diff --git a/src/domains/sign/99_variables.tf b/src/domains/sign/99_variables.tf index 35611fc53..0faf9473f 100644 --- a/src/domains/sign/99_variables.tf +++ b/src/domains/sign/99_variables.tf @@ -198,5 +198,16 @@ variable "io_sign_backoffice_app" { key_vault_secret_name = optional(string) })) }) - description = "Configuration of the io-sign-backoffice service" + description = "Configuration of the io-sign-backoffice app service" +} + +variable "io_sign_backoffice_func" { + type = object({ + app_settings = list(object({ + name = string + value = optional(string, "") + key_vault_secret_name = optional(string) + })) + }) + description = "Configuration of the io-sign-backoffice func app" } diff --git a/src/domains/sign/env/prod/terraform.tfvars b/src/domains/sign/env/prod/terraform.tfvars index c1a4da4e6..4c9f477eb 100644 --- a/src/domains/sign/env/prod/terraform.tfvars +++ b/src/domains/sign/env/prod/terraform.tfvars @@ -75,6 +75,14 @@ io_sign_database_backoffice = { max_throughput = 1000 ttl = null } + issuers = { + max_throughput = 1000 + ttl = null + } + consents = { + max_throughput = 1000 + ttl = null + } } io_sign_issuer_func = { @@ -102,7 +110,7 @@ io_sign_user_func = { } io_sign_backoffice_app = { - sku_name = "B1" + sku_name = "S1" app_settings = [ { name = "NODE_ENV", @@ -115,6 +123,19 @@ io_sign_backoffice_app = { { name = "AUTH_SESSION_SECRET", key_vault_secret_name = "bo-auth-session-secret" + }, + { + name = "SELFCARE_API_KEY", + key_vault_secret_name = "selfcare-prod-api-key" + }, + ] +} + +io_sign_backoffice_func = { + app_settings = [ + { + name = "NODE_ENV", + value = "production" } ] } @@ -212,8 +233,8 @@ dns_ses_validation = [ ] io_common = { - resource_group_name : "io-p-rg-common" - log_analytics_workspace_name : "io-p-law-common" - appgateway_snet_name = "io-p-appgateway-snet" - vnet_common_name = "io-p-vnet-common" + resource_group_name = "io-p-rg-common" + log_analytics_workspace_name = "io-p-law-common" + appgateway_snet_name = "io-p-appgateway-snet" + vnet_common_name = "io-p-vnet-common" } diff --git a/src/domains/sign/io_sign_backoffice_app.tf b/src/domains/sign/io_sign_backoffice_app.tf index 72aec8134..70428d91b 100644 --- a/src/domains/sign/io_sign_backoffice_app.tf +++ b/src/domains/sign/io_sign_backoffice_app.tf @@ -68,7 +68,6 @@ module "io_sign_backoffice_app" { allowed_subnets = [ data.azurerm_subnet.appgateway_snet.id, - data.azurerm_subnet.apim.id, data.azurerm_subnet.apim_v2.id ] diff --git a/src/domains/sign/io_sign_backoffice_func.tf b/src/domains/sign/io_sign_backoffice_func.tf new file mode 100644 index 000000000..950a5682e --- /dev/null +++ b/src/domains/sign/io_sign_backoffice_func.tf @@ -0,0 +1,35 @@ +locals { + backoffice_func_settings = { + for s in var.io_sign_backoffice_func.app_settings : + s.name => s.key_vault_secret_name != null ? "@Microsoft.KeyVault(VaultName=${module.key_vault.name};SecretName=${s.key_vault_secret_name})" : s.value + } +} + +module "io_sign_backoffice_func" { + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app?ref=v6.2.1" + + name = format("%s-backoffice-func", local.project) + location = azurerm_resource_group.backend_rg.location + resource_group_name = azurerm_resource_group.backend_rg.name + + health_check_path = "/health" + + node_version = "16" + runtime_version = "~4" + always_on = true + + app_settings = local.backoffice_func_settings + + subnet_id = module.io_sign_backoffice_snet.id + + allowed_subnets = [ + module.io_sign_snet.id + ] + + app_service_plan_id = module.io_sign_backoffice_app.plan_id + + application_insights_instrumentation_key = data.azurerm_application_insights.application_insights.instrumentation_key + system_identity_enabled = true + + tags = var.tags +} \ No newline at end of file