From b2ec4ba1bc2745681de046125ff24e4c176c69fc Mon Sep 17 00:00:00 2001
From: Michael Disaro <15191694+michaeldisaro@users.noreply.github.com>
Date: Tue, 5 Sep 2023 16:57:30 +0200
Subject: [PATCH] [#IOCOM-489] Created a new app service for fims+ (#664)
---
src/domains/citizen-auth-app/04_fims.tf | 225 ++++++++++++++++++++++--
src/domains/citizen-auth-app/README.md | 4 +
2 files changed, 215 insertions(+), 14 deletions(-)
diff --git a/src/domains/citizen-auth-app/04_fims.tf b/src/domains/citizen-auth-app/04_fims.tf
index 690f490f3..35c8785f0 100644
--- a/src/domains/citizen-auth-app/04_fims.tf
+++ b/src/domains/citizen-auth-app/04_fims.tf
@@ -5,6 +5,11 @@ resource "azurerm_resource_group" "fims_rg" {
tags = var.tags
}
+data "azurerm_cosmosdb_account" "cosmos_fims" {
+ name = "io-p-citizen-auth-fims-account"
+ resource_group_name = "io-p-citizen-auth-data-rg"
+}
+
data "azurerm_key_vault_secret" "mongodb_connection_string_fims" {
name = "io-p-fims-mongodb-account-connection-string"
key_vault_id = data.azurerm_key_vault.kv.id
@@ -54,6 +59,10 @@ locals {
IO_BACKEND_BASE_URL = "https://api-app.io.pagopa.it"
VERSION = "0.0.1"
MONGODB_URL = data.azurerm_key_vault_secret.mongodb_connection_string_fims.value
+ COSMOSDB_NAME = "fims"
+ COSMOSDB_URI = data.azurerm_cosmosdb_account.cosmos_fims.endpoint
+ COSMOSDB_KEY = data.azurerm_cosmosdb_account.cosmos_fims.primary_key
+ COSMOSDB_CONNECTION_STRING = format("AccountEndpoint=%s;AccountKey=%s;", data.azurerm_cosmosdb_account.cosmos_fims.endpoint, data.azurerm_cosmosdb_account.cosmos_fims.primary_key)
AUTHENTICATION_COOKIE_KEY = "X-IO-FIMS-Token"
GRANT_TTL_IN_SECONDS = "86400"
ISSUER = "https://io-p-citizen-auth-weu-prod01-app-fims.azurewebsites.net"
@@ -98,7 +107,7 @@ resource "azurerm_subnet_nat_gateway_association" "fims_snet" {
subnet_id = module.fims_snet[0].id
}
-module "appservice_fims" {
+module "appservice_fims_plus" {
count = var.fims_enabled ? 1 : 0
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15"
@@ -111,7 +120,7 @@ module "appservice_fims" {
plan_sku_size = var.fims_plan_sku_size
# App service
- name = format("%s-app-fims", local.project)
+ name = format("%s-app-fims-plus", local.project)
resource_group_name = azurerm_resource_group.fims_rg[0].name
location = azurerm_resource_group.fims_rg[0].location
@@ -138,14 +147,14 @@ module "appservice_fims" {
tags = var.tags
}
-module "appservice_fims_slot_staging" {
+module "appservice_fims_plus_slot_staging" {
count = var.fims_enabled ? 1 : 0
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot?ref=v4.1.15"
# App service plan
- app_service_plan_id = module.appservice_fims[0].plan_id
- app_service_id = module.appservice_fims[0].id
- app_service_name = module.appservice_fims[0].name
+ app_service_plan_id = module.appservice_fims_plus[0].plan_id
+ app_service_id = module.appservice_fims_plus[0].id
+ app_service_name = module.appservice_fims_plus[0].name
# App service
name = "staging"
@@ -176,12 +185,12 @@ module "appservice_fims_slot_staging" {
tags = var.tags
}
-resource "azurerm_monitor_autoscale_setting" "appservice_fims" {
+resource "azurerm_monitor_autoscale_setting" "appservice_fims_plus" {
count = var.fims_enabled ? 1 : 0
- name = format("%s-autoscale", module.appservice_fims[0].name)
+ name = format("%s-autoscale", module.appservice_fims_plus[0].name)
resource_group_name = azurerm_resource_group.fims_rg[0].name
location = azurerm_resource_group.fims_rg[0].location
- target_resource_id = module.appservice_fims[0].plan_id
+ target_resource_id = module.appservice_fims_plus[0].plan_id
profile {
name = "default"
@@ -195,7 +204,7 @@ resource "azurerm_monitor_autoscale_setting" "appservice_fims" {
rule {
metric_trigger {
metric_name = "Requests"
- metric_resource_id = module.appservice_fims[0].id
+ metric_resource_id = module.appservice_fims_plus[0].id
metric_namespace = "microsoft.web/sites"
time_grain = "PT1M"
statistic = "Average"
@@ -217,7 +226,7 @@ resource "azurerm_monitor_autoscale_setting" "appservice_fims" {
rule {
metric_trigger {
metric_name = "CpuPercentage"
- metric_resource_id = module.appservice_fims[0].plan_id
+ metric_resource_id = module.appservice_fims_plus[0].plan_id
metric_namespace = "microsoft.web/serverfarms"
time_grain = "PT1M"
statistic = "Average"
@@ -239,7 +248,7 @@ resource "azurerm_monitor_autoscale_setting" "appservice_fims" {
rule {
metric_trigger {
metric_name = "Requests"
- metric_resource_id = module.appservice_fims[0].id
+ metric_resource_id = module.appservice_fims_plus[0].id
metric_namespace = "microsoft.web/sites"
time_grain = "PT1M"
statistic = "Average"
@@ -261,7 +270,7 @@ resource "azurerm_monitor_autoscale_setting" "appservice_fims" {
rule {
metric_trigger {
metric_name = "CpuPercentage"
- metric_resource_id = module.appservice_fims[0].plan_id
+ metric_resource_id = module.appservice_fims_plus[0].plan_id
metric_namespace = "microsoft.web/serverfarms"
time_grain = "PT1M"
statistic = "Average"
@@ -289,7 +298,7 @@ resource "azurerm_monitor_metric_alert" "too_many_http_5xx" {
name = "[IO-COMMONS | FIMS] Too many 5xx"
resource_group_name = azurerm_resource_group.fims_rg[0].name
- scopes = [module.appservice_fims[0].id]
+ scopes = [module.appservice_fims_plus[0].id]
description = "Whenever the total http server errors exceeds a dynamic threashold."
severity = 0
@@ -318,3 +327,191 @@ resource "azurerm_monitor_metric_alert" "too_many_http_5xx" {
tags = var.tags
}
+
+######################
+# OLD FIMS TO REMOVE #
+######################
+
+module "appservice_fims" {
+ count = var.fims_enabled ? 1 : 0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15"
+
+ # App service plan
+ plan_type = "internal"
+ plan_name = format("%s-plan-fims", local.project)
+ plan_reserved = true # Mandatory for Linux plan
+ plan_kind = "Linux"
+ plan_sku_tier = var.fims_plan_sku_tier
+ plan_sku_size = var.fims_plan_sku_size
+
+ # App service
+ name = format("%s-app-fims", local.project)
+ resource_group_name = azurerm_resource_group.fims_rg[0].name
+ location = azurerm_resource_group.fims_rg[0].location
+
+ always_on = true
+ linux_fx_version = "NODE|18-lts"
+ app_command_line = local.fims.app_command_line
+ health_check_path = "/api/info"
+
+ app_settings = local.fims.app_settings_common
+
+ allowed_subnets = [
+ data.azurerm_subnet.appgateway_snet.id,
+ data.azurerm_subnet.apim_snet.id,
+ data.azurerm_subnet.apim_v2_snet.id,
+ ]
+
+ allowed_ips = concat(
+ [],
+ )
+
+ subnet_id = module.fims_snet[0].id
+ vnet_integration = true
+
+ tags = var.tags
+}
+
+module "appservice_fims_slot_staging" {
+ count = var.fims_enabled ? 1 : 0
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot?ref=v4.1.15"
+
+ # App service plan
+ app_service_plan_id = module.appservice_fims[0].plan_id
+ app_service_id = module.appservice_fims[0].id
+ app_service_name = module.appservice_fims[0].name
+
+ # App service
+ name = "staging"
+ resource_group_name = azurerm_resource_group.fims_rg[0].name
+ location = azurerm_resource_group.fims_rg[0].location
+
+ always_on = true
+ linux_fx_version = "NODE|18-lts"
+ app_command_line = local.fims.app_command_line
+ health_check_path = "/api/info"
+
+ app_settings = local.fims.app_settings_common
+
+ allowed_subnets = [
+ data.azurerm_subnet.azdoa_snet[0].id,
+ data.azurerm_subnet.appgateway_snet.id,
+ data.azurerm_subnet.apim_snet.id,
+ data.azurerm_subnet.apim_v2_snet.id,
+ ]
+
+ allowed_ips = concat(
+ [],
+ )
+
+ subnet_id = module.fims_snet[0].id
+ vnet_integration = true
+
+ tags = var.tags
+}
+
+resource "azurerm_monitor_autoscale_setting" "appservice_fims" {
+ count = var.fims_enabled ? 1 : 0
+ name = format("%s-autoscale", module.appservice_fims[0].name)
+ resource_group_name = azurerm_resource_group.fims_rg[0].name
+ location = azurerm_resource_group.fims_rg[0].location
+ target_resource_id = module.appservice_fims[0].plan_id
+
+ profile {
+ name = "default"
+
+ capacity {
+ default = var.fims_autoscale_default
+ minimum = var.fims_autoscale_minimum
+ maximum = var.fims_autoscale_maximum
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Requests"
+ metric_resource_id = module.appservice_fims[0].id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 4000
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "2"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "CpuPercentage"
+ metric_resource_id = module.appservice_fims[0].plan_id
+ metric_namespace = "microsoft.web/serverfarms"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 50
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "2"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Requests"
+ metric_resource_id = module.appservice_fims[0].id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 1000
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT1H"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "CpuPercentage"
+ metric_resource_id = module.appservice_fims[0].plan_id
+ metric_namespace = "microsoft.web/serverfarms"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 10
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT1H"
+ }
+ }
+ }
+}
diff --git a/src/domains/citizen-auth-app/README.md b/src/domains/citizen-auth-app/README.md
index 5a934e6e4..794736501 100644
--- a/src/domains/citizen-auth-app/README.md
+++ b/src/domains/citizen-auth-app/README.md
@@ -22,6 +22,8 @@
| Name | Source | Version |
|------|--------|---------|
| [appservice\_fims](#module\_appservice\_fims) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v4.1.15 |
+| [appservice\_fims\_plus](#module\_appservice\_fims\_plus) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v4.1.15 |
+| [appservice\_fims\_plus\_slot\_staging](#module\_appservice\_fims\_plus\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v4.1.15 |
| [appservice\_fims\_slot\_staging](#module\_appservice\_fims\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v4.1.15 |
| [fast\_login\_snet](#module\_fast\_login\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.19.1 |
| [fims\_snet](#module\_fims\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.15 |
@@ -36,6 +38,7 @@
| Name | Type |
|------|------|
| [azurerm_monitor_autoscale_setting.appservice_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
+| [azurerm_monitor_autoscale_setting.appservice_fims_plus](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_autoscale_setting.function_fast_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_autoscale_setting.function_lollipop](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_metric_alert.too_many_http_5xx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
@@ -52,6 +55,7 @@
| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
| [azurerm_cosmosdb_account.cosmos_citizen_auth](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
+| [azurerm_cosmosdb_account.cosmos_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
| [azurerm_cosmosdb_account.cosmosdb_mongo_fims](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
| [azurerm_key_vault_certificate_data.lollipop_certificate_v1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate_data) | data source |