Merge branch 'main' into CES-68-add-apim-itn-app-backend

.github/workflows/static_analysis.yml

@@ -19,6 +19,6 @@ jobs:
     name: Terraform Validation
     secrets: inherit
     with:
-      terraform_version: "1.7.5"
+      terraform_version: "1.10.2"
       pre_commit_tf_tag: "v1.96.1@sha256:9aea677ac51d67eb96b3bbb4cf93b16afdde5476f984e75e87888850d18146c9"
-      enable_modified_files_detection: true
+      enable_modified_files_detection: true

.terraform-version

@@ -1 +1 @@
-1.9.8
+1.10.2

src/_modules/common_values/data.tf

@@ -3,13 +3,13 @@ data "azurerm_virtual_network" "weu_prod01" {
   resource_group_name = "${local.project_weu}-prod01-vnet-rg"
 }
 
-data "terraform_remote_state" "core" {
+data "terraform_remote_state" "common" {
   backend = "azurerm"
 
   config = {
     resource_group_name  = "terraform-state-rg"
     storage_account_name = "iopitntfst001"
     container_name       = "terraform-state"
-    key                  = "io-infra.core.prod.italynorth.tfstate"
+    key                  = "io-infra.common.prod.tfstate"
   }
 }

src/_modules/common_values/locals.tf

@@ -10,5 +10,5 @@ locals {
   project_itn        = "${local.prefix}-${local.env_short}-${local.location_short.italynorth}"
   project_weu        = "${local.prefix}-${local.env_short}-${local.location_short.westeurope}"
   project_weu_legacy = "${local.prefix}-${local.env_short}"
-  core               = data.terraform_remote_state.core.outputs
+  common             = data.terraform_remote_state.common.outputs
 }

src/_modules/common_values/outputs_network.tf

@@ -5,14 +5,20 @@ output "virtual_networks" {
   EOF
   value = {
     itn = {
-      common = local.core.networking.itn.vnet_common
+      id                  = local.common.virtual_networks.itn.id
+      name                = local.common.virtual_networks.itn.name
+      resource_group_name = local.common.virtual_networks.itn.resource_group_name
     }
     weu = {
-      common = local.core.networking.weu.vnet_common
-      prod01 = {
-        name                = data.azurerm_virtual_network.weu_prod01.name
-        resource_group_name = data.azurerm_virtual_network.weu_prod01.resource_group_name
-      }
+      id                  = local.common.virtual_networks.weu.id
+      name                = local.common.virtual_networks.weu.name
+      resource_group_name = local.common.virtual_networks.weu.resource_group_name
+    }
+
+    prod01 = {
+      id                  = local.common.virtual_networks.prod01.id
+      name                = local.common.virtual_networks.prod01.name
+      resource_group_name = local.common.virtual_networks.prod01.resource_group_name
     }
   }
 }
@@ -23,10 +29,10 @@ output "pep_subnets" {
   EOF
   value = {
     itn = {
-      id = local.core.networking.itn.pep_snet.id
+      id = local.common.pep_subnets.itn.id
     },
     weu = {
-      id = local.core.networking.weu.pep_snet.id
+      id = local.common.pep_subnets.weu.id
     }
   }
 }

src/common/_modules/apim/main.tf

@@ -10,10 +10,10 @@ module "apim_v2" {
   notification_sender_email = data.azurerm_key_vault_secret.apim_publisher_email.value
   sku_name                  = var.migration ? "Premium_1" : "Premium_2"
   virtual_network_type      = "Internal"
-  zones                     = ["1", "2"]
+  zones                     = var.migration ? ["1"] : ["1", "2"]
 
   redis_cache_id       = null
-  public_ip_address_id = azurerm_public_ip.apim.id
+  public_ip_address_id = var.migration ? azurerm_public_ip.apim_tmp[0].id : azurerm_public_ip.apim.id
 
   hostname_configuration = {
     proxy = [
@@ -57,9 +57,9 @@ module "apim_v2" {
 
   autoscale = {
     enabled                       = true
-    default_instances             = 3
-    minimum_instances             = 2
-    maximum_instances             = 6
+    default_instances             = var.migration ? 1 : 3
+    minimum_instances             = var.migration ? 1 : 2
+    maximum_instances             = var.migration ? 1 : 6
     scale_out_capacity_percentage = 50
     scale_out_time_window         = "PT3M"
     scale_out_value               = "1"

src/common/_modules/apim/networking.tf

@@ -87,5 +87,20 @@ resource "azurerm_private_dns_a_record" "apim_scm_azure_api_net" {
   ttl                 = 3600
   records             = module.apim_v2.private_ip_addresses
 
+  tags = var.tags
+}
+
+# Delete when return to 2 instances
+resource "azurerm_public_ip" "apim_tmp" {
+  count = var.migration ? 1 : 0
+
+  name                = try(local.nonstandard[var.location_short].pip_name, "${var.project}-apim-tmp-pip-01")
+  resource_group_name = var.resource_group_common
+  location            = var.location
+  allocation_method   = "Static"
+  sku                 = "Standard"
+  domain_name_label   = "apimiotmp"
+  zones               = ["1", "2", "3"]
+
   tags = var.tags
 }

src/common/_modules/app_backend/app_settings.tf

@@ -30,7 +30,7 @@ locals {
     AUTHENTICATION_BASE_PATH = ""
 
     // FUNCTIONS
-    API_URL                     = "https://${var.backend_hostnames.app[1]}/api/v1"
+    API_URL                     = "https://${var.backend_hostnames.app[0]}/api/v1"
     API_KEY                     = data.azurerm_key_vault_secret.app_backend_API_KEY.value
     CGN_API_URL                 = "https://${var.backend_hostnames.cgn}"
     CGN_API_KEY                 = data.azurerm_key_vault_secret.app_backend_CGN_API_KEY.value
@@ -46,8 +46,8 @@ locals {
     APP_MESSAGES_API_KEY        = data.azurerm_key_vault_secret.app_backend_APP_MESSAGES_API_KEY[(var.index - 1) % local.app_messages_count].value
     LOLLIPOP_API_URL            = "https://${var.backend_hostnames.lollipop}"
     LOLLIPOP_API_KEY            = data.azurerm_key_vault_secret.app_backend_LOLLIPOP_ITN_API_KEY.value
-    TRIAL_SYSTEM_API_URL        = "https://${var.backend_hostnames.trial_system_api}" # PROD-TRIAL subscription
-    TRIAL_SYSTEM_APIM_URL       = var.backend_hostnames.trial_system_apim             # Add this variable to avoid downtime
+    TRIAL_SYSTEM_API_URL        = "https://ts-p-itn-api-func-01.azurewebsites.net" # not working anymore
+    TRIAL_SYSTEM_APIM_URL       = "https://ts-p-itn-apim-01.azure-api.net"         # not working anymore
     TRIAL_SYSTEM_API_KEY        = data.azurerm_key_vault_secret.app_backend_TRIAL_SYSTEM_API_KEY.value
     TRIAL_SYSTEM_APIM_KEY       = data.azurerm_key_vault_secret.app_backend_TRIAL_SYSTEM_APIM_KEY.value
     IO_WALLET_API_URL           = "https://${var.backend_hostnames.iowallet}"
@@ -104,9 +104,9 @@ locals {
     FF_CGN_ENABLED             = 1
     FF_EUCOVIDCERT_ENABLED     = 1
     FF_IO_SIGN_ENABLED         = 1
-    FF_IO_FIMS_ENABLED         = 0
+    FF_IO_FIMS_ENABLED         = 1
     FF_IO_WALLET_ENABLED       = 1
-    FF_IO_WALLET_TRIAL_ENABLED = 1
+    FF_IO_WALLET_TRIAL_ENABLED = 0
 
     FF_ROUTING_PUSH_NOTIF                      = "ALL" # possible values are: BETA, CANARY, ALL, NONE
     FF_ROUTING_PUSH_NOTIF_BETA_TESTER_SHA_LIST = data.azurerm_key_vault_secret.app_backend_APP_MESSAGES_BETA_FISCAL_CODES.value

src/common/_modules/app_backend/locals.tf

@@ -40,4 +40,4 @@ locals {
     }
   }
 
-}
+}

src/common/_modules/app_backend/variables.tf

@@ -196,8 +196,6 @@ variable "backend_hostnames" {
     iosign               = string
     iofims               = string
     cgnonboarding        = string
-    trial_system_api     = string
-    trial_system_apim    = string
     iowallet             = string
   })
 }

src/common/_modules/application_gateway/data.tf

@@ -17,14 +17,9 @@ data "azurerm_linux_web_app" "session_manager_03" {
   resource_group_name = "io-p-weu-session-manager-rg-01"
 }
 
-data "azurerm_linux_web_app" "session_manager_04" {
-  name                = "io-p-weu-session-manager-app-04"
-  resource_group_name = "io-p-weu-session-manager-rg-01"
-}
-
 data "azurerm_linux_web_app" "fims_op_app" {
-  name                = "io-p-weu-fims-op-app-01"
-  resource_group_name = "io-p-weu-fims-rg-01"
+  name                = "io-p-itn-fims-op-app-01"
+  resource_group_name = "io-p-itn-fims-rg-01"
 }
 
 data "azurerm_linux_web_app" "appservice_devportal_be" {
@@ -47,6 +42,16 @@ data "azurerm_linux_web_app" "ipatente_licences_app_itn" {
   resource_group_name = "${var.project}-itn-ipatente-rg-01"
 }
 
+data "azurerm_linux_web_app" "ipatente_payments_app_itn" {
+  name                = "${var.project}-itn-ipatente-payments-app-01"
+  resource_group_name = "${var.project}-itn-ipatente-rg-01"
+}
+
+data "azurerm_linux_web_app" "ipatente_practices_app_itn" {
+  name                = "${var.project}-itn-ipatente-practices-app-01"
+  resource_group_name = "${var.project}-itn-ipatente-rg-01"
+}
+
 #######################
 ###    Key Vault    ###
 #######################
@@ -120,8 +125,23 @@ data "azurerm_key_vault_certificate" "app_gw_selfcare_io" {
   key_vault_id = var.key_vault.id
 }
 
-data "azurerm_key_vault_certificate" "app_gw_ipatente_io" {
-  name         = var.certificates.ipatente_io_pagopa_it
+data "azurerm_key_vault_certificate" "app_gw_vehicles_ipatente_io" {
+  name         = var.certificates.vehicles_ipatente_io_pagopa_it
+  key_vault_id = var.key_vault.id
+}
+
+data "azurerm_key_vault_certificate" "app_gw_licences_ipatente_io" {
+  name         = var.certificates.licences_ipatente_io_pagopa_it
+  key_vault_id = var.key_vault.id
+}
+
+data "azurerm_key_vault_certificate" "app_gw_payments_ipatente_io" {
+  name         = var.certificates.payments_ipatente_io_pagopa_it
+  key_vault_id = var.key_vault.id
+}
+
+data "azurerm_key_vault_certificate" "app_gw_practices_ipatente_io" {
+  name         = var.certificates.practices_ipatente_io_pagopa_it
   key_vault_id = var.key_vault.id
 }