Skip to content

Commit

Permalink
[PE-914] Add role to io-p-itn-cgn-pe-backend-app-01 to manage APIM (#…
Browse files Browse the repository at this point in the history
Krusty93 authored Jan 27, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent e4d89ae commit 0b76c55
Showing 8 changed files with 38 additions and 25 deletions.
9 changes: 8 additions & 1 deletion src/common/_modules/apim/data.tf
Original file line number Diff line number Diff line change
@@ -36,4 +36,11 @@ data "azurerm_private_dns_zone" "scm_azure_api_net" {

name = "scm.azure-api.net"
resource_group_name = "io-p-rg-common"
}
}

data "azurerm_linux_web_app" "cgn_pe_backend_app_01" {
provider = azurerm.prod-cgn

name = "io-p-itn-cgn-pe-backend-app-01"
resource_group_name = "io-p-itn-cgn-pe-rg-01"
}
6 changes: 6 additions & 0 deletions src/common/_modules/apim/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
provider "azurerm" {
alias = "prod-cgn"
subscription_id = "74da48a3-b0e7-489d-8172-da79801086ed"

features {}
}
14 changes: 14 additions & 0 deletions src/common/_modules/apim/rbac.tf
Original file line number Diff line number Diff line change
@@ -89,3 +89,17 @@ module "iam_adgroup_bonus_admins" {
}
]
}

module "iam_cgn_pe_backend_app_01" {
source = "github.com/pagopa/dx//infra/modules/azure_role_assignments?ref=main"

principal_id = data.azurerm_linux_web_app.cgn_pe_backend_app_01.identity[0].principal_id

apim = [
{
name = module.apim_v2.name
resource_group_name = module.apim_v2.resource_group_name
role = "owner"
}
]
}
7 changes: 0 additions & 7 deletions src/common/_modules/private_endpoint/data.tf

This file was deleted.

7 changes: 0 additions & 7 deletions src/common/_modules/private_endpoint/locals.tf
Original file line number Diff line number Diff line change
@@ -1,12 +1,5 @@
locals {
private_endpoints = {
"cgn-psql" = {
"01" = {
resource_id = data.azurerm_postgresql_server.cgn_psql.id
subresource_names = ["postgresqlServer"]
private_dns_zone_id = var.dns_zones.postgres.id
}
}
"selc-evhns" = {
"01" = {
resource_id = "/subscriptions/813119d7-0943-46ed-8ebe-cebe24f9106c/resourceGroups/selc-p-event-rg/providers/Microsoft.EventHub/namespaces/selc-p-eventhub-ns"
1 change: 0 additions & 1 deletion src/common/prod/data.tf
Original file line number Diff line number Diff line change
@@ -123,4 +123,3 @@ data "azurerm_subnet" "itn_msgs_sending_func_snet" {
resource_group_name = local.core.networking.itn.vnet_common.resource_group_name
virtual_network_name = local.core.networking.itn.vnet_common.name
}

6 changes: 0 additions & 6 deletions src/identity/prod/data.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
data "azurerm_subscription" "cgn" {
provider = azurerm.prod-cgn
}

data "azurerm_postgresql_server" "cgn_psql" {
provider = azurerm.prod-cgn
name = "cgnonboardingportal-p-db-postgresql"
resource_group_name = "cgnonboardingportal-p-db-rg"
}
13 changes: 10 additions & 3 deletions src/identity/prod/main.tf
Original file line number Diff line number Diff line change
@@ -102,18 +102,25 @@ resource "azurerm_role_assignment" "ci_cgn" {
role_definition_name = "Reader"
}

resource "azurerm_role_assignment" "ci_cgn_iac_reader" {
provider = azurerm.prod-cgn
scope = data.azurerm_subscription.cgn.id
principal_id = module.federated_identities.federated_ci_identity.id
role_definition_name = "PagoPA IaC Reader"
}

resource "azurerm_role_assignment" "cd_cgn" {
provider = azurerm.prod-cgn
scope = data.azurerm_subscription.cgn.id
principal_id = module.federated_identities.federated_cd_identity.id
role_definition_name = "Reader"
}

resource "azurerm_role_assignment" "cd_cgn_postgresql" {
resource "azurerm_role_assignment" "cd_cgn_iac_reader" {
provider = azurerm.prod-cgn
scope = data.azurerm_postgresql_server.cgn_psql.id
scope = data.azurerm_subscription.cgn.id
principal_id = module.federated_identities.federated_cd_identity.id
role_definition_name = "Contributor"
role_definition_name = "PagoPA IaC Reader"
}

resource "azurerm_role_assignment" "cd_selc_evhns" {

0 comments on commit 0b76c55

Please sign in to comment.