Skip to content

Commit

Permalink
Merge branch 'main' into synthetic-nexi-test
Browse files Browse the repository at this point in the history
  • Loading branch information
@mamari90
mamari90 authored Dec 23, 2024
2 parents bef0db9 + 6babcaf commit 2db7b55
Show file tree
Hide file tree
Showing 7 changed files with 61 additions and 14 deletions.
2 changes: 1 addition & 1 deletion src/aks-platform/02_aks.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ resource "azurerm_resource_group" "aks_rg" {


module "aks" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.58.0"
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.66.1"

name = local.aks_name
location = var.location
Expand Down
2 changes: 1 addition & 1 deletion src/aks-platform/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

| Name | Source | Version |
|------|--------|---------|
| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.58.0 |
| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.66.1 |
| <a name="module_aks_snet"></a> [aks\_snet](#module\_aks\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.53.0 |
| <a name="module_keda_pod_identity"></a> [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.53.0 |
| <a name="module_monitoring_pod_identity"></a> [monitoring\_pod\_identity](#module\_monitoring\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.53.0 |
Expand Down
10 changes: 5 additions & 5 deletions src/domains/ecommerce-app/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,13 +201,13 @@
| <a name="input_log_analytics_workspace_name"></a> [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes |
| <a name="input_log_analytics_workspace_resource_group_name"></a> [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
| <a name="input_monitor_resource_group_name"></a> [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
| <a name="input_pagopa_vpn"></a> [pagopa\_vpn](#input\_pagopa\_vpn) | pagoPA on prem VPN | <pre>object({<br> ips = list(string)<br> })</pre> | n/a | yes |
| <a name="input_pagopa_vpn_dr"></a> [pagopa\_vpn\_dr](#input\_pagopa\_vpn\_dr) | pagoPA on prem VPN DR | <pre>object({<br> ips = list(string)<br> })</pre> | n/a | yes |
| <a name="input_pagopa_vpn"></a> [pagopa\_vpn](#input\_pagopa\_vpn) | pagoPA on prem VPN | <pre>object({<br/> ips = list(string)<br/> })</pre> | n/a | yes |
| <a name="input_pagopa_vpn_dr"></a> [pagopa\_vpn\_dr](#input\_pagopa\_vpn\_dr) | pagoPA on prem VPN DR | <pre>object({<br/> ips = list(string)<br/> })</pre> | n/a | yes |
| <a name="input_pdv_api_base_path"></a> [pdv\_api\_base\_path](#input\_pdv\_api\_base\_path) | Personal data vault api base path | `string` | `null` | no |
| <a name="input_pod_disruption_budgets"></a> [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | <pre>map(object({<br> name = optional(string, null)<br> minAvailable = optional(number, null)<br> matchLabels = optional(map(any), {})<br> }))</pre> | `{}` | no |
| <a name="input_pod_disruption_budgets"></a> [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | <pre>map(object({<br/> name = optional(string, null)<br/> minAvailable = optional(number, null)<br/> matchLabels = optional(map(any), {})<br/> }))</pre> | `{}` | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br> "CreatedBy": "Terraform"<br>}</pre> | no |
| <a name="input_tls_cert_check_helm"></a> [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | <pre>object({<br> chart_version = string,<br> image_name = string,<br> image_tag = string<br> })</pre> | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/> "CreatedBy": "Terraform"<br/>}</pre> | no |
| <a name="input_tls_cert_check_helm"></a> [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | <pre>object({<br/> chart_version = string,<br/> image_name = string,<br/> image_tag = string<br/> })</pre> | n/a | yes |

## Outputs

Expand Down
14 changes: 7 additions & 7 deletions src/domains/ecommerce-common/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,13 +158,13 @@
| <a name="input_cidr_subnet_cosmosdb_ecommerce"></a> [cidr\_subnet\_cosmosdb\_ecommerce](#input\_cidr\_subnet\_cosmosdb\_ecommerce) | Cosmos DB address space for ecommerce. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_redis_ecommerce"></a> [cidr\_subnet\_redis\_ecommerce](#input\_cidr\_subnet\_redis\_ecommerce) | Redis DB address space for ecommerce. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_storage_ecommerce"></a> [cidr\_subnet\_storage\_ecommerce](#input\_cidr\_subnet\_storage\_ecommerce) | Azure storage DB address space for ecommerce. | `list(string)` | n/a | yes |
| <a name="input_cosmos_mongo_db_ecommerce_history_params"></a> [cosmos\_mongo\_db\_ecommerce\_history\_params](#input\_cosmos\_mongo\_db\_ecommerce\_history\_params) | n/a | <pre>object({<br> enable_serverless = bool<br> enable_autoscaling = bool<br> throughput = number<br> max_throughput = number<br> })</pre> | n/a | yes |
| <a name="input_cosmos_mongo_db_ecommerce_params"></a> [cosmos\_mongo\_db\_ecommerce\_params](#input\_cosmos\_mongo\_db\_ecommerce\_params) | n/a | <pre>object({<br> enable_serverless = bool<br> enable_autoscaling = bool<br> throughput = number<br> max_throughput = number<br> })</pre> | n/a | yes |
| <a name="input_cosmos_mongo_db_params"></a> [cosmos\_mongo\_db\_params](#input\_cosmos\_mongo\_db\_params) | n/a | <pre>object({<br> enabled = bool<br> capabilities = list(string)<br> offer_type = string<br> server_version = string<br> kind = string<br> consistency_policy = object({<br> consistency_level = string<br> max_interval_in_seconds = number<br> max_staleness_prefix = number<br> })<br> enable_free_tier = bool<br> main_geo_location_zone_redundant = bool<br> additional_geo_locations = list(object({<br> location = string<br> failover_priority = number<br> zone_redundant = bool<br> }))<br> private_endpoint_enabled = bool<br> public_network_access_enabled = bool<br> is_virtual_network_filter_enabled = bool<br> backup_continuous_enabled = bool<br> enable_provisioned_throughput_exceeded_alert = bool<br> })</pre> | n/a | yes |
| <a name="input_cosmos_mongo_db_ecommerce_history_params"></a> [cosmos\_mongo\_db\_ecommerce\_history\_params](#input\_cosmos\_mongo\_db\_ecommerce\_history\_params) | n/a | <pre>object({<br/> enable_serverless = bool<br/> enable_autoscaling = bool<br/> throughput = number<br/> max_throughput = number<br/> })</pre> | n/a | yes |
| <a name="input_cosmos_mongo_db_ecommerce_params"></a> [cosmos\_mongo\_db\_ecommerce\_params](#input\_cosmos\_mongo\_db\_ecommerce\_params) | n/a | <pre>object({<br/> enable_serverless = bool<br/> enable_autoscaling = bool<br/> throughput = number<br/> max_throughput = number<br/> })</pre> | n/a | yes |
| <a name="input_cosmos_mongo_db_params"></a> [cosmos\_mongo\_db\_params](#input\_cosmos\_mongo\_db\_params) | n/a | <pre>object({<br/> enabled = bool<br/> capabilities = list(string)<br/> offer_type = string<br/> server_version = string<br/> kind = string<br/> consistency_policy = object({<br/> consistency_level = string<br/> max_interval_in_seconds = number<br/> max_staleness_prefix = number<br/> })<br/> enable_free_tier = bool<br/> main_geo_location_zone_redundant = bool<br/> additional_geo_locations = list(object({<br/> location = string<br/> failover_priority = number<br/> zone_redundant = bool<br/> }))<br/> private_endpoint_enabled = bool<br/> public_network_access_enabled = bool<br/> is_virtual_network_filter_enabled = bool<br/> backup_continuous_enabled = bool<br/> enable_provisioned_throughput_exceeded_alert = bool<br/> })</pre> | n/a | yes |
| <a name="input_dns_zone_internal_prefix"></a> [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no |
| <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | n/a | yes |
| <a name="input_ecommerce_storage_deadletter_params"></a> [ecommerce\_storage\_deadletter\_params](#input\_ecommerce\_storage\_deadletter\_params) | Azure storage DB params for ecommerce deadletter resources. | <pre>object({<br> enabled = bool,<br> kind = string,<br> tier = string,<br> account_replication_type = string,<br> advanced_threat_protection = bool,<br> retention_days = number,<br> public_network_access_enabled = bool,<br> })</pre> | <pre>{<br> "account_replication_type": "LRS",<br> "advanced_threat_protection": true,<br> "enabled": false,<br> "kind": "StorageV2",<br> "public_network_access_enabled": false,<br> "retention_days": 7,<br> "tier": "Standard"<br>}</pre> | no |
| <a name="input_ecommerce_storage_transient_params"></a> [ecommerce\_storage\_transient\_params](#input\_ecommerce\_storage\_transient\_params) | Azure storage DB params for ecommerce transient resources. | <pre>object({<br> enabled = bool,<br> kind = string,<br> tier = string,<br> account_replication_type = string,<br> advanced_threat_protection = bool,<br> retention_days = number,<br> public_network_access_enabled = bool,<br> })</pre> | <pre>{<br> "account_replication_type": "LRS",<br> "advanced_threat_protection": true,<br> "enabled": false,<br> "kind": "StorageV2",<br> "public_network_access_enabled": false,<br> "retention_days": 7,<br> "tier": "Standard"<br>}</pre> | no |
| <a name="input_ecommerce_storage_deadletter_params"></a> [ecommerce\_storage\_deadletter\_params](#input\_ecommerce\_storage\_deadletter\_params) | Azure storage DB params for ecommerce deadletter resources. | <pre>object({<br/> enabled = bool,<br/> kind = string,<br/> tier = string,<br/> account_replication_type = string,<br/> advanced_threat_protection = bool,<br/> retention_days = number,<br/> public_network_access_enabled = bool,<br/> })</pre> | <pre>{<br/> "account_replication_type": "LRS",<br/> "advanced_threat_protection": true,<br/> "enabled": false,<br/> "kind": "StorageV2",<br/> "public_network_access_enabled": false,<br/> "retention_days": 7,<br/> "tier": "Standard"<br/>}</pre> | no |
| <a name="input_ecommerce_storage_transient_params"></a> [ecommerce\_storage\_transient\_params](#input\_ecommerce\_storage\_transient\_params) | Azure storage DB params for ecommerce transient resources. | <pre>object({<br/> enabled = bool,<br/> kind = string,<br/> tier = string,<br/> account_replication_type = string,<br/> advanced_threat_protection = bool,<br/> retention_days = number,<br/> public_network_access_enabled = bool,<br/> })</pre> | <pre>{<br/> "account_replication_type": "LRS",<br/> "advanced_threat_protection": true,<br/> "enabled": false,<br/> "kind": "StorageV2",<br/> "public_network_access_enabled": false,<br/> "retention_days": 7,<br/> "tier": "Standard"<br/>}</pre> | no |
| <a name="input_enable_iac_pipeline"></a> [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no |
| <a name="input_env"></a> [env](#input\_env) | n/a | `string` | n/a | yes |
| <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
Expand All @@ -177,8 +177,8 @@
| <a name="input_log_analytics_workspace_resource_group_name"></a> [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
| <a name="input_monitor_resource_group_name"></a> [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
| <a name="input_redis_ecommerce_params"></a> [redis\_ecommerce\_params](#input\_redis\_ecommerce\_params) | n/a | <pre>object({<br> capacity = number<br> sku_name = string<br> family = string<br> version = string<br> ha_enabled = bool<br> zones = list(number)<br> })</pre> | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br> "CreatedBy": "Terraform"<br>}</pre> | no |
| <a name="input_redis_ecommerce_params"></a> [redis\_ecommerce\_params](#input\_redis\_ecommerce\_params) | n/a | <pre>object({<br/> capacity = number<br/> sku_name = string<br/> family = string<br/> version = string<br/> ha_enabled = bool<br/> zones = list(number)<br/> })</pre> | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/> "CreatedBy": "Terraform"<br/>}</pre> | no |

## Outputs

Expand Down
3 changes: 3 additions & 0 deletions src/domains/qi-app/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,10 @@
|------|--------|---------|
| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 3fc1dafaf4354e24ca8673005ec0caf4106343a3 |
| <a name="module_apim_pagopa_qi_fdr_kpi_service_api"></a> [apim\_pagopa\_qi\_fdr\_kpi\_service\_api](#module\_apim\_pagopa\_qi\_fdr\_kpi\_service\_api) | ./.terraform/modules/__v3__/api_management_api | n/a |
| <a name="module_apim_pagopa_qi_smo_jira_tickets_service_api"></a> [apim\_pagopa\_qi\_smo\_jira\_tickets\_service\_api](#module\_apim\_pagopa\_qi\_smo\_jira\_tickets\_service\_api) | ./.terraform/modules/__v3__/api_management_api | n/a |
| <a name="module_apim_qi_fdr_product"></a> [apim\_qi\_fdr\_product](#module\_apim\_qi\_fdr\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| <a name="module_apim_qi_product"></a> [apim\_qi\_product](#module\_apim\_qi\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| <a name="module_apim_qi_smo_jira_tickets_product"></a> [apim\_qi\_smo\_jira\_tickets\_product](#module\_apim\_qi\_smo\_jira\_tickets\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
| <a name="module_pod_identity"></a> [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
| <a name="module_tls_checker"></a> [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a |

Expand All @@ -28,6 +30,7 @@
| Name | Type |
|------|------|
| [azurerm_api_management_api_version_set.pagopa_qi_fdr_kpi_service_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.pagopa_qi_smo_jira_tickets_service_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.azure_devops_sa_cacrt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.azure_devops_sa_token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
Expand Down
41 changes: 41 additions & 0 deletions src/domains/qi-common/02_security.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,3 +170,44 @@ module "letsencrypt_qi" {
key_vault_name = "${local.product}-${var.domain}-kv"
subscription_name = local.subscription_name
}

### TODO migrate in SOPS
resource "azurerm_key_vault_secret" "azure_data_explorer_re_client_id" {
name = "azure-data-explorer-re-client-id"
value = "<TO UPDATE MANUALLY ON PORTAL>"
content_type = "text/plain"
key_vault_id = module.key_vault.id

lifecycle {
ignore_changes = [
value,
]
}
}

### TODO migrate in SOPS
resource "azurerm_key_vault_secret" "azure_data_explorer_re_application_key" {
name = "azure-data-explorer-re-application-key"
value = "<TO UPDATE MANUALLY ON PORTAL>"
content_type = "text/plain"
key_vault_id = module.key_vault.id

lifecycle {
ignore_changes = [
value,
]
}
}

### TODO migrate in SOPS
resource "azurerm_key_vault_secret" "elastic_otel_token_header" {
name = "elastic-otel-token-header"
value = "<TO UPDATE MANUALLY ON PORTAL>"
key_vault_id = module.key_vault.id

lifecycle {
ignore_changes = [
value,
]
}
}
3 changes: 3 additions & 0 deletions src/domains/qi-common/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,13 @@
| [azurerm_key_vault_access_policy.azdevops_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
| [azurerm_key_vault_access_policy.azdevops_iac_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
| [azurerm_key_vault_secret.ai_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.azure_data_explorer_re_application_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.azure_data_explorer_re_client_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.ehub_alert_qi_rx_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.ehub_alert_qi_rx_debug_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.ehub_alert_qi_rx_pdnd_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.ehub_alert_qi_tx_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.elastic_otel_token_header](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.qi_azurewebjobsstorage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource |
| [azurerm_resource_group.qi_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
Expand Down

0 comments on commit 2db7b55

Please sign in to comment.