From 124f9a4f50e1c58b4ba86029ff4afb2eb3303958 Mon Sep 17 00:00:00 2001
From: Andrea Grillo <andrea.grillo@pagopa.it>
Date: Wed, 10 Jul 2024 16:02:13 +0200
Subject: [PATCH] Add backend 3 (#1064)

---
 src/core/README.md      |   7 ++
 src/core/app_backend.tf | 180 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 187 insertions(+)

diff --git a/src/core/README.md b/src/core/README.md
index d718dc45f..d3251bb68 100644
--- a/src/core/README.md
+++ b/src/core/README.md
@@ -40,6 +40,7 @@
 | <a name="module_app_backend_web_test_api"></a> [app\_backend\_web\_test\_api](#module\_app\_backend\_web\_test\_api) | git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_web_test_preview | v7.61.0 |
 | <a name="module_app_backendl1_snet"></a> [app\_backendl1\_snet](#module\_app\_backendl1\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
 | <a name="module_app_backendl2_snet"></a> [app\_backendl2\_snet](#module\_app\_backendl2\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
+| <a name="module_app_backendl3_snet"></a> [app\_backendl3\_snet](#module\_app\_backendl3\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v7.61.0 |
 | <a name="module_app_backendli_snet"></a> [app\_backendli\_snet](#module\_app\_backendli\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
 | <a name="module_app_gw"></a> [app\_gw](#module\_app\_gw) | github.com/pagopa/terraform-azurerm-v3.git//app_gateway | v8.20.0 |
 | <a name="module_appgateway_snet"></a> [appgateway\_snet](#module\_appgateway\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
@@ -47,6 +48,8 @@
 | <a name="module_appservice_app_backendl1_slot_staging"></a> [appservice\_app\_backendl1\_slot\_staging](#module\_appservice\_app\_backendl1\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v7.61.0 |
 | <a name="module_appservice_app_backendl2"></a> [appservice\_app\_backendl2](#module\_appservice\_app\_backendl2) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v7.61.0 |
 | <a name="module_appservice_app_backendl2_slot_staging"></a> [appservice\_app\_backendl2\_slot\_staging](#module\_appservice\_app\_backendl2\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v7.61.0 |
+| <a name="module_appservice_app_backendl3"></a> [appservice\_app\_backendl3](#module\_appservice\_app\_backendl3) | github.com/pagopa/terraform-azurerm-v3//app_service | v7.61.0 |
+| <a name="module_appservice_app_backendl3_slot_staging"></a> [appservice\_app\_backendl3\_slot\_staging](#module\_appservice\_app\_backendl3\_slot\_staging) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v7.61.0 |
 | <a name="module_appservice_app_backendli"></a> [appservice\_app\_backendli](#module\_appservice\_app\_backendli) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v7.61.0 |
 | <a name="module_appservice_app_backendli_slot_staging"></a> [appservice\_app\_backendli\_slot\_staging](#module\_appservice\_app\_backendli\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v7.61.0 |
 | <a name="module_assets_cdn"></a> [assets\_cdn](#module\_assets\_cdn) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.61.0 |
@@ -233,11 +236,14 @@
 | [azurerm_private_dns_zone_virtual_network_link.srch_private_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.table_core_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.table_core_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
+| [azurerm_private_endpoint.backend3_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
+| [azurerm_private_endpoint.backend3_staging_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_private_endpoint.locked_profiles_storage_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
 | [azurerm_public_ip.public_ip_apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
 | [azurerm_resource_group.assets_cdn_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.azdo_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_resource_group.backend3](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.container_registry_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.default_roleassignment_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -260,6 +266,7 @@
 | [azurerm_storage_table.storage_api_validationtokens](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource |
 | [azurerm_subnet_nat_gateway_association.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_nat_gateway_association.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
+| [azurerm_subnet_nat_gateway_association.app_backendl3_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_nat_gateway_association.app_backendli_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_network_security_group_association.snet_nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
 | [azurerm_user_assigned_identity.appgateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
diff --git a/src/core/app_backend.tf b/src/core/app_backend.tf
index 21734e23a..3021f3ed9 100644
--- a/src/core/app_backend.tf
+++ b/src/core/app_backend.tf
@@ -352,6 +352,12 @@ locals {
       API_URL              = "https://${data.azurerm_linux_function_app.function_app[1].default_hostname}/api/v1"
       APP_MESSAGES_API_URL = "https://${data.azurerm_linux_function_app.app_messages_2.default_hostname}/api/v1"
     }
+    app_settings_l3 = {
+      IS_APPBACKENDLI = "false"
+      // FUNCTIONS
+      API_URL              = "https://${data.azurerm_linux_function_app.function_app[1].default_hostname}/api/v1"
+      APP_MESSAGES_API_URL = "https://${data.azurerm_linux_function_app.app_messages_2.default_hostname}/api/v1"
+    }
     app_settings_li = {
       IS_APPBACKENDLI = "true"
       // FUNCTIONS
@@ -375,6 +381,13 @@ locals {
       path        = "/info",
       http_status = 200,
     },
+    {
+      id          = "io-p-app-appbackendl3.azurewebsites.net"
+      name        = module.appservice_app_backendl3.default_site_hostname,
+      host        = module.appservice_app_backendl3.default_site_hostname,
+      path        = "/info",
+      http_status = 200,
+    },
     {
       id          = "io-p-app-appbackendli.azurewebsites.net"
       name        = module.appservice_app_backendli.default_site_hostname,
@@ -453,6 +466,13 @@ resource "azurerm_resource_group" "rg_linux" {
   tags = var.tags
 }
 
+resource "azurerm_resource_group" "backend3" {
+  name     = format("%s-weu-backend-rg-03", local.project)
+  location = var.location
+
+  tags = var.tags
+}
+
 ## key vault
 
 data "azurerm_key_vault_secret" "app_backend_SAML_CERT" {
@@ -701,6 +721,166 @@ resource "azurerm_key_vault_secret" "appbackend_THIRD_PARTY_CONFIG_LIST" {
   content_type = "string"
 }
 
+## app_backendl3
+module "app_backendl3_snet" {
+  source                                    = "github.com/pagopa/terraform-azurerm-v3//subnet?ref=v7.61.0"
+  name                                      = "${local.project}-weu-backend-snet-03"
+  address_prefixes                          = ["10.0.156.0/24"]
+  resource_group_name                       = azurerm_resource_group.rg_common.name
+  virtual_network_name                      = module.vnet_common.name
+  private_endpoint_network_policies_enabled = true
+
+  service_endpoints = [
+    "Microsoft.Web",
+  ]
+
+  delegation = {
+    name = "default"
+    service_delegation = {
+      name    = "Microsoft.Web/serverFarms"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+    }
+  }
+}
+
+resource "azurerm_subnet_nat_gateway_association" "app_backendl3_snet" {
+  nat_gateway_id = module.nat_gateway.id
+  subnet_id      = module.app_backendl3_snet.id
+}
+
+module "appservice_app_backendl3" {
+  source = "github.com/pagopa/terraform-azurerm-v3//app_service?ref=v7.61.0"
+
+  # App service plan
+  plan_type = "internal"
+  plan_name = format("%s-weu-backend-asp-03", local.project)
+  sku_name  = var.app_backend_plan_sku_size
+
+  # App service
+  name                = format("%s-weu-backend-app-03", local.project)
+  resource_group_name = azurerm_resource_group.backend3.name
+  location            = azurerm_resource_group.backend3.location
+
+  node_version                 = "18-lts"
+  always_on                    = true
+  app_command_line             = local.app_backend.app_command_line
+  health_check_path            = "/ping"
+  health_check_maxpingfailures = 2
+
+  app_settings = merge(
+    local.app_backend.app_settings_common,
+    local.app_backend.app_settings_l3,
+  )
+
+  subnet_id        = module.app_backendl3_snet.id
+  vnet_integration = true
+
+  tags = var.tags
+}
+
+resource "azurerm_private_endpoint" "backend3_sites" {
+  name                = "${local.project}-weu-backend-app-pep-03"
+  location            = azurerm_resource_group.backend3.location
+  resource_group_name = azurerm_resource_group.backend3.name
+  subnet_id           = module.private_endpoints_subnet.id
+
+  private_service_connection {
+    name                           = "${local.project}-weu-backend-app-pep-03"
+    private_connection_resource_id = module.appservice_app_backendl3.id
+    is_manual_connection           = false
+    subresource_names              = ["sites"]
+  }
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.privatelink_azurewebsites.id]
+  }
+
+  tags = var.tags
+}
+
+module "appservice_app_backendl3_slot_staging" {
+  source = "github.com/pagopa/terraform-azurerm-v3//app_service_slot?ref=v7.61.0"
+
+  # App service plan
+  app_service_id   = module.appservice_app_backendl3.id
+  app_service_name = module.appservice_app_backendl3.name
+
+  # App service
+  name                = "staging"
+  resource_group_name = azurerm_resource_group.backend3.name
+  location            = azurerm_resource_group.backend3.location
+
+  always_on         = true
+  node_version      = "18-lts"
+  app_command_line  = local.app_backend.app_command_line
+  health_check_path = "/ping"
+
+  app_settings = merge(
+    local.app_backend.app_settings_common,
+    local.app_backend.app_settings_l3,
+  )
+
+  subnet_id        = module.app_backendl3_snet.id
+  vnet_integration = true
+
+  tags = var.tags
+}
+
+resource "azurerm_private_endpoint" "backend3_staging_sites" {
+  name                = "${local.project}-weu-backend-staging-app-pep-03"
+  location            = azurerm_resource_group.backend3.location
+  resource_group_name = azurerm_resource_group.backend3.name
+  subnet_id           = module.private_endpoints_subnet.id
+
+  private_service_connection {
+    name                           = "${local.project}-weu-backend-staging-app-pep-03"
+    private_connection_resource_id = module.appservice_app_backendl3.id
+    is_manual_connection           = false
+    subresource_names              = ["sites-${module.appservice_app_backendl3_slot_staging.name}"]
+  }
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.privatelink_azurewebsites.id]
+  }
+
+  tags = var.tags
+}
+
+# module "app_backend_3" {
+#   source = "github.com/pagopa/dx//infra/modules/azure_app_service?ref=main"
+
+#   environment = {
+#     prefix = var.prefix
+#     env_short = var.env_short
+#     location = azurerm_resource_group.backend.location
+#     app_name = "backend"
+#     instance_number = "03"
+#   }
+
+#   resource_group_name = azurerm_resource_group.backend.name
+
+#   subnet_cidr = "10.0.156.0/24"
+#   subnet_pep_id = module.private_endpoints_subnet.id
+#   virtual_network = module.vnet_common.name
+#   private_dns_zone_resource_group_name = azurerm_resource_group.rg_common.name
+#   subnet_service_endpoints = {
+#     web = true
+#   }
+
+#   health_check_path = "/ping"
+
+#   node_version = 18
+
+#   app_settings = merge(
+#     local.app_backend.app_settings_common,
+#     local.app_backend.app_settings_l3,
+#   )
+
+#   tags = var.tags
+# }
+
 ## app_backendl1
 
 module "app_backendl1_snet" {