[CES-108] Add private endpoints to CGN Cosmos Account without alterin…

…g DNS (#1235)

src/domains/cgn/_modules/cosmos/cosmos_account_cgn.tf

@@ -45,3 +45,19 @@ module "cosmos_account_cgn" {
 
   tags = var.tags
 }
+
+resource "azurerm_private_endpoint" "cosno_remote_content_itn" {
+  name                = "${var.project}-itn-cgn-cosno-pep-01"
+  location            = "italynorth"
+  resource_group_name = var.resource_group_name
+  subnet_id           = var.private_endpoint_subnet_id_itn
+
+  private_service_connection {
+    name                           = "${var.project}-itn-cgn-cosno-pep-01"
+    private_connection_resource_id = module.cosmos_account_cgn.id
+    is_manual_connection           = false
+    subresource_names              = ["Sql"]
+  }
+
+  tags = var.tags
+}

src/domains/cgn/_modules/cosmos/variables.tf

@@ -27,3 +27,8 @@ variable "private_endpoint_subnet_id" {
   type        = string
   description = "Id of the subnet which has private endpoints"
 }
+
+variable "private_endpoint_subnet_id_itn" {
+  type        = string
+  description = "Id of the subnet which has private endpoints"
+}

src/domains/cgn/_modules/networking/data.tf

@@ -3,12 +3,23 @@ data "azurerm_virtual_network" "vnet_common" {
   resource_group_name = local.resource_group_common
 }
 
+data "azurerm_virtual_network" "common_itn" {
+  name                = "${var.project}-itn-common-vnet-01"
+  resource_group_name = local.resource_group_common_itn
+}
+
 data "azurerm_subnet" "subnet_private_endpoints" {
   name                 = "pendpoints"
   resource_group_name  = data.azurerm_virtual_network.vnet_common.resource_group_name
   virtual_network_name = data.azurerm_virtual_network.vnet_common.name
 }
 
+data "azurerm_subnet" "pep_snet_itn" {
+  name                 = "${var.project}-itn-pep-snet-01"
+  resource_group_name  = data.azurerm_virtual_network.common_itn.resource_group_name
+  virtual_network_name = data.azurerm_virtual_network.common_itn.name
+}
+
 data "azurerm_nat_gateway" "nat_gateway" {
   name                = "${var.project}-natgw"
   resource_group_name = local.resource_group_common

src/domains/cgn/_modules/networking/locals.tf

@@ -1,3 +1,4 @@
 locals {
-  resource_group_common = "${var.project}-rg-common"
+  resource_group_common     = "${var.project}-rg-common"
+  resource_group_common_itn = "${var.project}-itn-common-rg-01"
 }

src/domains/cgn/_modules/networking/outputs.tf

@@ -13,6 +13,13 @@ output "subnet_pendpoints" {
   }
 }
 
+output "subnet_pep_itn" {
+  value = {
+    id   = data.azurerm_subnet.pep_snet_itn.id
+    name = data.azurerm_subnet.pep_snet_itn.name
+  }
+}
+
 output "subnet_redis" {
   value = {
     id   = module.subnet_redis.id

src/domains/cgn/prod/cosmos.tf

@@ -6,7 +6,8 @@ module "cosmos" {
   secondary_location  = local.secondary_location
   resource_group_name = module.resource_groups.resource_group_cgn.name
 
-  private_endpoint_subnet_id = module.networking.subnet_pendpoints.id
+  private_endpoint_subnet_id     = module.networking.subnet_pendpoints.id
+  private_endpoint_subnet_id_itn = module.networking.subnet_pep_itn.id
 
   tags = local.tags
 }

src/domains/cgn/prod/locals.tf

@@ -11,7 +11,7 @@ locals {
     CreatedBy      = "Terraform"
     Environment    = "Prod"
     Owner          = "IO"
-    ManagementTeam = "IO Comunicazione"
-    Source         = "https://github.com/pagopa/io-infra/blob/main/src/domains/cgn/prod/westeurope"
+    ManagementTeam = "IO Enti & Servizi"
+    Source         = "https://github.com/pagopa/io-infra/blob/main/src/domains/cgn/prod"
   }
 }