.tfvars +++ /dev/null @@ -1,39 +0,0 @@ -prefix = "pagopa" -env_short = "d" -env = "dev" -domain = "payopt" -location = "italynorth" -location_short = "itn" -location_string = "Italy North" -instance = "dev" - -tags = { - CreatedBy = "Terraform" - Environment = "Dev" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-d-monitor-rg" -log_analytics_workspace_name = "pagopa-d-law" -log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.dev.platform" -dns_zone_prefix = "payopt.itn" -apim_dns_zone_prefix = "dev.platform" -### Aks - -ingress_load_balancer_ip = "10.3.2.250" - -is_feature_enabled = { - paymentoptions = true - paymentoptions_mock = true -} diff --git a/src/copy/payopt-app/env/itn-prod/backend.ini b/src/copy/payopt-app/env/itn-prod/backend.ini deleted file mode 100644 index ddda4bb50f..0000000000 --- a/src/copy/payopt-app/env/itn-prod/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=prod-pagoPA diff --git a/src/copy/payopt-app/env/itn-prod/backend.tfvars b/src/copy/payopt-app/env/itn-prod/backend.tfvars deleted file mode 100644 index 184ba40d9d..0000000000 --- a/src/copy/payopt-app/env/itn-prod/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodpagopa" -container_name = "terraform-state" -key = "paymentoptions-app-prod.terraform.tfstate" diff --git a/src/copy/payopt-app/env/itn-prod/terraform.tfvars b/src/copy/payopt-app/env/itn-prod/terraform.tfvars deleted file mode 100644 index 674ca7b069..0000000000 --- a/src/copy/payopt-app/env/itn-prod/terraform.tfvars +++ /dev/null @@ -1,48 +0,0 @@ -prefix = "pagopa" -env_short = "p" -env = "prod" -domain = "payopt" -location = "italynorth" -location_short = "itn" -location_string = "Italy North" -instance = "prod" - -tags = { - CreatedBy = "Terraform" - Environment = "prod" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-p-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-p-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-p-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-p-monitor-rg" -log_analytics_workspace_name = "pagopa-p-law" -log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.platform" -dns_zone_prefix = "payopt.itn" -apim_dns_zone_prefix = "platform" -### Aks - -ingress_load_balancer_ip = "10.3.2.250" - -is_feature_enabled = { - paymentoptions = true - paymentoptions_mock = false -} - -pod_disruption_budgets = { - "payment-options-service" = { - minAvailable = 2 - matchLabels = { - "app.kubernetes.io/instance" = "payment-options-service" - } - }, -} diff --git a/src/copy/payopt-app/env/itn-uat/backend.ini b/src/copy/payopt-app/env/itn-uat/backend.ini deleted file mode 100644 index 1759a0ca0d..0000000000 --- a/src/copy/payopt-app/env/itn-uat/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=UAT-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-app/env/itn-uat/backend.tfvars b/src/copy/payopt-app/env/itn-uat/backend.tfvars deleted file mode 100644 index 3fa5ce28c3..0000000000 --- a/src/copy/payopt-app/env/itn-uat/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfuatpagopa" -container_name = "terraform-state" -key = "paymentoptions-app-uat.terraform.tfstate" diff --git a/src/copy/payopt-app/env/itn-uat/terraform.tfvars b/src/copy/payopt-app/env/itn-uat/terraform.tfvars deleted file mode 100644 index c0219aa389..0000000000 --- a/src/copy/payopt-app/env/itn-uat/terraform.tfvars +++ /dev/null @@ -1,39 +0,0 @@ -prefix = "pagopa" -env_short = "u" -env = "uat" -domain = "payopt" -location = "italynorth" -location_short = "itn" -location_string = "Italy North" -instance = "uat" - -tags = { - CreatedBy = "Terraform" - Environment = "Uat" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-app" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-u-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-u-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-u-monitor-rg" -log_analytics_workspace_name = "pagopa-u-law" -log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.uat.platform" -dns_zone_prefix = "payopt.itn" -apim_dns_zone_prefix = "uat.platform" -### Aks - -ingress_load_balancer_ip = "10.3.2.250" - -is_feature_enabled = { - paymentoptions = true - paymentoptions_mock = true -} diff --git a/src/copy/payopt-app/helm/cert-mounter.yaml.tpl b/src/copy/payopt-app/helm/cert-mounter.yaml.tpl deleted file mode 100644 index 73ee05d737..0000000000 --- a/src/copy/payopt-app/helm/cert-mounter.yaml.tpl +++ /dev/null @@ -1,13 +0,0 @@ -namespace: ${NAMESPACE} -nameOverride: "" -fullnameOverride: "" - -deployment: - create: true - -kvCertificatesName: - - ${CERTIFICATE_NAME} - -keyvault: - name: "${KV_NAME}" - tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d" diff --git a/src/copy/payopt-app/terraform.sh b/src/copy/payopt-app/terraform.sh deleted file mode 100755 index 047a7512d0..0000000000 --- a/src/copy/payopt-app/terraform.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/bin/bash -############################################################ -# Terraform script for managing infrastructure on Azure -# Fingerprint: d2hhdHlvdXdhbnQ/Cg== -############################################################ -# Global variables -# Version format x.y accepted -vers="1.11" -script_name=$(basename "$0") -git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" -tmp_file="${script_name}.new" -# Check if the third parameter exists and is a file -if [ -n "$3" ] && [ -f "$3" ]; then - FILE_ACTION=true -else - FILE_ACTION=false -fi - -# Define functions -function clean_environment() { - rm -rf .terraform - rm tfplan 2>/dev/null - echo "cleaned!" -} - -function download_tool() { - #default value - cpu_type="intel" - os_type=$(uname) - - # only on MacOS - if [ "$os_type" == "Darwin" ]; then - cpu_brand=$(sysctl -n machdep.cpu.brand_string) - if grep -q -i "intel" <<< "$cpu_brand"; then - cpu_type="intel" - else - cpu_type="arm" - fi - fi - - echo $cpu_type - tool=$1 - git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" - if ! command -v $tool &> /dev/null; then - if ! curl -sL "$git_repo" -o "$tool"; then - echo "Error downloading ${tool}" - return 1 - else - chmod +x $tool - echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. -You need to do it yourself!" - read -p "Press enter to continue" - - - fi - fi -} - -function extract_resources() { - TF_FILE=$1 - ENV=$2 - TARGETS="" - - # Check if the file exists - if [ ! -f "$TF_FILE" ]; then - echo "File $TF_FILE does not exist." - exit 1 - fi - - # Check if the directory exists - if [ ! -d "./env/$ENV" ]; then - echo "Directory ./env/$ENV does not exist." - exit 1 - fi - - TMP_FILE=$(mktemp) - grep -E '^resource|^module' $TF_FILE > $TMP_FILE - - while read -r line ; do - TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') - if [ "$TYPE" == "module" ]; then - NAME=$(echo $line | cut -d '"' -f 2) - TARGETS+=" -target=\"$TYPE.$NAME\"" - else - NAME1=$(echo $line | cut -d '"' -f 2) - NAME2=$(echo $line | cut -d '"' -f 4) - TARGETS+=" -target=\"$NAME1.$NAME2\"" - fi - done < $TMP_FILE - - rm $TMP_FILE - - echo "./terraform.sh $action $ENV $TARGETS" -} - -function help_usage() { - echo "terraform.sh Version ${vers}" - echo - echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" - echo "es. ACTION: init, apply, plan, etc." - echo "es. ENV: dev, uat, prod, etc." - echo - echo "Available actions:" - echo " clean Remove .terraform* folders and tfplan files" - echo " help This help" - echo " list List every environment available" - echo " update Update this script if possible" - echo " summ Generate summary of Terraform plan" - echo " tflist Generate an improved output of terraform state list" - echo " tlock Generate or update the dependency lock file" - echo " * any terraform option" -} - -function init_terraform() { - if [ -n "$env" ]; then - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - else - echo "ERROR: no env configured!" - exit 1 - fi -} - -function list_env() { - # Check if env directory exists - if [ ! -d "./env" ]; then - echo "No environment directory found" - exit 1 - fi - - # List subdirectories under env directory - env_list=$(ls -d ./env/*/ 2>/dev/null) - - # Check if there are any subdirectories - if [ -z "$env_list" ]; then - echo "No environments found" - exit 1 - fi - - # Print the list of environments - echo "Available environments:" - for env in $env_list; do - env_name=$(echo "$env" | sed 's#./env/##;s#/##') - echo "- $env_name" - done -} - -function other_actions() { - if [ -n "$env" ] && [ -n "$action" ]; then - terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other - else - echo "ERROR: no env or action configured!" - exit 1 - fi -} - -function state_output_taint_actions() { - if [ "$action" == "tflist" ]; then - # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, - # attempt to download the 'tflist' tool - if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then - download_tool "tflist" - if [ $? -ne 0 ]; then - echo "Error: Failed to download tflist!!" - exit 1 - else - echo "tflist downloaded!" - fi - fi - if command -v tflist &> /dev/null; then - terraform state list | tflist - else - terraform state list | ./tflist - fi - else - terraform $action $other - fi -} - - -function parse_tfplan_option() { - # Create an array to contain arguments that do not start with '-tfplan=' - local other_args=() - - # Loop over all arguments - for arg in "$@"; do - # If the argument starts with '-tfplan=', extract the file name - if [[ "$arg" =~ ^-tfplan= ]]; then - echo "${arg#*=}" - else - # If the argument does not start with '-tfplan=', add it to the other_args array - other_args+=("$arg") - fi - done - - # Print all arguments in other_args separated by spaces - echo "${other_args[@]}" -} - -function tfsummary() { - local plan_file - plan_file=$(parse_tfplan_option "$@") - if [ -z "$plan_file" ]; then - plan_file="tfplan" - fi - action="plan" - other="-out=${plan_file}" - other_actions - if [ -n "$(command -v tf-summarize)" ]; then - tf-summarize -tree "${plan_file}" - else - echo "tf-summarize is not installed" - fi - if [ "$plan_file" == "tfplan" ]; then - rm $plan_file - fi -} - -function update_script() { - # Check if the repository was cloned successfully - if ! curl -sL "$git_repo" -o "$tmp_file"; then - echo "Error cloning the repository" - rm "$tmp_file" 2>/dev/null - return 1 - fi - - # Check if a newer version exists - remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") - if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then - echo "The local script version is equal to or newer than the remote version." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Check the fingerprint - local_fingerprint=$(sed -n '4p' "$0") - remote_fingerprint=$(sed -n '4p' "$tmp_file") - - if [ "$local_fingerprint" != "$remote_fingerprint" ]; then - echo "The local and remote file fingerprints do not match." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Show the current and available versions to the user - echo "Current script version: $vers" - echo "Available script version: $remote_vers" - - # Ask the user if they want to update the script - read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer - - if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then - # Replace the local script with the updated version - cp "$tmp_file" "$script_name" - chmod +x "$script_name" - rm "$tmp_file" 2>/dev/null - - echo "Script successfully updated to version $remote_vers" - else - echo "Update canceled by the user" - fi - - rm "$tmp_file" 2>/dev/null -} - -# Check arguments number -if [ "$#" -lt 1 ]; then - help_usage - exit 0 -fi - -# Parse arguments -action=$1 -env=$2 -filetf=$3 -shift 2 -other=$@ - -if [ -n "$env" ]; then - # shellcheck source=/dev/null - source "./env/$env/backend.ini" - if [ -z "$(command -v az)" ]; then - echo "az not found, cannot proceed" - exit 1 - fi - az account set -s "${subscription}" -fi - -# Call appropriate function based on action -case $action in - clean) - clean_environment - ;; - ?|help|-h) - help_usage - ;; - init) - init_terraform "$other" - ;; - list) - list_env - ;; - output|state|taint|tflist) - init_terraform - state_output_taint_actions $other - ;; - summ) - init_terraform - tfsummary "$other" - ;; - tlock) - terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 - ;; - update) - update_script - ;; - *) - if [ "$FILE_ACTION" = true ]; then - extract_resources "$filetf" "$env" - else - init_terraform - other_actions "$other" - fi - ;; -esac diff --git a/src/copy/payopt-common/.terraform.lock.hcl b/src/copy/payopt-common/.terraform.lock.hcl deleted file mode 100644 index 412a66cdaf..0000000000 --- a/src/copy/payopt-common/.terraform.lock.hcl +++ /dev/null @@ -1,62 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.47.0" - constraints = "<= 2.47.0" - hashes = [ - "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", - "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", - "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", - "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", - "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", - "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", - "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", - "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", - "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", - "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.116.0" - constraints = "~> 3.30, ~> 3.116.0, < 4.0.0" - hashes = [ - "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", - "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", - "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", - "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", - "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", - "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", - "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", - "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", - "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", - "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", - "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.2" - constraints = "<= 3.2.2" - hashes = [ - "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", - "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", - "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", - "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", - "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", - "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", - "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", - "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", - "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", - "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", - "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", - ] -} diff --git a/src/copy/payopt-common/00_data.tf b/src/copy/payopt-common/00_data.tf deleted file mode 100644 index 453409f78e..0000000000 --- a/src/copy/payopt-common/00_data.tf +++ /dev/null @@ -1,4 +0,0 @@ -data "azurerm_key_vault" "kv" { - name = "${local.project}-kv" - resource_group_name = "${local.project}-sec-rg" -} diff --git a/src/copy/payopt-common/00_monitor.tf b/src/copy/payopt-common/00_monitor.tf deleted file mode 100644 index 3be0e0c27b..0000000000 --- a/src/copy/payopt-common/00_monitor.tf +++ /dev/null @@ -1,45 +0,0 @@ -# -# 🇮🇹 Monitor Italy -# -data "azurerm_resource_group" "monitor_italy_rg" { - name = var.monitor_italy_resource_group_name -} - -data "azurerm_log_analytics_workspace" "log_analytics_italy" { - name = var.log_analytics_italy_workspace_name - resource_group_name = var.log_analytics_italy_workspace_resource_group_name -} - -data "azurerm_application_insights" "application_insights_italy" { - name = local.monitor_appinsights_italy_name - resource_group_name = data.azurerm_resource_group.monitor_italy_rg.name -} - -# ### 🇪🇺 -# data "azurerm_resource_group" "monitor_rg" { -# name = var.monitor_resource_group_name -# } -# -# data "azurerm_log_analytics_workspace" "log_analytics" { -# name = var.log_analytics_workspace_name -# resource_group_name = var.log_analytics_workspace_resource_group_name -# } -# -# data "azurerm_application_insights" "application_insights" { -# name = local.monitor_appinsights_name -# resource_group_name = data.azurerm_resource_group.monitor_rg.name -# } - -# -# Action Groups -# -data "azurerm_monitor_action_group" "slack" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_slack_name -} - -data "azurerm_monitor_action_group" "email" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_email_name -} - diff --git a/src/copy/payopt-common/00_network.tf b/src/copy/payopt-common/00_network.tf deleted file mode 100644 index 73fad2990a..0000000000 --- a/src/copy/payopt-common/00_network.tf +++ /dev/null @@ -1,37 +0,0 @@ -data "azurerm_virtual_network" "vnet_italy" { - name = local.vnet_italy_name - resource_group_name = local.vnet_italy_resource_group_name -} - -data "azurerm_resource_group" "rg_vnet_italy" { - name = local.vnet_italy_resource_group_name -} - -# -# Subnets -# -data "azurerm_subnet" "aks_subnet" { - name = local.aks_subnet_name - virtual_network_name = local.vnet_italy_name - resource_group_name = local.vnet_italy_resource_group_name -} - -# -# Private DNS Zones -# -data "azurerm_private_dns_zone" "internal" { - name = local.internal_dns_zone_name - resource_group_name = local.internal_dns_zone_resource_group_name -} - -# -# Eventhub -# -data "azurerm_private_dns_zone" "eventhub" { - name = "privatelink.servicebus.windows.net" - resource_group_name = local.msg_resource_group_name -} - -data "azurerm_resource_group" "rg_event_private_dns_zone" { - name = local.msg_resource_group_name -} diff --git a/src/copy/payopt-common/01_network.tf b/src/copy/payopt-common/01_network.tf deleted file mode 100644 index 202f24163e..0000000000 --- a/src/copy/payopt-common/01_network.tf +++ /dev/null @@ -1,14 +0,0 @@ -resource "azurerm_private_dns_a_record" "ingress" { - name = local.ingress_hostname - zone_name = data.azurerm_private_dns_zone.internal.name - resource_group_name = local.internal_dns_zone_resource_group_name - ttl = 3600 - records = [var.ingress_load_balancer_ip] -} - -resource "azurerm_subnet" "eventhub_italy" { - name = "${local.project}-eventhub-snet" - resource_group_name = data.azurerm_resource_group.rg_vnet_italy.name - virtual_network_name = data.azurerm_virtual_network.vnet_italy.name - address_prefixes = var.cidr_paymentoptions_eventhub_italy -} diff --git a/src/copy/payopt-common/03_eventhub.tf b/src/copy/payopt-common/03_eventhub.tf deleted file mode 100644 index e8d3ee1f9e..0000000000 --- a/src/copy/payopt-common/03_eventhub.tf +++ /dev/null @@ -1,86 +0,0 @@ -resource "azurerm_resource_group" "eventhub_ita_rg" { - name = local.eventhub_resource_group_name - location = var.location - - tags = var.tags -} - -module "eventhub_namespace" { - source = "./.terraform/modules/__v3__/eventhub" - name = "${local.project}-evh" - location = var.location - resource_group_name = azurerm_resource_group.eventhub_ita_rg.name - auto_inflate_enabled = var.ehns_auto_inflate_enabled - sku = var.ehns_sku_name - capacity = var.ehns_capacity - maximum_throughput_units = var.ehns_maximum_throughput_units - #zone_redundat is always true - - virtual_network_ids = [data.azurerm_virtual_network.vnet_italy.id] - private_endpoint_subnet_id = azurerm_subnet.eventhub_italy.id - public_network_access_enabled = var.ehns_public_network_access - private_endpoint_created = var.ehns_private_endpoint_is_present - - private_endpoint_resource_group_name = azurerm_resource_group.eventhub_ita_rg.name - - private_dns_zones = { - id = [data.azurerm_private_dns_zone.eventhub.id] - name = [data.azurerm_private_dns_zone.eventhub.name] - resource_group_name = data.azurerm_resource_group.rg_event_private_dns_zone.name - } - - private_dns_zone_record_A_name = "${var.domain}.${var.location_short}" - - action = [ - { - action_group_id = data.azurerm_monitor_action_group.slack.id - webhook_properties = null - }, - { - action_group_id = data.azurerm_monitor_action_group.email.id - webhook_properties = null - } - ] - - metric_alerts_create = var.ehns_alerts_enabled - metric_alerts = var.ehns_metric_alerts - - tags = var.tags -} - -# -# CONFIGURATION -# -module "eventhub_paymentoptions_configuration" { - source = "./.terraform/modules/__v3__/eventhub_configuration" - count = var.is_feature_enabled.eventhub ? 1 : 0 - - event_hub_namespace_name = module.eventhub_namespace.name - event_hub_namespace_resource_group_name = azurerm_resource_group.eventhub_ita_rg.name - - eventhubs = [ - { - name = "${var.prefix}-${var.domain}-evh" - partitions = 1 - message_retention = 1 - consumers = [ - "${local.project}-payment-options-re-rx", - ] - keys = [ - { - name = "${local.project}-payment-options-re-tx" - listen = false - send = true - manage = false - }, - { - name = "${local.project}-payment-options-re-rx" # internal use - listen = true - send = false - manage = false - } - ] - }, - ] -} - diff --git a/src/copy/payopt-common/10_github_identity.tf b/src/copy/payopt-common/10_github_identity.tf deleted file mode 100644 index 36a3cd077b..0000000000 --- a/src/copy/payopt-common/10_github_identity.tf +++ /dev/null @@ -1,218 +0,0 @@ -data "azurerm_resource_group" "identity_rg" { - name = "${local.product}-identity-rg" -} - -data "azurerm_kubernetes_cluster" "aks" { - name = "${local.product}-${var.location_short}-${var.instance}-aks" - resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg" -} - -data "azurerm_key_vault" "key_vault" { - name = "${local.product}-${var.location_short}-${var.domain}-kv" - resource_group_name = "${local.product}-${var.location_short}-${var.domain}-sec-rg" -} - -# repos must be lower than 20 items -locals { - repos_01 = [ - "pagopa-payment-options-service", - ] - - federations_01 = [ - for repo in local.repos_01 : { - repository = repo - subject = var.env - } - ] - - federations_01_pr = [ - for repo in local.repos_01 : { - repository = repo - subject = "pull_request" - } - ] - - federations_01_ref = [ - for repo in local.repos_01 : { - repository = repo - credentials_scope = "ref" - subject = "refs/heads/main" - } - ] - - - # to avoid subscription Contributor -> https://github.com/microsoft/azure-container-apps/issues/35 - environment_cd_roles = { - subscription = [ - "Contributor", - ] - resource_groups = { - "${local.product}-${var.location_short}-${var.domain}-sec-rg" = [ - "Key Vault Reader" - ], - "${local.product}-${var.location_short}-${var.env}-aks-rg" = [ - "Contributor" - ], - } - } -} - -# create a module for each 20 repos -module "identity_cd_01" { - source = "./.terraform/modules/__v3__/github_federated_identity" - # pagopa---github--identity - prefix = var.prefix - env_short = var.env_short - domain = "${var.domain}-01" - - identity_role = "cd" - - github_federations = local.federations_01 - - cd_rbac_roles = { - subscription_roles = local.environment_cd_roles.subscription - resource_groups = local.environment_cd_roles.resource_groups - } - - tags = var.tags - - depends_on = [ - data.azurerm_resource_group.identity_rg - ] -} - -resource "azurerm_key_vault_access_policy" "gha_iac_managed_identities" { - key_vault_id = data.azurerm_key_vault.key_vault.id - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = module.identity_cd_01.identity_principal_id - - secret_permissions = ["Get", "List", "Set", ] - - certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"] - key_permissions = [ - "Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "GetRotationPolicy" - ] - - storage_permissions = [] -} - -resource "null_resource" "github_runner_app_permissions_to_namespace_cd_01" { - triggers = { - aks_id = data.azurerm_kubernetes_cluster.aks.id - service_principal_id = module.identity_cd_01.identity_client_id - namespace = var.domain - version = "v2" - } - - provisioner "local-exec" { - command = < -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.6 | -| [azuread](#requirement\_azuread) | <= 2.47.0 | -| [azurerm](#requirement\_azurerm) | < 4.0.0 | -| [null](#requirement\_null) | <= 3.2.2 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eventhub\_namespace](#module\_eventhub\_namespace) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v8.22.0 | -| [eventhub\_paymentoptions\_configuration](#module\_eventhub\_paymentoptions\_configuration) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub_configuration | v8.22.0 | -| [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 | -| [identity\_pr\_01](#module\_identity\_pr\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 | -| [identity\_ref\_01](#module\_identity\_ref\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.36.1 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_key_vault_access_policy.gha_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.gha_pr_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.gha_ref_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | -| [azurerm_resource_group.eventhub_ita_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_subnet.eventhub_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | -| [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [azurerm_application_insights.application_insights_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_key_vault.key_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_kubernetes_cluster.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source | -| [azurerm_log_analytics_workspace.log_analytics_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | -| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_private_dns_zone.eventhub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_resource_group.rg_event_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_resource_group.rg_vnet_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_subnet.aks_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_virtual_network.vnet_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cidr\_paymentoptions\_eventhub\_italy](#input\_cidr\_paymentoptions\_eventhub\_italy) | Address prefixes for all evh accounts in italy. | `list(string)` | n/a | yes | -| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no | -| [dns\_zone\_platform](#input\_dns\_zone\_platform) | The platform dns subdomain. | `string` | `null` | no | -| [dns\_zone\_prefix](#input\_dns\_zone\_prefix) | The wallet dns subdomain. | `string` | `null` | no | -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [ehns\_alerts\_enabled](#input\_ehns\_alerts\_enabled) | Event hub alerts enabled? | `bool` | n/a | yes | -| [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | n/a | yes | -| [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | n/a | yes | -| [ehns\_maximum\_throughput\_units](#input\_ehns\_maximum\_throughput\_units) | Specifies the maximum number of throughput units when Auto Inflate is Enabled | `number` | n/a | yes | -| [ehns\_metric\_alerts](#input\_ehns\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    metric_name = string
    description = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string

    dimension = list(object(
      {
        name     = string
        operator = string
        values   = list(string)
      }
    ))
  }))
| `{}` | no | -| [ehns\_private\_endpoint\_is\_present](#input\_ehns\_private\_endpoint\_is\_present) | (Required) create private endpoint to the event hubs | `bool` | n/a | yes | -| [ehns\_public\_network\_access](#input\_ehns\_public\_network\_access) | (Required) enables public network access to the event hubs | `bool` | n/a | yes | -| [ehns\_sku\_name](#input\_ehns\_sku\_name) | Defines which tier to use. | `string` | n/a | yes | -| [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | n/a | yes | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | -| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | -| [is\_feature\_enabled](#input\_is\_feature\_enabled) | n/a | 
object({
    eventhub = bool
  })
| 
{
  "eventhub": false
}
| no | -| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | -| [location\_short](#input\_location\_short) | One of wue, neu | `string` | `"itn"` | no | -| [log\_analytics\_italy\_workspace\_name](#input\_log\_analytics\_italy\_workspace\_name) | Specifies the name of the Log Analytics Workspace Italy. | `string` | n/a | yes | -| [log\_analytics\_italy\_workspace\_resource\_group\_name](#input\_log\_analytics\_italy\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace Italy is located in. | `string` | n/a | yes | -| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | -| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | -| [monitor\_italy\_resource\_group\_name](#input\_monitor\_italy\_resource\_group\_name) | Monitor Italy resource group name | `string` | n/a | yes | -| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | -| [prefix](#input\_prefix) | general | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | - -## Outputs - -No outputs. - diff --git a/src/copy/payopt-common/env/itn-dev/backend.ini b/src/copy/payopt-common/env/itn-dev/backend.ini deleted file mode 100644 index f3ea2d530c..0000000000 --- a/src/copy/payopt-common/env/itn-dev/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-common/env/itn-dev/backend.tfvars b/src/copy/payopt-common/env/itn-dev/backend.tfvars deleted file mode 100644 index d651547925..0000000000 --- a/src/copy/payopt-common/env/itn-dev/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfdevpagopa" -container_name = "terraform-state" -key = "paymentoptions-common-dev.terraform.tfstate" diff --git a/src/copy/payopt-common/env/itn-dev/terraform.tfvars b/src/copy/payopt-common/env/itn-dev/terraform.tfvars deleted file mode 100644 index b6da44353b..0000000000 --- a/src/copy/payopt-common/env/itn-dev/terraform.tfvars +++ /dev/null @@ -1,106 +0,0 @@ -prefix = "pagopa" -env_short = "d" -env = "dev" -domain = "payopt" -location = "italynorth" -location_short = "itn" -instance = "dev" - -tags = { - CreatedBy = "Terraform" - Environment = "Dev" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### 🚩Features flags - -is_feature_enabled = { - eventhub = true -} - -### CIRDs - -cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"] - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-d-monitor-rg" -log_analytics_workspace_name = "pagopa-d-law" -log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg" - -### Aks - -ingress_load_balancer_ip = "10.3.100.250" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.dev.platform" - -# -# EventHub -# -ehns_sku_name = "Standard" - -# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002 -ehns_auto_inflate_enabled = false -ehns_maximum_throughput_units = 5 -ehns_capacity = 1 -ehns_alerts_enabled = false -ehns_zone_redundant = false - -ehns_public_network_access = true -ehns_private_endpoint_is_present = false - -ehns_metric_alerts = { - no_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "No transactions received from acquirer in the last 24h" - operator = "LessThanOrEqual" - threshold = 1000 - frequency = "PT1H" - window_size = "P1D" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = ["rtd-trx"] - } - ], - }, - active_connections = { - aggregation = "Average" - metric_name = "ActiveConnections" - description = null - operator = "LessThanOrEqual" - threshold = 0 - frequency = "PT5M" - window_size = "PT15M" - dimension = [], - }, - error_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately" - operator = "GreaterThan" - threshold = 0 - frequency = "PT5M" - window_size = "PT30M" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = [ - "nodo-dei-pagamenti-log", - "nodo-dei-pagamenti-re" - ] - } - ], - }, -} - diff --git a/src/copy/payopt-common/env/itn-prod/backend.ini b/src/copy/payopt-common/env/itn-prod/backend.ini deleted file mode 100644 index 432abea37c..0000000000 --- a/src/copy/payopt-common/env/itn-prod/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-common/env/itn-prod/backend.tfvars b/src/copy/payopt-common/env/itn-prod/backend.tfvars deleted file mode 100644 index 5532d8232f..0000000000 --- a/src/copy/payopt-common/env/itn-prod/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodpagopa" -container_name = "terraform-state" -key = "paymentoptions-common-prod.terraform.tfstate" diff --git a/src/copy/payopt-common/env/itn-prod/terraform.tfvars b/src/copy/payopt-common/env/itn-prod/terraform.tfvars deleted file mode 100644 index a70e0827de..0000000000 --- a/src/copy/payopt-common/env/itn-prod/terraform.tfvars +++ /dev/null @@ -1,106 +0,0 @@ -prefix = "pagopa" -env_short = "p" -env = "prod" -domain = "payopt" -location = "italynorth" -location_short = "itn" -instance = "prod" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### 🚩Features flags - -is_feature_enabled = { - eventhub = true -} - -### CIRDs - -cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"] - -### External resources - -monitor_italy_resource_group_name = "pagopa-p-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-p-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-p-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-p-monitor-rg" -log_analytics_workspace_name = "pagopa-p-law" -log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg" - -### Aks - -ingress_load_balancer_ip = "10.3.100.250" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.platform" - -# -# EventHub -# -ehns_sku_name = "Standard" - -# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002 -ehns_auto_inflate_enabled = true -ehns_maximum_throughput_units = 5 -ehns_capacity = 5 -ehns_alerts_enabled = true -ehns_zone_redundant = true - -ehns_public_network_access = false -ehns_private_endpoint_is_present = true - -ehns_metric_alerts = { - no_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "No transactions received from acquirer in the last 24h" - operator = "LessThanOrEqual" - threshold = 1000 - frequency = "PT1H" - window_size = "P1D" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = ["rtd-trx"] - } - ], - }, - active_connections = { - aggregation = "Average" - metric_name = "ActiveConnections" - description = null - operator = "LessThanOrEqual" - threshold = 0 - frequency = "PT5M" - window_size = "PT15M" - dimension = [], - }, - error_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately" - operator = "GreaterThan" - threshold = 0 - frequency = "PT5M" - window_size = "PT30M" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = [ - "nodo-dei-pagamenti-log", - "nodo-dei-pagamenti-re" - ] - } - ], - }, -} - diff --git a/src/copy/payopt-common/env/itn-uat/backend.ini b/src/copy/payopt-common/env/itn-uat/backend.ini deleted file mode 100644 index 1759a0ca0d..0000000000 --- a/src/copy/payopt-common/env/itn-uat/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=UAT-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-common/env/itn-uat/backend.tfvars b/src/copy/payopt-common/env/itn-uat/backend.tfvars deleted file mode 100644 index d1c07b27ff..0000000000 --- a/src/copy/payopt-common/env/itn-uat/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfuatpagopa" -container_name = "terraform-state" -key = "paymentoptions-common-uat.terraform.tfstate" diff --git a/src/copy/payopt-common/env/itn-uat/terraform.tfvars b/src/copy/payopt-common/env/itn-uat/terraform.tfvars deleted file mode 100644 index da838589de..0000000000 --- a/src/copy/payopt-common/env/itn-uat/terraform.tfvars +++ /dev/null @@ -1,106 +0,0 @@ -prefix = "pagopa" -env_short = "u" -env = "uat" -domain = "payopt" -location = "italynorth" -location_short = "itn" -instance = "uat" - -tags = { - CreatedBy = "Terraform" - Environment = "Uat" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### 🚩Features flags - -is_feature_enabled = { - eventhub = true -} - -### CIRDs - -cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"] - -### External resources - -monitor_italy_resource_group_name = "pagopa-u-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-u-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg" - -monitor_resource_group_name = "pagopa-u-monitor-rg" -log_analytics_workspace_name = "pagopa-u-law" -log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg" - -### Aks - -ingress_load_balancer_ip = "10.3.100.250" - -external_domain = "pagopa.it" -dns_zone_internal_prefix = "internal.uat.platform" - -# -# EventHub -# -ehns_sku_name = "Standard" - -# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002 -ehns_auto_inflate_enabled = true -ehns_maximum_throughput_units = 5 -ehns_capacity = 1 -ehns_alerts_enabled = false -ehns_zone_redundant = false - -ehns_public_network_access = false -ehns_private_endpoint_is_present = true - -ehns_metric_alerts = { - no_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "No transactions received from acquirer in the last 24h" - operator = "LessThanOrEqual" - threshold = 1000 - frequency = "PT1H" - window_size = "P1D" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = ["rtd-trx"] - } - ], - }, - active_connections = { - aggregation = "Average" - metric_name = "ActiveConnections" - description = null - operator = "LessThanOrEqual" - threshold = 0 - frequency = "PT5M" - window_size = "PT15M" - dimension = [], - }, - error_trx = { - aggregation = "Total" - metric_name = "IncomingMessages" - description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately" - operator = "GreaterThan" - threshold = 0 - frequency = "PT5M" - window_size = "PT30M" - dimension = [ - { - name = "EntityName" - operator = "Include" - values = [ - "nodo-dei-pagamenti-log", - "nodo-dei-pagamenti-re" - ] - } - ], - }, -} - diff --git a/src/copy/payopt-common/terraform.sh b/src/copy/payopt-common/terraform.sh deleted file mode 100755 index 047a7512d0..0000000000 --- a/src/copy/payopt-common/terraform.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/bin/bash -############################################################ -# Terraform script for managing infrastructure on Azure -# Fingerprint: d2hhdHlvdXdhbnQ/Cg== -############################################################ -# Global variables -# Version format x.y accepted -vers="1.11" -script_name=$(basename "$0") -git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" -tmp_file="${script_name}.new" -# Check if the third parameter exists and is a file -if [ -n "$3" ] && [ -f "$3" ]; then - FILE_ACTION=true -else - FILE_ACTION=false -fi - -# Define functions -function clean_environment() { - rm -rf .terraform - rm tfplan 2>/dev/null - echo "cleaned!" -} - -function download_tool() { - #default value - cpu_type="intel" - os_type=$(uname) - - # only on MacOS - if [ "$os_type" == "Darwin" ]; then - cpu_brand=$(sysctl -n machdep.cpu.brand_string) - if grep -q -i "intel" <<< "$cpu_brand"; then - cpu_type="intel" - else - cpu_type="arm" - fi - fi - - echo $cpu_type - tool=$1 - git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" - if ! command -v $tool &> /dev/null; then - if ! curl -sL "$git_repo" -o "$tool"; then - echo "Error downloading ${tool}" - return 1 - else - chmod +x $tool - echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. -You need to do it yourself!" - read -p "Press enter to continue" - - - fi - fi -} - -function extract_resources() { - TF_FILE=$1 - ENV=$2 - TARGETS="" - - # Check if the file exists - if [ ! -f "$TF_FILE" ]; then - echo "File $TF_FILE does not exist." - exit 1 - fi - - # Check if the directory exists - if [ ! -d "./env/$ENV" ]; then - echo "Directory ./env/$ENV does not exist." - exit 1 - fi - - TMP_FILE=$(mktemp) - grep -E '^resource|^module' $TF_FILE > $TMP_FILE - - while read -r line ; do - TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') - if [ "$TYPE" == "module" ]; then - NAME=$(echo $line | cut -d '"' -f 2) - TARGETS+=" -target=\"$TYPE.$NAME\"" - else - NAME1=$(echo $line | cut -d '"' -f 2) - NAME2=$(echo $line | cut -d '"' -f 4) - TARGETS+=" -target=\"$NAME1.$NAME2\"" - fi - done < $TMP_FILE - - rm $TMP_FILE - - echo "./terraform.sh $action $ENV $TARGETS" -} - -function help_usage() { - echo "terraform.sh Version ${vers}" - echo - echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" - echo "es. ACTION: init, apply, plan, etc." - echo "es. ENV: dev, uat, prod, etc." - echo - echo "Available actions:" - echo " clean Remove .terraform* folders and tfplan files" - echo " help This help" - echo " list List every environment available" - echo " update Update this script if possible" - echo " summ Generate summary of Terraform plan" - echo " tflist Generate an improved output of terraform state list" - echo " tlock Generate or update the dependency lock file" - echo " * any terraform option" -} - -function init_terraform() { - if [ -n "$env" ]; then - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - else - echo "ERROR: no env configured!" - exit 1 - fi -} - -function list_env() { - # Check if env directory exists - if [ ! -d "./env" ]; then - echo "No environment directory found" - exit 1 - fi - - # List subdirectories under env directory - env_list=$(ls -d ./env/*/ 2>/dev/null) - - # Check if there are any subdirectories - if [ -z "$env_list" ]; then - echo "No environments found" - exit 1 - fi - - # Print the list of environments - echo "Available environments:" - for env in $env_list; do - env_name=$(echo "$env" | sed 's#./env/##;s#/##') - echo "- $env_name" - done -} - -function other_actions() { - if [ -n "$env" ] && [ -n "$action" ]; then - terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other - else - echo "ERROR: no env or action configured!" - exit 1 - fi -} - -function state_output_taint_actions() { - if [ "$action" == "tflist" ]; then - # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, - # attempt to download the 'tflist' tool - if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then - download_tool "tflist" - if [ $? -ne 0 ]; then - echo "Error: Failed to download tflist!!" - exit 1 - else - echo "tflist downloaded!" - fi - fi - if command -v tflist &> /dev/null; then - terraform state list | tflist - else - terraform state list | ./tflist - fi - else - terraform $action $other - fi -} - - -function parse_tfplan_option() { - # Create an array to contain arguments that do not start with '-tfplan=' - local other_args=() - - # Loop over all arguments - for arg in "$@"; do - # If the argument starts with '-tfplan=', extract the file name - if [[ "$arg" =~ ^-tfplan= ]]; then - echo "${arg#*=}" - else - # If the argument does not start with '-tfplan=', add it to the other_args array - other_args+=("$arg") - fi - done - - # Print all arguments in other_args separated by spaces - echo "${other_args[@]}" -} - -function tfsummary() { - local plan_file - plan_file=$(parse_tfplan_option "$@") - if [ -z "$plan_file" ]; then - plan_file="tfplan" - fi - action="plan" - other="-out=${plan_file}" - other_actions - if [ -n "$(command -v tf-summarize)" ]; then - tf-summarize -tree "${plan_file}" - else - echo "tf-summarize is not installed" - fi - if [ "$plan_file" == "tfplan" ]; then - rm $plan_file - fi -} - -function update_script() { - # Check if the repository was cloned successfully - if ! curl -sL "$git_repo" -o "$tmp_file"; then - echo "Error cloning the repository" - rm "$tmp_file" 2>/dev/null - return 1 - fi - - # Check if a newer version exists - remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") - if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then - echo "The local script version is equal to or newer than the remote version." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Check the fingerprint - local_fingerprint=$(sed -n '4p' "$0") - remote_fingerprint=$(sed -n '4p' "$tmp_file") - - if [ "$local_fingerprint" != "$remote_fingerprint" ]; then - echo "The local and remote file fingerprints do not match." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Show the current and available versions to the user - echo "Current script version: $vers" - echo "Available script version: $remote_vers" - - # Ask the user if they want to update the script - read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer - - if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then - # Replace the local script with the updated version - cp "$tmp_file" "$script_name" - chmod +x "$script_name" - rm "$tmp_file" 2>/dev/null - - echo "Script successfully updated to version $remote_vers" - else - echo "Update canceled by the user" - fi - - rm "$tmp_file" 2>/dev/null -} - -# Check arguments number -if [ "$#" -lt 1 ]; then - help_usage - exit 0 -fi - -# Parse arguments -action=$1 -env=$2 -filetf=$3 -shift 2 -other=$@ - -if [ -n "$env" ]; then - # shellcheck source=/dev/null - source "./env/$env/backend.ini" - if [ -z "$(command -v az)" ]; then - echo "az not found, cannot proceed" - exit 1 - fi - az account set -s "${subscription}" -fi - -# Call appropriate function based on action -case $action in - clean) - clean_environment - ;; - ?|help|-h) - help_usage - ;; - init) - init_terraform "$other" - ;; - list) - list_env - ;; - output|state|taint|tflist) - init_terraform - state_output_taint_actions $other - ;; - summ) - init_terraform - tfsummary "$other" - ;; - tlock) - terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 - ;; - update) - update_script - ;; - *) - if [ "$FILE_ACTION" = true ]; then - extract_resources "$filetf" "$env" - else - init_terraform - other_actions "$other" - fi - ;; -esac diff --git a/src/copy/payopt-secrets/.terraform.lock.hcl b/src/copy/payopt-secrets/.terraform.lock.hcl deleted file mode 100644 index e6e5cedf47..0000000000 --- a/src/copy/payopt-secrets/.terraform.lock.hcl +++ /dev/null @@ -1,102 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.47.0" - constraints = "<= 2.47.0" - hashes = [ - "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", - "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", - "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", - "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", - "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", - "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", - "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", - "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", - "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", - "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.106.0" - constraints = "~> 3.30, <= 3.106.0" - hashes = [ - "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=", - "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47", - "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038", - "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055", - "zh:5e234c0a2f3c9677ea72b2a6e6ca90defb99fab29ae565f5d1f70728ba4ba78f", - "zh:83fd042ece6977429d79affd03d6ce963d2f122604dbf15a1abf203d7a7bbc8a", - "zh:93027e1f66b3bf83398d572d4e6f6e7777330c78c54da3226dadd50fd868ada9", - "zh:ae3d1dd66140c303df97d93c47a60f16735ce17cf156f45475dcee4a7360af5b", - "zh:daf9d2eb89e785458a76b88bf2ef0696c472094c77cc9cff3b3ea4b885c5a482", - "zh:dd46370141651e6549da6d85e25c7a6770c47581bbaaa27eda2886d41d849747", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f77405c0d8f6e0d93d9da83256b3b02c164bad4c791ed9604310ff02ae086ad1", - "zh:ffa769147bda833aef8802e3a391bd175ec749862764d61cbdaa8200d5b8f893", - ] -} - -provider "registry.terraform.io/hashicorp/external" { - version = "2.2.3" - constraints = "<= 2.2.3" - hashes = [ - "h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=", - "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", - "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", - "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4", - "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387", - "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a", - "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32", - "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353", - "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f", - "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a", - "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.16.1" - constraints = "<= 2.16.1" - hashes = [ - "h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=", - "zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c", - "zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f", - "zh:3a479014187af1d0aec3a1d3d9c09551b801956fe6dd29af1186dec86712731b", - "zh:73fb0a69f1abdb02858b6589f7fab6d989a0f422f7ad95ed662aaa84872d3473", - "zh:a33852cd382cbc8e06d3f6c018b468ad809d24d912d64722e037aed1f9bf39db", - "zh:b533ff2214dca90296b1d22eace7eaa7e3efe5a7ae9da66a112094abc932db4f", - "zh:ddf74d8bb1aeb01dc2c36ef40e2b283d32b2a96db73f6daaf179fa2f10949c80", - "zh:e720f3a15d34e795fa9ff90bc755e838ebb4aef894aa2a423fb16dfa6d6b0667", - "zh:e789ae70a658800cb0a19ef7e4e9b26b5a38a92b43d1f41d64fc8bb46539cefb", - "zh:e8aed7dc0bd8f843d607dee5f72640dbef6835a8b1c6ea12cea5b4ec53e463f7", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fb3ac4f43c8b0dfc0b0103dd0f062ea72b3a34518d4c8808e3a44c9a3dd5f024", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "~> 3.2, <= 3.2.1" - hashes = [ - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", - ] -} diff --git a/src/copy/payopt-secrets/00_azuread.tf b/src/copy/payopt-secrets/00_azuread.tf deleted file mode 100644 index 14a0893a9f..0000000000 --- a/src/copy/payopt-secrets/00_azuread.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Azure AD -data "azuread_group" "adgroup_admin" { - display_name = "${local.product}-adgroup-admin" -} - -data "azuread_group" "adgroup_developers" { - display_name = "${local.product}-adgroup-developers" -} - -data "azuread_group" "adgroup_externals" { - display_name = "${local.product}-adgroup-externals" -} - -data "azuread_group" "adgroup_security" { - display_name = "${local.product}-adgroup-security" -} \ No newline at end of file diff --git a/src/copy/payopt-secrets/01_keyvault.tf b/src/copy/payopt-secrets/01_keyvault.tf deleted file mode 100644 index c91ffe6e9c..0000000000 --- a/src/copy/payopt-secrets/01_keyvault.tf +++ /dev/null @@ -1,101 +0,0 @@ -resource "azurerm_resource_group" "sec_rg" { - name = "${local.product}-${var.location_short}-${var.domain}-sec-rg" - location = var.location - - tags = var.tags -} - -module "key_vault" { - source = "./.terraform/modules/__v3__/key_vault" - - name = "${local.product}-${var.location_short}-${var.domain}-kv" - location = azurerm_resource_group.sec_rg.location - resource_group_name = azurerm_resource_group.sec_rg.name - tenant_id = data.azurerm_client_config.current.tenant_id - soft_delete_retention_days = 90 - - tags = var.tags -} - -## ad group policy ## -resource "azurerm_key_vault_access_policy" "ad_group_policy" { - key_vault_id = module.key_vault.id - - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_group.adgroup_admin.object_id - - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Backup", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", "Release", "Rotate", "GetRotationPolicy", "SetRotationPolicy"] - secret_permissions = ["Get", "List", "Set", "Delete", "Backup", "Purge", "Recover", "Restore"] - storage_permissions = [] - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Purge", "Recover", ] -} - -## ad group policy ## -resource "azurerm_key_vault_access_policy" "adgroup_developers_policy" { - count = var.env_short != "p" ? 1 : 0 - - key_vault_id = module.key_vault.id - - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_group.adgroup_developers.object_id - - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Recover", "Rotate", "GetRotationPolicy"] - secret_permissions = ["Get", "List", "Set", "Delete", "Recover", ] - storage_permissions = [] - certificate_permissions = [ - "Get", "List", "Update", "Create", "Import", - "Delete", "Restore", "Purge", "Recover" - ] -} - -## ad group policy ## -resource "azurerm_key_vault_access_policy" "adgroup_externals_policy" { - count = var.env_short != "p" ? 1 : 0 - - key_vault_id = module.key_vault.id - - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_group.adgroup_externals.object_id - - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Recover", "Rotate", "GetRotationPolicy"] - secret_permissions = ["Get", "List", "Set", "Delete", "Recover", ] - storage_permissions = [] - certificate_permissions = [ - "Get", "List", "Update", "Create", "Import", - "Delete", "Restore", "Purge", "Recover" - ] -} - -## ad group policy ## -data "azuread_service_principal" "iac_principal" { - count = var.enable_iac_pipeline ? 1 : 0 - display_name = "pagopaspa-pagoPA-iac-${data.azurerm_subscription.current.subscription_id}" -} - -resource "azurerm_key_vault_access_policy" "azdevops_iac_policy" { - count = var.enable_iac_pipeline ? 1 : 0 - key_vault_id = module.key_vault.id - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_service_principal.iac_principal[0].object_id - - secret_permissions = ["Get", "List", "Set", ] - certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"] - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt"] - - storage_permissions = [] -} - -################ -## Secrets ## -################ - -# create json letsencrypt inside kv -# requierd: Docker -module "letsencrypt_paymentoptions" { - source = "./.terraform/modules/__v3__/letsencrypt_credential" - - prefix = var.prefix - env = var.env_short - key_vault_name = module.key_vault.name - subscription_name = local.subscription_name -} diff --git a/src/copy/payopt-secrets/02_azdo.tf b/src/copy/payopt-secrets/02_azdo.tf deleted file mode 100644 index 5683ffec89..0000000000 --- a/src/copy/payopt-secrets/02_azdo.tf +++ /dev/null @@ -1,23 +0,0 @@ -# -# Policy -# - -data "azurerm_user_assigned_identity" "iac_federated_azdo" { - for_each = local.azdo_iac_managed_identities - name = each.key - resource_group_name = local.azdo_managed_identity_rg_name -} - -resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" { - for_each = local.azdo_iac_managed_identities - - key_vault_id = module.key_vault.id - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id - - secret_permissions = ["Get", "List", "Set", ] - - certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"] - - storage_permissions = [] -} diff --git a/src/copy/payopt-secrets/02_init_sops.tf b/src/copy/payopt-secrets/02_init_sops.tf deleted file mode 100644 index e93d0651a0..0000000000 --- a/src/copy/payopt-secrets/02_init_sops.tf +++ /dev/null @@ -1,21 +0,0 @@ -moved { - from = azurerm_key_vault_key.generated - to = azurerm_key_vault_key.sops_key -} - -resource "azurerm_key_vault_key" "sops_key" { - name = "${local.product}-${var.domain}-sops-key" - key_vault_id = module.key_vault.id - key_type = "RSA" - key_size = 2048 - - key_opts = [ - "decrypt", - "encrypt", - ] - - depends_on = [ - azurerm_key_vault_access_policy.adgroup_developers_policy, - azurerm_key_vault_access_policy.ad_group_policy, - ] -} diff --git a/src/copy/payopt-secrets/03_sops_secrets.tf b/src/copy/payopt-secrets/03_sops_secrets.tf deleted file mode 100644 index aa759d304e..0000000000 --- a/src/copy/payopt-secrets/03_sops_secrets.tf +++ /dev/null @@ -1,54 +0,0 @@ -moved { - from = data.external.external2 - to = data.external.terrasops -} - -data "external" "terrasops" { - program = [ - "bash", "terrasops.sh" - ] - query = { - env = "${var.location_short}-${var.env}" - } - -} - -locals { - all_enc_secrets_value = can(data.external.terrasops.result) ? flatten([ - for k, v in data.external.terrasops.result : { - valore = v - chiave = k - } - ]) : [] - - config_secret_data = jsondecode(file(var.input_file)) - all_config_secrets_value = flatten([ - for kc, vc in local.config_secret_data : { - valore = vc - chiave = kc - } - ]) - - all_secrets_value = concat(local.all_config_secrets_value, local.all_enc_secrets_value) -} - -## SOPS secrets - -## Upload all encrypted secrets -resource "azurerm_key_vault_secret" "secret" { - for_each = { for i, v in local.all_secrets_value : local.all_secrets_value[i].chiave => i } - - key_vault_id = module.key_vault.id - name = local.all_secrets_value[each.value].chiave - value = local.all_secrets_value[each.value].valore - - depends_on = [ - module.key_vault, - azurerm_key_vault_key.sops_key, - data.external.terrasops, - azurerm_key_vault_access_policy.adgroup_developers_policy, - azurerm_key_vault_access_policy.ad_group_policy, - ] -} - -# ⚠️ The secrets from resources are set in paymentoptions-app to avoid circular dependency diff --git a/src/copy/payopt-secrets/99_locals.tf b/src/copy/payopt-secrets/99_locals.tf deleted file mode 100644 index 084cb86f0c..0000000000 --- a/src/copy/payopt-secrets/99_locals.tf +++ /dev/null @@ -1,11 +0,0 @@ -locals { - project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" - product = "${var.prefix}-${var.env_short}" - - - subscription_name = "${var.env}-${var.prefix}" - - azdo_managed_identity_rg_name = "pagopa-${var.env_short}-identity-rg" - azdo_iac_managed_identities = toset(["azdo-${var.env}-pagopa-iac-deploy", "azdo-${var.env}-pagopa-iac-plan"]) - -} diff --git a/src/copy/payopt-secrets/99_main.tf b/src/copy/payopt-secrets/99_main.tf deleted file mode 100644 index 9d3239722c..0000000000 --- a/src/copy/payopt-secrets/99_main.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "<= 3.106.0" - } - azuread = { - source = "hashicorp/azuread" - version = "<= 2.47.0" - } - null = { - source = "hashicorp/null" - version = "<= 3.2.1" - } - external = { - source = "hashicorp/external" - version = "<= 2.2.3" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "<= 2.16.1" - } - } - - backend "azurerm" {} -} - -provider "azurerm" { - features { - key_vault { - purge_soft_delete_on_destroy = false - } - } -} - -provider "kubernetes" { - config_path = "~/.kube/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks" - config_context = "${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks" -} - -data "azurerm_subscription" "current" {} - -data "azurerm_client_config" "current" {} - -module "__v3__" { - # v8.60.0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a" -} diff --git a/src/copy/payopt-secrets/99_variables.tf b/src/copy/payopt-secrets/99_variables.tf deleted file mode 100644 index 3a7cff7fcf..0000000000 --- a/src/copy/payopt-secrets/99_variables.tf +++ /dev/null @@ -1,101 +0,0 @@ -# general - -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) <= 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of weu, itn" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -### - -variable "input_file" { - type = string - description = "secret json file" -} - -variable "enable_iac_pipeline" { - type = bool - description = "If true create the key vault policy to allow used by azure devops iac pipelines." - default = false -} - - -variable "kv-key-permissions-read" { - type = list(string) - description = "List of read key permissions" - default = ["Get", "List"] -} - -variable "kv-secret-permissions-read" { - type = list(string) - description = "List of read secret permissions" - default = ["Get", "List"] -} - -variable "kv-certificate-permissions-read" { - type = list(string) - description = "List of read certificate permissions" - default = ["Get", "GetIssuers", "List", "ListIssuers"] -} - -variable "kv-storage-permissions-read" { - type = list(string) - description = "List of read storage permissions" - default = ["Get", "GetSAS", "List", "ListSAS"] -} diff --git a/src/copy/payopt-secrets/README.md b/src/copy/payopt-secrets/README.md deleted file mode 100644 index d167e6b2e7..0000000000 --- a/src/copy/payopt-secrets/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# paymentoptions-secrets - - -## Requirements - -| Name | Version | -|------|---------| -| [azuread](#requirement\_azuread) | <= 2.47.0 | -| [azurerm](#requirement\_azurerm) | <= 3.106.0 | -| [external](#requirement\_external) | <= 2.2.3 | -| [kubernetes](#requirement\_kubernetes) | <= 2.16.1 | -| [null](#requirement\_null) | <= 3.2.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.22.0 | -| [letsencrypt\_paymentoptions](#module\_letsencrypt\_paymentoptions) | git::https://github.com/pagopa/terraform-azurerm-v3.git///letsencrypt_credential | v8.44.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_key_vault_access_policy.ad_group_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.adgroup_developers_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.adgroup_externals_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.azdevops_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.azdevops_iac_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_key.sops_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource | -| [azurerm_key_vault_secret.secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_service_principal.iac_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_user_assigned_identity.iac_federated_azdo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | -| [external_external.terrasops](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | -| [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | 
[
  "Get",
  "GetIssuers",
  "List",
  "ListIssuers"
]
| no | -| [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | 
[
  "Get",
  "List"
]
| no | -| [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | 
[
  "Get",
  "List"
]
| no | -| [kv-storage-permissions-read](#input\_kv-storage-permissions-read) | List of read storage permissions | `list(string)` | 
[
  "Get",
  "GetSAS",
  "List",
  "ListSAS"
]
| no | -| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | -| [location\_short](#input\_location\_short) | One of weu, itn | `string` | n/a | yes | -| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | - -## Outputs - -No outputs. - diff --git a/src/copy/payopt-secrets/env/itn-dev/backend.ini b/src/copy/payopt-secrets/env/itn-dev/backend.ini deleted file mode 100644 index f3ea2d530c..0000000000 --- a/src/copy/payopt-secrets/env/itn-dev/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=DEV-pagoPA \ No newline at end of file diff --git a/src/copy/payopt-secrets/env/itn-dev/backend.tfvars b/src/copy/payopt-secrets/env/itn-dev/backend.tfvars deleted file mode 100644 index 324e5f4b9d..0000000000 --- a/src/copy/payopt-secrets/env/itn-dev/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfdevpagopa" -container_name = "terraform-state" -key = "paymentoptions-secret-dev.terraform.tfstate" diff --git a/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars b/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars deleted file mode 100644 index 4cb569abdb..0000000000 --- a/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars +++ /dev/null @@ -1,30 +0,0 @@ -prefix = "pagopa" -env_short = "d" -env = "dev" -domain = "payopt" -location = "italynorth" -location_short = "itn" -instance = "dev" - -tags = { - CreatedBy = "Terraform" - Environment = "Dev" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -input_file = "./secret/itn-dev/configs.json" - -enable_iac_pipeline = true - - - - - diff --git a/src/copy/payopt-secrets/env/itn-prod/backend.ini b/src/copy/payopt-secrets/env/itn-prod/backend.ini deleted file mode 100644 index 6318425346..0000000000 --- a/src/copy/payopt-secrets/env/itn-prod/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-pagoPA diff --git a/src/copy/payopt-secrets/env/itn-prod/backend.tfvars b/src/copy/payopt-secrets/env/itn-prod/backend.tfvars deleted file mode 100644 index 9b18697702..0000000000 --- a/src/copy/payopt-secrets/env/itn-prod/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodpagopa" -container_name = "terraform-state" -key = "paymentoptions-secret-prod.terraform.tfstate" diff --git a/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars b/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars deleted file mode 100644 index 4e852fe9cf..0000000000 --- a/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars +++ /dev/null @@ -1,30 +0,0 @@ -prefix = "pagopa" -env_short = "p" -env = "prod" -domain = "paymentoptns" -location = "payopt" -location_short = "itn" -instance = "prod" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -input_file = "./secret/itn-prod/configs.json" - -enable_iac_pipeline = true - - - - - diff --git a/src/copy/payopt-secrets/env/itn-uat/backend.ini b/src/copy/payopt-secrets/env/itn-uat/backend.ini deleted file mode 100644 index 1a014151dc..0000000000 --- a/src/copy/payopt-secrets/env/itn-uat/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=UAT-pagoPA diff --git a/src/copy/payopt-secrets/env/itn-uat/backend.tfvars b/src/copy/payopt-secrets/env/itn-uat/backend.tfvars deleted file mode 100644 index 2f949683b5..0000000000 --- a/src/copy/payopt-secrets/env/itn-uat/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfuatpagopa" -container_name = "terraform-state" -key = "paymentoptions-secret-uat.terraform.tfstate" diff --git a/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars b/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars deleted file mode 100644 index 170edb7557..0000000000 --- a/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars +++ /dev/null @@ -1,27 +0,0 @@ -prefix = "pagopa" -env_short = "u" -env = "uat" -domain = "payopt" -location = "italynorth" -location_short = "itn" -instance = "uat" - -tags = { - CreatedBy = "Terraform" - Environment = "Uat" - Owner = "pagoPA" - Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg" -log_analytics_italy_workspace_name = "pagopa-d-itn-core-law" -log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg" - -input_file = "./secret/itn-uat/configs.json" - -enable_iac_pipeline = true - -force = "v1" diff --git a/src/copy/payopt-secrets/secret/itn-dev/configs.json b/src/copy/payopt-secrets/secret/itn-dev/configs.json deleted file mode 100644 index 9e26dfeeb6..0000000000 --- a/src/copy/payopt-secrets/secret/itn-dev/configs.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json b/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json deleted file mode 100644 index 6c3c1af837..0000000000 --- a/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": [ - { - "vault_url": "https://pagopa-d-itn-payopt-kv.vault.azure.net", - "name": "pagopa-d-payopt-sops-key", - "version": "3cfc1dcd61ee4a9bb4bff1fd4e5d45f1", - "created_at": "2024-11-28T14:36:24Z", - "enc": "vpf4sFWuobCrXfjbD0TXrg8Tv31mVZngHunMNN_tL_wMI38V11PI1yJtx9XiHiC1Mf84mlKCq8OeOwB9kMQacsngGuVtE1hTMBIGqd2mbmXoKKHXQfyoczXOMTgUGCtrpAHBvO86BX6ONbRIz9WFYnXBntDk6CkVDFYVTwiViO77nSo6LpxG_PG9cBS_Am_gdzDZxM1gMJx3OrIxuEIaQ_l9LuO35Wtx1DW8hrD95xSNEaRUOxZr9bzAHtZYvKEeWdj2AzZCxkL8ikMVB1fpi5qpOzpnEDl9HMylxExET7E6Nhbl8eUXNRJi00MCNC6HeOcPdYd8gPHYtHdefThmVg" - } - ], - "hc_vault": null, - "age": null, - "lastmodified": "2024-11-28T14:36:26Z", - "mac": "ENC[AES256_GCM,data:hkNbqIGNsyia2OK0mRXYMD3sLz4Sgc8mLuUaVCVmuVw8XSFBjrVDK5Vn1Z77xh34a9PFhW7ovWndeAO0tCwWVrFoL3vO9UhHGhoihUGy81SbmawJruF4DR+f3BTrk1lEIE39nAUHbikS97GknfTH8aZbOFupAd+hCXFO1DkHZ5g=,iv:QZEf/HHOtth8xX5+d0/omA3LAzSlzFLO5tdz6B6ZJ9o=,tag:+FnEej6YVzQ5vFLd1MwbCA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.1" - } -} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-dev/secret.ini b/src/copy/payopt-secrets/secret/itn-dev/secret.ini deleted file mode 100644 index 1cf65b61b0..0000000000 --- a/src/copy/payopt-secrets/secret/itn-dev/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-d-itn-payopt-kv" -kv_sops_key_name="pagopa-d-payopt-sops-key" diff --git a/src/copy/payopt-secrets/secret/itn-prod/configs.json b/src/copy/payopt-secrets/secret/itn-prod/configs.json deleted file mode 100644 index 9e26dfeeb6..0000000000 --- a/src/copy/payopt-secrets/secret/itn-prod/configs.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-prod/secret.ini b/src/copy/payopt-secrets/secret/itn-prod/secret.ini deleted file mode 100644 index 61a2254ac6..0000000000 --- a/src/copy/payopt-secrets/secret/itn-prod/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-p-itn-payopt-kv" -kv_sops_key_name="pagopa-p-payopt-sops-key" diff --git a/src/copy/payopt-secrets/secret/itn-uat/configs.json b/src/copy/payopt-secrets/secret/itn-uat/configs.json deleted file mode 100644 index 9e26dfeeb6..0000000000 --- a/src/copy/payopt-secrets/secret/itn-uat/configs.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json b/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json deleted file mode 100644 index 878e035cff..0000000000 --- a/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": [ - { - "vault_url": "https://pagopa-u-itn-payopt-kv.vault.azure.net", - "name": "pagopa-u-payopt-sops-key", - "version": "391d59d66b2e4c118246648bf60dc813", - "created_at": "2024-11-28T14:41:50Z", - "enc": "dyWl_4p70QqcfQsqmIABzVxCWauyBDVZIg9WsqjoAfhNWbCbYvzXbjCiIJhOUJK_4H-EHDb70bnIG4HyIhNmEoNhQD69R9YDkQvJs146WOfBeUT4EO7xcXcM0wZEwjkeQq0PwkVRVvufColcIhlNKg0VMDCK6K2vRijAHAT4P9-gWrVukCnLYP2mlgXKmjX51CQVOV9S97LJEXzl4ki3mI8DGrGYX9qY9uZb6har_8MJaxAAAwcCkz5OYeAImDnz4f_t3ZcIpy4LeG1rubJCNnAxBLCXxL7lt4m-nwcclLQMd_a1U-DyyoOS03_2KwTYkhQI0YnXS9xancsdWXwK9g" - } - ], - "hc_vault": null, - "age": null, - "lastmodified": "2024-11-28T14:41:51Z", - "mac": "ENC[AES256_GCM,data:Umg7BLjeiSk1FSp+ozRgtM/EAmf4SD0wvTJvlrNpmv7hi5g+rn1V2/OoyS7xxnQg4eqDNOJSs3mDfcdHfMffYs2mNxNl8H91SYYkgH85VZYHKShUVS4o5bKwAvyDPmB4qRJ/aAlFGUWMVobGUuBSDP1/GT0Md7Ic4qeYaaepN9k=,iv:ZfMS6ik70+Ctv+/wmy4gfWvrH1+5QIHkp1v+K6n0wbQ=,tag:bAW+DPq9SLrvjvSOXleczw==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.1" - } -} \ No newline at end of file diff --git a/src/copy/payopt-secrets/secret/itn-uat/secret.ini b/src/copy/payopt-secrets/secret/itn-uat/secret.ini deleted file mode 100644 index c16aa7f137..0000000000 --- a/src/copy/payopt-secrets/secret/itn-uat/secret.ini +++ /dev/null @@ -1,3 +0,0 @@ -file_crypted="noedit_secret_enc.json" -kv_name="pagopa-u-itn-payopt-kv" -kv_sops_key_name="pagopa-u-payopt-sops-key" diff --git a/src/copy/payopt-secrets/sops.sh b/src/copy/payopt-secrets/sops.sh deleted file mode 100755 index 347b11d0ef..0000000000 --- a/src/copy/payopt-secrets/sops.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -# set -x # Uncomment this line to enable debug mode - -# -# how to use `sh sops.sh` -# ℹ️ This script allows you to create a sops file with the relative azure key, -# it also allows you to edit the secrets and add them with the script. -# ℹ️ This script also uses an inventory file under the "./secret//secret.ini" -# directory to load environment variables. -# - -action=$1 -env=$2 -shift 2 -# shellcheck disable=SC2034 -other=( "$@" ) - -if [ -z "$action" ]; then - helpmessage=$(cat < -> decrypt json file in specified environment - example: ./sops.sh d itn-dev - example: ./sops.sh decrypt itn-dev - -./sops.sh s -> search in enc file in specified environment - example: ./sops.sh s itn-dev - example: ./sops.sh search itn-dev - -./sops.sh n -> create new file enc json template in specified environment - example: ./sops.sh n itn-dev - example: ./sops.sh new itn-dev - -./sops.sh a -> add new secret record to enc json in specified environment - example: ./sops.sh a itn-dev - example: ./sops.sh add itn-dev - -./sops.sh e -> edit enc json record in specified environment - example: ./sops.sh e itn-dev - example: ./sops.sh edit itn-dev - -./sops.sh f -> enc a json file in a specified environment - example: ./sops.sh f itn-dev - -EOF -) - echo "$helpmessage" - exit 0 -fi - -if [ -z "$env" ]; then - echo "env should be something like: itn-dev, itn-uat or itn-prod." - exit 0 -fi - -echo "🔨 Mandatory variables are correct" -file_crypted="" -kv_name="" -kv_sops_key_name="" - -# shellcheck disable=SC1090 -source "./secret/$env/secret.ini" - -echo "🔨 All variables loaded" - -# Check if kv_name and file_crypted variables are not empty -if [ -z "${kv_name}" ]; then - echo "❌ Error: kv_name variable is not defined correctly." - exit 1 -fi - -if [ -z "$file_crypted" ]; then - echo "❌ Error: file_crypted variable is not defined correctly." - exit 1 -fi - -encrypted_file_path="./secret/$env/$file_crypted" - -# Check if the key exists in the Key Vault -# shellcheck disable=SC2154 -kv_key_url=$(az keyvault key show --vault-name "$kv_name" --name "$kv_sops_key_name" --query "key.kid" -o tsv) -if [ -z "$kv_key_url" ]; then - echo "❌ The key does not exist." - exit 1 -fi -echo "[INFO] Key URL: $kv_key_url" - -echo "🔨 Key URL loaded correctly" - -if echo "d decrypt a add s search n new e edit f" | grep -w "$action" > /dev/null; then - case $action in - "d"|"decrypt") - sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path" - if [ $? -eq 1 ]; then - echo "❌ File $encrypted_file_path NOT encrypted" - exit 0 - fi - ;; - "s"|"search") - read -r -p 'key: ' key - sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path" | grep -i "$key" - ;; - "a"|"add") - read -r -p 'key: ' key - read -r -p 'value: ' value - sops -i --set '["'"$key"'"] "'"$value"'"' --azure-kv "$kv_key_url" "$encrypted_file_path" - echo "✅ Added key" - ;; - "n"|"new") - if [ -f "$encrypted_file_path" ]; then - echo "⚠️ file $encrypted_file_path already exists" - exit 0 - fi - echo "{}" > "$encrypted_file_path" - sops --encrypt -i --azure-kv "$kv_key_url" "$encrypted_file_path" - echo "✅ created new file for sops" - ;; - "e"|"edit") - if [ ! -f "$encrypted_file_path" ]; then - echo "⚠️ file $encrypted_file_path not found" - exit 1 - fi - - sops --azure-kv "$kv_key_url" "$encrypted_file_path" - echo "✅ edit file completed" - - ;; - "f") - read -r -p 'file: ' file - sops --encrypt --azure-kv "$kv_key_url" "./secret/$env/$file" > "$encrypted_file_path" - ;; - esac -else - echo "⚠️ Action not allowed." - exit 1 -fi diff --git a/src/copy/payopt-secrets/terraform.sh b/src/copy/payopt-secrets/terraform.sh deleted file mode 100755 index 047a7512d0..0000000000 --- a/src/copy/payopt-secrets/terraform.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/bin/bash -############################################################ -# Terraform script for managing infrastructure on Azure -# Fingerprint: d2hhdHlvdXdhbnQ/Cg== -############################################################ -# Global variables -# Version format x.y accepted -vers="1.11" -script_name=$(basename "$0") -git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" -tmp_file="${script_name}.new" -# Check if the third parameter exists and is a file -if [ -n "$3" ] && [ -f "$3" ]; then - FILE_ACTION=true -else - FILE_ACTION=false -fi - -# Define functions -function clean_environment() { - rm -rf .terraform - rm tfplan 2>/dev/null - echo "cleaned!" -} - -function download_tool() { - #default value - cpu_type="intel" - os_type=$(uname) - - # only on MacOS - if [ "$os_type" == "Darwin" ]; then - cpu_brand=$(sysctl -n machdep.cpu.brand_string) - if grep -q -i "intel" <<< "$cpu_brand"; then - cpu_type="intel" - else - cpu_type="arm" - fi - fi - - echo $cpu_type - tool=$1 - git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" - if ! command -v $tool &> /dev/null; then - if ! curl -sL "$git_repo" -o "$tool"; then - echo "Error downloading ${tool}" - return 1 - else - chmod +x $tool - echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. -You need to do it yourself!" - read -p "Press enter to continue" - - - fi - fi -} - -function extract_resources() { - TF_FILE=$1 - ENV=$2 - TARGETS="" - - # Check if the file exists - if [ ! -f "$TF_FILE" ]; then - echo "File $TF_FILE does not exist." - exit 1 - fi - - # Check if the directory exists - if [ ! -d "./env/$ENV" ]; then - echo "Directory ./env/$ENV does not exist." - exit 1 - fi - - TMP_FILE=$(mktemp) - grep -E '^resource|^module' $TF_FILE > $TMP_FILE - - while read -r line ; do - TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') - if [ "$TYPE" == "module" ]; then - NAME=$(echo $line | cut -d '"' -f 2) - TARGETS+=" -target=\"$TYPE.$NAME\"" - else - NAME1=$(echo $line | cut -d '"' -f 2) - NAME2=$(echo $line | cut -d '"' -f 4) - TARGETS+=" -target=\"$NAME1.$NAME2\"" - fi - done < $TMP_FILE - - rm $TMP_FILE - - echo "./terraform.sh $action $ENV $TARGETS" -} - -function help_usage() { - echo "terraform.sh Version ${vers}" - echo - echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" - echo "es. ACTION: init, apply, plan, etc." - echo "es. ENV: dev, uat, prod, etc." - echo - echo "Available actions:" - echo " clean Remove .terraform* folders and tfplan files" - echo " help This help" - echo " list List every environment available" - echo " update Update this script if possible" - echo " summ Generate summary of Terraform plan" - echo " tflist Generate an improved output of terraform state list" - echo " tlock Generate or update the dependency lock file" - echo " * any terraform option" -} - -function init_terraform() { - if [ -n "$env" ]; then - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - else - echo "ERROR: no env configured!" - exit 1 - fi -} - -function list_env() { - # Check if env directory exists - if [ ! -d "./env" ]; then - echo "No environment directory found" - exit 1 - fi - - # List subdirectories under env directory - env_list=$(ls -d ./env/*/ 2>/dev/null) - - # Check if there are any subdirectories - if [ -z "$env_list" ]; then - echo "No environments found" - exit 1 - fi - - # Print the list of environments - echo "Available environments:" - for env in $env_list; do - env_name=$(echo "$env" | sed 's#./env/##;s#/##') - echo "- $env_name" - done -} - -function other_actions() { - if [ -n "$env" ] && [ -n "$action" ]; then - terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other - else - echo "ERROR: no env or action configured!" - exit 1 - fi -} - -function state_output_taint_actions() { - if [ "$action" == "tflist" ]; then - # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, - # attempt to download the 'tflist' tool - if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then - download_tool "tflist" - if [ $? -ne 0 ]; then - echo "Error: Failed to download tflist!!" - exit 1 - else - echo "tflist downloaded!" - fi - fi - if command -v tflist &> /dev/null; then - terraform state list | tflist - else - terraform state list | ./tflist - fi - else - terraform $action $other - fi -} - - -function parse_tfplan_option() { - # Create an array to contain arguments that do not start with '-tfplan=' - local other_args=() - - # Loop over all arguments - for arg in "$@"; do - # If the argument starts with '-tfplan=', extract the file name - if [[ "$arg" =~ ^-tfplan= ]]; then - echo "${arg#*=}" - else - # If the argument does not start with '-tfplan=', add it to the other_args array - other_args+=("$arg") - fi - done - - # Print all arguments in other_args separated by spaces - echo "${other_args[@]}" -} - -function tfsummary() { - local plan_file - plan_file=$(parse_tfplan_option "$@") - if [ -z "$plan_file" ]; then - plan_file="tfplan" - fi - action="plan" - other="-out=${plan_file}" - other_actions - if [ -n "$(command -v tf-summarize)" ]; then - tf-summarize -tree "${plan_file}" - else - echo "tf-summarize is not installed" - fi - if [ "$plan_file" == "tfplan" ]; then - rm $plan_file - fi -} - -function update_script() { - # Check if the repository was cloned successfully - if ! curl -sL "$git_repo" -o "$tmp_file"; then - echo "Error cloning the repository" - rm "$tmp_file" 2>/dev/null - return 1 - fi - - # Check if a newer version exists - remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") - if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then - echo "The local script version is equal to or newer than the remote version." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Check the fingerprint - local_fingerprint=$(sed -n '4p' "$0") - remote_fingerprint=$(sed -n '4p' "$tmp_file") - - if [ "$local_fingerprint" != "$remote_fingerprint" ]; then - echo "The local and remote file fingerprints do not match." - rm "$tmp_file" 2>/dev/null - return 0 - fi - - # Show the current and available versions to the user - echo "Current script version: $vers" - echo "Available script version: $remote_vers" - - # Ask the user if they want to update the script - read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer - - if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then - # Replace the local script with the updated version - cp "$tmp_file" "$script_name" - chmod +x "$script_name" - rm "$tmp_file" 2>/dev/null - - echo "Script successfully updated to version $remote_vers" - else - echo "Update canceled by the user" - fi - - rm "$tmp_file" 2>/dev/null -} - -# Check arguments number -if [ "$#" -lt 1 ]; then - help_usage - exit 0 -fi - -# Parse arguments -action=$1 -env=$2 -filetf=$3 -shift 2 -other=$@ - -if [ -n "$env" ]; then - # shellcheck source=/dev/null - source "./env/$env/backend.ini" - if [ -z "$(command -v az)" ]; then - echo "az not found, cannot proceed" - exit 1 - fi - az account set -s "${subscription}" -fi - -# Call appropriate function based on action -case $action in - clean) - clean_environment - ;; - ?|help|-h) - help_usage - ;; - init) - init_terraform "$other" - ;; - list) - list_env - ;; - output|state|taint|tflist) - init_terraform - state_output_taint_actions $other - ;; - summ) - init_terraform - tfsummary "$other" - ;; - tlock) - terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 - ;; - update) - update_script - ;; - *) - if [ "$FILE_ACTION" = true ]; then - extract_resources "$filetf" "$env" - else - init_terraform - other_actions "$other" - fi - ;; -esac diff --git a/src/copy/payopt-secrets/terrasops.sh b/src/copy/payopt-secrets/terrasops.sh deleted file mode 100644 index 32be3bd04f..0000000000 --- a/src/copy/payopt-secrets/terrasops.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# set -x # Uncomment this line to enable debug mode - -# -# ℹ️ This script is used by terraform, to decrypt all secrets on sops and export them to json. -# This way it can loop through them and use them to insert them inside the KV -# ⚠️ Do not add additional echos to the script in case of golden path, -# as the script only needs to return a json -# - -eval "$(jq -r '@sh "export terrasops_env=\(.env)"')" - -# shellcheck disable=SC1090 -source "./secret/$terrasops_env/secret.ini" -encrypted_file_path="./secret/$terrasops_env/$file_crypted" - -if [ -f "$encrypted_file_path" ]; then - # Load the values of azure_kv.vault_url and azure_kv.name from the JSON file - azure_kv_vault_url=$(jq -r '.sops.azure_kv[0].vault_url' "$encrypted_file_path") - azure_kv_name=$(jq -r '.sops.azure_kv[0].name' "$encrypted_file_path") - - if [ -z "$azure_kv_vault_url" ] || [ -z "$azure_kv_name" ]; then - echo "❌ Error: Unable to load the values of azure_kv.vault_url and azure_kv.name from the JSON file" >&2 - exit 1 - fi - sops -d --azure-kv "azure_kv_vault_url" "$encrypted_file_path" | jq -c -else - echo "{}" | jq -c -fi