add new func app

src/domains/sign/99_variables.tf

@@ -198,5 +198,16 @@ variable "io_sign_backoffice_app" {
       key_vault_secret_name = optional(string)
     }))
   })
-  description = "Configuration of the io-sign-backoffice service"
+  description = "Configuration of the io-sign-backoffice app service"
+}
+
+variable "io_sign_backoffice_func" {
+  type = object({
+    app_settings = list(object({
+      name                  = string
+      value                 = optional(string, "")
+      key_vault_secret_name = optional(string)
+    }))
+  })
+  description = "Configuration of the io-sign-backoffice func app"
 }

src/domains/sign/env/prod/terraform.tfvars

@@ -75,6 +75,14 @@ io_sign_database_backoffice = {
     max_throughput = 1000
     ttl            = null
   }
+  issuers = {
+    max_throughput = 1000
+    ttl            = null
+  }
+  consents = {
+    max_throughput = 1000
+    ttl            = null
+  }
 }
 
 io_sign_issuer_func = {
@@ -102,7 +110,7 @@ io_sign_user_func = {
 }
 
 io_sign_backoffice_app = {
-  sku_name = "B1"
+  sku_name = "S1"
   app_settings = [
     {
       name  = "NODE_ENV",
@@ -115,6 +123,19 @@ io_sign_backoffice_app = {
     {
       name                  = "AUTH_SESSION_SECRET",
       key_vault_secret_name = "bo-auth-session-secret"
+    },
+    {
+      name                  = "SELFCARE_API_KEY",
+      key_vault_secret_name = "selfcare-prod-api-key"
+    },
+  ]
+}
+
+io_sign_backoffice_func = {
+  app_settings = [
+    {
+      name  = "NODE_ENV",
+      value = "production"
     }
   ]
 }
@@ -212,8 +233,8 @@ dns_ses_validation = [
 ]
 
 io_common = {
-  resource_group_name : "io-p-rg-common"
-  log_analytics_workspace_name : "io-p-law-common"
-  appgateway_snet_name = "io-p-appgateway-snet"
-  vnet_common_name     = "io-p-vnet-common"
+  resource_group_name          = "io-p-rg-common"
+  log_analytics_workspace_name = "io-p-law-common"
+  appgateway_snet_name         = "io-p-appgateway-snet"
+  vnet_common_name             = "io-p-vnet-common"
 }

src/domains/sign/io_sign_backoffice_app.tf

@@ -68,7 +68,6 @@ module "io_sign_backoffice_app" {
 
   allowed_subnets = [
     data.azurerm_subnet.appgateway_snet.id,
-    data.azurerm_subnet.apim.id,
     data.azurerm_subnet.apim_v2.id
   ]
 

src/domains/sign/io_sign_backoffice_func.tf

@@ -0,0 +1,35 @@
+locals {
+  backoffice_func_settings = {
+    for s in var.io_sign_backoffice_func.app_settings :
+    s.name => s.key_vault_secret_name != null ? "@Microsoft.KeyVault(VaultName=${module.key_vault.name};SecretName=${s.key_vault_secret_name})" : s.value
+  }
+}
+
+module "io_sign_backoffice_func" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app?ref=v6.2.1"
+
+  name                = format("%s-backoffice-func", local.project)
+  location            = azurerm_resource_group.backend_rg.location
+  resource_group_name = azurerm_resource_group.backend_rg.name
+
+  health_check_path = "/health"
+
+  node_version    = "16"
+  runtime_version = "~4"
+  always_on       = true
+
+  app_settings = local.backoffice_func_settings
+
+  subnet_id = module.io_sign_backoffice_snet.id
+
+  allowed_subnets = [
+    module.io_sign_snet.id
+  ]
+
+  app_service_plan_id = module.io_sign_backoffice_app.plan_id
+
+  application_insights_instrumentation_key = data.azurerm_application_insights.application_insights.instrumentation_key
+  system_identity_enabled                  = true
+
+  tags = var.tags
+}