From 2f1a4c57e2161a18c946f8a2e317c626f760f93c Mon Sep 17 00:00:00 2001 From: Andrea Grillo Date: Mon, 15 Apr 2024 14:10:48 +0200 Subject: [PATCH] [EC-260] Fundamental Terraform Core setup for Italy North region (#944) --- .identity/03_github_environment_cd.tf | 30 ++++- .identity/03_github_environment_ci.tf | 31 ++++- .identity/README.md | 6 + src/core/README.md | 15 --- src/core/_modules/networking/data.tf | 64 ++++++++++ src/core/_modules/networking/locals.tf | 6 + src/core/_modules/networking/outputs.tf | 7 ++ .../networking/private_dns_zone_itn_common.tf | 118 ++++++++++++++++++ src/core/_modules/networking/subnet_cidr.tf | 15 +++ src/core/_modules/networking/variables.tf | 19 +++ src/core/_modules/networking/vnet_common.tf | 12 ++ .../vnet_peering_itn_common_to_weu_beta.tf | 13 ++ .../vnet_peering_itn_common_to_weu_prod.tf | 13 ++ .../vnet_peering_weu_to_itn_common.tf | 13 ++ src/core/network.tf | 57 --------- src/core/private_dns_zones.tf | 100 --------------- src/core/prod/italynorth/.terraform.lock.hcl | 25 ++++ src/core/prod/italynorth/README.md | 30 +++++ src/core/prod/italynorth/locals.tf | 19 +++ src/core/prod/italynorth/main.tf | 37 ++++++ src/core/prod/italynorth/outputs.tf | 5 + 21 files changed, 457 insertions(+), 178 deletions(-) create mode 100644 src/core/_modules/networking/data.tf create mode 100644 src/core/_modules/networking/locals.tf create mode 100644 src/core/_modules/networking/outputs.tf create mode 100644 src/core/_modules/networking/private_dns_zone_itn_common.tf create mode 100644 src/core/_modules/networking/subnet_cidr.tf create mode 100644 src/core/_modules/networking/variables.tf create mode 100644 src/core/_modules/networking/vnet_common.tf create mode 100644 src/core/_modules/networking/vnet_peering_itn_common_to_weu_beta.tf create mode 100644 src/core/_modules/networking/vnet_peering_itn_common_to_weu_prod.tf create mode 100644 src/core/_modules/networking/vnet_peering_weu_to_itn_common.tf create mode 100644 src/core/prod/italynorth/.terraform.lock.hcl create mode 100644 src/core/prod/italynorth/README.md create mode 100644 src/core/prod/italynorth/locals.tf create mode 100644 src/core/prod/italynorth/main.tf create mode 100644 src/core/prod/italynorth/outputs.tf diff --git a/.identity/03_github_environment_cd.tf b/.identity/03_github_environment_cd.tf index 7a94d3b28..e67329404 100644 --- a/.identity/03_github_environment_cd.tf +++ b/.identity/03_github_environment_cd.tf @@ -19,25 +19,49 @@ resource "github_repository_environment" "github_repository_environment_cd" { } } +# TODO: remove when all workflows read values from ARM_** secrets #tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret -resource "github_actions_environment_secret" "azure_cd_tenant_id" { +resource "github_actions_environment_secret" "azure_cd_tenant_id_azure" { repository = local.repository environment = "${var.env}-cd" secret_name = "AZURE_TENANT_ID" plaintext_value = data.azurerm_client_config.current.tenant_id } +resource "github_actions_environment_secret" "azure_cd_tenant_id" { + repository = local.repository + environment = "${var.env}-cd" + secret_name = "ARM_TENANT_ID" + plaintext_value = data.azurerm_client_config.current.tenant_id +} + +# TODO: remove when all workflows read values from ARM_** secrets #tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret -resource "github_actions_environment_secret" "azure_cd_subscription_id" { +resource "github_actions_environment_secret" "azure_cd_subscription_id_azure" { repository = local.repository environment = "${var.env}-cd" secret_name = "AZURE_SUBSCRIPTION_ID" plaintext_value = data.azurerm_subscription.current.subscription_id } -resource "github_actions_environment_secret" "azure_client_id_cd" { +resource "github_actions_environment_secret" "azure_cd_subscription_id" { + repository = local.repository + environment = "${var.env}-cd" + secret_name = "ARM_SUBSCRIPTION_ID" + plaintext_value = data.azurerm_subscription.current.subscription_id +} + +# TODO: remove when all workflows read values from ARM_** secrets +resource "github_actions_environment_secret" "azure_client_id_cd_azure" { repository = local.repository environment = "${var.env}-cd" secret_name = "AZURE_CLIENT_ID" plaintext_value = module.identity_cd.identity_client_id } + +resource "github_actions_environment_secret" "azure_client_id_cd" { + repository = local.repository + environment = "${var.env}-cd" + secret_name = "ARM_CLIENT_ID" + plaintext_value = module.identity_cd.identity_client_id +} diff --git a/.identity/03_github_environment_ci.tf b/.identity/03_github_environment_ci.tf index 39acf7c0d..d0d308925 100644 --- a/.identity/03_github_environment_ci.tf +++ b/.identity/03_github_environment_ci.tf @@ -7,8 +7,9 @@ resource "github_repository_environment" "github_repository_environment_ci" { } } +# TODO: remove when all workflows read values from ARM_** secrets #tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret -resource "github_actions_environment_secret" "azure_ci_tenant_id" { +resource "github_actions_environment_secret" "azure_ci_tenant_id_azure" { repository = local.repository environment = "${var.env}-ci" secret_name = "AZURE_TENANT_ID" @@ -16,16 +17,40 @@ resource "github_actions_environment_secret" "azure_ci_tenant_id" { } #tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret -resource "github_actions_environment_secret" "azure_ci_subscription_id" { +resource "github_actions_environment_secret" "azure_ci_tenant_id" { + repository = local.repository + environment = "${var.env}-ci" + secret_name = "ARM_TENANT_ID" + plaintext_value = data.azurerm_client_config.current.tenant_id +} + +# TODO: remove when all workflows read values from ARM_** secrets +#tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret +resource "github_actions_environment_secret" "azure_ci_subscription_id_azure" { repository = local.repository environment = "${var.env}-ci" secret_name = "AZURE_SUBSCRIPTION_ID" plaintext_value = data.azurerm_subscription.current.subscription_id } -resource "github_actions_environment_secret" "azure_client_id_ci" { +resource "github_actions_environment_secret" "azure_ci_subscription_id" { + repository = local.repository + environment = "${var.env}-ci" + secret_name = "ARM_SUBSCRIPTION_ID" + plaintext_value = data.azurerm_subscription.current.subscription_id +} + +# TODO: remove when all workflows read values from ARM_** secrets +resource "github_actions_environment_secret" "azure_client_id_ci_azure" { repository = local.repository environment = "${var.env}-ci" secret_name = "AZURE_CLIENT_ID" plaintext_value = module.identity_ci.identity_client_id } + +resource "github_actions_environment_secret" "azure_client_id_ci" { + repository = local.repository + environment = "${var.env}-ci" + secret_name = "ARM_CLIENT_ID" + plaintext_value = module.identity_ci.identity_client_id +} diff --git a/.identity/README.md b/.identity/README.md index 6bf46a557..754ca5dda 100644 --- a/.identity/README.md +++ b/.identity/README.md @@ -25,11 +25,17 @@ | [azuread_directory_role.directory_readers](https://registry.terraform.io/providers/hashicorp/azuread/2.30.0/docs/resources/directory_role) | resource | | [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [github_actions_environment_secret.azure_cd_subscription_id](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | +| [github_actions_environment_secret.azure_cd_subscription_id_azure](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | | [github_actions_environment_secret.azure_cd_tenant_id](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | +| [github_actions_environment_secret.azure_cd_tenant_id_azure](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | | [github_actions_environment_secret.azure_ci_subscription_id](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | +| [github_actions_environment_secret.azure_ci_subscription_id_azure](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | | [github_actions_environment_secret.azure_ci_tenant_id](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | +| [github_actions_environment_secret.azure_ci_tenant_id_azure](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | | [github_actions_environment_secret.azure_client_id_cd](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | +| [github_actions_environment_secret.azure_client_id_cd_azure](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | | [github_actions_environment_secret.azure_client_id_ci](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | +| [github_actions_environment_secret.azure_client_id_ci_azure](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/actions_environment_secret) | resource | | [github_repository_environment.github_repository_environment_cd](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/repository_environment) | resource | | [github_repository_environment.github_repository_environment_ci](https://registry.terraform.io/providers/integrations/github/5.45.0/docs/resources/repository_environment) | resource | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | diff --git a/src/core/README.md b/src/core/README.md index 0a17de0a3..bb48f042d 100644 --- a/src/core/README.md +++ b/src/core/README.md @@ -90,12 +90,8 @@ | [storage\_api\_object\_replication\_to\_replica](#module\_storage\_api\_object\_replication\_to\_replica) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_object_replication | v7.61.0 | | [storage\_api\_replica](#module\_storage\_api\_replica) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.61.0 | | [vnet\_common](#module\_vnet\_common) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v7.61.0 | -| [vnet\_in\_common](#module\_vnet\_in\_common) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v7.61.0 | -| [vnet\_peering\_common\_in\_common](#module\_vnet\_peering\_common\_in\_common) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v7.61.0 | | [vnet\_peering\_common\_weu\_beta](#module\_vnet\_peering\_common\_weu\_beta) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v7.61.0 | | [vnet\_peering\_common\_weu\_prod01](#module\_vnet\_peering\_common\_weu\_prod01) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v7.61.0 | -| [vnet\_peering\_in\_common\_weu\_beta](#module\_vnet\_peering\_in\_common\_weu\_beta) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v7.61.0 | -| [vnet\_peering\_in\_common\_weu\_prod01](#module\_vnet\_peering\_in\_common\_weu\_prod01) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v7.61.0 | | [vnet\_weu\_beta](#module\_vnet\_weu\_beta) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v7.61.0 | | [vnet\_weu\_prod01](#module\_vnet\_weu\_prod01) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v7.61.0 | | [vpn](#module\_vpn) | git::https://github.com/pagopa/terraform-azurerm-v3.git//vpn_gateway | v7.61.0 | @@ -234,24 +230,18 @@ | [azurerm_private_dns_zone.privatelink_table_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | | [azurerm_private_dns_zone_virtual_network_link.azurewebsites_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.azurewebsites_private_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.azurewebsites_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.azurewebsites_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.blob_core_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.blob_core_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.blob_core_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.documents_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.documents_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.documents_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.file_core_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.file_core_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.file_core_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.internal_io_pagopa_it_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.internal_io_pagopa_it_private_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.internal_io_pagopa_it_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.internal_io_pagopa_it_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.mongo_cosmos_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.mongo_cosmos_private_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.mongo_cosmos_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.mongo_cosmos_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_azurecr_io_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_azurecr_io_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | @@ -261,20 +251,16 @@ | [azurerm_private_dns_zone_virtual_network_link.privatelink_mysql_database_azure_com_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.queue_core_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.queue_core_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.queue_core_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.redis_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.redis_private_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.redis_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.servicebus_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.servicebus_private_vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.servicebus_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.servicebus_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.table_core_private_vnet_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.table_core_private_vnet_in_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.table_core_private_vnet_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_endpoint.locked_profiles_storage_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | @@ -291,7 +277,6 @@ | [azurerm_resource_group.grafana_dashboard_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.rg_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.rg_external](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.rg_in_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.rg_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.rg_linux](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | diff --git a/src/core/_modules/networking/data.tf b/src/core/_modules/networking/data.tf new file mode 100644 index 000000000..36c1572d2 --- /dev/null +++ b/src/core/_modules/networking/data.tf @@ -0,0 +1,64 @@ +data "azurerm_virtual_network" "weu_common" { + name = "io-p-vnet-common" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_virtual_network" "weu_beta" { + name = "io-p-weu-beta-vnet" + resource_group_name = "io-p-weu-beta-vnet-rg" +} + +data "azurerm_virtual_network" "weu_prod01" { + name = "io-p-weu-prod01-vnet" + resource_group_name = "io-p-weu-prod01-vnet-rg" +} + +data "azurerm_private_dns_zone" "internal_io_pagopa_it" { + name = "internal.io.pagopa.it" + resource_group_name = "io-p-rg-internal" +} + +data "azurerm_private_dns_zone" "privatelink_postgres_database_azure_com" { + name = "privatelink.postgres.database.azure.com" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_private_dns_zone" "privatelink_mongo_cosmos" { + name = "privatelink.mongo.cosmos.azure.com" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_private_dns_zone" "privatelink_servicebus" { + name = "privatelink.servicebus.windows.net" + resource_group_name = "io-p-evt-rg" +} + +data "azurerm_private_dns_zone" "privatelink_documents" { + name = "privatelink.documents.azure.com" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_private_dns_zone" "privatelink_blob_core" { + name = "privatelink.blob.core.windows.net" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_private_dns_zone" "privatelink_file_core" { + name = "privatelink.file.core.windows.net" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_private_dns_zone" "privatelink_queue_core" { + name = "privatelink.queue.core.windows.net" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_private_dns_zone" "privatelink_table_core" { + name = "privatelink.table.core.windows.net" + resource_group_name = "io-p-rg-common" +} + +data "azurerm_private_dns_zone" "privatelink_azurewebsites" { + name = "privatelink.azurewebsites.net" + resource_group_name = "io-p-rg-common" +} diff --git a/src/core/_modules/networking/locals.tf b/src/core/_modules/networking/locals.tf new file mode 100644 index 000000000..169f4f0e5 --- /dev/null +++ b/src/core/_modules/networking/locals.tf @@ -0,0 +1,6 @@ +locals { + ddos_protection_plan = { + id = "/subscriptions/0da48c97-355f-4050-a520-f11a18b8be90/resourceGroups/sec-p-ddos/providers/Microsoft.Network/ddosProtectionPlans/sec-p-ddos-protection" + enable = true + } +} diff --git a/src/core/_modules/networking/outputs.tf b/src/core/_modules/networking/outputs.tf new file mode 100644 index 000000000..7beb205a3 --- /dev/null +++ b/src/core/_modules/networking/outputs.tf @@ -0,0 +1,7 @@ +output "vnet_itn_common" { + value = { + id = module.vnet_itn_common.id + name = module.vnet_itn_common.name + address_space = module.vnet_itn_common.address_space + } +} diff --git a/src/core/_modules/networking/private_dns_zone_itn_common.tf b/src/core/_modules/networking/private_dns_zone_itn_common.tf new file mode 100644 index 000000000..00ca1b728 --- /dev/null +++ b/src/core/_modules/networking/private_dns_zone_itn_common.tf @@ -0,0 +1,118 @@ +resource "azurerm_private_dns_zone_virtual_network_link" "internal_io_pagopa_it_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.internal_io_pagopa_it.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.internal_io_pagopa_it.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_postgres_database_azure_com_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_postgres_database_azure_com.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_postgres_database_azure_com.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "mongo_cosmos_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_mongo_cosmos.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_mongo_cosmos.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "servicebus_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_servicebus.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_servicebus.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "documents_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_documents.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_documents.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "blob_core_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_blob_core.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_blob_core.name + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "file_core_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_file_core.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_file_core.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "queue_core_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_queue_core.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_queue_core.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "table_core_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_table_core.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_table_core.name + + registration_enabled = false + + tags = var.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "azurewebsites_private_vnet_itn_common" { + name = module.vnet_itn_common.name + + virtual_network_id = module.vnet_itn_common.id + resource_group_name = data.azurerm_private_dns_zone.privatelink_azurewebsites.resource_group_name + private_dns_zone_name = data.azurerm_private_dns_zone.privatelink_azurewebsites.name + + registration_enabled = false + + tags = var.tags +} diff --git a/src/core/_modules/networking/subnet_cidr.tf b/src/core/_modules/networking/subnet_cidr.tf new file mode 100644 index 000000000..8fd92cacd --- /dev/null +++ b/src/core/_modules/networking/subnet_cidr.tf @@ -0,0 +1,15 @@ +module "subnet_addrs" { + source = "hashicorp/subnets/cidr" + + base_cidr_block = "10.20.0.0/16" + networks = [ + # { + # name = "foo" + # new_bits = 8 + # }, + # { + # name = "bar" + # new_bits = 8 + # }, + ] +} diff --git a/src/core/_modules/networking/variables.tf b/src/core/_modules/networking/variables.tf new file mode 100644 index 000000000..6511c32be --- /dev/null +++ b/src/core/_modules/networking/variables.tf @@ -0,0 +1,19 @@ +variable "project" { + type = string + description = "IO prefix, short environment and short location" +} + +variable "location" { + type = string + description = "Azure region" +} + +variable "tags" { + type = map(any) + description = "Resource tags" +} + +variable "resource_group_name" { + type = string + description = "Resource group name for VNet" +} diff --git a/src/core/_modules/networking/vnet_common.tf b/src/core/_modules/networking/vnet_common.tf new file mode 100644 index 000000000..3c35797b5 --- /dev/null +++ b/src/core/_modules/networking/vnet_common.tf @@ -0,0 +1,12 @@ +module "vnet_itn_common" { + source = "github.com/pagopa/terraform-azurerm-v3//virtual_network?ref=v7.76.0" + + name = "${var.project}-common-vnet-001" + location = var.location + resource_group_name = var.resource_group_name + + address_space = [module.subnet_addrs.base_cidr_block] + ddos_protection_plan = local.ddos_protection_plan + + tags = var.tags +} diff --git a/src/core/_modules/networking/vnet_peering_itn_common_to_weu_beta.tf b/src/core/_modules/networking/vnet_peering_itn_common_to_weu_beta.tf new file mode 100644 index 000000000..4b40985fe --- /dev/null +++ b/src/core/_modules/networking/vnet_peering_itn_common_to_weu_beta.tf @@ -0,0 +1,13 @@ +module "vnet_peering_itn_common_weu_beta" { + source = "github.com/pagopa/terraform-azurerm-v3//virtual_network_peering?ref=v7.76.0" + + source_resource_group_name = module.vnet_itn_common.resource_group_name + source_virtual_network_name = module.vnet_itn_common.name + source_remote_virtual_network_id = module.vnet_itn_common.id + source_allow_gateway_transit = false # needed by vpn gateway for enabling routing from vnet to vnet_integration + + target_resource_group_name = data.azurerm_virtual_network.weu_beta.resource_group_name + target_virtual_network_name = data.azurerm_virtual_network.weu_beta.name + target_remote_virtual_network_id = data.azurerm_virtual_network.weu_beta.id + target_use_remote_gateways = false # needed by vpn gateway for enabling routing from vnet to vnet_integration +} diff --git a/src/core/_modules/networking/vnet_peering_itn_common_to_weu_prod.tf b/src/core/_modules/networking/vnet_peering_itn_common_to_weu_prod.tf new file mode 100644 index 000000000..92f245353 --- /dev/null +++ b/src/core/_modules/networking/vnet_peering_itn_common_to_weu_prod.tf @@ -0,0 +1,13 @@ +module "vnet_peering_itn_common_weu_prod01" { + source = "github.com/pagopa/terraform-azurerm-v3//virtual_network_peering?ref=v7.76.0" + + source_resource_group_name = module.vnet_itn_common.resource_group_name + source_virtual_network_name = module.vnet_itn_common.name + source_remote_virtual_network_id = module.vnet_itn_common.id + source_allow_gateway_transit = false # needed by vpn gateway for enabling routing from vnet to vnet_integration + + target_resource_group_name = data.azurerm_virtual_network.weu_prod01.resource_group_name + target_virtual_network_name = data.azurerm_virtual_network.weu_prod01.name + target_remote_virtual_network_id = data.azurerm_virtual_network.weu_prod01.id + target_use_remote_gateways = false # needed by vpn gateway for enabling routing from vnet to vnet_integration +} diff --git a/src/core/_modules/networking/vnet_peering_weu_to_itn_common.tf b/src/core/_modules/networking/vnet_peering_weu_to_itn_common.tf new file mode 100644 index 000000000..cc58b5688 --- /dev/null +++ b/src/core/_modules/networking/vnet_peering_weu_to_itn_common.tf @@ -0,0 +1,13 @@ +module "vnet_peering_weu_common_itn_common" { + source = "github.com/pagopa/terraform-azurerm-v3//virtual_network_peering?ref=v7.76.0" + + source_resource_group_name = data.azurerm_virtual_network.weu_common.resource_group_name + source_virtual_network_name = data.azurerm_virtual_network.weu_common.name + source_remote_virtual_network_id = data.azurerm_virtual_network.weu_common.id + source_allow_gateway_transit = true # needed by vpn gateway for enabling routing from vnet to vnet_integration + + target_resource_group_name = module.vnet_itn_common.resource_group_name + target_virtual_network_name = module.vnet_itn_common.name + target_remote_virtual_network_id = module.vnet_itn_common.id + target_use_remote_gateways = true # needed by vpn gateway for enabling routing from vnet to vnet_integration +} diff --git a/src/core/network.tf b/src/core/network.tf index f5b6eec55..e8b3af785 100644 --- a/src/core/network.tf +++ b/src/core/network.tf @@ -16,37 +16,6 @@ module "vnet_common" { tags = var.tags } -resource "azurerm_resource_group" "rg_in_vnet" { - name = format("%s-in-rg-common", local.project) - location = var.location_in - - tags = var.tags -} - -module "vnet_in_common" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network?ref=v7.61.0" - name = "${local.project}-in-vnet-common" - location = azurerm_resource_group.rg_in_vnet.location - resource_group_name = azurerm_resource_group.rg_in_vnet.name - address_space = var.cidr_common_in_vnet - ddos_protection_plan = var.ddos_protection_plan - - tags = var.tags -} - -module "vnet_peering_common_in_common" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v7.61.0" - - source_resource_group_name = azurerm_resource_group.rg_common.name - source_virtual_network_name = module.vnet_common.name - source_remote_virtual_network_id = module.vnet_common.id - source_allow_gateway_transit = true # needed by vpn gateway for enabling routing from vnet to vnet_integration - target_resource_group_name = azurerm_resource_group.rg_in_vnet.name - target_virtual_network_name = module.vnet_in_common.name - target_remote_virtual_network_id = module.vnet_in_common.id - target_use_remote_gateways = true # needed by vpn gateway for enabling routing from vnet to vnet_integration -} - resource "azurerm_resource_group" "weu_beta_vnet_rg" { name = "${local.project}-weu-beta-vnet-rg" location = var.location @@ -78,19 +47,6 @@ module "vnet_peering_common_weu_beta" { target_use_remote_gateways = true # needed by vpn gateway for enabling routing from vnet to vnet_integration } -module "vnet_peering_in_common_weu_beta" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v7.61.0" - - source_resource_group_name = azurerm_resource_group.rg_in_vnet.name - source_virtual_network_name = module.vnet_in_common.name - source_remote_virtual_network_id = module.vnet_in_common.id - source_allow_gateway_transit = false # needed by vpn gateway for enabling routing from vnet to vnet_integration - target_resource_group_name = azurerm_resource_group.weu_beta_vnet_rg.name - target_virtual_network_name = module.vnet_weu_beta.name - target_remote_virtual_network_id = module.vnet_weu_beta.id - target_use_remote_gateways = false # needed by vpn gateway for enabling routing from vnet to vnet_integration -} - resource "azurerm_resource_group" "weu_prod01_vnet_rg" { name = "${local.project}-weu-prod01-vnet-rg" location = var.location @@ -122,19 +78,6 @@ module "vnet_peering_common_weu_prod01" { target_use_remote_gateways = true # needed by vpn gateway for enabling routing from vnet to vnet_integration } -module "vnet_peering_in_common_weu_prod01" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering?ref=v7.61.0" - - source_resource_group_name = azurerm_resource_group.rg_in_vnet.name - source_virtual_network_name = module.vnet_in_common.name - source_remote_virtual_network_id = module.vnet_in_common.id - source_allow_gateway_transit = false # needed by vpn gateway for enabling routing from vnet to vnet_integration - target_resource_group_name = azurerm_resource_group.weu_prod01_vnet_rg.name - target_virtual_network_name = module.vnet_weu_prod01.name - target_remote_virtual_network_id = module.vnet_weu_prod01.id - target_use_remote_gateways = false # needed by vpn gateway for enabling routing from vnet to vnet_integration -} - module "private_endpoints_subnet" { source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.61.0" name = "pendpoints" diff --git a/src/core/private_dns_zones.tf b/src/core/private_dns_zones.tf index b3e93d59f..5a7b0391d 100644 --- a/src/core/private_dns_zones.tf +++ b/src/core/private_dns_zones.tf @@ -16,16 +16,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "internal_io_pagopa_it_ tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "internal_io_pagopa_it_private_vnet_in_common" { - name = format("%s-private-vnet-in-common", local.project) - resource_group_name = azurerm_resource_group.rg_internal.name - private_dns_zone_name = azurerm_private_dns_zone.internal_io_pagopa_it[0].name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "internal_io_pagopa_it_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_internal.name @@ -112,16 +102,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_postgres_d tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_postgres_database_azure_com_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_postgres_database_azure_com.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_postgres_database_azure_com_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name @@ -233,16 +213,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "mongo_cosmos_private_v tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "mongo_cosmos_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_mongo_cosmos.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "mongo_cosmos_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name @@ -280,16 +250,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "servicebus_private_vne tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "servicebus_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.event_rg.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_servicebus.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "servicebus_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.event_rg.name @@ -317,16 +277,6 @@ resource "azurerm_private_dns_zone" "privatelink_documents" { tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "documents_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_documents.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "documents_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name @@ -354,16 +304,6 @@ resource "azurerm_private_dns_zone" "privatelink_blob_core" { tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "blob_core_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_blob_core.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "blob_core_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name @@ -391,16 +331,6 @@ resource "azurerm_private_dns_zone" "privatelink_file_core" { tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "file_core_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_file_core.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "file_core_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name @@ -428,16 +358,6 @@ resource "azurerm_private_dns_zone" "privatelink_queue_core" { tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "queue_core_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_queue_core.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "queue_core_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name @@ -465,16 +385,6 @@ resource "azurerm_private_dns_zone" "privatelink_table_core" { tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "table_core_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_table_core.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "table_core_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name @@ -510,16 +420,6 @@ resource "azurerm_private_dns_zone_virtual_network_link" "azurewebsites_private_ tags = var.tags } -resource "azurerm_private_dns_zone_virtual_network_link" "azurewebsites_private_vnet_in_common" { - name = module.vnet_in_common.name - resource_group_name = azurerm_resource_group.rg_common.name - private_dns_zone_name = azurerm_private_dns_zone.privatelink_azurewebsites.name - virtual_network_id = module.vnet_in_common.id - registration_enabled = false - - tags = var.tags -} - resource "azurerm_private_dns_zone_virtual_network_link" "azurewebsites_private_vnet_beta" { name = module.vnet_weu_beta.name resource_group_name = azurerm_resource_group.rg_common.name diff --git a/src/core/prod/italynorth/.terraform.lock.hcl b/src/core/prod/italynorth/.terraform.lock.hcl new file mode 100644 index 000000000..9eabc7230 --- /dev/null +++ b/src/core/prod/italynorth/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.97.1" + constraints = ">= 3.30.0, <= 3.97.1, <= 3.98.0" + hashes = [ + "h1:LtwGbd4HEb5QCXmdxSvTjPSh8/Gp8eAQMYfiAKaubV4=", + "h1:klBuN2uVZF7AVMhskbbgF8pygyhPBxsjedB1GUV79PA=", + "h1:m5wyoRGjbVfJU2YaGZrN1lfGgjpyuwi7Ykw1uHdwlAg=", + "h1:vwYchGsh1TY+/GjUv6CUS6It2opnMYYYVt4GBvCmesY=", + "zh:15171efcc3aa3a37748c502c493cb16ecff603b81ada4499a843574976bac524", + "zh:2ca6c13a4a96f67763ecced0015c7b101ee02d54ea54b28a8df4ae06468071b1", + "zh:2e3c77dbfd8f760132ecef2d6117e939cbea26b96aba5e4d926e7f7f0f7afe72", + "zh:4bc346eece1622be93c73801d8256502b11fd7c2e7f7cea12d048bb9fc9fe900", + "zh:4f1042942ed8d0433680a367527289459d43b0894a51eaba83ac414e80d5187f", + "zh:63e674c31482ae3579ea84daf5b1ba066ce40cb23475f54e17b6b131320a1bec", + "zh:8327148766dcb7a174673729a832c8095d7e137d0e6c7e2a9a01da48b8b73fbe", + "zh:851b3ae417059a80c7813e7f0063298a590a42f056004f2c2558ea14061c207e", + "zh:ac081b48907139c121a422ae9b1f40fc72c6aaaeb05cbdbf848102a6a5f426f4", + "zh:dc1d663df2d95e4ba91070ceb20d3560b6ea5c465d39c57a5979319302643e41", + "zh:ed26457367cbbb94237e935d297cb31b5687f9abf697377da0ee46974480db9b", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/src/core/prod/italynorth/README.md b/src/core/prod/italynorth/README.md new file mode 100644 index 000000000..93d489a76 --- /dev/null +++ b/src/core/prod/italynorth/README.md @@ -0,0 +1,30 @@ + + +## Requirements + +| Name | Version | +|------|---------| +| [azurerm](#requirement\_azurerm) | <= 3.99.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [networking](#module\_networking) | ../../_modules/networking | n/a | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_resource_group.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [vnet\_itn\_common](#output\_vnet\_itn\_common) | n/a | + diff --git a/src/core/prod/italynorth/locals.tf b/src/core/prod/italynorth/locals.tf new file mode 100644 index 000000000..a6a66b84d --- /dev/null +++ b/src/core/prod/italynorth/locals.tf @@ -0,0 +1,19 @@ +locals { + prefix = "io" + env_short = "p" + location_short = "itn" + secondary_location_short = "gwc" + project = "${local.prefix}-${local.env_short}-${local.location_short}" + secondary_project = "${local.prefix}-${local.env_short}-${local.secondary_location_short}" + + location = "italynorth" + secondary_location = "germanywestcentral" + + tags = { + CostCenter = "TS310 - PAGAMENTI & SERVIZI" + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "IO" + Source = "https://github.com/pagopa/io-infra/blob/main/src/core/prod/italynorth" + } +} diff --git a/src/core/prod/italynorth/main.tf b/src/core/prod/italynorth/main.tf new file mode 100644 index 000000000..161fc75a6 --- /dev/null +++ b/src/core/prod/italynorth/main.tf @@ -0,0 +1,37 @@ +terraform { + + backend "azurerm" { + resource_group_name = "terraform-state-rg" + storage_account_name = "iopitntfst001" + container_name = "terraform-state" + key = "io-infra.core.prod.italynorth.tfstate" + } + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<= 3.99.0" + } + } +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "vnet" { + name = "${local.project}-common-rg-001" + location = local.location + + tags = local.tags +} + +module "networking" { + source = "../../_modules/networking" + + location = azurerm_resource_group.vnet.location + resource_group_name = azurerm_resource_group.vnet.name + project = local.project + + tags = local.tags +} diff --git a/src/core/prod/italynorth/outputs.tf b/src/core/prod/italynorth/outputs.tf new file mode 100644 index 000000000..72b63451d --- /dev/null +++ b/src/core/prod/italynorth/outputs.tf @@ -0,0 +1,5 @@ +output "vnet_itn_common" { + value = { + name = module.networking.vnet_itn_common.name + } +}