From 784f7d462803c0d8e96b93845798d6fb2425a136 Mon Sep 17 00:00:00 2001
From: Andrea Morabito <andrea.morabito@pagopa.it>
Date: Wed, 13 Nov 2024 13:59:23 +0100
Subject: [PATCH] update terraform script

---
 src/main/terraform/.terraform.lock.hcl        |  22 +++
 src/main/terraform/container_app.tf           |  16 +-
 src/main/terraform/data.tf                    |   8 +
 .../env/{cstar-d-rtp => dev}/backend.ini      |   0
 .../env/{cstar-d-rtp => dev}/backend.tfvars   |   0
 .../env/{cstar-d-rtp => dev}/terraform.tfvars |   2 +
 .../env/{cstar-p-rtp => prod}/backend.ini     |   0
 .../env/{cstar-p-rtp => prod}/backend.tfvars  |   0
 .../{cstar-p-rtp => prod}/terraform.tfvars    |   7 +-
 .../env/{cstar-u-rtp => uat}/backend.ini      |   0
 .../env/{cstar-u-rtp => uat}/backend.tfvars   |   0
 .../env/{cstar-u-rtp => uat}/terraform.tfvars |   7 +-
 src/main/terraform/variables.tf               | 141 ++----------------
 13 files changed, 60 insertions(+), 143 deletions(-)
 create mode 100644 src/main/terraform/.terraform.lock.hcl
 rename src/main/terraform/env/{cstar-d-rtp => dev}/backend.ini (100%)
 rename src/main/terraform/env/{cstar-d-rtp => dev}/backend.tfvars (100%)
 rename src/main/terraform/env/{cstar-d-rtp => dev}/terraform.tfvars (93%)
 rename src/main/terraform/env/{cstar-p-rtp => prod}/backend.ini (100%)
 rename src/main/terraform/env/{cstar-p-rtp => prod}/backend.tfvars (100%)
 rename src/main/terraform/env/{cstar-p-rtp => prod}/terraform.tfvars (87%)
 rename src/main/terraform/env/{cstar-u-rtp => uat}/backend.ini (100%)
 rename src/main/terraform/env/{cstar-u-rtp => uat}/backend.tfvars (100%)
 rename src/main/terraform/env/{cstar-u-rtp => uat}/terraform.tfvars (87%)

diff --git a/src/main/terraform/.terraform.lock.hcl b/src/main/terraform/.terraform.lock.hcl
new file mode 100644
index 0000000..50dff81
--- /dev/null
+++ b/src/main/terraform/.terraform.lock.hcl
@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "3.99.0"
+  constraints = "3.99.0"
+  hashes = [
+    "h1:dawmYJUMGlL3t1mKDyaLJc08uSxPaUBoCAb/YCbVxPM=",
+    "zh:20581c1f4c586a37af45ed4c2a86ff4d868cee79139a755bd29750d804cee3ef",
+    "zh:28b3cc4e5f8bc65a595eab011d5965203a39e92aa9e26df842ffc979305ac823",
+    "zh:4cb167f8bb82f9065b7b50d012be3045fce3c699b0ea0e257ad1995441227f72",
+    "zh:6fa5c6fa430921a4e0fe8d44eaf12210fb90afdf3f83cedfde1c691ae36e953c",
+    "zh:75eff5b0ea9fca46ed5a0425c5e33fbda470e6448917817e80ae898688568665",
+    "zh:9af0aeaa74bfc764c60eec7d212d31deb70e03e970d22449f11170f75108f9cf",
+    "zh:b5055767199a2927d41b543a16e905c1e0b209f14a2144c756786194e133b41d",
+    "zh:c3e30b0eed068a148498ac78a9e013bc2eef0eb3cc3b4484f77421d64a797dc2",
+    "zh:ce87cd35cef9e5805f921978a91a7a4e139e8cbc7674a94076cb1a20a0c2feb1",
+    "zh:d87b84f144c865145bd10093ead99b653ea363fd4e7315675727659ca78544d0",
+    "zh:ee5900a50d69e046aab6581f6d888014b3f8d543e5b17c50761579d3370935f2",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/src/main/terraform/container_app.tf b/src/main/terraform/container_app.tf
index d254243..55a4337 100644
--- a/src/main/terraform/container_app.tf
+++ b/src/main/terraform/container_app.tf
@@ -10,9 +10,9 @@ resource "azurerm_container_app" "rtp-activator" {
   template {
     container {
       name   = "rtp-activator"
-      image  = var.mil_auth_image
-      cpu    = var.mil_auth_cpu
-      memory = var.mil_auth_memory
+      image  = var.rtp_activator_image
+      cpu    = var.rtp_activator_cpu
+      memory = var.rtp_activator_memory
 
       env {
         name  = "TZ"
@@ -21,7 +21,7 @@ resource "azurerm_container_app" "rtp-activator" {
 
       env {
         name  = "auth.app-log-level"
-        value = var.mil_auth_app_log_level
+        value = var.rtp_activator_app_log_level
       }
 
       env {
@@ -30,18 +30,18 @@ resource "azurerm_container_app" "rtp-activator" {
       }
     }
 
-    max_replicas = var.mil_auth_max_replicas
-    min_replicas = var.mil_auth_min_replicas
+    max_replicas = var.rtp_activator_max_replicas
+    min_replicas = var.rtp_activator_min_replicas
   }
 
   secret {
     name  = "identity-client-id"
-    value = "${data.azurerm_user_assigned_identity.auth.client_id}"
+    value = "${data.azurerm_user_assigned_identity.rtp-activator.client_id}"
   }
 
   identity {
     type = "UserAssigned"
-    identity_ids = [data.azurerm_user_assigned_identity.auth.id]
+    identity_ids = [data.azurerm_user_assigned_identity.rtp-activator.id]
   }
 
   ingress {
diff --git a/src/main/terraform/data.tf b/src/main/terraform/data.tf
index 1a64620..b11a715 100644
--- a/src/main/terraform/data.tf
+++ b/src/main/terraform/data.tf
@@ -5,3 +5,11 @@ data "azurerm_container_app_environment" "rtp-cae" {
   name                = var.cae_name
   resource_group_name = var.cae_resource_group_name
 }
+
+# ------------------------------------------------------------------------------
+# Identity for this Container App.
+# ------------------------------------------------------------------------------
+data "azurerm_user_assigned_identity" "rtp-activator" {
+  name                = var.id_name
+  resource_group_name = var.id_resource_group_name
+}
diff --git a/src/main/terraform/env/cstar-d-rtp/backend.ini b/src/main/terraform/env/dev/backend.ini
similarity index 100%
rename from src/main/terraform/env/cstar-d-rtp/backend.ini
rename to src/main/terraform/env/dev/backend.ini
diff --git a/src/main/terraform/env/cstar-d-rtp/backend.tfvars b/src/main/terraform/env/dev/backend.tfvars
similarity index 100%
rename from src/main/terraform/env/cstar-d-rtp/backend.tfvars
rename to src/main/terraform/env/dev/backend.tfvars
diff --git a/src/main/terraform/env/cstar-d-rtp/terraform.tfvars b/src/main/terraform/env/dev/terraform.tfvars
similarity index 93%
rename from src/main/terraform/env/cstar-d-rtp/terraform.tfvars
rename to src/main/terraform/env/dev/terraform.tfvars
index 9d95851..d8a2492 100644
--- a/src/main/terraform/env/cstar-d-rtp/terraform.tfvars
+++ b/src/main/terraform/env/dev/terraform.tfvars
@@ -22,6 +22,8 @@ tags = {
 # ------------------------------------------------------------------------------
 cae_name                       = "cstar-d-tier-0-cae"
 cae_resource_group_name        = "cstar-d-tier-0-app-rg"
+id_name                        = "cstar-d-tier-0-auth-id"
+id_resource_group_name         = "cstar-d-tier-0-identity-rg"
 
 # ------------------------------------------------------------------------------
 # Names of key vault secrets.
diff --git a/src/main/terraform/env/cstar-p-rtp/backend.ini b/src/main/terraform/env/prod/backend.ini
similarity index 100%
rename from src/main/terraform/env/cstar-p-rtp/backend.ini
rename to src/main/terraform/env/prod/backend.ini
diff --git a/src/main/terraform/env/cstar-p-rtp/backend.tfvars b/src/main/terraform/env/prod/backend.tfvars
similarity index 100%
rename from src/main/terraform/env/cstar-p-rtp/backend.tfvars
rename to src/main/terraform/env/prod/backend.tfvars
diff --git a/src/main/terraform/env/cstar-p-rtp/terraform.tfvars b/src/main/terraform/env/prod/terraform.tfvars
similarity index 87%
rename from src/main/terraform/env/cstar-p-rtp/terraform.tfvars
rename to src/main/terraform/env/prod/terraform.tfvars
index cee307d..1cbfef3 100644
--- a/src/main/terraform/env/cstar-p-rtp/terraform.tfvars
+++ b/src/main/terraform/env/prod/terraform.tfvars
@@ -20,9 +20,10 @@ tags = {
 # ------------------------------------------------------------------------------
 # External resources.
 # ------------------------------------------------------------------------------
-cae_name                       = "cstar-p-rtp-cae"
-cae_resource_group_name        = "cstar-p-rtp-app-rg"
-
+cae_name                       = "cstar-p-tier-0-cae"
+cae_resource_group_name        = "cstar-p-tier-0-app-rg"
+id_name                        = "cstar-p-tier-0-auth-id"
+id_resource_group_name         = "cstar-p-tier-0-identity-rg"
 
 # ------------------------------------------------------------------------------
 # Names of key vault secrets.
diff --git a/src/main/terraform/env/cstar-u-rtp/backend.ini b/src/main/terraform/env/uat/backend.ini
similarity index 100%
rename from src/main/terraform/env/cstar-u-rtp/backend.ini
rename to src/main/terraform/env/uat/backend.ini
diff --git a/src/main/terraform/env/cstar-u-rtp/backend.tfvars b/src/main/terraform/env/uat/backend.tfvars
similarity index 100%
rename from src/main/terraform/env/cstar-u-rtp/backend.tfvars
rename to src/main/terraform/env/uat/backend.tfvars
diff --git a/src/main/terraform/env/cstar-u-rtp/terraform.tfvars b/src/main/terraform/env/uat/terraform.tfvars
similarity index 87%
rename from src/main/terraform/env/cstar-u-rtp/terraform.tfvars
rename to src/main/terraform/env/uat/terraform.tfvars
index 5589708..673d52f 100644
--- a/src/main/terraform/env/cstar-u-rtp/terraform.tfvars
+++ b/src/main/terraform/env/uat/terraform.tfvars
@@ -20,9 +20,10 @@ tags = {
 # ------------------------------------------------------------------------------
 # External resources.
 # ------------------------------------------------------------------------------
-cae_name                       = "cstar-u-rtp-cae"
-cae_resource_group_name        = "cstar-u-rtp-app-rg"
-
+cae_name                       = "cstar-u-tier-0-cae"
+cae_resource_group_name        = "cstar-u-tier-0-app-rg"
+id_name                        = "cstar-u-tier-0-auth-id"
+id_resource_group_name         = "cstar-u-tier-0-identity-rg"
 
 # ------------------------------------------------------------------------------
 # Names of key vault secrets.
diff --git a/src/main/terraform/variables.tf b/src/main/terraform/variables.tf
index f846e74..14caa68 100644
--- a/src/main/terraform/variables.tf
+++ b/src/main/terraform/variables.tf
@@ -73,154 +73,37 @@ variable "id_resource_group_name" {
 }
 
 # ------------------------------------------------------------------------------
-# General purpose key vault used to protect secrets.
+# Specific to rtp-activator microservice.
 # ------------------------------------------------------------------------------
-variable "general_kv_name" {
-  type = string
-}
-
-variable "general_kv_resource_group_name" {
-  type = string
-}
-
-# ------------------------------------------------------------------------------
-# Key vault for cryptographics operations.
-# ------------------------------------------------------------------------------
-variable "auth_kv_name" {
-  type = string
-}
-
-variable "auth_kv_resource_group_name" {
-  type = string
-}
-
-# ------------------------------------------------------------------------------
-# Storage account containing configuration files.
-# ------------------------------------------------------------------------------
-variable "auth_st_name" {
-  type = string
-}
-
-variable "auth_st_resource_group_name" {
-  type = string
-}
-
-# ------------------------------------------------------------------------------
-# Names of key vault secrets.
-# ------------------------------------------------------------------------------
-variable "cosmosdb_account_primary_mongodb_connection_string_kv_secret" {
-  type = string
-}
-
-variable "cosmosdb_account_secondary_mongodb_connection_string_kv_secret" {
-  type = string
-}
-
-variable "storage_account_primary_blob_endpoint_kv_secret" {
-  type = string
-}
-
-variable "key_vault_auth_vault_uri_kv_secret" {
-  type = string
-}
-
-variable "application_insigths_connection_string_kv_secret" {
-  type = string
-}
-
-# ------------------------------------------------------------------------------
-# Specific to auth microservice.
-# ------------------------------------------------------------------------------
-variable "mil_auth_quarkus_log_level" {
-  type    = string
-  default = "ERROR"
-}
-
-variable "mil_auth_app_log_level" {
+variable "rtp_activator_app_log_level" {
   type    = string
   default = "DEBUG"
 }
 
-variable "mil_auth_json_log" {
-  type    = bool
-  default = true
-}
-
-variable "mil_auth_quarkus_rest_client_logging_scope" {
-  description = "Scope for Quarkus REST client logging. Allowed values are: all, request-response, none."
-  type        = string
-  default     = "all"
-}
-
-variable "mil_auth_cryptoperiod" {
-  type    = number
-  default = 86400000
-}
-
-variable "mil_auth_keysize" {
-  type    = number
-  default = 4096
-}
-
-variable "mil_auth_access_duration" {
-  type    = number
-  default = 900
-}
-
-variable "mil_auth_refresh_duration" {
-  type    = number
-  default = 3600
-}
-
-variable "mil_auth_image" {
-  type = string
-}
-
-variable "mil_auth_cpu" {
-  type    = number
-  default = 1
-}
-
-variable "mil_auth_memory" {
-  type    = string
-  default = "2Gi"
-}
-
-variable "mil_auth_max_replicas" {
+variable "rtp_activator_max_replicas" {
   type    = number
   default = 10
 }
 
-variable "mil_auth_min_replicas" {
+variable "rtp_activator_min_replicas" {
   type    = number
   default = 1
 }
 
-variable "mil_auth_keyvault_maxresults" {
-  type    = number
-  default = 20
+variable "rtp_activator_base_url" {
+  type = string
 }
 
-variable "mil_auth_keyvault_backoff_num_of_attempts" {
+variable "rtp_activator_cpu" {
   type    = number
-  default = 3
-}
-
-variable "mil_auth_mongodb_connect_timeout" {
-  type    = string
-  default = "5s"
-}
-
-variable "mil_auth_mongodb_read_timeout" {
-  type    = string
-  default = "10s"
+  default = 1
 }
 
-variable "mil_auth_mongodb_server_selection_timeout" {
+variable "rtp_activator_memory" {
   type    = string
-  default = "5s"
+  default = "1Gi"
 }
 
-variable "mil_auth_base_url" {
+variable "rtp_activator_image" {
   type = string
-}
\ No newline at end of file
+}