From 2cb6e5eed0888738182bad0a020986bc5f5cf28e Mon Sep 17 00:00:00 2001 From: Mario Mupo Date: Mon, 30 Sep 2024 16:47:33 +0200 Subject: [PATCH 1/7] feat: added module for private andpoint and new one for cgn postgre uat --- src/common/_modules/private_endpoint/data.tf | 12 +++++++ .../_modules/private_endpoint/locals.tf | 9 +++++ src/common/_modules/private_endpoint/main.tf | 22 ++++++++++++ .../_modules/private_endpoint/outputs.tf | 9 +++++ .../_modules/private_endpoint/provider.tf | 6 ++++ .../_modules/private_endpoint/variables.tf | 34 +++++++++++++++++++ src/common/prod/README.md | 2 ++ src/common/prod/data.tf | 8 ++++- src/common/prod/italynorth.tf | 13 +++++++ 9 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 src/common/_modules/private_endpoint/data.tf create mode 100644 src/common/_modules/private_endpoint/locals.tf create mode 100644 src/common/_modules/private_endpoint/main.tf create mode 100644 src/common/_modules/private_endpoint/outputs.tf create mode 100644 src/common/_modules/private_endpoint/provider.tf create mode 100644 src/common/_modules/private_endpoint/variables.tf diff --git a/src/common/_modules/private_endpoint/data.tf b/src/common/_modules/private_endpoint/data.tf new file mode 100644 index 000000000..79fdea3e6 --- /dev/null +++ b/src/common/_modules/private_endpoint/data.tf @@ -0,0 +1,12 @@ +# CGN PostgreSQL Single Server + +data "azurerm_private_dns_zone" "cgn_psql_private_dns_zone" { + name = "privatelink.postgres.database.azure.com" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_postgresql_server" "cgn_psql" { + provider = azurerm.uat-cgn + name = "cgnonboardingportal-u-db-postgresql" + resource_group_name = "cgnonboardingportal-u-db-rg" +} \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/locals.tf b/src/common/_modules/private_endpoint/locals.tf new file mode 100644 index 000000000..ee93a3061 --- /dev/null +++ b/src/common/_modules/private_endpoint/locals.tf @@ -0,0 +1,9 @@ +locals { + private_endpoints = { + "cgn-psql" = { + resource_id = data.azurerm_postgresql_server.cgn_psql.id + subresource_names = ["postgresqlServer"] + private_dns_zone_id = data.azurerm_private_dns_zone.cgn_psql_private_dns_zone.id + } + } +} \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/main.tf b/src/common/_modules/private_endpoint/main.tf new file mode 100644 index 000000000..776381ad2 --- /dev/null +++ b/src/common/_modules/private_endpoint/main.tf @@ -0,0 +1,22 @@ +resource "azurerm_private_endpoint" "this" { + for_each = local.private_endpoints + + name = "${var.project}-${each.key}-pep-01" + location = var.location + resource_group_name = var.resource_group_name + subnet_id = var.pep_snet_id + + private_service_connection { + name = "${var.project}-${each.key}-pep-01" + private_connection_resource_id = each.value.resource_id + is_manual_connection = false + subresource_names = each.value.subresource_names + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [each.value.private_dns_zone_id] + } + + tags = var.tags +} \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/outputs.tf b/src/common/_modules/private_endpoint/outputs.tf new file mode 100644 index 000000000..1c74efd36 --- /dev/null +++ b/src/common/_modules/private_endpoint/outputs.tf @@ -0,0 +1,9 @@ +output "provate_endpoints" { + value = { + for k, v in azurerm_private_endpoint.this : + k => { + name = v.name + id = v.id + } + } +} \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/provider.tf b/src/common/_modules/private_endpoint/provider.tf new file mode 100644 index 000000000..a78b0d362 --- /dev/null +++ b/src/common/_modules/private_endpoint/provider.tf @@ -0,0 +1,6 @@ +provider "azurerm" { + alias = "uat-cgn" + subscription_id = "d1a90d9f-6ee1-4fb2-a149-7aedbf3ed49d" + + features {} +} \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/variables.tf b/src/common/_modules/private_endpoint/variables.tf new file mode 100644 index 000000000..ca056b705 --- /dev/null +++ b/src/common/_modules/private_endpoint/variables.tf @@ -0,0 +1,34 @@ +variable "project" { + type = string + description = "IO prefix, short environment and short location" +} + +variable "location" { + type = string + description = "Azure region" +} + +variable "tags" { + type = map(any) + description = "Resource tags" +} + +variable "resource_group_name" { + type = string + description = "Resource group namee" +} + +variable "vnet_common" { + type = object({ + id = string + name = string + address_space = list(string) + resource_group_name = string + }) + description = "Information of the common VNet" +} + +variable "pep_snet_id" { + type = string + description = "ID of the private endpoint subnet" +} \ No newline at end of file diff --git a/src/common/prod/README.md b/src/common/prod/README.md index 75968b761..fd1abd151 100644 --- a/src/common/prod/README.md +++ b/src/common/prod/README.md @@ -20,6 +20,7 @@ | [github\_runner\_itn](#module\_github\_runner\_itn) | ../_modules/github_runner | n/a | | [global](#module\_global) | ../_modules/global | n/a | | [monitoring\_weu](#module\_monitoring\_weu) | ../_modules/monitoring | n/a | +| [private\_endpoints\_itn](#module\_private\_endpoints\_itn) | ../_modules/private_endpoint | n/a | | [redis\_weu](#module\_redis\_weu) | ../_modules/redis | n/a | ## Resources @@ -45,6 +46,7 @@ | [azurerm_subnet.cosmos_api_allowed](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.functions_fast_login_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.itn_msgs_sending_func_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.itn_pep_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.services_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_virtual_network.weu_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | [azurerm_virtual_network.weu_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | diff --git a/src/common/prod/data.tf b/src/common/prod/data.tf index d6fcb92e0..c20c2842d 100644 --- a/src/common/prod/data.tf +++ b/src/common/prod/data.tf @@ -107,4 +107,10 @@ data "azurerm_subnet" "itn_msgs_sending_func_snet" { name = "${local.project_itn}-msgs-sending-func-snet-01" resource_group_name = local.core.networking.itn.vnet_common.resource_group_name virtual_network_name = local.core.networking.itn.vnet_common.name -} \ No newline at end of file +} + +data "azurerm_subnet" "itn_pep_snet" { + name = "${local.project_itn}-pep-snet-01" + resource_group_name = local.core.networking.itn.vnet_common.resource_group_name + virtual_network_name = local.core.networking.itn.vnet_common.name +} diff --git a/src/common/prod/italynorth.tf b/src/common/prod/italynorth.tf index 58d3399ab..5ec9d6184 100644 --- a/src/common/prod/italynorth.tf +++ b/src/common/prod/italynorth.tf @@ -20,3 +20,16 @@ module "github_runner_itn" { tags = local.tags } + +module "private_endpoints_itn" { + source = "../_modules/private_endpoint" + + project = local.project_itn + location = "italynorth" + resource_group_name = local.resource_groups.itn.common + + vnet_common = local.core.networking.itn.vnet_common + pep_snet_id = data.azurerm_subnet.itn_pep_snet.id + + tags = local.tags +} \ No newline at end of file From e470bf2d715a16acd91550fc36550e16437e224b Mon Sep 17 00:00:00 2001 From: Mario Mupo <43968294+mamu0@users.noreply.github.com> Date: Mon, 30 Sep 2024 17:17:22 +0200 Subject: [PATCH 2/7] Update src/common/_modules/private_endpoint/outputs.tf Co-authored-by: christian-calabrese --- src/common/_modules/private_endpoint/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/_modules/private_endpoint/outputs.tf b/src/common/_modules/private_endpoint/outputs.tf index 1c74efd36..1068d28d2 100644 --- a/src/common/_modules/private_endpoint/outputs.tf +++ b/src/common/_modules/private_endpoint/outputs.tf @@ -1,4 +1,4 @@ -output "provate_endpoints" { +output "private_endpoints" { value = { for k, v in azurerm_private_endpoint.this : k => { From a0ace34a5f3834b30f864a80e8899747d9a41663 Mon Sep 17 00:00:00 2001 From: Mario Mupo Date: Mon, 30 Sep 2024 17:33:44 +0200 Subject: [PATCH 3/7] fix: some changes --- src/common/_modules/private_endpoint/data.tf | 8 ++++---- src/common/_modules/private_endpoint/locals.tf | 2 +- src/common/_modules/private_endpoint/variables.tf | 15 +++++---------- src/common/prod/README.md | 1 - src/common/prod/data.tf | 8 +------- src/common/prod/italynorth.tf | 4 ++-- 6 files changed, 13 insertions(+), 25 deletions(-) diff --git a/src/common/_modules/private_endpoint/data.tf b/src/common/_modules/private_endpoint/data.tf index 79fdea3e6..f12ab10f3 100644 --- a/src/common/_modules/private_endpoint/data.tf +++ b/src/common/_modules/private_endpoint/data.tf @@ -1,9 +1,9 @@ # CGN PostgreSQL Single Server -data "azurerm_private_dns_zone" "cgn_psql_private_dns_zone" { - name = "privatelink.postgres.database.azure.com" - resource_group_name = "io-p-rg-common" -} +# data "azurerm_private_dns_zone" "cgn_psql_private_dns_zone" { +# name = "privatelink.postgres.database.azure.com" +# resource_group_name = "io-p-rg-common" +# } data "azurerm_postgresql_server" "cgn_psql" { provider = azurerm.uat-cgn diff --git a/src/common/_modules/private_endpoint/locals.tf b/src/common/_modules/private_endpoint/locals.tf index ee93a3061..0083372fc 100644 --- a/src/common/_modules/private_endpoint/locals.tf +++ b/src/common/_modules/private_endpoint/locals.tf @@ -3,7 +3,7 @@ locals { "cgn-psql" = { resource_id = data.azurerm_postgresql_server.cgn_psql.id subresource_names = ["postgresqlServer"] - private_dns_zone_id = data.azurerm_private_dns_zone.cgn_psql_private_dns_zone.id + private_dns_zone_id = var.dns_zones.postgres.id } } } \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/variables.tf b/src/common/_modules/private_endpoint/variables.tf index ca056b705..5fd585651 100644 --- a/src/common/_modules/private_endpoint/variables.tf +++ b/src/common/_modules/private_endpoint/variables.tf @@ -18,17 +18,12 @@ variable "resource_group_name" { description = "Resource group namee" } -variable "vnet_common" { - type = object({ - id = string - name = string - address_space = list(string) - resource_group_name = string - }) - description = "Information of the common VNet" -} - variable "pep_snet_id" { type = string description = "ID of the private endpoint subnet" +} + +variable "dns_zones" { + type = map(any) + description = "DNS zones" } \ No newline at end of file diff --git a/src/common/prod/README.md b/src/common/prod/README.md index fd1abd151..93c928739 100644 --- a/src/common/prod/README.md +++ b/src/common/prod/README.md @@ -46,7 +46,6 @@ | [azurerm_subnet.cosmos_api_allowed](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.functions_fast_login_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.itn_msgs_sending_func_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_subnet.itn_pep_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.services_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_virtual_network.weu_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | [azurerm_virtual_network.weu_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | diff --git a/src/common/prod/data.tf b/src/common/prod/data.tf index c20c2842d..d6fcb92e0 100644 --- a/src/common/prod/data.tf +++ b/src/common/prod/data.tf @@ -107,10 +107,4 @@ data "azurerm_subnet" "itn_msgs_sending_func_snet" { name = "${local.project_itn}-msgs-sending-func-snet-01" resource_group_name = local.core.networking.itn.vnet_common.resource_group_name virtual_network_name = local.core.networking.itn.vnet_common.name -} - -data "azurerm_subnet" "itn_pep_snet" { - name = "${local.project_itn}-pep-snet-01" - resource_group_name = local.core.networking.itn.vnet_common.resource_group_name - virtual_network_name = local.core.networking.itn.vnet_common.name -} +} \ No newline at end of file diff --git a/src/common/prod/italynorth.tf b/src/common/prod/italynorth.tf index 5ec9d6184..ea9bdee76 100644 --- a/src/common/prod/italynorth.tf +++ b/src/common/prod/italynorth.tf @@ -28,8 +28,8 @@ module "private_endpoints_itn" { location = "italynorth" resource_group_name = local.resource_groups.itn.common - vnet_common = local.core.networking.itn.vnet_common - pep_snet_id = data.azurerm_subnet.itn_pep_snet.id + pep_snet_id = local.core.networking.itn.pep_snet.id + dns_zones = module.global.dns.private_dns_zones tags = local.tags } \ No newline at end of file From 0a4483b650d70ef9597e977a2fd0c915adc9ecb3 Mon Sep 17 00:00:00 2001 From: Mario Mupo Date: Mon, 30 Sep 2024 17:54:23 +0200 Subject: [PATCH 4/7] fix: minor changes --- src/common/_modules/global/modules/dns/outputs.tf | 1 + src/common/_modules/private_endpoint/variables.tf | 12 +++++++++++- src/common/prod/README.md | 2 +- src/common/prod/italynorth.tf | 2 +- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/common/_modules/global/modules/dns/outputs.tf b/src/common/_modules/global/modules/dns/outputs.tf index 645cb0a26..f35246780 100644 --- a/src/common/_modules/global/modules/dns/outputs.tf +++ b/src/common/_modules/global/modules/dns/outputs.tf @@ -35,6 +35,7 @@ output "private_dns_zones" { value = { servicebus = azurerm_private_dns_zone.privatelink_servicebus documents = azurerm_private_dns_zone.privatelink_documents + postgres = azurerm_private_dns_zone.privatelink_postgres_database_azure_com } } diff --git a/src/common/_modules/private_endpoint/variables.tf b/src/common/_modules/private_endpoint/variables.tf index 5fd585651..73063ff96 100644 --- a/src/common/_modules/private_endpoint/variables.tf +++ b/src/common/_modules/private_endpoint/variables.tf @@ -25,5 +25,15 @@ variable "pep_snet_id" { variable "dns_zones" { type = map(any) - description = "DNS zones" + description = < [github\_runner\_itn](#module\_github\_runner\_itn) | ../_modules/github_runner | n/a | | [global](#module\_global) | ../_modules/global | n/a | | [monitoring\_weu](#module\_monitoring\_weu) | ../_modules/monitoring | n/a | -| [private\_endpoints\_itn](#module\_private\_endpoints\_itn) | ../_modules/private_endpoint | n/a | +| [private\_endpoints](#module\_private\_endpoints) | ../_modules/private_endpoint | n/a | | [redis\_weu](#module\_redis\_weu) | ../_modules/redis | n/a | ## Resources diff --git a/src/common/prod/italynorth.tf b/src/common/prod/italynorth.tf index ea9bdee76..abdf017f0 100644 --- a/src/common/prod/italynorth.tf +++ b/src/common/prod/italynorth.tf @@ -21,7 +21,7 @@ module "github_runner_itn" { tags = local.tags } -module "private_endpoints_itn" { +module "private_endpoints" { source = "../_modules/private_endpoint" project = local.project_itn From bf19746e9c8d453314feeca7e2de188164f425f1 Mon Sep 17 00:00:00 2001 From: Mario Mupo Date: Mon, 30 Sep 2024 18:49:19 +0200 Subject: [PATCH 5/7] fix: added logic for multiple instances --- src/common/_modules/private_endpoint/locals.tf | 8 +++++--- src/common/_modules/private_endpoint/main.tf | 9 +++++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/common/_modules/private_endpoint/locals.tf b/src/common/_modules/private_endpoint/locals.tf index 0083372fc..212c543de 100644 --- a/src/common/_modules/private_endpoint/locals.tf +++ b/src/common/_modules/private_endpoint/locals.tf @@ -1,9 +1,11 @@ locals { private_endpoints = { "cgn-psql" = { - resource_id = data.azurerm_postgresql_server.cgn_psql.id - subresource_names = ["postgresqlServer"] - private_dns_zone_id = var.dns_zones.postgres.id + "01" = { + resource_id = data.azurerm_postgresql_server.cgn_psql.id + subresource_names = ["postgresqlServer"] + private_dns_zone_id = var.dns_zones.postgres.id + } } } } \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/main.tf b/src/common/_modules/private_endpoint/main.tf index 776381ad2..74456fd5d 100644 --- a/src/common/_modules/private_endpoint/main.tf +++ b/src/common/_modules/private_endpoint/main.tf @@ -1,7 +1,12 @@ resource "azurerm_private_endpoint" "this" { - for_each = local.private_endpoints + for_each = merge([ + for pep, instances in local.private_endpoints : { + for i, values in instances : + "${pep}-pep-${i}" => values + } + ]...) - name = "${var.project}-${each.key}-pep-01" + name = "${var.project}-${each.key}" location = var.location resource_group_name = var.resource_group_name subnet_id = var.pep_snet_id From a8c0871733cee63224270814c866e69b58f24076 Mon Sep 17 00:00:00 2001 From: Mario Mupo Date: Tue, 1 Oct 2024 09:35:58 +0200 Subject: [PATCH 6/7] feat: added cgn uat provider --- src/identity/prod/README.md | 3 +++ src/identity/prod/data.tf | 4 ++++ src/identity/prod/main.tf | 21 +++++++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/src/identity/prod/README.md b/src/identity/prod/README.md index d9b5db15f..593703719 100644 --- a/src/identity/prod/README.md +++ b/src/identity/prod/README.md @@ -18,8 +18,11 @@ | Name | Type | |------|------| +| [azurerm_role_assignment.cd_cgn_uat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | | [azurerm_role_assignment.cd_trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [azurerm_role_assignment.ci_cgn_uat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | | [azurerm_role_assignment.ci_trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [azurerm_subscription.cgn_uat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | | [azurerm_subscription.trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | ## Inputs diff --git a/src/identity/prod/data.tf b/src/identity/prod/data.tf index be442aed9..d2a2913b7 100644 --- a/src/identity/prod/data.tf +++ b/src/identity/prod/data.tf @@ -1,3 +1,7 @@ data "azurerm_subscription" "trial_system" { provider = azurerm.prod-trial +} + +data "azurerm_subscription" "cgn_uat" { + provider = azurerm.uat-cgn } \ No newline at end of file diff --git a/src/identity/prod/main.tf b/src/identity/prod/main.tf index 842fbd4bc..d65a608a2 100644 --- a/src/identity/prod/main.tf +++ b/src/identity/prod/main.tf @@ -26,6 +26,13 @@ provider "azurerm" { features {} } +provider "azurerm" { + alias = "uat-cgn" + subscription_id = "d1a90d9f-6ee1-4fb2-a149-7aedbf3ed49d" + + features {} +} + module "federated_identities" { source = "github.com/pagopa/dx//infra/modules/azure_federated_identity_with_github?ref=main" @@ -90,4 +97,18 @@ resource "azurerm_role_assignment" "cd_trial_system" { scope = data.azurerm_subscription.trial_system.id principal_id = module.federated_identities.federated_ci_identity.id role_definition_name = "Reader" +} + +resource "azurerm_role_assignment" "ci_cgn_uat" { + provider = azurerm.uat-cgn + scope = data.azurerm_subscription.cgn_uat.id + principal_id = module.federated_identities.federated_ci_identity.id + role_definition_name = "Reader" +} + +resource "azurerm_role_assignment" "cd_cgn_uat" { + provider = azurerm.uat-cgn + scope = data.azurerm_subscription.cgn_uat.id + principal_id = module.federated_identities.federated_ci_identity.id + role_definition_name = "Reader" } \ No newline at end of file From acf4d55da8f4ad6aa9eb13071c5147beba9f0f9e Mon Sep 17 00:00:00 2001 From: Mario Mupo Date: Tue, 1 Oct 2024 09:40:46 +0200 Subject: [PATCH 7/7] fix: added cgn prod --- src/common/_modules/private_endpoint/data.tf | 11 +++-------- src/common/_modules/private_endpoint/provider.tf | 4 ++-- src/identity/prod/README.md | 6 +++--- src/identity/prod/data.tf | 4 ++-- src/identity/prod/main.tf | 16 ++++++++-------- 5 files changed, 18 insertions(+), 23 deletions(-) diff --git a/src/common/_modules/private_endpoint/data.tf b/src/common/_modules/private_endpoint/data.tf index f12ab10f3..203e7b3ae 100644 --- a/src/common/_modules/private_endpoint/data.tf +++ b/src/common/_modules/private_endpoint/data.tf @@ -1,12 +1,7 @@ # CGN PostgreSQL Single Server -# data "azurerm_private_dns_zone" "cgn_psql_private_dns_zone" { -# name = "privatelink.postgres.database.azure.com" -# resource_group_name = "io-p-rg-common" -# } - data "azurerm_postgresql_server" "cgn_psql" { - provider = azurerm.uat-cgn - name = "cgnonboardingportal-u-db-postgresql" - resource_group_name = "cgnonboardingportal-u-db-rg" + provider = azurerm.prod-cgn + name = "cgnonboardingportal-p-db-postgresql" + resource_group_name = "cgnonboardingportal-p-db-rg" } \ No newline at end of file diff --git a/src/common/_modules/private_endpoint/provider.tf b/src/common/_modules/private_endpoint/provider.tf index a78b0d362..b6e64e349 100644 --- a/src/common/_modules/private_endpoint/provider.tf +++ b/src/common/_modules/private_endpoint/provider.tf @@ -1,6 +1,6 @@ provider "azurerm" { - alias = "uat-cgn" - subscription_id = "d1a90d9f-6ee1-4fb2-a149-7aedbf3ed49d" + alias = "prod-cgn" + subscription_id = "74da48a3-b0e7-489d-8172-da79801086ed" features {} } \ No newline at end of file diff --git a/src/identity/prod/README.md b/src/identity/prod/README.md index 593703719..5aa34f20b 100644 --- a/src/identity/prod/README.md +++ b/src/identity/prod/README.md @@ -18,11 +18,11 @@ | Name | Type | |------|------| -| [azurerm_role_assignment.cd_cgn_uat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [azurerm_role_assignment.cd_cgn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | | [azurerm_role_assignment.cd_trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | -| [azurerm_role_assignment.ci_cgn_uat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [azurerm_role_assignment.ci_cgn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | | [azurerm_role_assignment.ci_trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | -| [azurerm_subscription.cgn_uat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | +| [azurerm_subscription.cgn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | | [azurerm_subscription.trial_system](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | ## Inputs diff --git a/src/identity/prod/data.tf b/src/identity/prod/data.tf index d2a2913b7..567ebe647 100644 --- a/src/identity/prod/data.tf +++ b/src/identity/prod/data.tf @@ -2,6 +2,6 @@ data "azurerm_subscription" "trial_system" { provider = azurerm.prod-trial } -data "azurerm_subscription" "cgn_uat" { - provider = azurerm.uat-cgn +data "azurerm_subscription" "cgn" { + provider = azurerm.prod-cgn } \ No newline at end of file diff --git a/src/identity/prod/main.tf b/src/identity/prod/main.tf index d65a608a2..f478df750 100644 --- a/src/identity/prod/main.tf +++ b/src/identity/prod/main.tf @@ -27,8 +27,8 @@ provider "azurerm" { } provider "azurerm" { - alias = "uat-cgn" - subscription_id = "d1a90d9f-6ee1-4fb2-a149-7aedbf3ed49d" + alias = "prod-cgn" + subscription_id = "74da48a3-b0e7-489d-8172-da79801086ed" features {} } @@ -99,16 +99,16 @@ resource "azurerm_role_assignment" "cd_trial_system" { role_definition_name = "Reader" } -resource "azurerm_role_assignment" "ci_cgn_uat" { - provider = azurerm.uat-cgn - scope = data.azurerm_subscription.cgn_uat.id +resource "azurerm_role_assignment" "ci_cgn" { + provider = azurerm.prod-cgn + scope = data.azurerm_subscription.cgn.id principal_id = module.federated_identities.federated_ci_identity.id role_definition_name = "Reader" } -resource "azurerm_role_assignment" "cd_cgn_uat" { - provider = azurerm.uat-cgn - scope = data.azurerm_subscription.cgn_uat.id +resource "azurerm_role_assignment" "cd_cgn" { + provider = azurerm.prod-cgn + scope = data.azurerm_subscription.cgn.id principal_id = module.federated_identities.federated_ci_identity.id role_definition_name = "Reader" } \ No newline at end of file