feat: [PAGOPA-2395] Upgraded PostgreSQL version for FdR1 (#2622)

* [PAGOPA-2395] feat: upgraded TF resource version and Postgres version

* [PAGOPA-2395] fix: update on FdR1 DB resources for UAT apply

* [PAGOPA-2395] fix: preparing FdR1's DB resources for apply in PROD

* [PAGOPA-2395] fix: using SHA for module V3 reference

* [PAGOPA-2395] fix: included advanced_threat_protection_enabled flag

* [PAGOPA-2395] fix: included advanced_threat_protection_enabled flag

* [PAGOPA-2395] fix: defining storage_mb for PostgreSQL replica

* fixes

---------

Co-authored-by: Francesco Cesareo <[email protected]>

src/domains/fdr-common/01_network.tf

@@ -60,7 +60,7 @@ data "azurerm_private_dns_zone" "privatelink_queue_azure_com" {
 
 module "fdr_storage_snet" {
   count  = var.env_short == "d" ? 0 : 1
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.7.0"
+  source = "./.terraform/modules/__v3__/subnet"
 
   name                 = "${local.project}-storage-snet"
   address_prefixes     = var.cidr_subnet_storage_account
@@ -75,7 +75,7 @@ module "fdr_storage_snet" {
 }
 
 module "cosmosdb_fdr_snet" {
-  source               = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.3.1"
+  source               = "./.terraform/modules/__v3__/subnet"
   name                 = "${local.project}-cosmosb-snet"
   address_prefixes     = var.cidr_subnet_cosmosdb_fdr
   resource_group_name  = local.vnet_resource_group_name

src/domains/fdr-common/03_cosmos_mongodb_fdr.tf

@@ -1,5 +1,5 @@
 module "cosmosdb_account_mongodb" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v6.3.1"
+  source              = "./.terraform/modules/__v3__/cosmosdb_account"
   domain              = null
   name                = "${local.project}-cosmos-account"
   location            = var.location
@@ -14,7 +14,7 @@ module "cosmosdb_account_mongodb" {
   public_network_access_enabled      = var.cosmos_mongo_db_fdr_params.public_network_access_enabled
   private_endpoint_enabled           = var.cosmos_mongo_db_fdr_params.private_endpoint_enabled
   subnet_id                          = module.cosmosdb_fdr_snet.id
-  private_dns_zone_ids               = [data.azurerm_private_dns_zone.cosmos.id]
+  private_dns_zone_mongo_ids         = [data.azurerm_private_dns_zone.cosmos.id]
   is_virtual_network_filter_enabled  = var.cosmos_mongo_db_fdr_params.is_virtual_network_filter_enabled
   allowed_virtual_network_subnet_ids = var.cosmos_mongo_db_fdr_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id]
 
@@ -167,7 +167,7 @@ locals {
 }
 
 module "cosmosdb_fdr_collections" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v6.3.1"
+  source = "./.terraform/modules/__v3__/cosmosdb_mongodb_collection"
 
   for_each = {
     for index, coll in local.collections :

src/domains/fdr-common/03_cosmos_mongodb_fdr_re.tf

@@ -1,5 +1,5 @@
 module "cosmosdb_account_mongodb_fdr_re" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v6.3.1"
+  source              = "./.terraform/modules/__v3__/cosmosdb_account"
   domain              = var.domain
   name                = "${local.project}-re-cosmos-account"
   location            = var.location
@@ -14,7 +14,7 @@ module "cosmosdb_account_mongodb_fdr_re" {
   public_network_access_enabled      = var.cosmos_mongo_db_fdr_re_params.public_network_access_enabled
   private_endpoint_enabled           = var.cosmos_mongo_db_fdr_re_params.private_endpoint_enabled
   subnet_id                          = module.cosmosdb_fdr_snet.id
-  private_dns_zone_ids               = [data.azurerm_private_dns_zone.cosmos.id]
+  private_dns_zone_mongo_ids         = [data.azurerm_private_dns_zone.cosmos.id]
   is_virtual_network_filter_enabled  = var.cosmos_mongo_db_fdr_re_params.is_virtual_network_filter_enabled
   allowed_virtual_network_subnet_ids = var.cosmos_mongo_db_fdr_re_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id]
 
@@ -65,7 +65,7 @@ locals {
 }
 
 module "cosmosdb_fdr_re_collections" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v6.3.1"
+  source = "./.terraform/modules/__v3__/cosmosdb_mongodb_collection"
 
   for_each = {
     for index, coll in local.fdr_re_collections :

src/domains/fdr-common/03_postgresql.tf

@@ -17,7 +17,7 @@ data "azurerm_key_vault_secret" "pgres_flex_admin_pwd" {
 
 # Postgres Flexible Server subnet
 module "postgres_flexible_snet" {
-  source                                        = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.2.1"
+  source                                        = "./.terraform/modules/__v3__/subnet"
   name                                          = "${local.project}-pgres-flexible-snet"
   address_prefixes                              = var.cidr_subnet_flex_dbms
   resource_group_name                           = data.azurerm_resource_group.rg_vnet.name
@@ -37,31 +37,37 @@ module "postgres_flexible_snet" {
 }
 
 module "postgres_flexible_server_fdr" {
-  source                      = "git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server?ref=v7.23.0"
-  name                        = "${local.project}-flexible-postgresql"
-  location                    = azurerm_resource_group.db_rg.location
-  resource_group_name         = azurerm_resource_group.db_rg.name
-  private_endpoint_enabled    = var.pgres_flex_params.pgres_flex_private_endpoint_enabled
-  private_dns_zone_id         = var.env_short != "d" ? data.azurerm_private_dns_zone.postgres[0].id : null
-  delegated_subnet_id         = var.env_short != "d" ? module.postgres_flexible_snet.id : null
-  high_availability_enabled   = var.pgres_flex_params.pgres_flex_ha_enabled
-  standby_availability_zone   = var.env_short != "d" ? var.pgres_flex_params.standby_zone : null
-  pgbouncer_enabled           = var.pgres_flex_params.pgres_flex_pgbouncer_enabled
-  diagnostic_settings_enabled = var.pgres_flex_params.pgres_flex_diagnostic_settings_enabled
-  administrator_login         = data.azurerm_key_vault_secret.pgres_flex_admin_login.value
-  administrator_password      = data.azurerm_key_vault_secret.pgres_flex_admin_pwd.value
+  source = "./.terraform/modules/__v3__/postgres_flexible_server"
+
+  name                = "${local.project}-flexible-postgresql"
+  location            = azurerm_resource_group.db_rg.location
+  resource_group_name = azurerm_resource_group.db_rg.name
+
+  private_endpoint_enabled      = var.pgres_flex_params.pgres_flex_private_endpoint_enabled
+  private_dns_zone_id           = var.env_short != "d" ? data.azurerm_private_dns_zone.postgres[0].id : null
+  delegated_subnet_id           = module.postgres_flexible_snet.id
+  public_network_access_enabled = var.pgres_flex_params.public_network_access_enabled
+
+  administrator_login    = data.azurerm_key_vault_secret.pgres_flex_admin_login.value
+  administrator_password = data.azurerm_key_vault_secret.pgres_flex_admin_pwd.value
 
   sku_name                     = var.pgres_flex_params.sku_name
   db_version                   = var.pgres_flex_params.db_version
   storage_mb                   = var.pgres_flex_params.storage_mb
-  zone                         = var.env_short == "d" ? 2 : var.pgres_flex_params.zone
+  zone                         = var.pgres_flex_params.zone
   backup_retention_days        = var.pgres_flex_params.backup_retention_days
-  geo_redundant_backup_enabled = var.pgres_flex_params.geo_redundant_backup_enabled
   create_mode                  = var.pgres_flex_params.create_mode
+  geo_redundant_backup_enabled = var.pgres_flex_params.geo_redundant_backup_enabled
+
+  high_availability_enabled = var.pgres_flex_params.pgres_flex_ha_enabled
+  standby_availability_zone = var.pgres_flex_params.standby_zone
+  pgbouncer_enabled         = var.pgres_flex_params.pgres_flex_pgbouncer_enabled
 
+  diagnostic_settings_enabled = var.pgres_flex_params.pgres_flex_diagnostic_settings_enabled
+  log_analytics_workspace_id  = var.env_short != "d" ? data.azurerm_log_analytics_workspace.log_analytics.id : null
 
-  log_analytics_workspace_id = var.env_short != "d" ? data.azurerm_log_analytics_workspace.log_analytics.id : null
-  custom_metric_alerts       = var.custom_metric_alerts
+  custom_metric_alerts = var.custom_metric_alerts
+  alerts_enabled       = var.pgres_flex_params.alerts_enabled
   alert_action = [
     {
       action_group_id    = data.azurerm_monitor_action_group.email.id
@@ -124,11 +130,29 @@ resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_min_poo
   server_id = module.postgres_flexible_server_fdr.id
   value     = var.pgres_flex_params.pgbouncer_min_pool_size
 }
-resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_default_pool_size" {
-  count     = var.pgres_flex_params.pgres_flex_pgbouncer_enabled ? 1 : 0
-  name      = "pgbouncer.default_pool_size"
+
+
+# CDC https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-logical
+resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_max_worker_process" {
+  name      = "max_worker_processes"
+  server_id = module.postgres_flexible_server_fdr.id
+  value     = var.pgres_flex_params.max_worker_process # var.env_short == "d" ? 16 : 32
+}
+
+resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_wal_level" {
+  count = var.pgres_flex_params.wal_level != null ? 1 : 0
+
+  name      = "wal_level"
+  server_id = module.postgres_flexible_server_fdr.id
+  value     = var.pgres_flex_params.wal_level # "logical", ...
+}
+
+resource "azurerm_postgresql_flexible_server_configuration" "fdr_db_flex_shared_preoload_libraries" {
+  count = var.pgres_flex_params.wal_level != null ? 1 : 0
+
+  name      = "shared_preload_libraries"
   server_id = module.postgres_flexible_server_fdr.id
-  value     = var.pgres_flex_params.pgbouncer_default_pool_size
+  value     = var.pgres_flex_params.shared_preoload_libraries # "pg_failover_slots"
 }
 
 

src/domains/fdr-common/03_postgresql_replica.tf

@@ -1,8 +1,7 @@
-
 # Postgres Flexible Server subnet
 module "postgres_flexible_snet_replica" {
   count                                         = var.geo_replica_enabled ? 1 : 0
-  source                                        = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.2.1"
+  source                                        = "./.terraform/modules/__v3__/subnet"
   name                                          = "${local.project_replica}-pgres-flexible-snet"
   address_prefixes                              = var.geo_replica_cidr_subnet_postgresql
   resource_group_name                           = data.azurerm_resource_group.rg_vnet.name
@@ -24,7 +23,7 @@ module "postgres_flexible_snet_replica" {
 
 
 module "postgresql_fdr_replica_db" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server_replica?ref=v7.22.0"
+  source = "./.terraform/modules/__v3__/postgres_flexible_server_replica"
   count  = var.geo_replica_enabled ? 1 : 0
 
   name                = "${local.project_replica}-flexible-postgresql"
@@ -35,10 +34,13 @@ module "postgresql_fdr_replica_db" {
   delegated_subnet_id      = module.postgres_flexible_snet_replica[0].id
   private_endpoint_enabled = var.pgres_flex_params.pgres_flex_private_endpoint_enabled
 
-  sku_name = var.pgres_flex_params.sku_name
+  sku_name   = var.pgres_flex_params.sku_name
+  storage_mb = var.pgres_flex_params.storage_mb
 
   high_availability_enabled = false
   pgbouncer_enabled         = var.pgres_flex_params.pgres_flex_pgbouncer_enabled
+  max_connections           = var.pgres_flex_params.max_connections
+  max_worker_process        = var.pgres_flex_params.max_worker_process
 
   source_server_id = module.postgres_flexible_server_fdr.id
 
@@ -81,4 +83,3 @@ resource "azurerm_private_dns_cname_record" "cname_record" {
   ttl                 = 300
   record              = "${null_resource.virtual_endpoint[0].triggers.ve_name}.writer.postgres.database.azure.com"
 }
-

src/domains/fdr-common/03_storage_account_fdr.tf

@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "fdr_rg" {
 }
 
 module "fdr_conversion_sa" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v7.18.0"
+  source = "./.terraform/modules/__v3__/storage_account"
 
   name                            = replace("${local.project}-sa", "-", "")
   account_kind                    = var.fdr_storage_account.account_kind