[#IOCOM-466] Added cosmos db for fims (#658)

Co-authored-by: Walter Traspadini <[email protected]>
pagopa · Sep 5, 2023 · 44102f1 · 44102f1
1 parent 2bf6b5f
commit 44102f1
Show file tree

Hide file tree

Showing 9 changed files with 235 additions and 7 deletions.
diff --git a/.github/workflows/prod_cd_citizen-auth.yml b/.github/workflows/prod_cd_citizen-auth.yml
@@ -132,8 +132,8 @@ jobs:
     steps:
       - name: Cleanup GitHub Runner
         id: cleanup_github_runner
-        # from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main
-        uses: pagopa/github-self-hosted-runner-azure-cleanup-action@97731a35e6ffc79b66c4dfd2aae5e4fd04e3ebb5
+        # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
+        uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@main
         with:
           client_id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant_id: ${{ secrets.AZURE_TENANT_ID }}

diff --git a/.github/workflows/prod_ci_citizen-auth.yml b/.github/workflows/prod_ci_citizen-auth.yml
@@ -98,8 +98,8 @@ jobs:
     steps:
       - name: Cleanup GitHub Runner
         id: cleanup_github_runner
-        # from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main
-        uses: pagopa/github-self-hosted-runner-azure-cleanup-action@97731a35e6ffc79b66c4dfd2aae5e4fd04e3ebb5
+        # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
+        uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@main
         with:
           client_id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant_id: ${{ secrets.AZURE_TENANT_ID }}

diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
@@ -18,6 +18,8 @@ jobs:
             src/.template-app
             src/.template-common
             src/aks-platform
+            src/domains/ioweb-app
+            src/domains/ioweb-common
             src/domains/citizen-auth-app
             src/domains/citizen-auth-common
             src/domains/messages-app
@@ -55,5 +57,5 @@ jobs:
 
       - name: run_pre_commit_terraform
         run: |
-          TAG="v1.80.0@sha256:840b08605df81e6e1cdd443adce13e7ed2de4345345705411a0656eda760c84e"
+          TAG="v1.83.0@sha256:94ec10f1587b22ffae28f46ebaefc317ae2ba8eb61f6be02af6a41f33a6a57cb"
           docker run -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.80.0
+    rev: v1.83.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/.terraform-version b/.terraform-version
@@ -1 +1 @@
-1.3.9
+1.5.6
diff --git a/src/domains/citizen-auth-common/05_database.tf b/src/domains/citizen-auth-common/05_database.tf
@@ -125,6 +125,195 @@ resource "azurerm_monitor_metric_alert" "cosmosdb_account_normalized_RU_consumpt
 ############################
 # FIMS COSMOS
 ############################
+module "cosmosdb_account_fims" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account?ref=v4.3.1"
+
+  name                = "${local.product}-${var.domain}-fims-account"
+  domain              = upper(var.domain)
+  location            = azurerm_resource_group.data_rg.location
+  resource_group_name = azurerm_resource_group.data_rg.name
+  offer_type          = "Standard"
+  enable_free_tier    = false
+  kind                = "GlobalDocumentDB"
+
+  public_network_access_enabled     = false
+  private_endpoint_enabled          = true
+  subnet_id                         = data.azurerm_subnet.private_endpoints_subnet.id
+  private_dns_zone_ids              = [data.azurerm_private_dns_zone.privatelink_documents_azure_com.id]
+  is_virtual_network_filter_enabled = false
+
+  main_geo_location_location       = azurerm_resource_group.data_rg.location
+  main_geo_location_zone_redundant = true
+  additional_geo_locations = [{
+    location          = "northeurope"
+    failover_priority = 1
+    zone_redundant    = false
+  }]
+  consistency_policy = {
+    consistency_level       = "Session"
+    max_interval_in_seconds = null
+    max_staleness_prefix    = null
+  }
+
+  # Action groups for alerts
+  action = [
+    {
+      action_group_id    = data.azurerm_monitor_action_group.error_action_group.id
+      webhook_properties = {}
+    }
+  ]
+
+  tags = var.tags
+}
+
+module "cosmosdb_sql_database_fims" {
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_sql_database?ref=v4.3.1"
+  name                = "fims"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  account_name        = module.cosmosdb_account_fims.name
+}
+
+resource "azurerm_cosmosdb_sql_container" "fims_client" {
+
+  name                = "Client"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  account_name        = module.cosmosdb_account_fims.name
+  database_name       = module.cosmosdb_sql_database_fims.name
+
+  partition_key_path    = "/organizationId"
+  partition_key_version = 2
+
+  autoscale_settings {
+    max_throughput = var.fims_database.client.max_throughput
+  }
+
+  default_ttl = var.fims_database.client.ttl
+
+  indexing_policy {
+    indexing_mode = "consistent"
+
+    included_path {
+      path = "/*"
+    }
+
+    excluded_path {
+      path = "/\"_etag\"/?"
+    }
+
+    composite_index {
+      index {
+        path  = "/id"
+        order = "Descending"
+      }
+      index {
+        path  = "/organizationId"
+        order = "Ascending"
+      }
+    }
+  }
+}
+
+resource "azurerm_cosmosdb_sql_container" "fims_grant" {
+
+  name                = "Grant"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  account_name        = module.cosmosdb_account_fims.name
+  database_name       = module.cosmosdb_sql_database_fims.name
+
+  partition_key_path    = "/identityId"
+  partition_key_version = 2
+
+  autoscale_settings {
+    max_throughput = var.fims_database.grant.max_throughput
+  }
+
+  default_ttl = var.fims_database.grant.ttl
+
+  indexing_policy {
+    indexing_mode = "consistent"
+
+    included_path {
+      path = "/*"
+    }
+
+    excluded_path {
+      path = "/\"_etag\"/?"
+    }
+
+    composite_index {
+      index {
+        path  = "/id"
+        order = "Descending"
+      }
+      index {
+        path  = "/identityId"
+        order = "Ascending"
+      }
+    }
+  }
+}
+
+resource "azurerm_cosmosdb_sql_container" "fims_interaction" {
+
+  name                = "Interaction"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  account_name        = module.cosmosdb_account_fims.name
+  database_name       = module.cosmosdb_sql_database_fims.name
+
+  partition_key_path    = "/id"
+  partition_key_version = 2
+
+  autoscale_settings {
+    max_throughput = var.fims_database.interaction.max_throughput
+  }
+
+  default_ttl = var.fims_database.interaction.ttl
+
+  indexing_policy {
+    indexing_mode = "consistent"
+
+    included_path {
+      path = "/*"
+    }
+
+    excluded_path {
+      path = "/\"_etag\"/?"
+    }
+  }
+}
+
+resource "azurerm_cosmosdb_sql_container" "fims_session" {
+
+  name                = "Session"
+  resource_group_name = azurerm_resource_group.data_rg.name
+  account_name        = module.cosmosdb_account_fims.name
+  database_name       = module.cosmosdb_sql_database_fims.name
+
+  partition_key_path    = "/id"
+  partition_key_version = 2
+
+  autoscale_settings {
+    max_throughput = var.fims_database.session.max_throughput
+  }
+
+  default_ttl = var.fims_database.session.ttl
+
+  indexing_policy {
+    indexing_mode = "consistent"
+
+    included_path {
+      path = "/*"
+    }
+
+    excluded_path {
+      path = "/\"_etag\"/?"
+    }
+  }
+}
+
+############################
+# FIMS MONGO (TO REMOVE)
+############################
 module "cosmosdb_account_mongodb_fims" {
   source = "git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account?ref=v4.1.5"
 
@@ -175,3 +364,5 @@ data "azurerm_key_vault_secret" "mongodb_connection_string_fims" {
   name         = "io-p-fims-mongodb-account-connection-string"
   key_vault_id = module.key_vault.id
 }
+
+
diff --git a/src/domains/citizen-auth-common/99_variables.tf b/src/domains/citizen-auth-common/99_variables.tf
@@ -78,6 +78,15 @@ variable "citizen_auth_database" {
   )
 }
 
+variable "fims_database" {
+  type = map(
+    object({
+      max_throughput = number
+      ttl            = number
+    })
+  )
+}
+
 ### External resources
 
 variable "monitor_resource_group_name" {

diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md
@@ -24,8 +24,10 @@
 | <a name="module_apim_v2_lollipop_api_v1"></a> [apim\_v2\_lollipop\_api\_v1](#module\_apim\_v2\_lollipop\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v4.1.5 |
 | <a name="module_apim_v2_product_lollipop"></a> [apim\_v2\_product\_lollipop](#module\_apim\_v2\_product\_lollipop) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v4.1.5 |
 | <a name="module_cosmosdb_account"></a> [cosmosdb\_account](#module\_cosmosdb\_account) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account | v4.3.1 |
+| <a name="module_cosmosdb_account_fims"></a> [cosmosdb\_account\_fims](#module\_cosmosdb\_account\_fims) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account | v4.3.1 |
 | <a name="module_cosmosdb_account_mongodb_fims"></a> [cosmosdb\_account\_mongodb\_fims](#module\_cosmosdb\_account\_mongodb\_fims) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_account | v4.1.5 |
 | <a name="module_cosmosdb_sql_database_citizen_auth"></a> [cosmosdb\_sql\_database\_citizen\_auth](#module\_cosmosdb\_sql\_database\_citizen\_auth) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_sql_database | v4.3.1 |
+| <a name="module_cosmosdb_sql_database_fims"></a> [cosmosdb\_sql\_database\_fims](#module\_cosmosdb\_sql\_database\_fims) | git::https://github.com/pagopa/terraform-azurerm-v3//cosmosdb_sql_database | v4.3.1 |
 | <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v4.1.3 |
 | <a name="module_lollipop_assertions_storage"></a> [lollipop\_assertions\_storage](#module\_lollipop\_assertions\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account | v6.1.0 |
 | <a name="module_lollipop_assertions_storage_customer_managed_key"></a> [lollipop\_assertions\_storage\_customer\_managed\_key](#module\_lollipop\_assertions\_storage\_customer\_managed\_key) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account_customer_managed_key | v4.3.1 |
@@ -51,6 +53,10 @@
 | [azurerm_api_management_user.pagopa_user](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_api_management_user.pagopa_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_cosmosdb_mongo_database.db_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_database) | resource |
+| [azurerm_cosmosdb_sql_container.fims_client](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
+| [azurerm_cosmosdb_sql_container.fims_grant](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
+| [azurerm_cosmosdb_sql_container.fims_interaction](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
+| [azurerm_cosmosdb_sql_container.fims_session](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
 | [azurerm_cosmosdb_sql_container.lollipop_pubkeys](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
 | [azurerm_key_vault_access_policy.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
@@ -112,6 +118,7 @@
 | <a name="input_enable_azdoa"></a> [enable\_azdoa](#input\_enable\_azdoa) | Specifies Azure Devops Agent enabling | `bool` | `true` | no |
 | <a name="input_env"></a> [env](#input\_env) | n/a | `string` | n/a | yes |
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
+| <a name="input_fims_database"></a> [fims\_database](#input\_fims\_database) | n/a | <pre>map(<br>    object({<br>      max_throughput = number<br>      ttl            = number<br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_instance"></a> [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
 | <a name="input_location_full"></a> [location\_full](#input\_location\_full) | One of West Europe, North Europe | `string` | n/a | yes |

diff --git a/src/domains/citizen-auth-common/env/prod/terraform.tfvars b/src/domains/citizen-auth-common/env/prod/terraform.tfvars
@@ -24,6 +24,25 @@ citizen_auth_database = {
   }
 }
 
+fims_database = {
+  client = {
+    max_throughput = 3000
+    ttl            = -1
+  },
+  grant = {
+    max_throughput = 3000
+    ttl            = -1
+  },
+  interaction = {
+    max_throughput = 3000
+    ttl            = -1
+  },
+  session = {
+    max_throughput = 3000
+    ttl            = -1
+  }
+}
+
 ### External resources
 
 monitor_resource_group_name                 = "io-p-rg-common"