-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.6 |
-| [azuread](#requirement\_azuread) | <= 2.47.0 |
-| [azurerm](#requirement\_azurerm) | < 4.0.0 |
-| [null](#requirement\_null) | <= 3.2.2 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [eventhub\_namespace](#module\_eventhub\_namespace) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v8.22.0 |
-| [eventhub\_paymentoptions\_configuration](#module\_eventhub\_paymentoptions\_configuration) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub_configuration | v8.22.0 |
-| [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 |
-| [identity\_pr\_01](#module\_identity\_pr\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 |
-| [identity\_ref\_01](#module\_identity\_ref\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.36.1 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azurerm_key_vault_access_policy.gha_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_access_policy.gha_pr_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_access_policy.gha_ref_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource |
-| [azurerm_resource_group.eventhub_ita_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azurerm_subnet.eventhub_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
-| [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [azurerm_application_insights.application_insights_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
-| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
-| [azurerm_key_vault.key_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
-| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
-| [azurerm_kubernetes_cluster.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
-| [azurerm_log_analytics_workspace.log_analytics_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source |
-| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
-| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
-| [azurerm_private_dns_zone.eventhub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
-| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
-| [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
-| [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
-| [azurerm_resource_group.rg_event_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
-| [azurerm_resource_group.rg_vnet_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
-| [azurerm_subnet.aks_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
-| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
-| [azurerm_virtual_network.vnet_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [cidr\_paymentoptions\_eventhub\_italy](#input\_cidr\_paymentoptions\_eventhub\_italy) | Address prefixes for all evh accounts in italy. | `list(string)` | n/a | yes |
-| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no |
-| [dns\_zone\_platform](#input\_dns\_zone\_platform) | The platform dns subdomain. | `string` | `null` | no |
-| [dns\_zone\_prefix](#input\_dns\_zone\_prefix) | The wallet dns subdomain. | `string` | `null` | no |
-| [domain](#input\_domain) | n/a | `string` | n/a | yes |
-| [ehns\_alerts\_enabled](#input\_ehns\_alerts\_enabled) | Event hub alerts enabled? | `bool` | n/a | yes |
-| [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | n/a | yes |
-| [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | n/a | yes |
-| [ehns\_maximum\_throughput\_units](#input\_ehns\_maximum\_throughput\_units) | Specifies the maximum number of throughput units when Auto Inflate is Enabled | `number` | n/a | yes |
-| [ehns\_metric\_alerts](#input\_ehns\_metric\_alerts) | Map of name = criteria objects | map(object({
# criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
aggregation = string
metric_name = string
description = string
# criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
operator = string
threshold = number
# Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
frequency = string
# Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
window_size = string
dimension = list(object(
{
name = string
operator = string
values = list(string)
}
))
})) | `{}` | no |
-| [ehns\_private\_endpoint\_is\_present](#input\_ehns\_private\_endpoint\_is\_present) | (Required) create private endpoint to the event hubs | `bool` | n/a | yes |
-| [ehns\_public\_network\_access](#input\_ehns\_public\_network\_access) | (Required) enables public network access to the event hubs | `bool` | n/a | yes |
-| [ehns\_sku\_name](#input\_ehns\_sku\_name) | Defines which tier to use. | `string` | n/a | yes |
-| [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | n/a | yes |
-| [env](#input\_env) | n/a | `string` | n/a | yes |
-| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
-| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
-| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes |
-| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
-| [is\_feature\_enabled](#input\_is\_feature\_enabled) | n/a | object({
eventhub = bool
}) | {
"eventhub": false
} | no |
-| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
-| [location\_short](#input\_location\_short) | One of wue, neu | `string` | `"itn"` | no |
-| [log\_analytics\_italy\_workspace\_name](#input\_log\_analytics\_italy\_workspace\_name) | Specifies the name of the Log Analytics Workspace Italy. | `string` | n/a | yes |
-| [log\_analytics\_italy\_workspace\_resource\_group\_name](#input\_log\_analytics\_italy\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace Italy is located in. | `string` | n/a | yes |
-| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes |
-| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
-| [monitor\_italy\_resource\_group\_name](#input\_monitor\_italy\_resource\_group\_name) | Monitor Italy resource group name | `string` | n/a | yes |
-| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
-| [prefix](#input\_prefix) | general | `string` | n/a | yes |
-| [tags](#input\_tags) | n/a | `map(any)` | {
"CreatedBy": "Terraform"
} | no |
-
-## Outputs
-
-No outputs.
-
diff --git a/src/copy/payopt-common/env/itn-dev/backend.ini b/src/copy/payopt-common/env/itn-dev/backend.ini
deleted file mode 100644
index f3ea2d530c..0000000000
--- a/src/copy/payopt-common/env/itn-dev/backend.ini
+++ /dev/null
@@ -1 +0,0 @@
-subscription=DEV-pagoPA
\ No newline at end of file
diff --git a/src/copy/payopt-common/env/itn-dev/backend.tfvars b/src/copy/payopt-common/env/itn-dev/backend.tfvars
deleted file mode 100644
index d651547925..0000000000
--- a/src/copy/payopt-common/env/itn-dev/backend.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-resource_group_name = "terraform-state-rg"
-storage_account_name = "tfinfdevpagopa"
-container_name = "terraform-state"
-key = "paymentoptions-common-dev.terraform.tfstate"
diff --git a/src/copy/payopt-common/env/itn-dev/terraform.tfvars b/src/copy/payopt-common/env/itn-dev/terraform.tfvars
deleted file mode 100644
index b6da44353b..0000000000
--- a/src/copy/payopt-common/env/itn-dev/terraform.tfvars
+++ /dev/null
@@ -1,106 +0,0 @@
-prefix = "pagopa"
-env_short = "d"
-env = "dev"
-domain = "payopt"
-location = "italynorth"
-location_short = "itn"
-instance = "dev"
-
-tags = {
- CreatedBy = "Terraform"
- Environment = "Dev"
- Owner = "pagoPA"
- Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common"
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
-}
-
-### 🚩Features flags
-
-is_feature_enabled = {
- eventhub = true
-}
-
-### CIRDs
-
-cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"]
-
-### External resources
-
-monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-log_analytics_italy_workspace_name = "pagopa-d-itn-core-law"
-log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-
-monitor_resource_group_name = "pagopa-d-monitor-rg"
-log_analytics_workspace_name = "pagopa-d-law"
-log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg"
-
-### Aks
-
-ingress_load_balancer_ip = "10.3.100.250"
-
-external_domain = "pagopa.it"
-dns_zone_internal_prefix = "internal.dev.platform"
-
-#
-# EventHub
-#
-ehns_sku_name = "Standard"
-
-# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002
-ehns_auto_inflate_enabled = false
-ehns_maximum_throughput_units = 5
-ehns_capacity = 1
-ehns_alerts_enabled = false
-ehns_zone_redundant = false
-
-ehns_public_network_access = true
-ehns_private_endpoint_is_present = false
-
-ehns_metric_alerts = {
- no_trx = {
- aggregation = "Total"
- metric_name = "IncomingMessages"
- description = "No transactions received from acquirer in the last 24h"
- operator = "LessThanOrEqual"
- threshold = 1000
- frequency = "PT1H"
- window_size = "P1D"
- dimension = [
- {
- name = "EntityName"
- operator = "Include"
- values = ["rtd-trx"]
- }
- ],
- },
- active_connections = {
- aggregation = "Average"
- metric_name = "ActiveConnections"
- description = null
- operator = "LessThanOrEqual"
- threshold = 0
- frequency = "PT5M"
- window_size = "PT15M"
- dimension = [],
- },
- error_trx = {
- aggregation = "Total"
- metric_name = "IncomingMessages"
- description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately"
- operator = "GreaterThan"
- threshold = 0
- frequency = "PT5M"
- window_size = "PT30M"
- dimension = [
- {
- name = "EntityName"
- operator = "Include"
- values = [
- "nodo-dei-pagamenti-log",
- "nodo-dei-pagamenti-re"
- ]
- }
- ],
- },
-}
-
diff --git a/src/copy/payopt-common/env/itn-prod/backend.ini b/src/copy/payopt-common/env/itn-prod/backend.ini
deleted file mode 100644
index 432abea37c..0000000000
--- a/src/copy/payopt-common/env/itn-prod/backend.ini
+++ /dev/null
@@ -1 +0,0 @@
-subscription=PROD-pagoPA
\ No newline at end of file
diff --git a/src/copy/payopt-common/env/itn-prod/backend.tfvars b/src/copy/payopt-common/env/itn-prod/backend.tfvars
deleted file mode 100644
index 5532d8232f..0000000000
--- a/src/copy/payopt-common/env/itn-prod/backend.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-resource_group_name = "terraform-state-rg"
-storage_account_name = "tfinfprodpagopa"
-container_name = "terraform-state"
-key = "paymentoptions-common-prod.terraform.tfstate"
diff --git a/src/copy/payopt-common/env/itn-prod/terraform.tfvars b/src/copy/payopt-common/env/itn-prod/terraform.tfvars
deleted file mode 100644
index a70e0827de..0000000000
--- a/src/copy/payopt-common/env/itn-prod/terraform.tfvars
+++ /dev/null
@@ -1,106 +0,0 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "payopt"
-location = "italynorth"
-location_short = "itn"
-instance = "prod"
-
-tags = {
- CreatedBy = "Terraform"
- Environment = "Prod"
- Owner = "pagoPA"
- Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common"
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
-}
-
-### 🚩Features flags
-
-is_feature_enabled = {
- eventhub = true
-}
-
-### CIRDs
-
-cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"]
-
-### External resources
-
-monitor_italy_resource_group_name = "pagopa-p-itn-core-monitor-rg"
-log_analytics_italy_workspace_name = "pagopa-p-itn-core-law"
-log_analytics_italy_workspace_resource_group_name = "pagopa-p-itn-core-monitor-rg"
-
-monitor_resource_group_name = "pagopa-p-monitor-rg"
-log_analytics_workspace_name = "pagopa-p-law"
-log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg"
-
-### Aks
-
-ingress_load_balancer_ip = "10.3.100.250"
-
-external_domain = "pagopa.it"
-dns_zone_internal_prefix = "internal.platform"
-
-#
-# EventHub
-#
-ehns_sku_name = "Standard"
-
-# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002
-ehns_auto_inflate_enabled = true
-ehns_maximum_throughput_units = 5
-ehns_capacity = 5
-ehns_alerts_enabled = true
-ehns_zone_redundant = true
-
-ehns_public_network_access = false
-ehns_private_endpoint_is_present = true
-
-ehns_metric_alerts = {
- no_trx = {
- aggregation = "Total"
- metric_name = "IncomingMessages"
- description = "No transactions received from acquirer in the last 24h"
- operator = "LessThanOrEqual"
- threshold = 1000
- frequency = "PT1H"
- window_size = "P1D"
- dimension = [
- {
- name = "EntityName"
- operator = "Include"
- values = ["rtd-trx"]
- }
- ],
- },
- active_connections = {
- aggregation = "Average"
- metric_name = "ActiveConnections"
- description = null
- operator = "LessThanOrEqual"
- threshold = 0
- frequency = "PT5M"
- window_size = "PT15M"
- dimension = [],
- },
- error_trx = {
- aggregation = "Total"
- metric_name = "IncomingMessages"
- description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately"
- operator = "GreaterThan"
- threshold = 0
- frequency = "PT5M"
- window_size = "PT30M"
- dimension = [
- {
- name = "EntityName"
- operator = "Include"
- values = [
- "nodo-dei-pagamenti-log",
- "nodo-dei-pagamenti-re"
- ]
- }
- ],
- },
-}
-
diff --git a/src/copy/payopt-common/env/itn-uat/backend.ini b/src/copy/payopt-common/env/itn-uat/backend.ini
deleted file mode 100644
index 1759a0ca0d..0000000000
--- a/src/copy/payopt-common/env/itn-uat/backend.ini
+++ /dev/null
@@ -1 +0,0 @@
-subscription=UAT-pagoPA
\ No newline at end of file
diff --git a/src/copy/payopt-common/env/itn-uat/backend.tfvars b/src/copy/payopt-common/env/itn-uat/backend.tfvars
deleted file mode 100644
index d1c07b27ff..0000000000
--- a/src/copy/payopt-common/env/itn-uat/backend.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-resource_group_name = "terraform-state-rg"
-storage_account_name = "tfinfuatpagopa"
-container_name = "terraform-state"
-key = "paymentoptions-common-uat.terraform.tfstate"
diff --git a/src/copy/payopt-common/env/itn-uat/terraform.tfvars b/src/copy/payopt-common/env/itn-uat/terraform.tfvars
deleted file mode 100644
index da838589de..0000000000
--- a/src/copy/payopt-common/env/itn-uat/terraform.tfvars
+++ /dev/null
@@ -1,106 +0,0 @@
-prefix = "pagopa"
-env_short = "u"
-env = "uat"
-domain = "payopt"
-location = "italynorth"
-location_short = "itn"
-instance = "uat"
-
-tags = {
- CreatedBy = "Terraform"
- Environment = "Uat"
- Owner = "pagoPA"
- Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-common"
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
-}
-
-### 🚩Features flags
-
-is_feature_enabled = {
- eventhub = true
-}
-
-### CIRDs
-
-cidr_paymentoptions_eventhub_italy = ["10.3.13.0/27"]
-
-### External resources
-
-monitor_italy_resource_group_name = "pagopa-u-itn-core-monitor-rg"
-log_analytics_italy_workspace_name = "pagopa-u-itn-core-law"
-log_analytics_italy_workspace_resource_group_name = "pagopa-u-itn-core-monitor-rg"
-
-monitor_resource_group_name = "pagopa-u-monitor-rg"
-log_analytics_workspace_name = "pagopa-u-law"
-log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg"
-
-### Aks
-
-ingress_load_balancer_ip = "10.3.100.250"
-
-external_domain = "pagopa.it"
-dns_zone_internal_prefix = "internal.uat.platform"
-
-#
-# EventHub
-#
-ehns_sku_name = "Standard"
-
-# to avoid https://docs.microsoft.com/it-it/azure/event-hubs/event-hubs-messaging-exceptions#error-code-50002
-ehns_auto_inflate_enabled = true
-ehns_maximum_throughput_units = 5
-ehns_capacity = 1
-ehns_alerts_enabled = false
-ehns_zone_redundant = false
-
-ehns_public_network_access = false
-ehns_private_endpoint_is_present = true
-
-ehns_metric_alerts = {
- no_trx = {
- aggregation = "Total"
- metric_name = "IncomingMessages"
- description = "No transactions received from acquirer in the last 24h"
- operator = "LessThanOrEqual"
- threshold = 1000
- frequency = "PT1H"
- window_size = "P1D"
- dimension = [
- {
- name = "EntityName"
- operator = "Include"
- values = ["rtd-trx"]
- }
- ],
- },
- active_connections = {
- aggregation = "Average"
- metric_name = "ActiveConnections"
- description = null
- operator = "LessThanOrEqual"
- threshold = 0
- frequency = "PT5M"
- window_size = "PT15M"
- dimension = [],
- },
- error_trx = {
- aggregation = "Total"
- metric_name = "IncomingMessages"
- description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately"
- operator = "GreaterThan"
- threshold = 0
- frequency = "PT5M"
- window_size = "PT30M"
- dimension = [
- {
- name = "EntityName"
- operator = "Include"
- values = [
- "nodo-dei-pagamenti-log",
- "nodo-dei-pagamenti-re"
- ]
- }
- ],
- },
-}
-
diff --git a/src/copy/payopt-common/terraform.sh b/src/copy/payopt-common/terraform.sh
deleted file mode 100755
index 047a7512d0..0000000000
--- a/src/copy/payopt-common/terraform.sh
+++ /dev/null
@@ -1,324 +0,0 @@
-#!/bin/bash
-############################################################
-# Terraform script for managing infrastructure on Azure
-# Fingerprint: d2hhdHlvdXdhbnQ/Cg==
-############################################################
-# Global variables
-# Version format x.y accepted
-vers="1.11"
-script_name=$(basename "$0")
-git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}"
-tmp_file="${script_name}.new"
-# Check if the third parameter exists and is a file
-if [ -n "$3" ] && [ -f "$3" ]; then
- FILE_ACTION=true
-else
- FILE_ACTION=false
-fi
-
-# Define functions
-function clean_environment() {
- rm -rf .terraform
- rm tfplan 2>/dev/null
- echo "cleaned!"
-}
-
-function download_tool() {
- #default value
- cpu_type="intel"
- os_type=$(uname)
-
- # only on MacOS
- if [ "$os_type" == "Darwin" ]; then
- cpu_brand=$(sysctl -n machdep.cpu.brand_string)
- if grep -q -i "intel" <<< "$cpu_brand"; then
- cpu_type="intel"
- else
- cpu_type="arm"
- fi
- fi
-
- echo $cpu_type
- tool=$1
- git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}"
- if ! command -v $tool &> /dev/null; then
- if ! curl -sL "$git_repo" -o "$tool"; then
- echo "Error downloading ${tool}"
- return 1
- else
- chmod +x $tool
- echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons.
-You need to do it yourself!"
- read -p "Press enter to continue"
-
-
- fi
- fi
-}
-
-function extract_resources() {
- TF_FILE=$1
- ENV=$2
- TARGETS=""
-
- # Check if the file exists
- if [ ! -f "$TF_FILE" ]; then
- echo "File $TF_FILE does not exist."
- exit 1
- fi
-
- # Check if the directory exists
- if [ ! -d "./env/$ENV" ]; then
- echo "Directory ./env/$ENV does not exist."
- exit 1
- fi
-
- TMP_FILE=$(mktemp)
- grep -E '^resource|^module' $TF_FILE > $TMP_FILE
-
- while read -r line ; do
- TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ')
- if [ "$TYPE" == "module" ]; then
- NAME=$(echo $line | cut -d '"' -f 2)
- TARGETS+=" -target=\"$TYPE.$NAME\""
- else
- NAME1=$(echo $line | cut -d '"' -f 2)
- NAME2=$(echo $line | cut -d '"' -f 4)
- TARGETS+=" -target=\"$NAME1.$NAME2\""
- fi
- done < $TMP_FILE
-
- rm $TMP_FILE
-
- echo "./terraform.sh $action $ENV $TARGETS"
-}
-
-function help_usage() {
- echo "terraform.sh Version ${vers}"
- echo
- echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]"
- echo "es. ACTION: init, apply, plan, etc."
- echo "es. ENV: dev, uat, prod, etc."
- echo
- echo "Available actions:"
- echo " clean Remove .terraform* folders and tfplan files"
- echo " help This help"
- echo " list List every environment available"
- echo " update Update this script if possible"
- echo " summ Generate summary of Terraform plan"
- echo " tflist Generate an improved output of terraform state list"
- echo " tlock Generate or update the dependency lock file"
- echo " * any terraform option"
-}
-
-function init_terraform() {
- if [ -n "$env" ]; then
- terraform init -reconfigure -backend-config="./env/$env/backend.tfvars"
- else
- echo "ERROR: no env configured!"
- exit 1
- fi
-}
-
-function list_env() {
- # Check if env directory exists
- if [ ! -d "./env" ]; then
- echo "No environment directory found"
- exit 1
- fi
-
- # List subdirectories under env directory
- env_list=$(ls -d ./env/*/ 2>/dev/null)
-
- # Check if there are any subdirectories
- if [ -z "$env_list" ]; then
- echo "No environments found"
- exit 1
- fi
-
- # Print the list of environments
- echo "Available environments:"
- for env in $env_list; do
- env_name=$(echo "$env" | sed 's#./env/##;s#/##')
- echo "- $env_name"
- done
-}
-
-function other_actions() {
- if [ -n "$env" ] && [ -n "$action" ]; then
- terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other
- else
- echo "ERROR: no env or action configured!"
- exit 1
- fi
-}
-
-function state_output_taint_actions() {
- if [ "$action" == "tflist" ]; then
- # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory,
- # attempt to download the 'tflist' tool
- if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then
- download_tool "tflist"
- if [ $? -ne 0 ]; then
- echo "Error: Failed to download tflist!!"
- exit 1
- else
- echo "tflist downloaded!"
- fi
- fi
- if command -v tflist &> /dev/null; then
- terraform state list | tflist
- else
- terraform state list | ./tflist
- fi
- else
- terraform $action $other
- fi
-}
-
-
-function parse_tfplan_option() {
- # Create an array to contain arguments that do not start with '-tfplan='
- local other_args=()
-
- # Loop over all arguments
- for arg in "$@"; do
- # If the argument starts with '-tfplan=', extract the file name
- if [[ "$arg" =~ ^-tfplan= ]]; then
- echo "${arg#*=}"
- else
- # If the argument does not start with '-tfplan=', add it to the other_args array
- other_args+=("$arg")
- fi
- done
-
- # Print all arguments in other_args separated by spaces
- echo "${other_args[@]}"
-}
-
-function tfsummary() {
- local plan_file
- plan_file=$(parse_tfplan_option "$@")
- if [ -z "$plan_file" ]; then
- plan_file="tfplan"
- fi
- action="plan"
- other="-out=${plan_file}"
- other_actions
- if [ -n "$(command -v tf-summarize)" ]; then
- tf-summarize -tree "${plan_file}"
- else
- echo "tf-summarize is not installed"
- fi
- if [ "$plan_file" == "tfplan" ]; then
- rm $plan_file
- fi
-}
-
-function update_script() {
- # Check if the repository was cloned successfully
- if ! curl -sL "$git_repo" -o "$tmp_file"; then
- echo "Error cloning the repository"
- rm "$tmp_file" 2>/dev/null
- return 1
- fi
-
- # Check if a newer version exists
- remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file")
- if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then
- echo "The local script version is equal to or newer than the remote version."
- rm "$tmp_file" 2>/dev/null
- return 0
- fi
-
- # Check the fingerprint
- local_fingerprint=$(sed -n '4p' "$0")
- remote_fingerprint=$(sed -n '4p' "$tmp_file")
-
- if [ "$local_fingerprint" != "$remote_fingerprint" ]; then
- echo "The local and remote file fingerprints do not match."
- rm "$tmp_file" 2>/dev/null
- return 0
- fi
-
- # Show the current and available versions to the user
- echo "Current script version: $vers"
- echo "Available script version: $remote_vers"
-
- # Ask the user if they want to update the script
- read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer
-
- if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then
- # Replace the local script with the updated version
- cp "$tmp_file" "$script_name"
- chmod +x "$script_name"
- rm "$tmp_file" 2>/dev/null
-
- echo "Script successfully updated to version $remote_vers"
- else
- echo "Update canceled by the user"
- fi
-
- rm "$tmp_file" 2>/dev/null
-}
-
-# Check arguments number
-if [ "$#" -lt 1 ]; then
- help_usage
- exit 0
-fi
-
-# Parse arguments
-action=$1
-env=$2
-filetf=$3
-shift 2
-other=$@
-
-if [ -n "$env" ]; then
- # shellcheck source=/dev/null
- source "./env/$env/backend.ini"
- if [ -z "$(command -v az)" ]; then
- echo "az not found, cannot proceed"
- exit 1
- fi
- az account set -s "${subscription}"
-fi
-
-# Call appropriate function based on action
-case $action in
- clean)
- clean_environment
- ;;
- ?|help|-h)
- help_usage
- ;;
- init)
- init_terraform "$other"
- ;;
- list)
- list_env
- ;;
- output|state|taint|tflist)
- init_terraform
- state_output_taint_actions $other
- ;;
- summ)
- init_terraform
- tfsummary "$other"
- ;;
- tlock)
- terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64
- ;;
- update)
- update_script
- ;;
- *)
- if [ "$FILE_ACTION" = true ]; then
- extract_resources "$filetf" "$env"
- else
- init_terraform
- other_actions "$other"
- fi
- ;;
-esac
diff --git a/src/copy/payopt-secrets/.terraform.lock.hcl b/src/copy/payopt-secrets/.terraform.lock.hcl
deleted file mode 100644
index e6e5cedf47..0000000000
--- a/src/copy/payopt-secrets/.terraform.lock.hcl
+++ /dev/null
@@ -1,102 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/azuread" {
- version = "2.47.0"
- constraints = "<= 2.47.0"
- hashes = [
- "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=",
- "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e",
- "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
- "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001",
- "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f",
- "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17",
- "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569",
- "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a",
- "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e",
- "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee",
- "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57",
- "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb",
- "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.106.0"
- constraints = "~> 3.30, <= 3.106.0"
- hashes = [
- "h1:6t9Nz9tYAR9BfHZ8yc56m+GKRl0nriwjQ5DyA0/TnCs=",
- "zh:07980d6fdc40c0adb670c8413a5c667917d6dbb51fcedc467c35d64c2f3a1f47",
- "zh:2e6e8491b1f089644b0d23f8da83398f1e10cf5a62b16efcef2b5454fe923038",
- "zh:450dbd72821c5619cc3bcdc20fdd0e29515147e44b733f9c79d3a75851810055",
- "zh:5e234c0a2f3c9677ea72b2a6e6ca90defb99fab29ae565f5d1f70728ba4ba78f",
- "zh:83fd042ece6977429d79affd03d6ce963d2f122604dbf15a1abf203d7a7bbc8a",
- "zh:93027e1f66b3bf83398d572d4e6f6e7777330c78c54da3226dadd50fd868ada9",
- "zh:ae3d1dd66140c303df97d93c47a60f16735ce17cf156f45475dcee4a7360af5b",
- "zh:daf9d2eb89e785458a76b88bf2ef0696c472094c77cc9cff3b3ea4b885c5a482",
- "zh:dd46370141651e6549da6d85e25c7a6770c47581bbaaa27eda2886d41d849747",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:f77405c0d8f6e0d93d9da83256b3b02c164bad4c791ed9604310ff02ae086ad1",
- "zh:ffa769147bda833aef8802e3a391bd175ec749862764d61cbdaa8200d5b8f893",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/external" {
- version = "2.2.3"
- constraints = "<= 2.2.3"
- hashes = [
- "h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=",
- "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9",
- "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c",
- "zh:2c0a180f6d1fc2ba6e03f7dfc5f73b617e45408681f75bca75aa82f3796df0e4",
- "zh:4b92ae44c6baef4c4952c47be00541055cb5280dd3bc8031dba5a1b2ee982387",
- "zh:5641694d5daf3893d7ea90be03b6fa575211a08814ffe70998d5adb8b59cdc0a",
- "zh:5bd55a2be8a1c20d732ac9c604b839e1cadc8c49006315dffa4d709b6874df32",
- "zh:6e0ef5d11e1597202424b7d69b9da7b881494c9b13a3d4026fc47012dc651c79",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:9e19f89fa25004d3b926a8d15ea630b4bde62f1fa4ed5e11a3d27aabddb77353",
- "zh:b763efdd69fd097616b4a4c89cf333b4cee9699ac6432d73d2756f8335d1213f",
- "zh:e3b561efdee510b2b445f76a52a902c52bee8e13095e7f4bed7c80f10f8d294a",
- "zh:fe660bb8781ee043a093b9a20e53069974475dcaa5791a1f45fd03c61a26478a",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.16.1"
- constraints = "<= 2.16.1"
- hashes = [
- "h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=",
- "zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c",
- "zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f",
- "zh:3a479014187af1d0aec3a1d3d9c09551b801956fe6dd29af1186dec86712731b",
- "zh:73fb0a69f1abdb02858b6589f7fab6d989a0f422f7ad95ed662aaa84872d3473",
- "zh:a33852cd382cbc8e06d3f6c018b468ad809d24d912d64722e037aed1f9bf39db",
- "zh:b533ff2214dca90296b1d22eace7eaa7e3efe5a7ae9da66a112094abc932db4f",
- "zh:ddf74d8bb1aeb01dc2c36ef40e2b283d32b2a96db73f6daaf179fa2f10949c80",
- "zh:e720f3a15d34e795fa9ff90bc755e838ebb4aef894aa2a423fb16dfa6d6b0667",
- "zh:e789ae70a658800cb0a19ef7e4e9b26b5a38a92b43d1f41d64fc8bb46539cefb",
- "zh:e8aed7dc0bd8f843d607dee5f72640dbef6835a8b1c6ea12cea5b4ec53e463f7",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:fb3ac4f43c8b0dfc0b0103dd0f062ea72b3a34518d4c8808e3a44c9a3dd5f024",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
- version = "3.2.1"
- constraints = "~> 3.2, <= 3.2.1"
- hashes = [
- "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
- "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
- "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
- "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
- "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
- "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
- "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
- "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
- "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
- "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
- "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
- ]
-}
diff --git a/src/copy/payopt-secrets/00_azuread.tf b/src/copy/payopt-secrets/00_azuread.tf
deleted file mode 100644
index 14a0893a9f..0000000000
--- a/src/copy/payopt-secrets/00_azuread.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-# Azure AD
-data "azuread_group" "adgroup_admin" {
- display_name = "${local.product}-adgroup-admin"
-}
-
-data "azuread_group" "adgroup_developers" {
- display_name = "${local.product}-adgroup-developers"
-}
-
-data "azuread_group" "adgroup_externals" {
- display_name = "${local.product}-adgroup-externals"
-}
-
-data "azuread_group" "adgroup_security" {
- display_name = "${local.product}-adgroup-security"
-}
\ No newline at end of file
diff --git a/src/copy/payopt-secrets/01_keyvault.tf b/src/copy/payopt-secrets/01_keyvault.tf
deleted file mode 100644
index c91ffe6e9c..0000000000
--- a/src/copy/payopt-secrets/01_keyvault.tf
+++ /dev/null
@@ -1,101 +0,0 @@
-resource "azurerm_resource_group" "sec_rg" {
- name = "${local.product}-${var.location_short}-${var.domain}-sec-rg"
- location = var.location
-
- tags = var.tags
-}
-
-module "key_vault" {
- source = "./.terraform/modules/__v3__/key_vault"
-
- name = "${local.product}-${var.location_short}-${var.domain}-kv"
- location = azurerm_resource_group.sec_rg.location
- resource_group_name = azurerm_resource_group.sec_rg.name
- tenant_id = data.azurerm_client_config.current.tenant_id
- soft_delete_retention_days = 90
-
- tags = var.tags
-}
-
-## ad group policy ##
-resource "azurerm_key_vault_access_policy" "ad_group_policy" {
- key_vault_id = module.key_vault.id
-
- tenant_id = data.azurerm_client_config.current.tenant_id
- object_id = data.azuread_group.adgroup_admin.object_id
-
- key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Backup", "Purge", "Recover", "Restore", "Sign", "UnwrapKey", "Update", "Verify", "WrapKey", "Release", "Rotate", "GetRotationPolicy", "SetRotationPolicy"]
- secret_permissions = ["Get", "List", "Set", "Delete", "Backup", "Purge", "Recover", "Restore"]
- storage_permissions = []
- certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Purge", "Recover", ]
-}
-
-## ad group policy ##
-resource "azurerm_key_vault_access_policy" "adgroup_developers_policy" {
- count = var.env_short != "p" ? 1 : 0
-
- key_vault_id = module.key_vault.id
-
- tenant_id = data.azurerm_client_config.current.tenant_id
- object_id = data.azuread_group.adgroup_developers.object_id
-
- key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Recover", "Rotate", "GetRotationPolicy"]
- secret_permissions = ["Get", "List", "Set", "Delete", "Recover", ]
- storage_permissions = []
- certificate_permissions = [
- "Get", "List", "Update", "Create", "Import",
- "Delete", "Restore", "Purge", "Recover"
- ]
-}
-
-## ad group policy ##
-resource "azurerm_key_vault_access_policy" "adgroup_externals_policy" {
- count = var.env_short != "p" ? 1 : 0
-
- key_vault_id = module.key_vault.id
-
- tenant_id = data.azurerm_client_config.current.tenant_id
- object_id = data.azuread_group.adgroup_externals.object_id
-
- key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "Recover", "Rotate", "GetRotationPolicy"]
- secret_permissions = ["Get", "List", "Set", "Delete", "Recover", ]
- storage_permissions = []
- certificate_permissions = [
- "Get", "List", "Update", "Create", "Import",
- "Delete", "Restore", "Purge", "Recover"
- ]
-}
-
-## ad group policy ##
-data "azuread_service_principal" "iac_principal" {
- count = var.enable_iac_pipeline ? 1 : 0
- display_name = "pagopaspa-pagoPA-iac-${data.azurerm_subscription.current.subscription_id}"
-}
-
-resource "azurerm_key_vault_access_policy" "azdevops_iac_policy" {
- count = var.enable_iac_pipeline ? 1 : 0
- key_vault_id = module.key_vault.id
- tenant_id = data.azurerm_client_config.current.tenant_id
- object_id = data.azuread_service_principal.iac_principal[0].object_id
-
- secret_permissions = ["Get", "List", "Set", ]
- certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"]
- key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt"]
-
- storage_permissions = []
-}
-
-################
-## Secrets ##
-################
-
-# create json letsencrypt inside kv
-# requierd: Docker
-module "letsencrypt_paymentoptions" {
- source = "./.terraform/modules/__v3__/letsencrypt_credential"
-
- prefix = var.prefix
- env = var.env_short
- key_vault_name = module.key_vault.name
- subscription_name = local.subscription_name
-}
diff --git a/src/copy/payopt-secrets/02_azdo.tf b/src/copy/payopt-secrets/02_azdo.tf
deleted file mode 100644
index 5683ffec89..0000000000
--- a/src/copy/payopt-secrets/02_azdo.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-# Policy
-#
-
-data "azurerm_user_assigned_identity" "iac_federated_azdo" {
- for_each = local.azdo_iac_managed_identities
- name = each.key
- resource_group_name = local.azdo_managed_identity_rg_name
-}
-
-resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" {
- for_each = local.azdo_iac_managed_identities
-
- key_vault_id = module.key_vault.id
- tenant_id = data.azurerm_client_config.current.tenant_id
- object_id = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id
-
- secret_permissions = ["Get", "List", "Set", ]
-
- certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"]
-
- storage_permissions = []
-}
diff --git a/src/copy/payopt-secrets/02_init_sops.tf b/src/copy/payopt-secrets/02_init_sops.tf
deleted file mode 100644
index e93d0651a0..0000000000
--- a/src/copy/payopt-secrets/02_init_sops.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-moved {
- from = azurerm_key_vault_key.generated
- to = azurerm_key_vault_key.sops_key
-}
-
-resource "azurerm_key_vault_key" "sops_key" {
- name = "${local.product}-${var.domain}-sops-key"
- key_vault_id = module.key_vault.id
- key_type = "RSA"
- key_size = 2048
-
- key_opts = [
- "decrypt",
- "encrypt",
- ]
-
- depends_on = [
- azurerm_key_vault_access_policy.adgroup_developers_policy,
- azurerm_key_vault_access_policy.ad_group_policy,
- ]
-}
diff --git a/src/copy/payopt-secrets/03_sops_secrets.tf b/src/copy/payopt-secrets/03_sops_secrets.tf
deleted file mode 100644
index aa759d304e..0000000000
--- a/src/copy/payopt-secrets/03_sops_secrets.tf
+++ /dev/null
@@ -1,54 +0,0 @@
-moved {
- from = data.external.external2
- to = data.external.terrasops
-}
-
-data "external" "terrasops" {
- program = [
- "bash", "terrasops.sh"
- ]
- query = {
- env = "${var.location_short}-${var.env}"
- }
-
-}
-
-locals {
- all_enc_secrets_value = can(data.external.terrasops.result) ? flatten([
- for k, v in data.external.terrasops.result : {
- valore = v
- chiave = k
- }
- ]) : []
-
- config_secret_data = jsondecode(file(var.input_file))
- all_config_secrets_value = flatten([
- for kc, vc in local.config_secret_data : {
- valore = vc
- chiave = kc
- }
- ])
-
- all_secrets_value = concat(local.all_config_secrets_value, local.all_enc_secrets_value)
-}
-
-## SOPS secrets
-
-## Upload all encrypted secrets
-resource "azurerm_key_vault_secret" "secret" {
- for_each = { for i, v in local.all_secrets_value : local.all_secrets_value[i].chiave => i }
-
- key_vault_id = module.key_vault.id
- name = local.all_secrets_value[each.value].chiave
- value = local.all_secrets_value[each.value].valore
-
- depends_on = [
- module.key_vault,
- azurerm_key_vault_key.sops_key,
- data.external.terrasops,
- azurerm_key_vault_access_policy.adgroup_developers_policy,
- azurerm_key_vault_access_policy.ad_group_policy,
- ]
-}
-
-# ⚠️ The secrets from resources are set in paymentoptions-app to avoid circular dependency
diff --git a/src/copy/payopt-secrets/99_locals.tf b/src/copy/payopt-secrets/99_locals.tf
deleted file mode 100644
index 084cb86f0c..0000000000
--- a/src/copy/payopt-secrets/99_locals.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-locals {
- project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
- product = "${var.prefix}-${var.env_short}"
-
-
- subscription_name = "${var.env}-${var.prefix}"
-
- azdo_managed_identity_rg_name = "pagopa-${var.env_short}-identity-rg"
- azdo_iac_managed_identities = toset(["azdo-${var.env}-pagopa-iac-deploy", "azdo-${var.env}-pagopa-iac-plan"])
-
-}
diff --git a/src/copy/payopt-secrets/99_main.tf b/src/copy/payopt-secrets/99_main.tf
deleted file mode 100644
index 9d3239722c..0000000000
--- a/src/copy/payopt-secrets/99_main.tf
+++ /dev/null
@@ -1,48 +0,0 @@
-terraform {
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "<= 3.106.0"
- }
- azuread = {
- source = "hashicorp/azuread"
- version = "<= 2.47.0"
- }
- null = {
- source = "hashicorp/null"
- version = "<= 3.2.1"
- }
- external = {
- source = "hashicorp/external"
- version = "<= 2.2.3"
- }
- kubernetes = {
- source = "hashicorp/kubernetes"
- version = "<= 2.16.1"
- }
- }
-
- backend "azurerm" {}
-}
-
-provider "azurerm" {
- features {
- key_vault {
- purge_soft_delete_on_destroy = false
- }
- }
-}
-
-provider "kubernetes" {
- config_path = "~/.kube/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
- config_context = "${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
-}
-
-data "azurerm_subscription" "current" {}
-
-data "azurerm_client_config" "current" {}
-
-module "__v3__" {
- # v8.60.0
- source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
-}
diff --git a/src/copy/payopt-secrets/99_variables.tf b/src/copy/payopt-secrets/99_variables.tf
deleted file mode 100644
index 3a7cff7fcf..0000000000
--- a/src/copy/payopt-secrets/99_variables.tf
+++ /dev/null
@@ -1,101 +0,0 @@
-# general
-
-variable "prefix" {
- type = string
- validation {
- condition = (
- length(var.prefix) <= 6
- )
- error_message = "Max length is 6 chars."
- }
-}
-
-variable "env" {
- type = string
-}
-
-variable "env_short" {
- type = string
- validation {
- condition = (
- length(var.env_short) == 1
- )
- error_message = "Length must be 1 chars."
- }
-}
-
-variable "domain" {
- type = string
- validation {
- condition = (
- length(var.domain) <= 12
- )
- error_message = "Max length is 12 chars."
- }
-}
-
-variable "location" {
- type = string
- description = "One of westeurope, northeurope"
-}
-
-variable "location_short" {
- type = string
- validation {
- condition = (
- length(var.location_short) == 3
- )
- error_message = "Length must be 3 chars."
- }
- description = "One of weu, itn"
-}
-
-variable "instance" {
- type = string
- description = "One of beta, prod01, prod02"
-}
-
-variable "tags" {
- type = map(any)
- default = {
- CreatedBy = "Terraform"
- }
-}
-
-###
-
-variable "input_file" {
- type = string
- description = "secret json file"
-}
-
-variable "enable_iac_pipeline" {
- type = bool
- description = "If true create the key vault policy to allow used by azure devops iac pipelines."
- default = false
-}
-
-
-variable "kv-key-permissions-read" {
- type = list(string)
- description = "List of read key permissions"
- default = ["Get", "List"]
-}
-
-variable "kv-secret-permissions-read" {
- type = list(string)
- description = "List of read secret permissions"
- default = ["Get", "List"]
-}
-
-variable "kv-certificate-permissions-read" {
- type = list(string)
- description = "List of read certificate permissions"
- default = ["Get", "GetIssuers", "List", "ListIssuers"]
-}
-
-variable "kv-storage-permissions-read" {
- type = list(string)
- description = "List of read storage permissions"
- default = ["Get", "GetSAS", "List", "ListSAS"]
-}
diff --git a/src/copy/payopt-secrets/README.md b/src/copy/payopt-secrets/README.md
deleted file mode 100644
index d167e6b2e7..0000000000
--- a/src/copy/payopt-secrets/README.md
+++ /dev/null
@@ -1,65 +0,0 @@
-# paymentoptions-secrets
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [azuread](#requirement\_azuread) | <= 2.47.0 |
-| [azurerm](#requirement\_azurerm) | <= 3.106.0 |
-| [external](#requirement\_external) | <= 2.2.3 |
-| [kubernetes](#requirement\_kubernetes) | <= 2.16.1 |
-| [null](#requirement\_null) | <= 3.2.1 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.22.0 |
-| [letsencrypt\_paymentoptions](#module\_letsencrypt\_paymentoptions) | git::https://github.com/pagopa/terraform-azurerm-v3.git///letsencrypt_credential | v8.44.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azurerm_key_vault_access_policy.ad_group_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_access_policy.adgroup_developers_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_access_policy.adgroup_externals_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_access_policy.azdevops_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_access_policy.azdevops_iac_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
-| [azurerm_key_vault_key.sops_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource |
-| [azurerm_key_vault_secret.secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
-| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
-| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
-| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
-| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
-| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
-| [azuread_service_principal.iac_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
-| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
-| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
-| [azurerm_user_assigned_identity.iac_federated_azdo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source |
-| [external_external.terrasops](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [domain](#input\_domain) | n/a | `string` | n/a | yes |
-| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no |
-| [env](#input\_env) | n/a | `string` | n/a | yes |
-| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
-| [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes |
-| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
-| [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | [
"Get",
"GetIssuers",
"List",
"ListIssuers"
]
| no |
-| [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | [
"Get",
"List"
]
| no |
-| [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | [
"Get",
"List"
]
| no |
-| [kv-storage-permissions-read](#input\_kv-storage-permissions-read) | List of read storage permissions | `list(string)` | [
"Get",
"GetSAS",
"List",
"ListSAS"
]
| no |
-| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
-| [location\_short](#input\_location\_short) | One of weu, itn | `string` | n/a | yes |
-| [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
-| [tags](#input\_tags) | n/a | `map(any)` | {
"CreatedBy": "Terraform"
} | no |
-
-## Outputs
-
-No outputs.
-
diff --git a/src/copy/payopt-secrets/env/itn-dev/backend.ini b/src/copy/payopt-secrets/env/itn-dev/backend.ini
deleted file mode 100644
index f3ea2d530c..0000000000
--- a/src/copy/payopt-secrets/env/itn-dev/backend.ini
+++ /dev/null
@@ -1 +0,0 @@
-subscription=DEV-pagoPA
\ No newline at end of file
diff --git a/src/copy/payopt-secrets/env/itn-dev/backend.tfvars b/src/copy/payopt-secrets/env/itn-dev/backend.tfvars
deleted file mode 100644
index 324e5f4b9d..0000000000
--- a/src/copy/payopt-secrets/env/itn-dev/backend.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-resource_group_name = "terraform-state-rg"
-storage_account_name = "tfinfdevpagopa"
-container_name = "terraform-state"
-key = "paymentoptions-secret-dev.terraform.tfstate"
diff --git a/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars b/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars
deleted file mode 100644
index 4cb569abdb..0000000000
--- a/src/copy/payopt-secrets/env/itn-dev/terraform.tfvars
+++ /dev/null
@@ -1,30 +0,0 @@
-prefix = "pagopa"
-env_short = "d"
-env = "dev"
-domain = "payopt"
-location = "italynorth"
-location_short = "itn"
-instance = "dev"
-
-tags = {
- CreatedBy = "Terraform"
- Environment = "Dev"
- Owner = "pagoPA"
- Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets"
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
-}
-
-### External resources
-
-monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-log_analytics_italy_workspace_name = "pagopa-d-itn-core-law"
-log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-
-input_file = "./secret/itn-dev/configs.json"
-
-enable_iac_pipeline = true
-
-
-
-
-
diff --git a/src/copy/payopt-secrets/env/itn-prod/backend.ini b/src/copy/payopt-secrets/env/itn-prod/backend.ini
deleted file mode 100644
index 6318425346..0000000000
--- a/src/copy/payopt-secrets/env/itn-prod/backend.ini
+++ /dev/null
@@ -1 +0,0 @@
-subscription=PROD-pagoPA
diff --git a/src/copy/payopt-secrets/env/itn-prod/backend.tfvars b/src/copy/payopt-secrets/env/itn-prod/backend.tfvars
deleted file mode 100644
index 9b18697702..0000000000
--- a/src/copy/payopt-secrets/env/itn-prod/backend.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-resource_group_name = "terraform-state-rg"
-storage_account_name = "tfinfprodpagopa"
-container_name = "terraform-state"
-key = "paymentoptions-secret-prod.terraform.tfstate"
diff --git a/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars b/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars
deleted file mode 100644
index 4e852fe9cf..0000000000
--- a/src/copy/payopt-secrets/env/itn-prod/terraform.tfvars
+++ /dev/null
@@ -1,30 +0,0 @@
-prefix = "pagopa"
-env_short = "p"
-env = "prod"
-domain = "paymentoptns"
-location = "payopt"
-location_short = "itn"
-instance = "prod"
-
-tags = {
- CreatedBy = "Terraform"
- Environment = "Prod"
- Owner = "pagoPA"
- Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets"
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
-}
-
-### External resources
-
-monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-log_analytics_italy_workspace_name = "pagopa-d-itn-core-law"
-log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-
-input_file = "./secret/itn-prod/configs.json"
-
-enable_iac_pipeline = true
-
-
-
-
-
diff --git a/src/copy/payopt-secrets/env/itn-uat/backend.ini b/src/copy/payopt-secrets/env/itn-uat/backend.ini
deleted file mode 100644
index 1a014151dc..0000000000
--- a/src/copy/payopt-secrets/env/itn-uat/backend.ini
+++ /dev/null
@@ -1 +0,0 @@
-subscription=UAT-pagoPA
diff --git a/src/copy/payopt-secrets/env/itn-uat/backend.tfvars b/src/copy/payopt-secrets/env/itn-uat/backend.tfvars
deleted file mode 100644
index 2f949683b5..0000000000
--- a/src/copy/payopt-secrets/env/itn-uat/backend.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-resource_group_name = "terraform-state-rg"
-storage_account_name = "tfinfuatpagopa"
-container_name = "terraform-state"
-key = "paymentoptions-secret-uat.terraform.tfstate"
diff --git a/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars b/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars
deleted file mode 100644
index 170edb7557..0000000000
--- a/src/copy/payopt-secrets/env/itn-uat/terraform.tfvars
+++ /dev/null
@@ -1,27 +0,0 @@
-prefix = "pagopa"
-env_short = "u"
-env = "uat"
-domain = "payopt"
-location = "italynorth"
-location_short = "itn"
-instance = "uat"
-
-tags = {
- CreatedBy = "Terraform"
- Environment = "Uat"
- Owner = "pagoPA"
- Source = "https://github.com/pagopa/pagopa-infra/tree/main/src/domains/paymentoptions-secrets"
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
-}
-
-### External resources
-
-monitor_italy_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-log_analytics_italy_workspace_name = "pagopa-d-itn-core-law"
-log_analytics_italy_workspace_resource_group_name = "pagopa-d-itn-core-monitor-rg"
-
-input_file = "./secret/itn-uat/configs.json"
-
-enable_iac_pipeline = true
-
-force = "v1"
diff --git a/src/copy/payopt-secrets/secret/itn-dev/configs.json b/src/copy/payopt-secrets/secret/itn-dev/configs.json
deleted file mode 100644
index 9e26dfeeb6..0000000000
--- a/src/copy/payopt-secrets/secret/itn-dev/configs.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
\ No newline at end of file
diff --git a/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json b/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json
deleted file mode 100644
index 6c3c1af837..0000000000
--- a/src/copy/payopt-secrets/secret/itn-dev/noedit_secret_enc.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "sops": {
- "kms": null,
- "gcp_kms": null,
- "azure_kv": [
- {
- "vault_url": "https://pagopa-d-itn-payopt-kv.vault.azure.net",
- "name": "pagopa-d-payopt-sops-key",
- "version": "3cfc1dcd61ee4a9bb4bff1fd4e5d45f1",
- "created_at": "2024-11-28T14:36:24Z",
- "enc": "vpf4sFWuobCrXfjbD0TXrg8Tv31mVZngHunMNN_tL_wMI38V11PI1yJtx9XiHiC1Mf84mlKCq8OeOwB9kMQacsngGuVtE1hTMBIGqd2mbmXoKKHXQfyoczXOMTgUGCtrpAHBvO86BX6ONbRIz9WFYnXBntDk6CkVDFYVTwiViO77nSo6LpxG_PG9cBS_Am_gdzDZxM1gMJx3OrIxuEIaQ_l9LuO35Wtx1DW8hrD95xSNEaRUOxZr9bzAHtZYvKEeWdj2AzZCxkL8ikMVB1fpi5qpOzpnEDl9HMylxExET7E6Nhbl8eUXNRJi00MCNC6HeOcPdYd8gPHYtHdefThmVg"
- }
- ],
- "hc_vault": null,
- "age": null,
- "lastmodified": "2024-11-28T14:36:26Z",
- "mac": "ENC[AES256_GCM,data:hkNbqIGNsyia2OK0mRXYMD3sLz4Sgc8mLuUaVCVmuVw8XSFBjrVDK5Vn1Z77xh34a9PFhW7ovWndeAO0tCwWVrFoL3vO9UhHGhoihUGy81SbmawJruF4DR+f3BTrk1lEIE39nAUHbikS97GknfTH8aZbOFupAd+hCXFO1DkHZ5g=,iv:QZEf/HHOtth8xX5+d0/omA3LAzSlzFLO5tdz6B6ZJ9o=,tag:+FnEej6YVzQ5vFLd1MwbCA==,type:str]",
- "pgp": null,
- "unencrypted_suffix": "_unencrypted",
- "version": "3.9.1"
- }
-}
\ No newline at end of file
diff --git a/src/copy/payopt-secrets/secret/itn-dev/secret.ini b/src/copy/payopt-secrets/secret/itn-dev/secret.ini
deleted file mode 100644
index 1cf65b61b0..0000000000
--- a/src/copy/payopt-secrets/secret/itn-dev/secret.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-file_crypted="noedit_secret_enc.json"
-kv_name="pagopa-d-itn-payopt-kv"
-kv_sops_key_name="pagopa-d-payopt-sops-key"
diff --git a/src/copy/payopt-secrets/secret/itn-prod/configs.json b/src/copy/payopt-secrets/secret/itn-prod/configs.json
deleted file mode 100644
index 9e26dfeeb6..0000000000
--- a/src/copy/payopt-secrets/secret/itn-prod/configs.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
\ No newline at end of file
diff --git a/src/copy/payopt-secrets/secret/itn-prod/secret.ini b/src/copy/payopt-secrets/secret/itn-prod/secret.ini
deleted file mode 100644
index 61a2254ac6..0000000000
--- a/src/copy/payopt-secrets/secret/itn-prod/secret.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-file_crypted="noedit_secret_enc.json"
-kv_name="pagopa-p-itn-payopt-kv"
-kv_sops_key_name="pagopa-p-payopt-sops-key"
diff --git a/src/copy/payopt-secrets/secret/itn-uat/configs.json b/src/copy/payopt-secrets/secret/itn-uat/configs.json
deleted file mode 100644
index 9e26dfeeb6..0000000000
--- a/src/copy/payopt-secrets/secret/itn-uat/configs.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
\ No newline at end of file
diff --git a/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json b/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json
deleted file mode 100644
index 878e035cff..0000000000
--- a/src/copy/payopt-secrets/secret/itn-uat/noedit_secret_enc.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "sops": {
- "kms": null,
- "gcp_kms": null,
- "azure_kv": [
- {
- "vault_url": "https://pagopa-u-itn-payopt-kv.vault.azure.net",
- "name": "pagopa-u-payopt-sops-key",
- "version": "391d59d66b2e4c118246648bf60dc813",
- "created_at": "2024-11-28T14:41:50Z",
- "enc": "dyWl_4p70QqcfQsqmIABzVxCWauyBDVZIg9WsqjoAfhNWbCbYvzXbjCiIJhOUJK_4H-EHDb70bnIG4HyIhNmEoNhQD69R9YDkQvJs146WOfBeUT4EO7xcXcM0wZEwjkeQq0PwkVRVvufColcIhlNKg0VMDCK6K2vRijAHAT4P9-gWrVukCnLYP2mlgXKmjX51CQVOV9S97LJEXzl4ki3mI8DGrGYX9qY9uZb6har_8MJaxAAAwcCkz5OYeAImDnz4f_t3ZcIpy4LeG1rubJCNnAxBLCXxL7lt4m-nwcclLQMd_a1U-DyyoOS03_2KwTYkhQI0YnXS9xancsdWXwK9g"
- }
- ],
- "hc_vault": null,
- "age": null,
- "lastmodified": "2024-11-28T14:41:51Z",
- "mac": "ENC[AES256_GCM,data:Umg7BLjeiSk1FSp+ozRgtM/EAmf4SD0wvTJvlrNpmv7hi5g+rn1V2/OoyS7xxnQg4eqDNOJSs3mDfcdHfMffYs2mNxNl8H91SYYkgH85VZYHKShUVS4o5bKwAvyDPmB4qRJ/aAlFGUWMVobGUuBSDP1/GT0Md7Ic4qeYaaepN9k=,iv:ZfMS6ik70+Ctv+/wmy4gfWvrH1+5QIHkp1v+K6n0wbQ=,tag:bAW+DPq9SLrvjvSOXleczw==,type:str]",
- "pgp": null,
- "unencrypted_suffix": "_unencrypted",
- "version": "3.9.1"
- }
-}
\ No newline at end of file
diff --git a/src/copy/payopt-secrets/secret/itn-uat/secret.ini b/src/copy/payopt-secrets/secret/itn-uat/secret.ini
deleted file mode 100644
index c16aa7f137..0000000000
--- a/src/copy/payopt-secrets/secret/itn-uat/secret.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-file_crypted="noedit_secret_enc.json"
-kv_name="pagopa-u-itn-payopt-kv"
-kv_sops_key_name="pagopa-u-payopt-sops-key"
diff --git a/src/copy/payopt-secrets/sops.sh b/src/copy/payopt-secrets/sops.sh
deleted file mode 100755
index 347b11d0ef..0000000000
--- a/src/copy/payopt-secrets/sops.sh
+++ /dev/null
@@ -1,137 +0,0 @@
-#!/bin/bash
-
-# set -x # Uncomment this line to enable debug mode
-
-#
-# how to use `sh sops.sh`
-# ℹ️ This script allows you to create a sops file with the relative azure key,
-# it also allows you to edit the secrets and add them with the script.
-# ℹ️ This script also uses an inventory file under the "./secret//secret.ini"
-# directory to load environment variables.
-#
-
-action=$1
-env=$2
-shift 2
-# shellcheck disable=SC2034
-other=( "$@" )
-
-if [ -z "$action" ]; then
- helpmessage=$(cat < -> decrypt json file in specified environment
- example: ./sops.sh d itn-dev
- example: ./sops.sh decrypt itn-dev
-
-./sops.sh s -> search in enc file in specified environment
- example: ./sops.sh s itn-dev
- example: ./sops.sh search itn-dev
-
-./sops.sh n -> create new file enc json template in specified environment
- example: ./sops.sh n itn-dev
- example: ./sops.sh new itn-dev
-
-./sops.sh a -> add new secret record to enc json in specified environment
- example: ./sops.sh a itn-dev
- example: ./sops.sh add itn-dev
-
-./sops.sh e -> edit enc json record in specified environment
- example: ./sops.sh e itn-dev
- example: ./sops.sh edit itn-dev
-
-./sops.sh f -> enc a json file in a specified environment
- example: ./sops.sh f itn-dev
-
-EOF
-)
- echo "$helpmessage"
- exit 0
-fi
-
-if [ -z "$env" ]; then
- echo "env should be something like: itn-dev, itn-uat or itn-prod."
- exit 0
-fi
-
-echo "🔨 Mandatory variables are correct"
-file_crypted=""
-kv_name=""
-kv_sops_key_name=""
-
-# shellcheck disable=SC1090
-source "./secret/$env/secret.ini"
-
-echo "🔨 All variables loaded"
-
-# Check if kv_name and file_crypted variables are not empty
-if [ -z "${kv_name}" ]; then
- echo "❌ Error: kv_name variable is not defined correctly."
- exit 1
-fi
-
-if [ -z "$file_crypted" ]; then
- echo "❌ Error: file_crypted variable is not defined correctly."
- exit 1
-fi
-
-encrypted_file_path="./secret/$env/$file_crypted"
-
-# Check if the key exists in the Key Vault
-# shellcheck disable=SC2154
-kv_key_url=$(az keyvault key show --vault-name "$kv_name" --name "$kv_sops_key_name" --query "key.kid" -o tsv)
-if [ -z "$kv_key_url" ]; then
- echo "❌ The key does not exist."
- exit 1
-fi
-echo "[INFO] Key URL: $kv_key_url"
-
-echo "🔨 Key URL loaded correctly"
-
-if echo "d decrypt a add s search n new e edit f" | grep -w "$action" > /dev/null; then
- case $action in
- "d"|"decrypt")
- sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path"
- if [ $? -eq 1 ]; then
- echo "❌ File $encrypted_file_path NOT encrypted"
- exit 0
- fi
- ;;
- "s"|"search")
- read -r -p 'key: ' key
- sops --decrypt --azure-kv "$kv_key_url" "$encrypted_file_path" | grep -i "$key"
- ;;
- "a"|"add")
- read -r -p 'key: ' key
- read -r -p 'value: ' value
- sops -i --set '["'"$key"'"] "'"$value"'"' --azure-kv "$kv_key_url" "$encrypted_file_path"
- echo "✅ Added key"
- ;;
- "n"|"new")
- if [ -f "$encrypted_file_path" ]; then
- echo "⚠️ file $encrypted_file_path already exists"
- exit 0
- fi
- echo "{}" > "$encrypted_file_path"
- sops --encrypt -i --azure-kv "$kv_key_url" "$encrypted_file_path"
- echo "✅ created new file for sops"
- ;;
- "e"|"edit")
- if [ ! -f "$encrypted_file_path" ]; then
- echo "⚠️ file $encrypted_file_path not found"
- exit 1
- fi
-
- sops --azure-kv "$kv_key_url" "$encrypted_file_path"
- echo "✅ edit file completed"
-
- ;;
- "f")
- read -r -p 'file: ' file
- sops --encrypt --azure-kv "$kv_key_url" "./secret/$env/$file" > "$encrypted_file_path"
- ;;
- esac
-else
- echo "⚠️ Action not allowed."
- exit 1
-fi
diff --git a/src/copy/payopt-secrets/terraform.sh b/src/copy/payopt-secrets/terraform.sh
deleted file mode 100755
index 047a7512d0..0000000000
--- a/src/copy/payopt-secrets/terraform.sh
+++ /dev/null
@@ -1,324 +0,0 @@
-#!/bin/bash
-############################################################
-# Terraform script for managing infrastructure on Azure
-# Fingerprint: d2hhdHlvdXdhbnQ/Cg==
-############################################################
-# Global variables
-# Version format x.y accepted
-vers="1.11"
-script_name=$(basename "$0")
-git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}"
-tmp_file="${script_name}.new"
-# Check if the third parameter exists and is a file
-if [ -n "$3" ] && [ -f "$3" ]; then
- FILE_ACTION=true
-else
- FILE_ACTION=false
-fi
-
-# Define functions
-function clean_environment() {
- rm -rf .terraform
- rm tfplan 2>/dev/null
- echo "cleaned!"
-}
-
-function download_tool() {
- #default value
- cpu_type="intel"
- os_type=$(uname)
-
- # only on MacOS
- if [ "$os_type" == "Darwin" ]; then
- cpu_brand=$(sysctl -n machdep.cpu.brand_string)
- if grep -q -i "intel" <<< "$cpu_brand"; then
- cpu_type="intel"
- else
- cpu_type="arm"
- fi
- fi
-
- echo $cpu_type
- tool=$1
- git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}"
- if ! command -v $tool &> /dev/null; then
- if ! curl -sL "$git_repo" -o "$tool"; then
- echo "Error downloading ${tool}"
- return 1
- else
- chmod +x $tool
- echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons.
-You need to do it yourself!"
- read -p "Press enter to continue"
-
-
- fi
- fi
-}
-
-function extract_resources() {
- TF_FILE=$1
- ENV=$2
- TARGETS=""
-
- # Check if the file exists
- if [ ! -f "$TF_FILE" ]; then
- echo "File $TF_FILE does not exist."
- exit 1
- fi
-
- # Check if the directory exists
- if [ ! -d "./env/$ENV" ]; then
- echo "Directory ./env/$ENV does not exist."
- exit 1
- fi
-
- TMP_FILE=$(mktemp)
- grep -E '^resource|^module' $TF_FILE > $TMP_FILE
-
- while read -r line ; do
- TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ')
- if [ "$TYPE" == "module" ]; then
- NAME=$(echo $line | cut -d '"' -f 2)
- TARGETS+=" -target=\"$TYPE.$NAME\""
- else
- NAME1=$(echo $line | cut -d '"' -f 2)
- NAME2=$(echo $line | cut -d '"' -f 4)
- TARGETS+=" -target=\"$NAME1.$NAME2\""
- fi
- done < $TMP_FILE
-
- rm $TMP_FILE
-
- echo "./terraform.sh $action $ENV $TARGETS"
-}
-
-function help_usage() {
- echo "terraform.sh Version ${vers}"
- echo
- echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]"
- echo "es. ACTION: init, apply, plan, etc."
- echo "es. ENV: dev, uat, prod, etc."
- echo
- echo "Available actions:"
- echo " clean Remove .terraform* folders and tfplan files"
- echo " help This help"
- echo " list List every environment available"
- echo " update Update this script if possible"
- echo " summ Generate summary of Terraform plan"
- echo " tflist Generate an improved output of terraform state list"
- echo " tlock Generate or update the dependency lock file"
- echo " * any terraform option"
-}
-
-function init_terraform() {
- if [ -n "$env" ]; then
- terraform init -reconfigure -backend-config="./env/$env/backend.tfvars"
- else
- echo "ERROR: no env configured!"
- exit 1
- fi
-}
-
-function list_env() {
- # Check if env directory exists
- if [ ! -d "./env" ]; then
- echo "No environment directory found"
- exit 1
- fi
-
- # List subdirectories under env directory
- env_list=$(ls -d ./env/*/ 2>/dev/null)
-
- # Check if there are any subdirectories
- if [ -z "$env_list" ]; then
- echo "No environments found"
- exit 1
- fi
-
- # Print the list of environments
- echo "Available environments:"
- for env in $env_list; do
- env_name=$(echo "$env" | sed 's#./env/##;s#/##')
- echo "- $env_name"
- done
-}
-
-function other_actions() {
- if [ -n "$env" ] && [ -n "$action" ]; then
- terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other
- else
- echo "ERROR: no env or action configured!"
- exit 1
- fi
-}
-
-function state_output_taint_actions() {
- if [ "$action" == "tflist" ]; then
- # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory,
- # attempt to download the 'tflist' tool
- if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then
- download_tool "tflist"
- if [ $? -ne 0 ]; then
- echo "Error: Failed to download tflist!!"
- exit 1
- else
- echo "tflist downloaded!"
- fi
- fi
- if command -v tflist &> /dev/null; then
- terraform state list | tflist
- else
- terraform state list | ./tflist
- fi
- else
- terraform $action $other
- fi
-}
-
-
-function parse_tfplan_option() {
- # Create an array to contain arguments that do not start with '-tfplan='
- local other_args=()
-
- # Loop over all arguments
- for arg in "$@"; do
- # If the argument starts with '-tfplan=', extract the file name
- if [[ "$arg" =~ ^-tfplan= ]]; then
- echo "${arg#*=}"
- else
- # If the argument does not start with '-tfplan=', add it to the other_args array
- other_args+=("$arg")
- fi
- done
-
- # Print all arguments in other_args separated by spaces
- echo "${other_args[@]}"
-}
-
-function tfsummary() {
- local plan_file
- plan_file=$(parse_tfplan_option "$@")
- if [ -z "$plan_file" ]; then
- plan_file="tfplan"
- fi
- action="plan"
- other="-out=${plan_file}"
- other_actions
- if [ -n "$(command -v tf-summarize)" ]; then
- tf-summarize -tree "${plan_file}"
- else
- echo "tf-summarize is not installed"
- fi
- if [ "$plan_file" == "tfplan" ]; then
- rm $plan_file
- fi
-}
-
-function update_script() {
- # Check if the repository was cloned successfully
- if ! curl -sL "$git_repo" -o "$tmp_file"; then
- echo "Error cloning the repository"
- rm "$tmp_file" 2>/dev/null
- return 1
- fi
-
- # Check if a newer version exists
- remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file")
- if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then
- echo "The local script version is equal to or newer than the remote version."
- rm "$tmp_file" 2>/dev/null
- return 0
- fi
-
- # Check the fingerprint
- local_fingerprint=$(sed -n '4p' "$0")
- remote_fingerprint=$(sed -n '4p' "$tmp_file")
-
- if [ "$local_fingerprint" != "$remote_fingerprint" ]; then
- echo "The local and remote file fingerprints do not match."
- rm "$tmp_file" 2>/dev/null
- return 0
- fi
-
- # Show the current and available versions to the user
- echo "Current script version: $vers"
- echo "Available script version: $remote_vers"
-
- # Ask the user if they want to update the script
- read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer
-
- if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then
- # Replace the local script with the updated version
- cp "$tmp_file" "$script_name"
- chmod +x "$script_name"
- rm "$tmp_file" 2>/dev/null
-
- echo "Script successfully updated to version $remote_vers"
- else
- echo "Update canceled by the user"
- fi
-
- rm "$tmp_file" 2>/dev/null
-}
-
-# Check arguments number
-if [ "$#" -lt 1 ]; then
- help_usage
- exit 0
-fi
-
-# Parse arguments
-action=$1
-env=$2
-filetf=$3
-shift 2
-other=$@
-
-if [ -n "$env" ]; then
- # shellcheck source=/dev/null
- source "./env/$env/backend.ini"
- if [ -z "$(command -v az)" ]; then
- echo "az not found, cannot proceed"
- exit 1
- fi
- az account set -s "${subscription}"
-fi
-
-# Call appropriate function based on action
-case $action in
- clean)
- clean_environment
- ;;
- ?|help|-h)
- help_usage
- ;;
- init)
- init_terraform "$other"
- ;;
- list)
- list_env
- ;;
- output|state|taint|tflist)
- init_terraform
- state_output_taint_actions $other
- ;;
- summ)
- init_terraform
- tfsummary "$other"
- ;;
- tlock)
- terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64
- ;;
- update)
- update_script
- ;;
- *)
- if [ "$FILE_ACTION" = true ]; then
- extract_resources "$filetf" "$env"
- else
- init_terraform
- other_actions "$other"
- fi
- ;;
-esac
diff --git a/src/copy/payopt-secrets/terrasops.sh b/src/copy/payopt-secrets/terrasops.sh
deleted file mode 100644
index 32be3bd04f..0000000000
--- a/src/copy/payopt-secrets/terrasops.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-# set -x # Uncomment this line to enable debug mode
-
-#
-# ℹ️ This script is used by terraform, to decrypt all secrets on sops and export them to json.
-# This way it can loop through them and use them to insert them inside the KV
-# ⚠️ Do not add additional echos to the script in case of golden path,
-# as the script only needs to return a json
-#
-
-eval "$(jq -r '@sh "export terrasops_env=\(.env)"')"
-
-# shellcheck disable=SC1090
-source "./secret/$terrasops_env/secret.ini"
-encrypted_file_path="./secret/$terrasops_env/$file_crypted"
-
-if [ -f "$encrypted_file_path" ]; then
- # Load the values of azure_kv.vault_url and azure_kv.name from the JSON file
- azure_kv_vault_url=$(jq -r '.sops.azure_kv[0].vault_url' "$encrypted_file_path")
- azure_kv_name=$(jq -r '.sops.azure_kv[0].name' "$encrypted_file_path")
-
- if [ -z "$azure_kv_vault_url" ] || [ -z "$azure_kv_name" ]; then
- echo "❌ Error: Unable to load the values of azure_kv.vault_url and azure_kv.name from the JSON file" >&2
- exit 1
- fi
- sops -d --azure-kv "azure_kv_vault_url" "$encrypted_file_path" | jq -c
-else
- echo "{}" | jq -c
-fi