Merge branch 'main' into CES-36-unify-terraform-state-location

pagopa · Nov 5, 2024 · 2acc749 · 2acc749
2 parents 7b4d1e1 + aa6117a
commit 2acc749
Show file tree

Hide file tree

Showing 44 changed files with 139 additions and 474 deletions.
diff --git a/.github/workflows/cgn_ci.yaml b/.github/workflows/cgn_ci.yaml
@@ -1,6 +1,7 @@
 name: Continuous Integration on cgn
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/common_code_review.yaml b/.github/workflows/common_code_review.yaml
@@ -5,6 +5,7 @@ name: PR - Common TF Validation
 # It is responsible for managing changes related to "common" infrastructure,
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/continua_ci.yaml b/.github/workflows/continua_ci.yaml
@@ -1,6 +1,7 @@
 name: Continuous Integration on continua
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/core_code_review.yaml b/.github/workflows/core_code_review.yaml
@@ -5,6 +5,7 @@ name: PR - Core TF Validation
 # It is responsible for managing changes related to "core" infrastructure,
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/elt_ci.yaml b/.github/workflows/elt_ci.yaml
@@ -1,6 +1,7 @@
 name: Continuous Integration on elt
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/eucovidcert_ci.yaml b/.github/workflows/eucovidcert_ci.yaml
@@ -1,6 +1,7 @@
 name: Continuous Integration on eucovidcert
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/functions_ci.yml b/.github/workflows/functions_ci.yml
@@ -1,6 +1,7 @@
 name: Continuous Integration on prod functions
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/ioselfcare_ci.yaml b/.github/workflows/ioselfcare_ci.yaml
@@ -1,6 +1,7 @@
 name: Continuous Integration on selfcare
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/ioweb_prod_ci.yml b/.github/workflows/ioweb_prod_ci.yml
@@ -1,6 +1,7 @@
 name: Continuous Integration on prod ioweb
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/legacy_apim_code_review.yaml b/.github/workflows/legacy_apim_code_review.yaml
@@ -5,6 +5,7 @@ name: PR - Legacy APIM TF Validation
 # It is responsible for managing only a couple of legacy API groups on APIM.
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/load_test_ci.yaml b/.github/workflows/load_test_ci.yaml
@@ -1,6 +1,7 @@
 name: Continuous Integration on load-test
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/pr_labeler.yaml b/.github/workflows/pr_labeler.yaml
@@ -2,7 +2,7 @@ name: PR - Labeler
 
 on:
   workflow_dispatch:
-
+  merge_group:
   pull_request:
     branches:
       - main

diff --git a/.github/workflows/prod_ci_citizen-auth.yml b/.github/workflows/prod_ci_citizen-auth.yml
@@ -1,6 +1,7 @@
 name: Continuous Integration on prod citizen-auth
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
@@ -1,6 +1,7 @@
 name: Static Analysis
 
 on:
+  merge_group:
   workflow_dispatch:
   pull_request:
     types:

diff --git a/.terraform-version b/.terraform-version
@@ -1 +1 @@
-1.7.5
+1.9.8
diff --git a/src/_modules/common_values/outputs_configurable.tf b/src/_modules/common_values/outputs_configurable.tf
@@ -5,9 +5,9 @@ output "scaling_gate" {
   HOW: These values will be used for scaling the different resources (function app, app services, etc.)
   EOF
   value = {
-    name     = "wallet_gate1"
+    name     = "wallet_gate2"
     timezone = "W. Europe Standard Time"
-    start    = "2024-10-23T08:00:00.000Z"
-    end      = "2024-10-23T22:00:00.000Z"
+    start    = "2024-11-06T08:00:00.00Z"
+    end      = "2024-11-06T22:00:00.00Z"
   }
-}
+}
diff --git a/src/common/_modules/apim/data.tf b/src/common/_modules/apim/data.tf
@@ -11,16 +11,4 @@ data "azurerm_key_vault_certificate" "api_internal_io_italia_it" {
 data "azurerm_key_vault_certificate" "api_app_internal_io_pagopa_it" {
   name         = replace(local.apim_hostname_api_app_internal, ".", "-")
   key_vault_id = var.key_vault.id
-}
-
-data "azurerm_api_management_group" "api_v2_lollipop_assertion_read" {
-  name                = "apilollipopassertionread"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
-
-data "azurerm_api_management_product" "apim_v2_product_lollipop" {
-  product_id          = "io-lollipop-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
+}
diff --git a/src/common/_modules/apim/subscriptions.tf b/src/common/_modules/apim/subscriptions.tf
diff --git a/src/common/_modules/apim/users.tf b/src/common/_modules/apim/users.tf
diff --git a/src/common/prod/locals.tf b/src/common/prod/locals.tf
@@ -73,7 +73,7 @@ locals {
     services_app_backend = data.azurerm_linux_function_app.services_app_backend_function_app.default_hostname
     lollipop             = data.azurerm_linux_function_app.lollipop_function.default_hostname
     eucovidcert          = data.azurerm_linux_function_app.eucovidcert.default_hostname
-    cgn                  = data.azurerm_linux_function_app.function_cgn.default_hostname
+    cgn                  = "io-p-itn-cgn-card-func-01.azurewebsites.net"
     iosign               = data.azurerm_linux_function_app.io_sign_user.default_hostname
     cgnonboarding        = "io-p-itn-cgn-search-func-01.azurewebsites.net"
     trial_system_api     = "ts-p-itn-api-func-01.azurewebsites.net"

diff --git a/src/domains/cgn/_modules/apim/named_values_cgn.tf b/src/domains/cgn/_modules/apim/named_values_cgn.tf
@@ -3,7 +3,7 @@ resource "azurerm_api_management_named_value" "io_fn_cgnmerchant_url_v2" {
   api_management_name = data.azurerm_api_management.apim.name
   resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "io-fn-cgnmerchant-url"
-  value               = "https://${var.function_cgn_merchant_hostname}"
+  value               = "https://io-p-itn-cgn-merchant-func-01.azurewebsites.net"
 }
 
 resource "azurerm_api_management_named_value" "io_fn_cgnmerchant_key_v2" {

diff --git a/src/domains/cgn/_modules/apim/named_values_cgn_os.tf b/src/domains/cgn/_modules/apim/named_values_cgn_os.tf
@@ -3,7 +3,7 @@ resource "azurerm_api_management_named_value" "cgnonboardingportal_os_url_value_
   api_management_name = data.azurerm_api_management.apim.name
   resource_group_name = data.azurerm_api_management.apim.resource_group_name
   display_name        = "cgnonboardingportal-os-url"
-  value               = format("https://cgnonboardingportal-%s-op.azurewebsites.net", var.env_short)
+  value               = "https://io-p-itn-cgn-search-func-01.azurewebsites.net"
 }
 
 resource "azurerm_api_management_named_value" "cgnonboardingportal_os_key_v2" {

diff --git a/src/domains/cgn/_modules/cosmos/locals.tf b/src/domains/cgn/_modules/cosmos/locals.tf
@@ -7,14 +7,14 @@ locals {
       name               = "user-cgns"
       partition_key_path = "/fiscalCode"
       autoscale_settings = {
-        max_throughput = 2000
+        max_throughput = 4000
       },
     },
     {
       name               = "user-eyca-cards"
       partition_key_path = "/fiscalCode"
       autoscale_settings = {
-        max_throughput = 2000
+        max_throughput = 4000
       },
     },
   ]

diff --git a/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf b/src/domains/cgn/_modules/functions_apps/function_app_cgn.tf
@@ -17,12 +17,15 @@ module "function_cgn" {
 
   app_settings = merge(
     local.function_cgn.app_settings_common, {
-      "AzureWebJobs.ContinueEycaActivation.Disabled" = "0",
-      "AzureWebJobs.UpdateExpiredCgn.Disabled"       = "0",
-      "AzureWebJobs.UpdateExpiredEyca.Disabled"      = "0"
+      "AzureWebJobs.ContinueEycaActivation.Disabled" = "1",
+      "AzureWebJobs.UpdateExpiredCgn.Disabled"       = "1",
+      "AzureWebJobs.UpdateExpiredEyca.Disabled"      = "1"
     }
   )
 
+  sticky_app_setting_names = [
+  ]
+
   internal_storage = {
     "enable"                     = true,
     "private_endpoint_subnet_id" = var.subnet_private_endpoints_id,
@@ -45,12 +48,6 @@ module "function_cgn" {
     data.azurerm_subnet.snet_backendl3.id
   ]
 
-  sticky_app_setting_names = [
-    "AzureWebJobs.ContinueEycaActivation.Disabled",
-    "AzureWebJobs.UpdateExpiredCgn.Disabled",
-    "AzureWebJobs.UpdateExpiredEyca.Disabled"
-  ]
-
   tags = var.tags
 }
 
@@ -138,4 +135,4 @@ resource "azurerm_private_endpoint" "staging_function_sites" {
   }
 
   tags = var.tags
-}
+}
diff --git a/src/domains/citizen-auth-common/03_apim_v2.tf b/src/domains/citizen-auth-common/03_apim_v2.tf
@@ -253,3 +253,33 @@ resource "azurerm_api_management_named_value" "api_fast_login_operation_group_na
   value               = azurerm_api_management_group.api_fast_login_operation_v2.display_name
   secret              = "false"
 }
+
+####################################################################################
+# PagoPA General PN APIM User
+####################################################################################
+resource "azurerm_api_management_user" "pn_user_v2" {
+  user_id             = "pnapimuser"
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  first_name          = "PNAPIMuser"
+  last_name           = "PNAPIMuser"
+  email               = "[email protected]"
+  state               = "active"
+}
+
+resource "azurerm_api_management_group_user" "pn_group_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.user_id
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  group_name          = azurerm_api_management_group.api_lollipop_assertion_read_v2.name
+}
+
+resource "azurerm_api_management_subscription" "pn_lc_subscription_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.id
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  product_id          = module.apim_v2_product_lollipop.id
+  display_name        = "PN LC"
+  state               = "active"
+  allow_tracing       = false
+}
diff --git a/src/domains/citizen-auth-common/04_redis_common.tf b/src/domains/citizen-auth-common/04_redis_common.tf
@@ -14,7 +14,7 @@ module "redis_common_itn" {
   name                  = format("%s-redis-std-v6", local.project_itn)
   resource_group_name   = azurerm_resource_group.data_rg_itn.name
   location              = azurerm_resource_group.data_rg_itn.location
-  capacity              = 3
+  capacity              = 4
   family                = "C"
   sku_name              = "Standard"
   redis_version         = "6"

diff --git a/src/domains/citizen-auth-common/99_locals.tf b/src/domains/citizen-auth-common/99_locals.tf
@@ -33,4 +33,7 @@ locals {
 
   vnet_common_name_itn                = "${local.common_project_itn}-common-vnet-01"
   vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01"
+
+  apim_itn_name                = "${local.product}-${local.itn_location_short}-apim-01"
+  apim_itn_resource_group_name = "${local.product}-${local.itn_location_short}-common-rg-01"
 }
diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md
@@ -43,15 +43,18 @@
 | [azurerm_api_management_group.api_lollipop_assertion_read_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
 | [azurerm_api_management_group_user.pagopa_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
 | [azurerm_api_management_group_user.pagopa_operation_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
+| [azurerm_api_management_group_user.pn_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
 | [azurerm_api_management_named_value.api_fast_login_operation_group_name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_fast_login_operation_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_lollipop_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_lollipop_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_subscription.pagopa_fastlogin_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_subscription.pagopa_operation_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_subscription.pagopa_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.pn_lc_subscription_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_user.fast_login_operation_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_api_management_user.pagopa_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
+| [azurerm_api_management_user.pn_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_cosmosdb_sql_container.lollipop_pubkeys](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
 | [azurerm_key_vault_access_policy.access_policy_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.access_policy_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |

diff --git a/src/domains/functions/env/prod/terraform.tfvars b/src/domains/functions/env/prod/terraform.tfvars
@@ -35,14 +35,6 @@ function_admin_autoscale_minimum = 1
 function_admin_autoscale_maximum = 3
 function_admin_autoscale_default = 1
 
-# Functions shared
-plan_shared_1_kind                = "Linux"
-plan_shared_1_sku_tier            = "PremiumV3"
-plan_shared_1_sku_size            = "P1v3"
-function_public_autoscale_minimum = 1
-function_public_autoscale_maximum = 30
-function_public_autoscale_default = 10
-
 
 # Function CDN Assets
 function_assets_cdn_kind              = "Linux"