add io backoffice app to app gateway

src/core/99_variables.tf

@@ -412,6 +412,11 @@ variable "app_gateway_continua_io_pagopa_it_certificate_name" {
   description = "Application gateway continua certificate name on Key Vault"
 }
 
+variable "app_gateway_selfcare_io_pagopa_it_certificate_name" {
+  type        = string
+  description = "Application gateway selfcare-io certificate name on Key Vault"
+}
+
 variable "app_gateway_min_capacity" {
   type    = number
   default = 0

src/core/README.md

@@ -268,6 +268,7 @@
 | [azurerm_dns_a_record.continua_io_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
 | [azurerm_dns_a_record.developerportal_backend_io_italia_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
 | [azurerm_dns_a_record.firmaconio_selfcare_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
+| [azurerm_dns_a_record.selfcare_io_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
 | [azurerm_dns_caa_record.firmaconio_selfcare_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_caa_record) | resource |
 | [azurerm_dns_caa_record.io_italia_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_caa_record) | resource |
 | [azurerm_dns_caa_record.io_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_caa_record) | resource |
@@ -503,6 +504,7 @@
 | [azurerm_key_vault_certificate.app_gw_continua](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source |
 | [azurerm_key_vault_certificate.app_gw_developerportal_backend_io_italia_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source |
 | [azurerm_key_vault_certificate.app_gw_firmaconio_selfcare_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source |
+| [azurerm_key_vault_certificate.app_gw_selfcare_io](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source |
 | [azurerm_key_vault_secret.ad_APPCLIENT_APIM_ID](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.ad_APPCLIENT_APIM_SECRET](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.adb2c_TENANT_NAME](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
@@ -633,6 +635,7 @@
 | [azurerm_key_vault_secret.subscriptionmigrations_db_server_adm_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.subscriptionmigrations_db_server_fnsubsmigrations_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_linux_web_app.app_backend_app_services](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
+| [azurerm_linux_web_app.cms_backoffice_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
 | [azurerm_linux_web_app.firmaconio_selfcare_web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
 | [azurerm_redis_cache.redis_cgn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/redis_cache) | data source |
 | [azurerm_resource_group.notifications_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
@@ -675,6 +678,7 @@
 | <a name="input_app_gateway_firmaconio_selfcare_pagopa_it_certificate_name"></a> [app\_gateway\_firmaconio\_selfcare\_pagopa\_it\_certificate\_name](#input\_app\_gateway\_firmaconio\_selfcare\_pagopa\_it\_certificate\_name) | Application gateway api certificate name on Key Vault | `string` | n/a | yes |
 | <a name="input_app_gateway_max_capacity"></a> [app\_gateway\_max\_capacity](#input\_app\_gateway\_max\_capacity) | n/a | `number` | `2` | no |
 | <a name="input_app_gateway_min_capacity"></a> [app\_gateway\_min\_capacity](#input\_app\_gateway\_min\_capacity) | n/a | `number` | `0` | no |
+| <a name="input_app_gateway_selfcare_io_pagopa_it_certificate_name"></a> [app\_gateway\_selfcare\_io\_pagopa\_it\_certificate\_name](#input\_app\_gateway\_selfcare\_io\_pagopa\_it\_certificate\_name) | Application gateway selfcare-io certificate name on Key Vault | `string` | n/a | yes |
 | <a name="input_app_messages_count"></a> [app\_messages\_count](#input\_app\_messages\_count) | App Messages | `number` | `2` | no |
 | <a name="input_app_messages_function_always_on"></a> [app\_messages\_function\_always\_on](#input\_app\_messages\_function\_always\_on) | n/a | `bool` | `false` | no |
 | <a name="input_app_messages_function_autoscale_default"></a> [app\_messages\_function\_autoscale\_default](#input\_app\_messages\_function\_autoscale\_default) | The number of instances that are available for scaling if metrics are not available for evaluation. | `number` | `1` | no |

src/core/appgateway.tf

@@ -126,6 +126,20 @@ module "app_gw" {
       pick_host_name_from_backend = true
     }
 
+    selfcare-io-app = {
+      protocol     = "Https"
+      host         = null
+      port         = 443
+      ip_addresses = null # with null value use fqdns
+      fqdns = [
+        data.azurerm_linux_web_app.cms_backoffice_app.default_hostname,
+      ]
+      probe                       = "/api/info"
+      probe_name                  = "probe-selfcare-io-app"
+      request_timeout             = 10
+      pick_host_name_from_backend = true
+    }
+
   }
 
   ssl_profiles = [{
@@ -321,6 +335,23 @@ module "app_gw" {
         )
       }
     }
+
+    selfcare-io-pagopa-it = {
+      protocol           = "Https"
+      host               = format("selfcare.%s.%s", var.dns_zone_io, var.external_domain)
+      port               = 443
+      ssl_profile_name   = format("%s-ssl-profile", local.project)
+      firewall_policy_id = null
+
+      certificate = {
+        name = var.app_gateway_selfcare_io_pagopa_it_certificate_name
+        id = replace(
+          data.azurerm_key_vault_certificate.app_gw_selfcare_io.secret_id,
+          "/${data.azurerm_key_vault_certificate.app_gw_selfcare_io.version}",
+          ""
+        )
+      }
+    }
   }
 
   # maps listener to backend
@@ -389,6 +420,13 @@ module "app_gw" {
       priority              = 80
     }
 
+    selfcare-io-pagopa-it = {
+      listener              = "selfcare-io-pagopa-it"
+      backend               = "selfcare-io-app"
+      rewrite_rule_set_name = "rewrite-rule-set-selfcare-io"
+      priority              = 100
+    }
+
   }
 
   rewrite_rule_sets = [
@@ -546,6 +584,26 @@ module "app_gw" {
         response_header_configurations = []
       }]
     },
+    {
+      name = "rewrite-rule-set-selfcare-io"
+      rewrite_rules = [{
+        name          = "http-headers-selfcare-io"
+        rule_sequence = 100
+        conditions    = []
+        url           = null
+        request_header_configurations = [
+          {
+            header_name  = "X-Forwarded-For"
+            header_value = "{var_client_ip}"
+          },
+          {
+            header_name  = "X-Client-Ip"
+            header_value = "{var_client_ip}"
+          },
+        ]
+        response_header_configurations = []
+      }]
+    },
   ]
 
   # TLS
@@ -765,6 +823,11 @@ data "azurerm_key_vault_certificate" "app_gw_continua" {
   key_vault_id = module.key_vault.id
 }
 
+data "azurerm_key_vault_certificate" "app_gw_selfcare_io" {
+  name         = var.app_gateway_selfcare_io_pagopa_it_certificate_name
+  key_vault_id = module.key_vault.id
+}
+
 data "azurerm_key_vault_secret" "app_gw_mtls_header_name" {
   name         = "mtls-header-name"
   key_vault_id = module.key_vault.id

src/core/data.tf

@@ -269,3 +269,12 @@ resource "azurerm_monitor_metric_alert" "cosmos_cgn_throttling_alert" {
 
   tags = var.tags
 }
+
+#
+# IO Services CMS BackOffice App
+#
+
+data "azurerm_linux_web_app" "cms_backoffice_app" {
+  name                = format("%s-services-cms-backoffice-app", local.project)
+  resource_group_name = format("%s-services-cms-rg", local.project)
+}

src/core/dns_io_pagopa_it.tf

@@ -78,6 +78,17 @@ resource "azurerm_dns_a_record" "continua_io_pagopa_it" {
   tags = var.tags
 }
 
+# selfcare.io.pagopa.it
+resource "azurerm_dns_a_record" "selfcare_io_pagopa_it" {
+  name                = "selfcare"
+  zone_name           = azurerm_dns_zone.io_pagopa_it[0].name
+  resource_group_name = azurerm_resource_group.rg_external.name
+  ttl                 = var.dns_default_ttl_sec
+  records             = [azurerm_public_ip.appgateway_public_ip.ip_address]
+
+  tags = var.tags
+}
+
 # firma.io.pagopa.it
 resource "azurerm_dns_ns_record" "firma_io_pagopa_it_ns" {
   name                = "firma"

src/core/env/prod/terraform.tfvars

@@ -75,6 +75,7 @@ app_gateway_developerportal_backend_io_italia_it_certificate_name = "developerpo
 app_gateway_api_io_selfcare_pagopa_it_certificate_name            = "api-io-selfcare-pagopa-it"
 app_gateway_firmaconio_selfcare_pagopa_it_certificate_name        = "firmaconio-selfcare-pagopa-it"
 app_gateway_continua_io_pagopa_it_certificate_name                = "continua-io-pagopa-it"
+app_gateway_selfcare_io_pagopa_it_certificate_name                = "selfcare-io-pagopa-it"
 app_gateway_min_capacity                                          = 4 # 4 capacity=baseline, 10 capacity=high volume event, 15 capacity=very high volume event
 app_gateway_max_capacity                                          = 50
 app_gateway_alerts_enabled                                        = true