Merge branch 'main' into CHK-3593-fix-queue-alert-query

src/aks-leonardo/env/itn-prod/terraform.tfvars

@@ -43,7 +43,7 @@ aks_private_cluster_enabled  = true
 aks_alerts_enabled           = false
 aks_kubernetes_version       = "1.29.4"
 aks_sku_tier                 = "Standard"
-aks_enable_workload_identity = false
+aks_enable_workload_identity = true
 
 aks_system_node_pool = {
   name            = "papaksleosys",

src/domains/ecommerce-app/api/ecommerce-healthcheck/v1/_base_policy.xml.tpl

@@ -67,12 +67,17 @@
                 bool allUp = true;
 
                 foreach (var service in services) {
-                    var parsedResponse = ((IResponse)context.Variables[service]).Body.As<JObject>();
+
+                    var serviceResponse = context.Variables[service] as IResponse;
+                    
+                    bool isServiceUp = serviceResponse.StatusCode == 200;
+                    JObject parsedResponse = isServiceUp ? serviceResponse.Body.As<JObject>() : new JObject(new JProperty("status", "DOWN"));
+                    
                     combinedResults[service] = parsedResponse;
 
-                    if ((string)parsedResponse["status"] != "UP") {
+                    if (isServiceUp && (string)parsedResponse["status"] != "UP" || !isServiceUp) {
                         allUp = false;
-                    }
+                    } 
                 }
 
                 var response = new JObject();

src/domains/fdr-common/03_postgresql_replica.tf

@@ -51,35 +51,20 @@ module "postgresql_fdr_replica_db" {
   tags                       = var.tags
 }
 
-resource "null_resource" "virtual_endpoint" {
-  count = var.geo_replica_enabled ? 1 : 0
-  triggers = {
-    rg_name             = azurerm_resource_group.db_rg.name
-    primary_server_name = module.postgres_flexible_server_fdr.name
-    ve_name             = "${local.project}-pgflex-ve"
-    member_name         = module.postgresql_fdr_replica_db[0].name
-  }
-
-  provisioner "local-exec" {
-    command = <<EOT
-    az postgres flexible-server virtual-endpoint create --resource-group ${self.triggers.rg_name} --server-name ${self.triggers.primary_server_name} --name ${self.triggers.ve_name} --endpoint-type ReadWrite --members ${self.triggers.member_name}
-    EOT
-  }
-
-  provisioner "local-exec" {
-    when    = destroy
-    command = <<EOT
-    az postgres flexible-server virtual-endpoint delete --resource-group ${self.triggers.rg_name} --server-name ${self.triggers.primary_server_name} --name ${self.triggers.ve_name} --yes
-    EOT
-  }
+resource "azurerm_postgresql_flexible_server_virtual_endpoint" "virtual_endpoint" {
+  count             = var.geo_replica_enabled ? 1 : 0
+  name              = "${local.project}-pgflex-ve"
+  source_server_id  = module.postgres_flexible_server_fdr.id
+  replica_server_id = module.postgresql_fdr_replica_db[0].id
+  type              = "ReadWrite"
 }
 
+
 resource "azurerm_private_dns_cname_record" "cname_record" {
-  depends_on          = [null_resource.virtual_endpoint]
   count               = var.geo_replica_enabled && var.postgres_dns_registration_virtual_endpoint_enabled ? 1 : 0
   name                = "fdr-db"
   zone_name           = "${var.env_short}.internal.postgresql.pagopa.it"
   resource_group_name = data.azurerm_resource_group.rg_vnet.name
   ttl                 = 300
-  record              = "${null_resource.virtual_endpoint[0].triggers.ve_name}.writer.postgres.database.azure.com"
+  record              = "${azurerm_postgresql_flexible_server_virtual_endpoint.virtual_endpoint[0].name}.writer.postgres.database.azure.com"
 }

src/domains/fdr-common/99_main.tf

@@ -6,7 +6,7 @@ terraform {
     }
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "<= 3.107.0"
+      version = ">= 3.116.0, < 4.0.0"
     }
     azuread = {
       source  = "hashicorp/azuread"

src/domains/fdr-common/README.md

@@ -8,7 +8,7 @@
 |------|---------|
 | <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) | <= 1.13.1 |
 | <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | <= 2.47.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.107.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.116.0, < 4.0.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | <= 3.2.2 |
 
 ## Modules
@@ -70,6 +70,7 @@
 | [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_wal_level](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource |
 | [azurerm_postgresql_flexible_server_database.fdr_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource |
 | [azurerm_postgresql_flexible_server_database.fdr_replica_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource |
+| [azurerm_postgresql_flexible_server_virtual_endpoint.virtual_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_virtual_endpoint) | resource |
 | [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource |
 | [azurerm_private_dns_cname_record.cname_record](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_cname_record) | resource |
 | [azurerm_private_endpoint.fdr_blob_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
@@ -99,7 +100,6 @@
 | [null_resource.change_auth_fdr_blob_container](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.github_runner_app_permissions_to_namespace_ci_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [null_resource.virtual_endpoint](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
 | [azurerm_api_management_product.fdr_internal_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
 | [azurerm_api_management_product.fdr_org_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |

src/domains/gps-app/04_apim_gps.tf

@@ -19,58 +19,3 @@ module "apim_gps_product" {
 
   policy_xml = file("./api_product/_base_policy_no_forbid.xml")
 }
-
-#################
-##    API GPS  ##
-#################
-
-#################
-# Depreacted ⚠️⚠️⚠️⚠️⚠️⚠️⚠️ see here https://github.com/pagopa/pagopa-spontaneous-payments/blob/378d08505a12e1dbd83d69c2ea987a2a3ee475a1/infra/04_apim_api.tf#L4
-#################
-
-locals {
-  apim_spontaneous_payments_service_api = {
-    display_name          = "GPS pagoPA - spontaneous payments service API"
-    description           = "API to support spontaneous payments service"
-    path                  = "gps/spontaneous-payments-service"
-    subscription_required = false
-    service_url           = null
-  }
-}
-
-resource "azurerm_api_management_api_version_set" "api_gps_api" {
-
-  name                = format("%s-spontaneous-payments-service-api", var.env_short)
-  resource_group_name = local.pagopa_apim_rg
-  api_management_name = local.pagopa_apim_name
-  display_name        = local.apim_spontaneous_payments_service_api.display_name
-  versioning_scheme   = "Segment"
-}
-
-
-module "apim_api_gps_api_v1" {
-  source = "./.terraform/modules/__v3__/api_management_api"
-
-  name                  = format("%s-spontaneous-payments-service-api", local.project)
-  api_management_name   = local.pagopa_apim_name
-  resource_group_name   = local.pagopa_apim_rg
-  product_ids           = [module.apim_gps_product.product_id]
-  subscription_required = local.apim_spontaneous_payments_service_api.subscription_required
-  version_set_id        = azurerm_api_management_api_version_set.api_gps_api.id
-  api_version           = "v1"
-
-  description  = local.apim_spontaneous_payments_service_api.description
-  display_name = local.apim_spontaneous_payments_service_api.display_name
-  path         = local.apim_spontaneous_payments_service_api.path
-  protocols    = ["https"]
-  service_url  = local.apim_spontaneous_payments_service_api.service_url
-
-  content_format = "openapi"
-  content_value = templatefile("./api/spontaneous-payments-service/v1/_openapi.json.tpl", {
-    host = local.apim_hostname
-  })
-
-  xml_content = templatefile("./api/spontaneous-payments-service/v1/_base_policy.xml", {
-    hostname = local.gps_hostname
-  })
-}

src/domains/gps-common/03_postgresql_replica.tf

@@ -54,27 +54,13 @@ module "postgresql_gpd_replica_db" {
   tags                       = var.tags
 }
 
-resource "null_resource" "virtual_endpoint" {
-  count = var.geo_replica_enabled ? 1 : 0
-  triggers = {
-    rg_name             = azurerm_resource_group.flex_data[0].name
-    primary_server_name = module.postgres_flexible_server_private[0].name # NEWGPD-DB : DEPRECATED switch to new istance postgres_flexible_server_private_db
-    ve_name             = "${local.project}-pgflex-ve"
-    member_name         = module.postgresql_gpd_replica_db[0].name
-  }
-
-  provisioner "local-exec" {
-    command = <<EOT
-    az postgres flexible-server virtual-endpoint create --resource-group ${self.triggers.rg_name} --server-name ${self.triggers.primary_server_name} --name ${self.triggers.ve_name} --endpoint-type ReadWrite --members ${self.triggers.member_name}
-    EOT
-  }
 
-  provisioner "local-exec" {
-    when    = destroy
-    command = <<EOT
-    az postgres flexible-server virtual-endpoint delete --resource-group ${self.triggers.rg_name} --server-name ${self.triggers.primary_server_name} --name ${self.triggers.ve_name} --yes
-    EOT
-  }
+resource "azurerm_postgresql_flexible_server_virtual_endpoint" "virtual_endpoint" {
+  count             = var.geo_replica_enabled ? 1 : 0
+  name              = "${local.product}-${var.location_short}-gpd-pgflex-ve"
+  source_server_id  = module.postgres_flexible_server_private_db.id
+  replica_server_id = module.postgresql_gpd_replica_db[0].id
+  type              = "ReadWrite"
 }
 
 resource "azurerm_private_dns_cname_record" "cname_record" {
@@ -83,6 +69,6 @@ resource "azurerm_private_dns_cname_record" "cname_record" {
   zone_name           = "${var.env_short}.internal.postgresql.pagopa.it"
   resource_group_name = data.azurerm_resource_group.rg_vnet.name
   ttl                 = 300
-  record              = "${null_resource.virtual_endpoint[0].triggers.ve_name}.writer.postgres.database.azure.com"
+  record              = "${azurerm_postgresql_flexible_server_virtual_endpoint.virtual_endpoint[0].name}.writer.postgres.database.azure.com"
 }
 

src/domains/gps-common/99_locals.tf

@@ -40,8 +40,8 @@ locals {
   azdo_subnet_name = "${local.product}-azdoa-snet"
 
   # NEWGPD-DB : DEPRECATED switch to new istance postgres_flexible_server_private_db
-  gpd_hostname = var.env_short == "p" ? module.postgres_flexible_server_private[0].fqdn : module.postgres_flexible_server_private_db.fqdn
-  gpd_dbmsport = "6432"
+  gpd_hostname        = var.env_short == "p" ? module.postgres_flexible_server_private[0].fqdn : module.postgres_flexible_server_private_db.fqdn
+  gpd_dbmsport        = "6432"
   flyway_gpd_dbmsport = "5432"
 
   azdo_managed_identity_rg_name = "pagopa-${var.env_short}-identity-rg"