Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apim portal management remove #12

Merged
merged 5 commits into from
Oct 8, 2021
Merged

Apim portal management remove #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
448502b
removed portal and management from apim
Oct 7, 2021
7a2adfb
cleaned dev vars
Oct 7, 2021
aa2454d
fixed certificate reference from keyvault
Oct 7, 2021
e322b6e
precommit run
Oct 7, 2021
9edaef3
Merge branch 'main' into apim-portal_management-remove
pasqualedevita Oct 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions src/core/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,6 @@
| [azuread_service_principal.azdo_sp_tls_cert](https://registry.terraform.io/providers/hashicorp/azuread/2.3.0/docs/data-sources/service_principal) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/2.76.0/docs/data-sources/client_config) | data source |
| [azurerm_key_vault_certificate.app_gw_platform](https://registry.terraform.io/providers/hashicorp/azurerm/2.76.0/docs/data-sources/key_vault_certificate) | data source |
| [azurerm_key_vault_certificate.management_platform](https://registry.terraform.io/providers/hashicorp/azurerm/2.76.0/docs/data-sources/key_vault_certificate) | data source |
| [azurerm_key_vault_certificate.portal_platform](https://registry.terraform.io/providers/hashicorp/azurerm/2.76.0/docs/data-sources/key_vault_certificate) | data source |
| [azurerm_key_vault_secret.apim_publisher_email](https://registry.terraform.io/providers/hashicorp/azurerm/2.76.0/docs/data-sources/key_vault_secret) | data source |
| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/2.76.0/docs/data-sources/subscription) | data source |

Expand All @@ -67,8 +65,6 @@
| <a name="input_apim_publisher_name"></a> [apim\_publisher\_name](#input\_apim\_publisher\_name) | apim | `string` | n/a | yes |
| <a name="input_apim_sku"></a> [apim\_sku](#input\_apim\_sku) | n/a | `string` | n/a | yes |
| <a name="input_app_gateway_api_certificate_name"></a> [app\_gateway\_api\_certificate\_name](#input\_app\_gateway\_api\_certificate\_name) | Application gateway api certificate name on Key Vault | `string` | n/a | yes |
| <a name="input_app_gateway_management_certificate_name"></a> [app\_gateway\_management\_certificate\_name](#input\_app\_gateway\_management\_certificate\_name) | Application gateway api management certificate name on Key Vault | `string` | n/a | yes |
| <a name="input_app_gateway_portal_certificate_name"></a> [app\_gateway\_portal\_certificate\_name](#input\_app\_gateway\_portal\_certificate\_name) | Application gateway developer portal certificate name on Key Vault | `string` | n/a | yes |
| <a name="input_cidr_subnet_appgateway"></a> [cidr\_subnet\_appgateway](#input\_cidr\_subnet\_appgateway) | Application gateway address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_vnet"></a> [cidr\_vnet](#input\_cidr\_vnet) | Virtual network address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_vnet_integration"></a> [cidr\_vnet\_integration](#input\_cidr\_vnet\_integration) | Virtual network to peer with sia subscription. It should host apim | `list(string)` | n/a | yes |
Expand Down
2 changes: 0 additions & 2 deletions src/core/api/base_policy.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://${portal-domain}</origin>
<origin>https://${management-api-domain}</origin>
<origin>https://${apim-name}.developer.azure-api.net</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
Expand Down
32 changes: 6 additions & 26 deletions src/core/apim.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,9 @@ resource "azurerm_resource_group" "rg_api" {
}

locals {
apim_cert_name_proxy_endpoint = format("%s-proxy-endpoint-cert", local.project)
portal_cert_name_proxy_endpoint = format("%s-proxy-endpoint-cert", "portal")
apim_cert_name_proxy_endpoint = format("%s-proxy-endpoint-cert", local.project)

api_domain = format("api.%s.%s", var.dns_zone_prefix, var.external_domain)
portal_domain = format("portal.%s.%s", var.dns_zone_prefix, var.external_domain)
management_domain = format("management.%s.%s", var.dns_zone_prefix, var.external_domain)
api_domain = format("api.%s.%s", var.dns_zone_prefix, var.external_domain)
}

###########################
Expand Down Expand Up @@ -58,9 +55,7 @@ module "apim" {
application_insights_instrumentation_key = azurerm_application_insights.application_insights.instrumentation_key

xml_content = templatefile("./api/base_policy.tpl", {
portal-domain = local.portal_domain
management-api-domain = local.management_domain
apim-name = format("%s-apim", local.project)
apim-name = format("%s-apim", local.project)
})

tags = var.tags
Expand All @@ -75,25 +70,10 @@ resource "azurerm_api_management_custom_domain" "api_custom_domain" {

proxy {
host_name = local.api_domain
key_vault_id = trimsuffix(
key_vault_id = replace(
data.azurerm_key_vault_certificate.app_gw_platform.secret_id,
data.azurerm_key_vault_certificate.app_gw_platform.version
)
}

developer_portal {
host_name = local.portal_domain
key_vault_id = trimsuffix(
data.azurerm_key_vault_certificate.portal_platform.secret_id,
data.azurerm_key_vault_certificate.portal_platform.version
)
}

management {
host_name = local.management_domain
key_vault_id = trimsuffix(
data.azurerm_key_vault_certificate.management_platform.secret_id,
data.azurerm_key_vault_certificate.management_platform.version
"/${data.azurerm_key_vault_certificate.app_gw_platform.version}",
""
)
}
}
Expand Down
63 changes: 2 additions & 61 deletions src/core/appgateway.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,24 +60,6 @@ module "app_gw" {
probe = "/status-0123456789abcdef"
probe_name = "probe-apim"
}

portal = {
protocol = "Https"
host = trim(azurerm_dns_a_record.dns_a_portal.fqdn, ".")
port = 443
ip_addresses = module.apim.private_ip_addresses
probe = "/signin"
probe_name = "probe-portal"
}

management = {
protocol = "Https"
host = trim(azurerm_dns_a_record.dns_a_management.fqdn, ".")
port = 443
ip_addresses = module.apim.private_ip_addresses
probe = "/ServiceStatus"
probe_name = "probe-management"
}
}

ssl_profiles = [{
Expand Down Expand Up @@ -117,36 +99,6 @@ module "app_gw" {
)
}
}

portal = {
protocol = "Https"
host = format("portal.%s.%s", var.dns_zone_prefix, var.external_domain)
port = 443
ssl_profile_name = format("%s-ssl-profile", local.project)

certificate = {
name = var.app_gateway_portal_certificate_name
id = trimsuffix(
data.azurerm_key_vault_certificate.portal_platform.secret_id,
data.azurerm_key_vault_certificate.portal_platform.version
)
}
}

management = {
protocol = "Https"
host = format("management.%s.%s", var.dns_zone_prefix, var.external_domain)
port = 443
ssl_profile_name = format("%s-ssl-profile", local.project)

certificate = {
name = var.app_gateway_management_certificate_name
id = trimsuffix(
data.azurerm_key_vault_certificate.management_platform.secret_id,
data.azurerm_key_vault_certificate.management_platform.version
)
}
}
}

# maps listener to backend
Expand All @@ -155,16 +107,6 @@ module "app_gw" {
listener = "api"
backend = "apim"
}

portal = {
listener = "portal"
backend = "portal"
}

mangement = {
listener = "management"
backend = "management"
}
}

# TLS
Expand All @@ -175,9 +117,8 @@ module "app_gw" {
app_gateway_max_capacity = var.app_gateway_max_capacity

# Logs
# todo enable
# sec_log_analytics_workspace_id = var.env_short == "p" ? data.azurerm_key_vault_secret.sec_workspace_id[0].value : null
# sec_storage_id = var.env_short == "p" ? data.azurerm_key_vault_secret.sec_storage_id[0].value : null
sec_log_analytics_workspace_id = var.env_short == "p" ? data.azurerm_key_vault_secret.sec_workspace_id[0].value : null
sec_storage_id = var.env_short == "p" ? data.azurerm_key_vault_secret.sec_storage_id[0].value : null

tags = var.tags
}
18 changes: 0 additions & 18 deletions src/core/dns_public.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,21 +47,3 @@ resource "azurerm_dns_a_record" "dns_a_api" {
records = [azurerm_public_ip.appgateway_public_ip.ip_address]
tags = var.tags
}

resource "azurerm_dns_a_record" "dns_a_portal" {
name = "portal"
zone_name = azurerm_dns_zone.selfcare_public[0].name
resource_group_name = azurerm_resource_group.rg_vnet.name
ttl = var.dns_default_ttl_sec
records = [azurerm_public_ip.appgateway_public_ip.ip_address]
tags = var.tags
}

resource "azurerm_dns_a_record" "dns_a_management" {
name = "management"
zone_name = azurerm_dns_zone.selfcare_public[0].name
resource_group_name = azurerm_resource_group.rg_vnet.name
ttl = var.dns_default_ttl_sec
records = [azurerm_public_ip.appgateway_public_ip.ip_address]
tags = var.tags
}
17 changes: 1 addition & 16 deletions src/core/env/dev/terraform.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,19 +36,4 @@ apim_publisher_name = "pagoPA SelfCare DEV"
apim_sku = "Developer_1"

# app_gateway
app_gateway_api_certificate_name = "api-dev-selfcare-pagopa-it"
app_gateway_portal_certificate_name = "portal-dev-selfcare-pagopa-it"
app_gateway_management_certificate_name = "management-dev-selfcare-pagopa-it"

# postgresql
prostgresql_enabled = true
postgresql_sku_name = "GP_Gen5_2" # todo fixme verify
postgresql_enable_replica = false
postgresql_public_network_access_enabled = true
postgresql_network_rules = {
ip_rules = [
"0.0.0.0/0"
]
# dblink
allow_access_to_azure_services = false
}
app_gateway_api_certificate_name = "api-dev-selfcare-pagopa-it"
8 changes: 3 additions & 5 deletions src/core/env/prod/terraform.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,9 @@ apim_publisher_name = "pagoPA SelfCare PROD"
apim_sku = "Developer_1" # todo change to Premium_1 before launch

# app_gateway
app_gateway_api_certificate_name = "api-selfcare-pagopa-it"
app_gateway_portal_certificate_name = "portal-selfcare-pagopa-it"
app_gateway_management_certificate_name = "management-selfcare-pagopa-it"
app_gateway_min_capacity = 0 # todo change to at least 1
app_gateway_max_capacity = 2
app_gateway_api_certificate_name = "api-selfcare-pagopa-it"
app_gateway_min_capacity = 0 # todo change to at least 1
app_gateway_max_capacity = 2

# todo change to Premium before launch
# redis_sku_name = "Premium"
Expand Down
4 changes: 1 addition & 3 deletions src/core/env/uat/terraform.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,4 @@ apim_publisher_name = "pagoPA SelfCare UAT"
apim_sku = "Developer_1"

# app_gateway
app_gateway_api_certificate_name = "api-uat-selfcare-pagopa-it"
app_gateway_portal_certificate_name = "portal-uat-selfcare-pagopa-it"
app_gateway_management_certificate_name = "management-uat-selfcare-pagopa-it"
app_gateway_api_certificate_name = "api-uat-selfcare-pagopa-it"
2 changes: 1 addition & 1 deletion src/core/monitor.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,4 +61,4 @@ resource "azurerm_monitor_action_group" "slack" {
}

tags = var.tags
}
}
4 changes: 0 additions & 4 deletions src/core/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,3 @@ output "vnet_integration_name" {
output "vnet_integration_address_space" {
value = module.vnet_integration.address_space
}

# output "azurerm_key_vault_certificate_management_platform" {
# value = data.azurerm_key_vault_certificate.management_platform
# }
10 changes: 0 additions & 10 deletions src/core/security.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,16 +146,6 @@ data "azurerm_key_vault_certificate" "app_gw_platform" {
key_vault_id = module.key_vault.id
}

data "azurerm_key_vault_certificate" "portal_platform" {
name = var.app_gateway_portal_certificate_name
key_vault_id = module.key_vault.id
}

data "azurerm_key_vault_certificate" "management_platform" {
name = var.app_gateway_management_certificate_name
key_vault_id = module.key_vault.id
}

data "azurerm_key_vault_secret" "monitor_notification_slack_email" {
name = "monitor-notification-slack-email"
key_vault_id = module.key_vault.id
Expand Down
10 changes: 0 additions & 10 deletions src/core/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,16 +162,6 @@ variable "app_gateway_api_certificate_name" {
description = "Application gateway api certificate name on Key Vault"
}

variable "app_gateway_portal_certificate_name" {
type = string
description = "Application gateway developer portal certificate name on Key Vault"
}

variable "app_gateway_management_certificate_name" {
type = string
description = "Application gateway api management certificate name on Key Vault"
}

# Scaling

variable "app_gateway_min_capacity" {
Expand Down