[#IOCOM-489] Fixed subnet (#666)

src/domains/citizen-auth-app/04_fims.tf

@@ -74,11 +74,16 @@ locals {
   }
 }
 
-module "fims_snet" {
+data "azurerm_nat_gateway" "nat_gateway" {
+  name                = "io-p-natgw"
+  resource_group_name = "io-p-rg-common"
+}
+
+module "fims_plus_snet" {
   count                                     = var.fims_enabled ? 1 : 0
   source                                    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v4.1.15"
-  name                                      = "fims"
-  address_prefixes                          = var.cidr_subnet_fims
+  name                                      = "fims-plus"
+  address_prefixes                          = var.cidr_subnet_fims_plus
   resource_group_name                       = data.azurerm_virtual_network.vnet_common.resource_group_name
   virtual_network_name                      = data.azurerm_virtual_network.vnet_common.name
   private_endpoint_network_policies_enabled = true
@@ -96,17 +101,14 @@ module "fims_snet" {
   }
 }
 
-data "azurerm_nat_gateway" "nat_gateway" {
-  name                = "io-p-natgw"
-  resource_group_name = "io-p-rg-common"
-}
-
-resource "azurerm_subnet_nat_gateway_association" "fims_snet" {
+resource "azurerm_subnet_nat_gateway_association" "fims_plus_snet" {
   count          = var.fims_enabled ? 1 : 0
   nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id
-  subnet_id      = module.fims_snet[0].id
+  subnet_id      = module.fims_plus_snet[0].id
 }
 
+
+
 module "appservice_fims_plus" {
   count  = var.fims_enabled ? 1 : 0
   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15"
@@ -141,7 +143,7 @@ module "appservice_fims_plus" {
     [],
   )
 
-  subnet_id        = module.fims_snet[0].id
+  subnet_id        = module.fims_plus_snet[0].id
   vnet_integration = true
 
   tags = var.tags
@@ -179,7 +181,7 @@ module "appservice_fims_plus_slot_staging" {
     [],
   )
 
-  subnet_id        = module.fims_snet[0].id
+  subnet_id        = module.fims_plus_snet[0].id
   vnet_integration = true
 
   tags = var.tags
@@ -332,6 +334,34 @@ resource "azurerm_monitor_metric_alert" "too_many_http_5xx" {
 # OLD FIMS TO REMOVE #
 ######################
 
+module "fims_snet" {
+  count                                     = var.fims_enabled ? 1 : 0
+  source                                    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v4.1.15"
+  name                                      = "fims"
+  address_prefixes                          = var.cidr_subnet_fims
+  resource_group_name                       = data.azurerm_virtual_network.vnet_common.resource_group_name
+  virtual_network_name                      = data.azurerm_virtual_network.vnet_common.name
+  private_endpoint_network_policies_enabled = true
+
+  service_endpoints = [
+    "Microsoft.Web",
+  ]
+
+  delegation = {
+    name = "default"
+    service_delegation = {
+      name    = "Microsoft.Web/serverFarms"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+    }
+  }
+}
+
+resource "azurerm_subnet_nat_gateway_association" "fims_snet" {
+  count          = var.fims_enabled ? 1 : 0
+  nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id
+  subnet_id      = module.fims_snet[0].id
+}
+
 module "appservice_fims" {
   count  = var.fims_enabled ? 1 : 0
   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15"

src/domains/citizen-auth-app/99_variables.tf

@@ -229,6 +229,11 @@ variable "cidr_subnet_fims" {
   description = "App service FIMS address space."
 }
 
+variable "cidr_subnet_fims_plus" {
+  type        = list(string)
+  description = "App service FIMS+ address space."
+}
+
 variable "fims_plan_sku_tier" {
   type        = string
   description = "App service plan sku tier"

src/domains/citizen-auth-app/README.md

@@ -26,6 +26,7 @@
 | <a name="module_appservice_fims_plus_slot_staging"></a> [appservice\_fims\_plus\_slot\_staging](#module\_appservice\_fims\_plus\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v4.1.15 |
 | <a name="module_appservice_fims_slot_staging"></a> [appservice\_fims\_slot\_staging](#module\_appservice\_fims\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v4.1.15 |
 | <a name="module_fast_login_snet"></a> [fast\_login\_snet](#module\_fast\_login\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.19.1 |
+| <a name="module_fims_plus_snet"></a> [fims\_plus\_snet](#module\_fims\_plus\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.15 |
 | <a name="module_fims_snet"></a> [fims\_snet](#module\_fims\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.15 |
 | <a name="module_function_fast_login"></a> [function\_fast\_login](#module\_function\_fast\_login) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app | v6.19.1 |
 | <a name="module_function_fast_login_staging_slot"></a> [function\_fast\_login\_staging\_slot](#module\_function\_fast\_login\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v6.19.1 |
@@ -47,6 +48,7 @@
 | [azurerm_resource_group.fast_login_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.fims_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.lollipop_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_subnet_nat_gateway_association.fims_plus_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_nat_gateway_association.fims_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
 | [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
@@ -98,6 +100,7 @@
 |------|-------------|------|---------|:--------:|
 | <a name="input_application_insights_name"></a> [application\_insights\_name](#input\_application\_insights\_name) | Specifies the name of the Application Insights. | `string` | n/a | yes |
 | <a name="input_cidr_subnet_fims"></a> [cidr\_subnet\_fims](#input\_cidr\_subnet\_fims) | App service FIMS address space. | `list(string)` | n/a | yes |
+| <a name="input_cidr_subnet_fims_plus"></a> [cidr\_subnet\_fims\_plus](#input\_cidr\_subnet\_fims\_plus) | App service FIMS+ address space. | `list(string)` | n/a | yes |
 | <a name="input_cidr_subnet_fnfastlogin"></a> [cidr\_subnet\_fnfastlogin](#input\_cidr\_subnet\_fnfastlogin) | Function Lollipop address space. | `list(string)` | n/a | yes |
 | <a name="input_cidr_subnet_fnlollipop"></a> [cidr\_subnet\_fnlollipop](#input\_cidr\_subnet\_fnlollipop) | Function Lollipop address space. | `list(string)` | n/a | yes |
 | <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | n/a | yes |

src/domains/citizen-auth-app/env/weu-beta/terraform.tfvars

@@ -45,3 +45,5 @@ ingress_load_balancer_ip = "10.10.100.250"
 cidr_subnet_fnlollipop   = ["127.0.0.1/32"]
 cidr_subnet_fnfastlogin  = ["127.0.0.2/32"]
 cidr_subnet_fims         = ["127.0.0.3/32"]
+cidr_subnet_fims_plus    = ["127.0.0.4/32"]
+

src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars

@@ -65,8 +65,9 @@ function_fastlogin_autoscale_default = 10
 
 # FIMS App Service
 cidr_subnet_fims       = ["10.0.18.0/26"]
+cidr_subnet_fims_plus  = ["10.0.18.64/26"]
 fims_plan_sku_tier     = "PremiumV3"
 fims_plan_sku_size     = "P1v3"
 fims_autoscale_minimum = 1
 fims_autoscale_maximum = 3
-fims_autoscale_default = 1
+fims_autoscale_default = 1