[IOPAE-1604] Add ipatente payments and practices to appgateway (#1349)

Co-authored-by: Gianmaria Scorza <[email protected]>
pagopa · Dec 10, 2024 · 09c83c8 · 09c83c8
1 parent 68b2531
commit 09c83c8
Show file tree

Hide file tree

Showing 4 changed files with 120 additions and 0 deletions.
diff --git a/src/common/_modules/application_gateway/data.tf b/src/common/_modules/application_gateway/data.tf
@@ -47,6 +47,16 @@ data "azurerm_linux_web_app" "ipatente_licences_app_itn" {
   resource_group_name = "${var.project}-itn-ipatente-rg-01"
 }
 
+data "azurerm_linux_web_app" "ipatente_payments_app_itn" {
+  name                = "${var.project}-itn-ipatente-payments-app-01"
+  resource_group_name = "${var.project}-itn-ipatente-rg-01"
+}
+
+data "azurerm_linux_web_app" "ipatente_practices_app_itn" {
+  name                = "${var.project}-itn-ipatente-practices-app-01"
+  resource_group_name = "${var.project}-itn-ipatente-rg-01"
+}
+
 #######################
 ###    Key Vault    ###
 #######################
@@ -130,6 +140,16 @@ data "azurerm_key_vault_certificate" "app_gw_licences_ipatente_io" {
   key_vault_id = var.key_vault.id
 }
 
+data "azurerm_key_vault_certificate" "app_gw_payments_ipatente_io" {
+  name         = var.certificates.payments_ipatente_io_pagopa_it
+  key_vault_id = var.key_vault.id
+}
+
+data "azurerm_key_vault_certificate" "app_gw_practices_ipatente_io" {
+  name         = var.certificates.practices_ipatente_io_pagopa_it
+  key_vault_id = var.key_vault.id
+}
+
 data "azurerm_key_vault_secret" "app_gw_mtls_header_name" {
   name         = "mtls-header-name"
   key_vault_id = var.key_vault.id

diff --git a/src/common/_modules/application_gateway/main.tf b/src/common/_modules/application_gateway/main.tf
@@ -166,6 +166,34 @@ module "app_gw" {
       request_timeout             = 10
       pick_host_name_from_backend = true
     }
+
+    payments-ipatente-io-app = {
+      protocol     = "Https"
+      host         = null
+      port         = 443
+      ip_addresses = null # with null value use fqdns
+      fqdns = [
+        data.azurerm_linux_web_app.ipatente_payments_app_itn.default_hostname,
+      ]
+      probe                       = "/api/info"
+      probe_name                  = "probe-payments-ipatente-io-app"
+      request_timeout             = 10
+      pick_host_name_from_backend = true
+    }
+
+    practices-ipatente-io-app = {
+      protocol     = "Https"
+      host         = null
+      port         = 443
+      ip_addresses = null # with null value use fqdns
+      fqdns = [
+        data.azurerm_linux_web_app.ipatente_practices_app_itn.default_hostname,
+      ]
+      probe                       = "/api/info"
+      probe_name                  = "probe-practices-ipatente-io-app"
+      request_timeout             = 10
+      pick_host_name_from_backend = true
+    }
   }
 
   ssl_profiles = [{
@@ -437,6 +465,32 @@ module "app_gw" {
         id   = data.azurerm_key_vault_certificate.app_gw_licences_ipatente_io.versionless_secret_id
       }
     }
+
+    # payments-ipatente-io-pagopa-it = {
+    #   protocol           = "Https"
+    #   host               = format("payments.%s", var.public_dns_zones.ipatente_io_pagopa_it.name)
+    #   port               = 443
+    #   ssl_profile_name   = format("%s-ssl-profile", var.project)
+    #   firewall_policy_id = null
+
+    #   certificate = {
+    #     name = var.certificates.payments_ipatente_io_pagopa_it
+    #     id   = data.azurerm_key_vault_certificate.app_gw_payments_ipatente_io.versionless_secret_id
+    #   }
+    # }
+
+    # practices-ipatente-io-pagopa-it = {
+    #   protocol           = "Https"
+    #   host               = format("practices.%s", var.public_dns_zones.ipatente_io_pagopa_it.name)
+    #   port               = 443
+    #   ssl_profile_name   = format("%s-ssl-profile", var.project)
+    #   firewall_policy_id = null
+
+    #   certificate = {
+    #     name = var.certificates.practices_ipatente_io_pagopa_it
+    #     id   = data.azurerm_key_vault_certificate.app_gw_practices_ipatente_io.versionless_secret_id
+    #   }
+    # }
   }
 
   # maps listener to backend
@@ -526,6 +580,20 @@ module "app_gw" {
       rewrite_rule_set_name = "rewrite-rule-set-licences-ipatente-io-app"
       priority              = 131
     }
+
+    # payments-ipatente-io-pagopa-it = {
+    #   listener              = "payments-ipatente-io-pagopa-it"
+    #   backend               = "payments-ipatente-io-app"
+    #   rewrite_rule_set_name = "rewrite-rule-set-payments-ipatente-io-app"
+    #   priority              = 130
+    # }
+
+    # practices-ipatente-io-pagopa-it = {
+    #   listener              = "practices-ipatente-io-pagopa-it"
+    #   backend               = "practices-ipatente-io-app"
+    #   rewrite_rule_set_name = "rewrite-rule-set-practices-ipatente-io-app"
+    #   priority              = 131
+    # }
   }
 
   routes_path_based = {
@@ -873,6 +941,14 @@ module "app_gw" {
     {
       name          = "rewrite-rule-set-licences-ipatente-io-app"
       rewrite_rules = [local.io_backend_ip_headers_rule]
+    },
+    {
+      name          = "rewrite-rule-set-payments-ipatente-io-app"
+      rewrite_rules = [local.io_backend_ip_headers_rule]
+    },
+    {
+      name          = "rewrite-rule-set-practices-ipatente-io-app"
+      rewrite_rules = [local.io_backend_ip_headers_rule]
     }
   ]
 

diff --git a/src/common/_modules/global/modules/dns/ipatente_io_pagopa_it.tf b/src/common/_modules/global/modules/dns/ipatente_io_pagopa_it.tf
@@ -45,5 +45,27 @@ resource "azurerm_dns_a_record" "licences_ipatente_io_pagopa_it" {
   ttl                 = var.dns_default_ttl_sec
   records             = [var.app_gateway_public_ip]
 
+  tags = var.tags
+}
+
+# payments.ipatente.io.pagopa.it
+resource "azurerm_dns_a_record" "payments_ipatente_io_pagopa_it" {
+  name                = "payments"
+  zone_name           = azurerm_dns_zone.ipatente_io_pagopa_it.name
+  resource_group_name = var.resource_groups.external
+  ttl                 = var.dns_default_ttl_sec
+  records             = [var.app_gateway_public_ip]
+
+  tags = var.tags
+}
+
+# practices.ipatente.io.pagopa.it
+resource "azurerm_dns_a_record" "practices_ipatente_io_pagopa_it" {
+  name                = "practices"
+  zone_name           = azurerm_dns_zone.ipatente_io_pagopa_it.name
+  resource_group_name = var.resource_groups.external
+  ttl                 = var.dns_default_ttl_sec
+  records             = [var.app_gateway_public_ip]
+
   tags = var.tags
 }
diff --git a/src/common/prod/westeurope.tf b/src/common/prod/westeurope.tf
@@ -329,6 +329,8 @@ module "application_gateway_weu" {
     oauth_io_pagopa_it                   = "oauth-io-pagopa-it"
     vehicles_ipatente_io_pagopa_it       = "vehicles-ipatente-io-pagopa-it"
     licences_ipatente_io_pagopa_it       = "licences-ipatente-io-pagopa-it"
+    payments_ipatente_io_pagopa_it       = "payments-ipatente-io-pagopa-it"
+    practices_ipatente_io_pagopa_it      = "practices-ipatente-io-pagopa-it"
   }
 
   cidr_subnet           = ["10.0.13.0/24"]