From 4aa1f600824807b9325ba2b53d2c75eaeaeca033 Mon Sep 17 00:00:00 2001 From: Gabriele Mendolia Date: Thu, 21 Nov 2024 15:41:28 +0100 Subject: [PATCH] [#IOPID-2400] introduce new storage account for ioweb-profile (#1313) Co-authored-by: Mario Mupo --- src/domains/ioweb-common/.terraform.lock.hcl | 68 +++++++++---------- src/domains/ioweb-common/01_network.tf | 4 +- src/domains/ioweb-common/01_network_itn.tf | 10 +++ src/domains/ioweb-common/02_security.tf | 10 +-- src/domains/ioweb-common/03_storage.tf | 4 +- src/domains/ioweb-common/04_redis.tf | 3 +- src/domains/ioweb-common/05_apim_itn.tf | 4 +- src/domains/ioweb-common/05_apim_v2.tf | 4 +- src/domains/ioweb-common/05_resource_group.tf | 4 ++ src/domains/ioweb-common/06_cdn.tf | 4 +- src/domains/ioweb-common/06_cdn_itn.tf | 49 +++++++++++++ src/domains/ioweb-common/10_spid_login.tf | 16 ++--- src/domains/ioweb-common/99_locals.tf | 8 +++ src/domains/ioweb-common/99_main.tf | 2 +- src/domains/ioweb-common/README.md | 35 ++++++---- 15 files changed, 151 insertions(+), 74 deletions(-) create mode 100644 src/domains/ioweb-common/01_network_itn.tf create mode 100644 src/domains/ioweb-common/06_cdn_itn.tf diff --git a/src/domains/ioweb-common/.terraform.lock.hcl b/src/domains/ioweb-common/.terraform.lock.hcl index fbaef71b8..da3fd1141 100644 --- a/src/domains/ioweb-common/.terraform.lock.hcl +++ b/src/domains/ioweb-common/.terraform.lock.hcl @@ -25,31 +25,31 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.40.0" - constraints = ">= 3.30.0, <= 3.40.0, <= 3.53.0, <= 3.71.0, <= 3.85.0" + version = "3.116.0" + constraints = "~> 3.30, ~> 3.76, ~> 3.95, != 3.97.0, != 3.97.1, <= 3.116.0" hashes = [ - "h1:/Jbhw/zNAsDYDoASaG6w+0KZyay9BkUVOpR8b7m0CsA=", - "h1:7Vfig36efXmcsWQSZwdB+bqZLtoZ/RyytY9lXHx9Fic=", - "h1:VpRitAMc2wjUH/2jCz9MtZZd83UFxwTCamjRvIh/Nvg=", - "h1:dSM3nwscFP/OmH5Kr5FGao+9DjIXUEECnbMtWdrQOdg=", - "zh:00fa6dc05bf2643c6a3c741edb7d88263698086835a8a613f1d7bd76d1b918fd", - "zh:0da9b788e773272a7aa9d59bd9e3d5842edd4acc8c3895bea469e66dc14205a0", - "zh:25a8c39d1f042fc7c83ba9dd745c3569ea9e577fadb57563a575fb115ac2b9f1", - "zh:4423666dbeae8bc22c6e8898ffbb88745681dc27668ca9104b665dd7f3d7292c", - "zh:78c07308e7407b558d15737a98fb5eaf15529d297fc3798de6a7d61e0466e2e3", - "zh:894aca7e6f4f331ee8eb51957a180dc03d399d2b1727e0d7842e9b3f022a8c6a", - "zh:bb0e620c2161b4c4892a6f50b1c4c69ed70f66bb5e92543a03d79d0e4b1d9441", - "zh:c7d8e6a791159ca63b30908c9efe72ab65f60d64b30f0c1eb5a64972f4994844", - "zh:d04c11bfd346c1ac34d16bbdca70b23b006e822f6beb236b85375e8343888eb4", - "zh:f4edea9660327c7c70a823d786fd1b1c1b186c8759770447f63da72f23e1a73c", + "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", + "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", + "h1:SJM/KQDW9blKFmLMaupsZVYtcZ0fYpjLHEriMgCBGCY=", + "h1:jwwbQ09fH1RdcNsknt1AkvfSUbULsl7nZQn6S8fabFI=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f986e268949cf445ff53a66af48a87c6f6dba5964e8a5b1dc0ea02afabdd71f7", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", ] } provider "registry.terraform.io/hashicorp/null" { version = "3.2.1" - constraints = "<= 3.2.1" + constraints = "~> 3.2, <= 3.2.1" hashes = [ "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", @@ -71,23 +71,23 @@ provider "registry.terraform.io/hashicorp/null" { } provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" + version = "4.0.6" hashes = [ - "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", - "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", - "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=", - "h1:rKKMyIEBZwR+8j6Tx3PwqBrStuH+J+pxcbCR5XN8WAw=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "h1:/sSdjHoiykrPdyBP1JE03V/KDgLXnHZhHcSOYIdDH/A=", + "h1:17Y+vdYNKgphpe1/SU5PBnGuYKEJkJZ7MZCnmAwsAGQ=", + "h1:dYSb3V94K5dDMtrBRLPzBpkMTPn+3cXZ/kIJdtFL+2M=", + "h1:n3M50qfWfRSpQV9Pwcvuse03pEizqrmYEryxKky4so4=", + "zh:10de0d8af02f2e578101688fd334da3849f56ea91b0d9bd5b1f7a243417fdda8", + "zh:37fc01f8b2bc9d5b055dc3e78bfd1beb7c42cfb776a4c81106e19c8911366297", + "zh:4578ca03d1dd0b7f572d96bd03f744be24c726bfd282173d54b100fd221608bb", + "zh:6c475491d1250050765a91a493ef330adc24689e8837a0f07da5a0e1269e11c1", + "zh:81bde94d53cdababa5b376bbc6947668be4c45ab655de7aa2e8e4736dfd52509", + "zh:abdce260840b7b050c4e401d4f75c7a199fafe58a8b213947a258f75ac18b3e8", + "zh:b754cebfc5184873840f16a642a7c9ef78c34dc246a8ae29e056c79939963c7a", + "zh:c928b66086078f9917aef0eec15982f2e337914c5c4dbc31dd4741403db7eb18", + "zh:cded27bee5f24de6f2ee0cfd1df46a7f88e84aaffc2ecbf3ff7094160f193d50", + "zh:d65eb3867e8f69aaf1b8bb53bd637c99c6b649ba3db16ded50fa9a01076d1a27", + "zh:ecb0c8b528c7a619fa71852bb3fb5c151d47576c5aab2bf3af4db52588722eeb", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/src/domains/ioweb-common/01_network.tf b/src/domains/ioweb-common/01_network.tf index c6e85d0e8..29818c446 100644 --- a/src/domains/ioweb-common/01_network.tf +++ b/src/domains/ioweb-common/01_network.tf @@ -40,7 +40,7 @@ data "azurerm_subnet" "ioweb_profile_snet" { ## redis spid login subnet module "redis_spid_login_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v4.1.15" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.56.0" name = format("%s-redis-spid-login-snet", local.project) address_prefixes = var.subnets_cidrs.redis_spid_login resource_group_name = local.vnet_common_resource_group_name @@ -51,7 +51,7 @@ module "redis_spid_login_snet" { ## spid_login subnet module "spid_login_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v4.1.15" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.56.0" name = format("%s-spid-login-snet", local.project) address_prefixes = var.subnets_cidrs.spid_login resource_group_name = local.vnet_common_resource_group_name diff --git a/src/domains/ioweb-common/01_network_itn.tf b/src/domains/ioweb-common/01_network_itn.tf new file mode 100644 index 000000000..b68b5f94b --- /dev/null +++ b/src/domains/ioweb-common/01_network_itn.tf @@ -0,0 +1,10 @@ +data "azurerm_virtual_network" "common_itn" { + name = "${local.common_project_itn}-common-vnet-01" + resource_group_name = "${local.common_project_itn}-common-rg-01" +} + +data "azurerm_subnet" "private_endpoints_subnet_itn" { + name = "${local.common_project_itn}-pep-snet-01" + virtual_network_name = data.azurerm_virtual_network.common_itn.name + resource_group_name = data.azurerm_virtual_network.common_itn.resource_group_name +} diff --git a/src/domains/ioweb-common/02_security.tf b/src/domains/ioweb-common/02_security.tf index 9e796cc44..80096d32b 100644 --- a/src/domains/ioweb-common/02_security.tf +++ b/src/domains/ioweb-common/02_security.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg" { } module "key_vault" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v4.1.3" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.56.0" name = "${local.product}-${var.domain}-kv" location = azurerm_resource_group.sec_rg.location @@ -24,7 +24,7 @@ resource "azurerm_key_vault_access_policy" "adgroup_admin" { tenant_id = data.azurerm_client_config.current.tenant_id object_id = data.azuread_group.adgroup_admin.object_id - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", ] + key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "GetRotationPolicy"] secret_permissions = ["Get", "List", "Set", "Delete", "Restore", "Recover", ] storage_permissions = [] certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Recover", ] @@ -37,7 +37,7 @@ resource "azurerm_key_vault_access_policy" "adgroup_developers" { tenant_id = data.azurerm_client_config.current.tenant_id object_id = data.azuread_group.adgroup_developers.object_id - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", ] + key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "GetRotationPolicy"] secret_permissions = ["Get", "List", "Set", "Delete", "Restore", "Recover", ] storage_permissions = [] certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Recover", ] @@ -50,7 +50,7 @@ resource "azurerm_key_vault_access_policy" "access_policy_io_infra_ci" { tenant_id = data.azurerm_client_config.current.tenant_id object_id = data.azurerm_user_assigned_identity.managed_identity_io_infra_ci.principal_id - key_permissions = ["Get", "List"] + key_permissions = ["Get", "List", "GetRotationPolicy"] secret_permissions = ["Get", "List"] certificate_permissions = ["Get", "List"] } @@ -61,7 +61,7 @@ resource "azurerm_key_vault_access_policy" "access_policy_io_infra_cd" { tenant_id = data.azurerm_client_config.current.tenant_id object_id = data.azurerm_user_assigned_identity.managed_identity_io_infra_cd.principal_id - key_permissions = ["Get", "List"] + key_permissions = ["Get", "List", "GetRotationPolicy"] secret_permissions = ["Get", "List"] certificate_permissions = ["Get", "List"] } diff --git a/src/domains/ioweb-common/03_storage.tf b/src/domains/ioweb-common/03_storage.tf index 2e82a0a47..e9500202e 100644 --- a/src/domains/ioweb-common/03_storage.tf +++ b/src/domains/ioweb-common/03_storage.tf @@ -7,7 +7,7 @@ locals { # Immutable SPID LOGS Storage ###################### module "immutable_spid_logs_storage" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//storage_account?ref=v7.32.1" + source = "git::https://github.com/pagopa/terraform-azurerm-v3//storage_account?ref=v8.56.0" name = replace(format("%s-spid-logs-im-st", local.project), "-", "") domain = upper(var.domain) @@ -37,7 +37,7 @@ module "immutable_spid_logs_storage" { } module "immutable_spid_logs_storage_customer_managed_key" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//storage_account_customer_managed_key?ref=v7.32.1" + source = "git::https://github.com/pagopa/terraform-azurerm-v3//storage_account_customer_managed_key?ref=v8.56.0" tenant_id = data.azurerm_subscription.current.tenant_id location = var.location resource_group_name = azurerm_resource_group.storage_rg.name diff --git a/src/domains/ioweb-common/04_redis.tf b/src/domains/ioweb-common/04_redis.tf index 89d34875a..aff091088 100644 --- a/src/domains/ioweb-common/04_redis.tf +++ b/src/domains/ioweb-common/04_redis.tf @@ -3,7 +3,7 @@ * [REDIS V6] */ module "redis_spid_login" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache?ref=v6.11.2" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache?ref=v8.56.0" name = format("%s-redis-std-v6", local.project) resource_group_name = azurerm_resource_group.common_rg.name location = azurerm_resource_group.common_rg.location @@ -12,6 +12,7 @@ module "redis_spid_login" { sku_name = "Standard" redis_version = "6" enable_authentication = true + zones = null // when azure can apply patch? patch_schedules = [{ diff --git a/src/domains/ioweb-common/05_apim_itn.tf b/src/domains/ioweb-common/05_apim_itn.tf index a12099262..5738ba213 100644 --- a/src/domains/ioweb-common/05_apim_itn.tf +++ b/src/domains/ioweb-common/05_apim_itn.tf @@ -1,7 +1,7 @@ # API Product module "apim_itn_product_ioweb" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v4.1.5" + source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.56.0" product_id = "io-web-api" display_name = "IO WEB API" @@ -18,7 +18,7 @@ module "apim_itn_product_ioweb" { } module "apim_itn_spid_login_api" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v4.1.5" + source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.56.0" name = format("%s-ioweb-auth", local.product) api_management_name = data.azurerm_api_management.apim_itn_api.name diff --git a/src/domains/ioweb-common/05_apim_v2.tf b/src/domains/ioweb-common/05_apim_v2.tf index 5eb2c1cee..dfc08c63e 100644 --- a/src/domains/ioweb-common/05_apim_v2.tf +++ b/src/domains/ioweb-common/05_apim_v2.tf @@ -1,7 +1,7 @@ # API Product module "apim_v2_product_ioweb" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v4.1.5" + source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.56.0" product_id = "io-web-api" display_name = "IO WEB API" @@ -18,7 +18,7 @@ module "apim_v2_product_ioweb" { } module "apim_v2_spid_login_api" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v4.1.5" + source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.56.0" name = format("%s-ioweb-auth", local.product) api_management_name = data.azurerm_api_management.apim_v2_api.name diff --git a/src/domains/ioweb-common/05_resource_group.tf b/src/domains/ioweb-common/05_resource_group.tf index 70cf2ccba..9e27836e7 100644 --- a/src/domains/ioweb-common/05_resource_group.tf +++ b/src/domains/ioweb-common/05_resource_group.tf @@ -18,3 +18,7 @@ resource "azurerm_resource_group" "storage_rg" { tags = var.tags } + +data "azurerm_resource_group" "common_rg_weu" { + name = "${local.product}-rg-common" +} diff --git a/src/domains/ioweb-common/06_cdn.tf b/src/domains/ioweb-common/06_cdn.tf index 988193f2c..da3c888b1 100644 --- a/src/domains/ioweb-common/06_cdn.tf +++ b/src/domains/ioweb-common/06_cdn.tf @@ -9,7 +9,7 @@ data "azurerm_dns_zone" "ioapp_it" { } module "landing_cdn" { - source = "github.com/pagopa/terraform-azurerm-v3.git//cdn?ref=v7.59.0" + source = "github.com/pagopa/terraform-azurerm-v3.git//cdn?ref=v8.56.0" name = "portal" prefix = local.project @@ -22,6 +22,8 @@ module "landing_cdn" { index_document = "index.html" error_404_document = "it/404/index.html" + advanced_threat_protection_enabled = false + dns_zone_name = data.azurerm_dns_zone.ioapp_it.name dns_zone_resource_group_name = data.azurerm_resource_group.core_ext.name diff --git a/src/domains/ioweb-common/06_cdn_itn.tf b/src/domains/ioweb-common/06_cdn_itn.tf new file mode 100644 index 000000000..3abd16026 --- /dev/null +++ b/src/domains/ioweb-common/06_cdn_itn.tf @@ -0,0 +1,49 @@ +resource "azurerm_resource_group" "io_web_profile_itn_fe_rg" { + name = format("%s-ioweb-fe-rg-01", local.project_itn) + location = local.itn_location +} + +module "io_web_profile_itn_fe_st" { + source = "github.com/pagopa/dx//infra/modules/azure_storage_account?ref=main" + + // s tier -> Standard LRS + // l tier -> Standard ZRS + tier = "l" + + # NOTE: domain omitted for characters shortage + environment = { + prefix = var.prefix + env_short = var.env_short + location = local.itn_location + app_name = replace("ioweb-profile", "-", "") + instance_number = "01" + } + access_tier = "Hot" + + resource_group_name = azurerm_resource_group.io_web_profile_itn_fe_rg.name + subnet_pep_id = data.azurerm_subnet.private_endpoints_subnet_itn.id + private_dns_zone_resource_group_name = data.azurerm_resource_group.common_rg_weu.name + + # storage should be accessible by CDN via private endpoint + # see https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-enable-private-link-storage-account + force_public_network_access_enabled = false + subservices_enabled = { + blob = true + } + blob_features = { + versioning = true + change_feed = { + enabled = false + } + immutability_policy = { + enabled = false + } + } + + static_website = { + index_document = "index.html" + error_404_document = "it/404/index.html" + } + + tags = var.tags +} diff --git a/src/domains/ioweb-common/10_spid_login.tf b/src/domains/ioweb-common/10_spid_login.tf index 96d1ba61a..69d06f523 100644 --- a/src/domains/ioweb-common/10_spid_login.tf +++ b/src/domains/ioweb-common/10_spid_login.tf @@ -7,15 +7,12 @@ locals { ## App service spid login ## ############################ module "spid_login" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v8.56.0" # App service plan - plan_type = "internal" - plan_name = format("%s-plan-spid-login", local.project) - plan_kind = "Linux" - plan_reserved = true # Mandatory for Linux plan - plan_sku_tier = var.spid_login_plan_sku_tier - plan_sku_size = var.spid_login_plan_sku_size + plan_type = "internal" + plan_name = format("%s-plan-spid-login", local.project) + sku_name = var.spid_login_plan_sku_size # App service name = format("%s-spid-login", local.project) @@ -24,17 +21,18 @@ module "spid_login" { always_on = true - linux_fx_version = "NODE|18-lts" + node_version = "18-lts" app_command_line = "npm run start" health_check_path = "/healthcheck" + ip_restriction_default_action = "Deny" + app_settings = { WEBSITES_ENABLE_APP_SERVICE_STORAGE = false WEBSITES_PORT = 8080 WEBSITE_NODE_DEFAULT_VERSION = "18.13.0" WEBSITE_RUN_FROM_PACKAGE = "1" - WEBSITE_VNET_ROUTE_ALL = "1" WEBSITE_DNS_SERVER = "168.63.129.16" // ENVIRONMENT diff --git a/src/domains/ioweb-common/99_locals.tf b/src/domains/ioweb-common/99_locals.tf index 66a08b8c2..e2a8e5f6d 100644 --- a/src/domains/ioweb-common/99_locals.tf +++ b/src/domains/ioweb-common/99_locals.tf @@ -20,3 +20,11 @@ locals { spid_login_base_path = "ioweb/auth/v1" } + +# Region ITN +locals { + itn_location = "italynorth" + itn_location_short = "itn" + project_itn = "${local.product}-${local.itn_location_short}-${var.domain}" + common_project_itn = "${local.product}-${local.itn_location_short}" +} diff --git a/src/domains/ioweb-common/99_main.tf b/src/domains/ioweb-common/99_main.tf index 07e5da8b6..c9053dd2f 100644 --- a/src/domains/ioweb-common/99_main.tf +++ b/src/domains/ioweb-common/99_main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "<= 3.40.0" + version = "<= 3.116.0" } azuread = { source = "hashicorp/azuread" diff --git a/src/domains/ioweb-common/README.md b/src/domains/ioweb-common/README.md index 1af93a5b1..30e06fd4a 100644 --- a/src/domains/ioweb-common/README.md +++ b/src/domains/ioweb-common/README.md @@ -5,7 +5,7 @@ | Name | Version | |------|---------| | [azuread](#requirement\_azuread) | <= 2.33.0 | -| [azurerm](#requirement\_azurerm) | <= 3.40.0 | +| [azurerm](#requirement\_azurerm) | <= 3.116.0 | | [null](#requirement\_null) | <= 3.2.1 | ## Providers @@ -13,25 +13,26 @@ | Name | Version | |------|---------| | [azuread](#provider\_azuread) | 2.33.0 | -| [azurerm](#provider\_azurerm) | 3.40.0 | -| [tls](#provider\_tls) | 4.0.4 | +| [azurerm](#provider\_azurerm) | 3.116.0 | +| [tls](#provider\_tls) | 4.0.6 | ## Modules | Name | Source | Version | |------|--------|---------| -| [apim\_itn\_product\_ioweb](#module\_apim\_itn\_product\_ioweb) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v4.1.5 | -| [apim\_itn\_spid\_login\_api](#module\_apim\_itn\_spid\_login\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v4.1.5 | -| [apim\_v2\_product\_ioweb](#module\_apim\_v2\_product\_ioweb) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v4.1.5 | -| [apim\_v2\_spid\_login\_api](#module\_apim\_v2\_spid\_login\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v4.1.5 | -| [immutable\_spid\_logs\_storage](#module\_immutable\_spid\_logs\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account | v7.32.1 | -| [immutable\_spid\_logs\_storage\_customer\_managed\_key](#module\_immutable\_spid\_logs\_storage\_customer\_managed\_key) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account_customer_managed_key | v7.32.1 | -| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v4.1.3 | -| [landing\_cdn](#module\_landing\_cdn) | github.com/pagopa/terraform-azurerm-v3.git//cdn | v7.59.0 | -| [redis\_spid\_login](#module\_redis\_spid\_login) | git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache | v6.11.2 | -| [redis\_spid\_login\_snet](#module\_redis\_spid\_login\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.15 | -| [spid\_login](#module\_spid\_login) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v4.1.15 | -| [spid\_login\_snet](#module\_spid\_login\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.15 | +| [apim\_itn\_product\_ioweb](#module\_apim\_itn\_product\_ioweb) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.56.0 | +| [apim\_itn\_spid\_login\_api](#module\_apim\_itn\_spid\_login\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.56.0 | +| [apim\_v2\_product\_ioweb](#module\_apim\_v2\_product\_ioweb) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.56.0 | +| [apim\_v2\_spid\_login\_api](#module\_apim\_v2\_spid\_login\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.56.0 | +| [immutable\_spid\_logs\_storage](#module\_immutable\_spid\_logs\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account | v8.56.0 | +| [immutable\_spid\_logs\_storage\_customer\_managed\_key](#module\_immutable\_spid\_logs\_storage\_customer\_managed\_key) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account_customer_managed_key | v8.56.0 | +| [io\_web\_profile\_itn\_fe\_st](#module\_io\_web\_profile\_itn\_fe\_st) | github.com/pagopa/dx//infra/modules/azure_storage_account | main | +| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.56.0 | +| [landing\_cdn](#module\_landing\_cdn) | github.com/pagopa/terraform-azurerm-v3.git//cdn | v8.56.0 | +| [redis\_spid\_login](#module\_redis\_spid\_login) | git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache | v8.56.0 | +| [redis\_spid\_login\_snet](#module\_redis\_spid\_login\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.56.0 | +| [spid\_login](#module\_spid\_login) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v8.56.0 | +| [spid\_login\_snet](#module\_spid\_login\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.56.0 | ## Resources @@ -53,6 +54,7 @@ | [azurerm_private_endpoint.immutable_spid_logs_storage_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_resource_group.common_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.fe_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.io_web_profile_itn_fe_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.storage_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_storage_container.immutable_audit_logs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource | @@ -78,17 +80,20 @@ | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_redis_cache](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_resource_group.common_rg_weu](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.core_ext](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.ioweb_profile_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.private_endpoints_subnet_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | | [azurerm_user_assigned_identity.managed_identity_auth_n_identity_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | | [azurerm_user_assigned_identity.managed_identity_auth_n_identity_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | | [azurerm_user_assigned_identity.managed_identity_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | | [azurerm_user_assigned_identity.managed_identity_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | +| [azurerm_virtual_network.common_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | [azurerm_virtual_network.vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | ## Inputs