From 203d1ecd65671f8ec73e1d68a6e7ef87faee1bb1 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Thu, 9 Oct 2025 09:34:56 +0200 Subject: [PATCH 01/18] [LTBE-16] added alerts and variables --- src/70_domains/idpay_common/00_alerts.tf | 805 ++++++++++++++++++++ src/70_domains/idpay_common/11_monitor.tf | 4 + src/70_domains/idpay_common/99_locals.tf | 1 + src/70_domains/idpay_common/99_variables.tf | 5 + 4 files changed, 815 insertions(+) create mode 100644 src/70_domains/idpay_common/00_alerts.tf diff --git a/src/70_domains/idpay_common/00_alerts.tf b/src/70_domains/idpay_common/00_alerts.tf new file mode 100644 index 00000000..269fd04b --- /dev/null +++ b/src/70_domains/idpay_common/00_alerts.tf @@ -0,0 +1,805 @@ +# ========================================= +# Resource group per alert PARI +# ========================================= +resource "azurerm_resource_group" "rg_pari_alerts" { + count = var.env_short == "p" ? 1 : 0 + name = "${local.project}-pari-alerts-rg" + location = var.location + tags = module.tag_config.tags +} + +# ============================================================= +# Portal Consent – post (5xx, 401, 429 errors over 5 minutes) +# ============================================================= +resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_5m_rules" { + name = "portal-consent-save-5xx-401-429-alert" + resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + location = var.location + + description = "Alert on POST /idpay-itn/register/consent errors (5xx > 5/5m; 401/429 > 5/5m)" + severity = 1 + enabled = true + + frequency = 5 + time_window = 5 + + data_source_id = azurerm_log_analytics_workspace.log_analytics_workspace.id + + query = < ago(5m) +| where Message has "groupId=idpay-asset-register-consumer-group" +QUERY + + trigger { + operator = "Equal" + threshold = 0 + } + + action { + action_group = [data.azurerm_monitor_action_group.email.id] + email_subject = "[PARI][HIGH] Kafka Consumer Absent: idpay-checkiban-eval-consumer-group" + custom_webhook_payload = "{}" + } +} + +# ======================================================= +# Kafka Consumer - Average Lag Alert (10 min) +# ======================================================= +resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_avg_lag_alert" { + count = var.env_short == "p" ? 1 : 0 + name = "pari-kafka-consumer-avg-lag-alert" + resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name + location = var.location + + description = "Kafka consumer average lag is greater than 15 over the last 10 minutes. Based on the 'kafka_consumer_fetch_manager_records_lag_max' metric." + enabled = true + severity = 1 + + frequency = 5 + time_window = 10 + + data_source_id = data.azurerm_log_analytics_workspace.core_log_analytics.id + + query = < ago(10m) +| where Name == "kafka_consumer_fetch_manager_records_lag_max" +| where Properties has "idpay-asset-register-consumer-group" +| summarize AvgLag = avg(Value) +| where AvgLag > 15 +QUERY + + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } + + action { + action_group = [data.azurerm_monitor_action_group.email.id] + email_subject = "[PARI][HIGH] Kafka Consumer Lag Alert" + custom_webhook_payload = "{}" + } +} + +# ======================================================= +# Internal dependency – E-mail service +# ======================================================= +resource "azurerm_monitor_scheduled_query_rules_alert" "pari_email_dependency_alert" { + count = var.env_short == "p" ? 1 : 0 + name = "pari-email-dependency-alert" + resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name + location = var.location + + description = "Internal email microservice: error count exceeded threshold (> 10 in 5m)" + enabled = true + severity = 2 + + frequency = 5 + time_window = 5 + + data_source_id = data.azurerm_log_analytics_workspace.core_log_analytics.id + + query = < ago(5m) +| where Target == "idpay-notification-email-microservice-chart:8080" +| where Success == false +QUERY + + action { + action_group = [data.azurerm_monitor_action_group.email.id] + email_subject = "[PARI] Internal Email microservice dependency alert" + custom_webhook_payload = "{}" + } + + trigger { + operator = "GreaterThanOrEqual" + threshold = 10 + } +} + +# ========================================= +# External dependency – EPREL +# ========================================= +resource "azurerm_monitor_scheduled_query_rules_alert" "pari_eprel_dependency_alert" { + count = var.env_short == "p" ? 1 : 0 + name = "pari-eprel-dependency-alert" + resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name + location = var.location + + description = "EPREL dependency: error count exceeded threshold (> 10 in 5m)" + enabled = true + severity = 1 + + frequency = 5 + time_window = 5 + + data_source_id = data.azurerm_log_analytics_workspace.core_log_analytics.id + + query = < ago(5m) +| where Target == "eprel.ec.europa.eu" +| where Success == false +QUERY + + action { + action_group = [data.azurerm_monitor_action_group.email.id] + email_subject = "[PARI][HIGH] EPREL external dependency alert" + custom_webhook_payload = "{}" + } + + trigger { + operator = "GreaterThanOrEqual" + threshold = 10 + } +} diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index dc2fc94c..7cadc68d 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -50,3 +50,7 @@ resource "azurerm_api_management_logger" "apim_logger" { instrumentation_key = azurerm_application_insights.idpay_application_insights.instrumentation_key } } +data "azurerm_monitor_action_group" "email" { + resource_group_name = var.monitor_resource_group_name + name = local.monitor_action_group_email_name +} diff --git a/src/70_domains/idpay_common/99_locals.tf b/src/70_domains/idpay_common/99_locals.tf index de6c58bb..197f82c7 100644 --- a/src/70_domains/idpay_common/99_locals.tf +++ b/src/70_domains/idpay_common/99_locals.tf @@ -151,4 +151,5 @@ locals { soft_delete_period = "P7D" } } + monitor_action_group_email_name = "pari-alerts-email" } diff --git a/src/70_domains/idpay_common/99_variables.tf b/src/70_domains/idpay_common/99_variables.tf index ff419acc..86f03166 100644 --- a/src/70_domains/idpay_common/99_variables.tf +++ b/src/70_domains/idpay_common/99_variables.tf @@ -269,3 +269,8 @@ variable "oneidentity_base_url" { default = null description = "OneIdentity base Url" } + +variable "monitor_resource_group_name" { + type = string + description = "Monitor resource group name" +} From bb70b7c8e90216313dc94964b37434bc3983e373 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Thu, 9 Oct 2025 10:03:06 +0200 Subject: [PATCH 02/18] [LTBE-16] removed space --- src/70_domains/idpay_common/99_locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/70_domains/idpay_common/99_locals.tf b/src/70_domains/idpay_common/99_locals.tf index 197f82c7..0516223d 100644 --- a/src/70_domains/idpay_common/99_locals.tf +++ b/src/70_domains/idpay_common/99_locals.tf @@ -151,5 +151,5 @@ locals { soft_delete_period = "P7D" } } - monitor_action_group_email_name = "pari-alerts-email" + monitor_action_group_email_name = "pari-alerts-email" } From 78c460c701bd45b1f7ce836d6fe24bc8b4fadaf2 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Thu, 9 Oct 2025 12:06:21 +0200 Subject: [PATCH 03/18] [LTBE-16] added condition --- src/70_domains/idpay_common/00_alerts.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/70_domains/idpay_common/00_alerts.tf b/src/70_domains/idpay_common/00_alerts.tf index 269fd04b..f03ff7b9 100644 --- a/src/70_domains/idpay_common/00_alerts.tf +++ b/src/70_domains/idpay_common/00_alerts.tf @@ -12,6 +12,7 @@ resource "azurerm_resource_group" "rg_pari_alerts" { # Portal Consent – post (5xx, 401, 429 errors over 5 minutes) # ============================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_5m_rules" { + count = var.env_short == "p" ? 1 : 0 name = "portal-consent-save-5xx-401-429-alert" resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name location = var.location @@ -46,6 +47,7 @@ QUERY # Portal Consent – post (400 errors over 10 minutes) # ============================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_10m_rule" { + count = var.env_short == "p" ? 1 : 0 name = "portal-consent-save-400-alert" resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name location = var.location From 7c0e672b30e3308af46d5c318e3b0f90ca68afa1 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Thu, 9 Oct 2025 14:42:35 +0200 Subject: [PATCH 04/18] [LTBE-16] added monitor_resource_group_name env --- src/70_domains/idpay_common/env/itn-dev/terraform.tfvars | 2 ++ src/70_domains/idpay_common/env/itn-prod/terraform.tfvars | 1 + src/70_domains/idpay_common/env/itn-uat/terraform.tfvars | 1 + 3 files changed, 4 insertions(+) diff --git a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars index 82a3d202..d9f1fe95 100644 --- a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars @@ -79,9 +79,11 @@ aks_nodepool_green = { } #Monitoring +monitor_resource_group_name = "cstar-d-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 5 + #OneIdentity oneidentity_base_url = "https://uat.oneid.pagopa.it" diff --git a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars index 69dc7165..fd868792 100644 --- a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars @@ -87,6 +87,7 @@ aks_nodepool_green = { } #Monitoring +monitor_resource_group_name = "cstar-u-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 200 diff --git a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars index 1ebaa8b1..7c9634b6 100644 --- a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars @@ -79,6 +79,7 @@ aks_nodepool_green = { } #Monitoring +monitor_resource_group_name = "cstar-p-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 15 From 220f0376a8208aeaa39c38e648ebbf998ad16e4d Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Thu, 9 Oct 2025 16:32:13 +0200 Subject: [PATCH 05/18] [LTBE-16] added condition on alert group and fix env --- src/70_domains/idpay_common/00_alerts.tf | 46 ++++++++++--------- src/70_domains/idpay_common/11_monitor.tf | 3 ++ src/70_domains/idpay_common/99_locals.tf | 2 + .../env/itn-prod/terraform.tfvars | 2 +- .../idpay_common/env/itn-uat/terraform.tfvars | 2 +- 5 files changed, 31 insertions(+), 24 deletions(-) diff --git a/src/70_domains/idpay_common/00_alerts.tf b/src/70_domains/idpay_common/00_alerts.tf index f03ff7b9..bad08a88 100644 --- a/src/70_domains/idpay_common/00_alerts.tf +++ b/src/70_domains/idpay_common/00_alerts.tf @@ -38,8 +38,9 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent – save API alert (5xx/401/429)" + custom_webhook_payload = "{}" } } @@ -73,8 +74,9 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent – save API alert (400)" + custom_webhook_payload = "{}" } } @@ -108,7 +110,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent GET /consent alert (5xx/401/429)" custom_webhook_payload = "{}" } @@ -144,7 +146,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent GET /consent alert (400)" custom_webhook_payload = "{}" } @@ -180,7 +182,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files – upload API alert (5xx/401/429)" custom_webhook_payload = "{}" } @@ -216,7 +218,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files – upload API alert (400)" custom_webhook_payload = "{}" } @@ -246,7 +248,7 @@ AppRequests QUERY action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files verify alert" custom_webhook_payload = "{}" } @@ -287,7 +289,7 @@ AppRequests QUERY action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Products update status alert" custom_webhook_payload = "{}" } @@ -327,7 +329,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][CRITICAL] GET /products alert: High 5xx errors" custom_webhook_payload = "{}" } @@ -362,7 +364,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][CRITICAL] GET /products alert: High 400 errors" custom_webhook_payload = "{}" } @@ -399,7 +401,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][CRITICAL] GET /products alert: Availability is below 99%" custom_webhook_payload = "{}" } @@ -435,7 +437,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] User Permissions alert (5xx or 401/429)" custom_webhook_payload = "{}" } @@ -471,7 +473,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] User Permissions alert (400)" custom_webhook_payload = "{}" } @@ -507,7 +509,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files – list API alert (5xx)" custom_webhook_payload = "{}" } @@ -543,7 +545,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Error report download API alert (5xx)" custom_webhook_payload = "{}" } @@ -579,7 +581,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Batch list API alert (5xx)" custom_webhook_payload = "{}" } @@ -615,7 +617,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Institution by ID API alert (5xx)" custom_webhook_payload = "{}" } @@ -646,7 +648,7 @@ AppRequests QUERY action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Institutions list API alert (5xx)" custom_webhook_payload = "{}" } @@ -687,7 +689,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] Kafka Consumer Absent: idpay-checkiban-eval-consumer-group" custom_webhook_payload = "{}" } @@ -726,7 +728,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] Kafka Consumer Lag Alert" custom_webhook_payload = "{}" } @@ -758,7 +760,7 @@ AppDependencies QUERY action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Internal Email microservice dependency alert" custom_webhook_payload = "{}" } @@ -795,7 +797,7 @@ AppDependencies QUERY action { - action_group = [data.azurerm_monitor_action_group.email.id] + action_group = [data.azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] EPREL external dependency alert" custom_webhook_payload = "{}" } diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index 7cadc68d..bce8d874 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -50,7 +50,10 @@ resource "azurerm_api_management_logger" "apim_logger" { instrumentation_key = azurerm_application_insights.idpay_application_insights.instrumentation_key } } + +### Action Group data "azurerm_monitor_action_group" "email" { + count = var.env_short == "p" ? 1 : 0 resource_group_name = var.monitor_resource_group_name name = local.monitor_action_group_email_name } diff --git a/src/70_domains/idpay_common/99_locals.tf b/src/70_domains/idpay_common/99_locals.tf index 0516223d..9e9bb885 100644 --- a/src/70_domains/idpay_common/99_locals.tf +++ b/src/70_domains/idpay_common/99_locals.tf @@ -151,5 +151,7 @@ locals { soft_delete_period = "P7D" } } + + # Action Group monitor_action_group_email_name = "pari-alerts-email" } diff --git a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars index fd868792..bb401954 100644 --- a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars @@ -87,7 +87,7 @@ aks_nodepool_green = { } #Monitoring -monitor_resource_group_name = "cstar-u-itn-idpay-monitoring-rg" +monitor_resource_group_name = "cstar-p-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 200 diff --git a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars index 7c9634b6..e177ce78 100644 --- a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars @@ -79,7 +79,7 @@ aks_nodepool_green = { } #Monitoring -monitor_resource_group_name = "cstar-p-itn-idpay-monitoring-rg" +monitor_resource_group_name = "cstar-u-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 15 From 86e2db211afac1a32990a4cecac742ef35563ecd Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Thu, 9 Oct 2025 17:09:01 +0200 Subject: [PATCH 06/18] [LTBE-16] added condition uat env on count --- src/70_domains/idpay_common/00_alerts.tf | 46 +++++++++++------------ src/70_domains/idpay_common/11_monitor.tf | 2 +- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/70_domains/idpay_common/00_alerts.tf b/src/70_domains/idpay_common/00_alerts.tf index bad08a88..03c0d2fe 100644 --- a/src/70_domains/idpay_common/00_alerts.tf +++ b/src/70_domains/idpay_common/00_alerts.tf @@ -2,7 +2,7 @@ # Resource group per alert PARI # ========================================= resource "azurerm_resource_group" "rg_pari_alerts" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "${local.project}-pari-alerts-rg" location = var.location tags = module.tag_config.tags @@ -12,7 +12,7 @@ resource "azurerm_resource_group" "rg_pari_alerts" { # Portal Consent – post (5xx, 401, 429 errors over 5 minutes) # ============================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_5m_rules" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-5xx-401-429-alert" resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name location = var.location @@ -48,7 +48,7 @@ QUERY # Portal Consent – post (400 errors over 10 minutes) # ============================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_10m_rule" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-400-alert" resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name location = var.location @@ -84,7 +84,7 @@ QUERY # Portal Consent – get (5xx, 401, 429 errors over 5 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_5m_rules_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-portal-consent-get-5xx-401-429-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -120,7 +120,7 @@ QUERY # Portal Consent – get (400 errors over 10 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_10m_rule_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-portal-consent-get-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -156,7 +156,7 @@ QUERY # Product files – upload (5xx, 401, 429 errors over 5 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_upload_5m_rules_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-upload-5xx-401-429-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -192,7 +192,7 @@ QUERY # Product files – upload (400 errors over 10 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_upload_10m_rule_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-upload-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -228,7 +228,7 @@ QUERY # Product files – verify # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_verify_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-verify-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -263,7 +263,7 @@ QUERY # Products – update status # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_products_update_status_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-products-update-status-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -304,7 +304,7 @@ QUERY # GET products - 5xx Error Count # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_5xx_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-5xx-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -339,7 +339,7 @@ QUERY # GET products - 400 Error Count # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_400_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -374,7 +374,7 @@ QUERY # GET products - Availability # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_availability_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-availability-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -411,7 +411,7 @@ QUERY # User Permissions - 5xx, 401, 429 errors over 5 minutes # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_user_permissions_5m_rules_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-user-permissions-5m-rules-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -447,7 +447,7 @@ QUERY # User Permissions - 400 errors over 10 minutes # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_user_permissions_10m_rule_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-user-permissions-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -483,7 +483,7 @@ QUERY # Product files – list # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_list_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-list-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -519,7 +519,7 @@ QUERY # Error report download # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_error_report_download_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-error-report-download-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -555,7 +555,7 @@ QUERY # Batch list # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_batch_list_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-batch-list-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -591,7 +591,7 @@ QUERY # Institution by ID # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_institution_by_id_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-institution-by-id-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -627,7 +627,7 @@ QUERY # Institutions list # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_institutions_list_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-institutions-list-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -663,7 +663,7 @@ QUERY # Kafka Consumer - Absent Consumer Alert (5 min) # ======================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_absent_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-kafka-consumer-absent-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -699,7 +699,7 @@ QUERY # Kafka Consumer - Average Lag Alert (10 min) # ======================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_avg_lag_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-kafka-consumer-avg-lag-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -738,7 +738,7 @@ QUERY # Internal dependency – E-mail service # ======================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_email_dependency_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-email-dependency-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -775,7 +775,7 @@ QUERY # External dependency – EPREL # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_eprel_dependency_alert" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-eprel-dependency-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index bce8d874..637897d5 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -53,7 +53,7 @@ resource "azurerm_api_management_logger" "apim_logger" { ### Action Group data "azurerm_monitor_action_group" "email" { - count = var.env_short == "p" ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 resource_group_name = var.monitor_resource_group_name name = local.monitor_action_group_email_name } From 0e7708ff6f5e0daa81d9d4d527886e98c3f35c66 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Fri, 10 Oct 2025 10:21:39 +0200 Subject: [PATCH 07/18] [LTBE-16] added locals --- src/70_domains/idpay_common/00_alerts.tf | 4 ++-- src/70_domains/idpay_common/11_monitor.tf | 2 +- src/70_domains/idpay_common/99_locals.tf | 1 + src/70_domains/idpay_common/99_variables.tf | 5 ----- src/70_domains/idpay_common/env/itn-dev/terraform.tfvars | 1 - src/70_domains/idpay_common/env/itn-prod/terraform.tfvars | 1 - src/70_domains/idpay_common/env/itn-uat/terraform.tfvars | 1 - 7 files changed, 4 insertions(+), 11 deletions(-) diff --git a/src/70_domains/idpay_common/00_alerts.tf b/src/70_domains/idpay_common/00_alerts.tf index 03c0d2fe..58800b4b 100644 --- a/src/70_domains/idpay_common/00_alerts.tf +++ b/src/70_domains/idpay_common/00_alerts.tf @@ -14,7 +14,7 @@ resource "azurerm_resource_group" "rg_pari_alerts" { resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_5m_rules" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-5xx-401-429-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location description = "Alert on POST /idpay-itn/register/consent errors (5xx > 5/5m; 401/429 > 5/5m)" @@ -50,7 +50,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_10m_rule" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-400-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location description = "Alert on POST /idpay-itn/register/consent errors (400 > 50/10m)" diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index 637897d5..d93b8d59 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -54,6 +54,6 @@ resource "azurerm_api_management_logger" "apim_logger" { ### Action Group data "azurerm_monitor_action_group" "email" { count = contains(["p", "u"], var.env_short) ? 1 : 0 - resource_group_name = var.monitor_resource_group_name + resource_group_name = local.monitor_resource_group_name name = local.monitor_action_group_email_name } diff --git a/src/70_domains/idpay_common/99_locals.tf b/src/70_domains/idpay_common/99_locals.tf index 9e9bb885..4408692a 100644 --- a/src/70_domains/idpay_common/99_locals.tf +++ b/src/70_domains/idpay_common/99_locals.tf @@ -5,6 +5,7 @@ locals { project_core = "${var.prefix}-${var.env_short}-${var.location_short}-core" project_weu = "${var.prefix}-${var.env_short}-${var.location_short_weu}-${var.domain}" project_entra = "${var.prefix}-${var.env_short}-${var.domain}" + monitor_resource_group_name = "${var.prefix}-${var.env_short}-${var.domain}-monitoring-rg" # Default Domain Resource Group data_rg = "${local.project}-data-rg" diff --git a/src/70_domains/idpay_common/99_variables.tf b/src/70_domains/idpay_common/99_variables.tf index 86f03166..ff419acc 100644 --- a/src/70_domains/idpay_common/99_variables.tf +++ b/src/70_domains/idpay_common/99_variables.tf @@ -269,8 +269,3 @@ variable "oneidentity_base_url" { default = null description = "OneIdentity base Url" } - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} diff --git a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars index d9f1fe95..9fc270e4 100644 --- a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars @@ -79,7 +79,6 @@ aks_nodepool_green = { } #Monitoring -monitor_resource_group_name = "cstar-d-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 5 diff --git a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars index bb401954..69dc7165 100644 --- a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars @@ -87,7 +87,6 @@ aks_nodepool_green = { } #Monitoring -monitor_resource_group_name = "cstar-p-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 200 diff --git a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars index e177ce78..1ebaa8b1 100644 --- a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars @@ -79,7 +79,6 @@ aks_nodepool_green = { } #Monitoring -monitor_resource_group_name = "cstar-u-itn-idpay-monitoring-rg" law_sku = "PerGB2018" law_retention_in_days = 30 law_daily_quota_gb = 15 From e8d033ce2314ab69f72ee324fcb5f5709141a0e3 Mon Sep 17 00:00:00 2001 From: and-mora Date: Fri, 10 Oct 2025 10:47:32 +0200 Subject: [PATCH 08/18] precommit --- src/70_domains/idpay_common/00_alerts.tf | 54 +++++++++---------- src/70_domains/idpay_common/11_monitor.tf | 2 +- .../idpay_common/env/itn-dev/terraform.tfvars | 6 +-- .../env/itn-prod/terraform.tfvars | 6 +-- .../idpay_common/env/itn-uat/terraform.tfvars | 6 +-- 5 files changed, 37 insertions(+), 37 deletions(-) diff --git a/src/70_domains/idpay_common/00_alerts.tf b/src/70_domains/idpay_common/00_alerts.tf index 58800b4b..ddc18b6d 100644 --- a/src/70_domains/idpay_common/00_alerts.tf +++ b/src/70_domains/idpay_common/00_alerts.tf @@ -2,7 +2,7 @@ # Resource group per alert PARI # ========================================= resource "azurerm_resource_group" "rg_pari_alerts" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "${local.project}-pari-alerts-rg" location = var.location tags = module.tag_config.tags @@ -12,7 +12,7 @@ resource "azurerm_resource_group" "rg_pari_alerts" { # Portal Consent – post (5xx, 401, 429 errors over 5 minutes) # ============================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_5m_rules" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-5xx-401-429-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -38,8 +38,8 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] - email_subject = "[PARI] Portal Consent – save API alert (5xx/401/429)" + action_group = [data.azurerm_monitor_action_group.email[0].id] + email_subject = "[PARI] Portal Consent – save API alert (5xx/401/429)" custom_webhook_payload = "{}" } } @@ -48,7 +48,7 @@ QUERY # Portal Consent – post (400 errors over 10 minutes) # ============================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_10m_rule" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -74,8 +74,8 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] - email_subject = "[PARI] Portal Consent – save API alert (400)" + action_group = [data.azurerm_monitor_action_group.email[0].id] + email_subject = "[PARI] Portal Consent – save API alert (400)" custom_webhook_payload = "{}" } } @@ -84,7 +84,7 @@ QUERY # Portal Consent – get (5xx, 401, 429 errors over 5 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_5m_rules_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-portal-consent-get-5xx-401-429-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -120,7 +120,7 @@ QUERY # Portal Consent – get (400 errors over 10 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_10m_rule_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-portal-consent-get-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -156,7 +156,7 @@ QUERY # Product files – upload (5xx, 401, 429 errors over 5 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_upload_5m_rules_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-upload-5xx-401-429-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -192,7 +192,7 @@ QUERY # Product files – upload (400 errors over 10 minutes) # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_upload_10m_rule_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-upload-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -228,7 +228,7 @@ QUERY # Product files – verify # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_verify_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-verify-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -263,7 +263,7 @@ QUERY # Products – update status # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_products_update_status_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-products-update-status-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -304,7 +304,7 @@ QUERY # GET products - 5xx Error Count # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_5xx_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-5xx-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -339,7 +339,7 @@ QUERY # GET products - 400 Error Count # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_400_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -374,7 +374,7 @@ QUERY # GET products - Availability # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_availability_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-availability-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -411,7 +411,7 @@ QUERY # User Permissions - 5xx, 401, 429 errors over 5 minutes # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_user_permissions_5m_rules_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-user-permissions-5m-rules-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -447,7 +447,7 @@ QUERY # User Permissions - 400 errors over 10 minutes # ======================================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_user_permissions_10m_rule_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-user-permissions-400-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -483,7 +483,7 @@ QUERY # Product files – list # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_list_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-list-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -519,7 +519,7 @@ QUERY # Error report download # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_error_report_download_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-error-report-download-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -555,7 +555,7 @@ QUERY # Batch list # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_batch_list_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-batch-list-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -591,7 +591,7 @@ QUERY # Institution by ID # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_institution_by_id_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-institution-by-id-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -627,7 +627,7 @@ QUERY # Institutions list # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_institutions_list_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-institutions-list-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -663,7 +663,7 @@ QUERY # Kafka Consumer - Absent Consumer Alert (5 min) # ======================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_absent_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-kafka-consumer-absent-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -699,7 +699,7 @@ QUERY # Kafka Consumer - Average Lag Alert (10 min) # ======================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_avg_lag_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-kafka-consumer-avg-lag-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -738,7 +738,7 @@ QUERY # Internal dependency – E-mail service # ======================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_email_dependency_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-email-dependency-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location @@ -775,7 +775,7 @@ QUERY # External dependency – EPREL # ========================================= resource "azurerm_monitor_scheduled_query_rules_alert" "pari_eprel_dependency_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-eprel-dependency-alert" resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name location = var.location diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index d93b8d59..5b7998c9 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -53,7 +53,7 @@ resource "azurerm_api_management_logger" "apim_logger" { ### Action Group data "azurerm_monitor_action_group" "email" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 resource_group_name = local.monitor_resource_group_name name = local.monitor_action_group_email_name } diff --git a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars index 9fc270e4..38aab088 100644 --- a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars @@ -79,9 +79,9 @@ aks_nodepool_green = { } #Monitoring -law_sku = "PerGB2018" -law_retention_in_days = 30 -law_daily_quota_gb = 5 +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 5 #OneIdentity diff --git a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars index 69dc7165..8c268bf3 100644 --- a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars @@ -87,9 +87,9 @@ aks_nodepool_green = { } #Monitoring -law_sku = "PerGB2018" -law_retention_in_days = 30 -law_daily_quota_gb = 200 +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 200 #OneIdentity oneidentity_base_url = "https://oneid.pagopa.it" diff --git a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars index 1ebaa8b1..04ac8000 100644 --- a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars @@ -79,9 +79,9 @@ aks_nodepool_green = { } #Monitoring -law_sku = "PerGB2018" -law_retention_in_days = 30 -law_daily_quota_gb = 15 +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 15 #OneIdentity oneidentity_base_url = "https://uat.oneid.pagopa.it" From 7e46001257e3cffc5e3b2d28fb4da8b2ac3f1c0b Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Fri, 10 Oct 2025 11:15:53 +0200 Subject: [PATCH 09/18] [LTBE-16] fix requested changes --- src/70_domains/idpay_common/11_monitor.tf | 2 +- .../{00_alerts.tf => 12_alerts.tf} | 94 +++++++++---------- src/70_domains/idpay_common/99_locals.tf | 8 +- 3 files changed, 47 insertions(+), 57 deletions(-) rename src/70_domains/idpay_common/{00_alerts.tf => 12_alerts.tf} (86%) diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index 5b7998c9..5bac0cec 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -54,6 +54,6 @@ resource "azurerm_api_management_logger" "apim_logger" { ### Action Group data "azurerm_monitor_action_group" "email" { count = contains(["p", "u"], var.env_short) ? 1 : 0 - resource_group_name = local.monitor_resource_group_name + resource_group_name = local.monitor_rg name = local.monitor_action_group_email_name } diff --git a/src/70_domains/idpay_common/00_alerts.tf b/src/70_domains/idpay_common/12_alerts.tf similarity index 86% rename from src/70_domains/idpay_common/00_alerts.tf rename to src/70_domains/idpay_common/12_alerts.tf index ddc18b6d..a023a471 100644 --- a/src/70_domains/idpay_common/00_alerts.tf +++ b/src/70_domains/idpay_common/12_alerts.tf @@ -1,20 +1,10 @@ -# ========================================= -# Resource group per alert PARI -# ========================================= -resource "azurerm_resource_group" "rg_pari_alerts" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 - name = "${local.project}-pari-alerts-rg" - location = var.location - tags = module.tag_config.tags -} - # ============================================================= # Portal Consent – post (5xx, 401, 429 errors over 5 minutes) # ============================================================= resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_5m_rules" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-5xx-401-429-alert" - resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name + resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name location = var.location description = "Alert on POST /idpay-itn/register/consent errors (5xx > 5/5m; 401/429 > 5/5m)" @@ -50,7 +40,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_10m_rule" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-400-alert" - resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name + resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name location = var.location description = "Alert on POST /idpay-itn/register/consent errors (400 > 50/10m)" @@ -86,7 +76,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_5m_rules_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-portal-consent-get-5xx-401-429-alert" - resource_group_name = azurerm_resource_group.rg_pari_alerts[0].name + resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name location = var.location description = "Alert on GET /idpay-itn/register/consent errors (5xx > 5/5m; 401/429 > 5/5m)" @@ -96,7 +86,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_ frequency = 5 time_window = 5 - data_source_id = data.azurerm_log_analytics_workspace.core_log_analytics.id + data_source_id = azurerm_log_analytics_workspace.log_analytics_workspace.id query = < Date: Fri, 10 Oct 2025 11:48:11 +0200 Subject: [PATCH 10/18] [LTBE-16] fix requested changes --- src/70_domains/idpay_common/11_monitor.tf | 7 ---- src/70_domains/idpay_common/12_alerts.tf | 44 +++++++++++------------ 2 files changed, 22 insertions(+), 29 deletions(-) diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index 5bac0cec..d54ac793 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -1,10 +1,3 @@ -resource "azurerm_resource_group" "idpay_monitoring_rg" { - name = "${local.project}-monitor-rg" - location = var.location - - tags = module.tag_config.tags -} - resource "azurerm_log_analytics_workspace" "log_analytics_workspace" { name = "${local.project}-law" location = data.azurerm_resource_group.idpay_monitoring_rg.location diff --git a/src/70_domains/idpay_common/12_alerts.tf b/src/70_domains/idpay_common/12_alerts.tf index a023a471..73bf3b98 100644 --- a/src/70_domains/idpay_common/12_alerts.tf +++ b/src/70_domains/idpay_common/12_alerts.tf @@ -4,7 +4,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_5m_rules" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-5xx-401-429-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Alert on POST /idpay-itn/register/consent errors (5xx > 5/5m; 401/429 > 5/5m)" @@ -40,7 +40,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "portal_consent_save_10m_rule" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "portal-consent-save-400-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Alert on POST /idpay-itn/register/consent errors (400 > 50/10m)" @@ -76,7 +76,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_5m_rules_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-portal-consent-get-5xx-401-429-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Alert on GET /idpay-itn/register/consent errors (5xx > 5/5m; 401/429 > 5/5m)" @@ -112,7 +112,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_portal_consent_get_10m_rule_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-portal-consent-get-400-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Alert on GET /idpay-itn/register/consent errors (400 > 50/10m)" @@ -148,7 +148,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_upload_5m_rules_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-upload-5xx-401-429-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Product files upload API: 5xx/401/429 error threshold exceeded (> 5/5m)" @@ -184,7 +184,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_upload_10m_rule_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-upload-400-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Product files upload API: 400 error threshold exceeded (> 50/10m)" @@ -220,7 +220,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_verify_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-verify-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Product files verify API: error threshold exceeded (5xx > 3/5m)" @@ -255,7 +255,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_products_update_status_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-products-update-status-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Products update status API: error threshold exceeded (5xx > 3/5m per endpoint)" @@ -296,7 +296,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_5xx_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-5xx-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "GET /products API: 5xx error count exceeded (> 5 in 5m)" @@ -331,7 +331,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_400_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-400-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "GET /products API: 400 error count exceeded (> 50 in 10m)" @@ -366,7 +366,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_get_products_availability_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-get-products-availability-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "GET /products API: Availability dropped below 99% in the last 10 minutes" @@ -403,7 +403,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_user_permissions_5m_rules_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-user-permissions-5m-rules-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "User Permissions API: 5xx > 5/5m; 401/429 > 5/5m" @@ -439,7 +439,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_user_permissions_10m_rule_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-user-permissions-400-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "User Permissions API: 400 > 50/10m" @@ -475,7 +475,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_product_files_list_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-product-files-list-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Product files list API: 5xx error count exceeded (> 5 in 5m)" @@ -511,7 +511,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_error_report_download_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-error-report-download-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Error report download API: 5xx error count exceeded (> 5 in 5m)" @@ -547,7 +547,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_batch_list_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-batch-list-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Batch list API: 5xx error count exceeded (> 5 in 5m)" @@ -583,7 +583,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_institution_by_id_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-institution-by-id-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Institution by ID API: 5xx error count exceeded (> 5 in 5m)" @@ -619,7 +619,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_institutions_list_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-institutions-list-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Institutions list API: 5xx error count exceeded (> 5 in 5m)" @@ -655,7 +655,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_absent_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-kafka-consumer-absent-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Kafka consumer 'idpay-checkiban-eval-consumer-group' has not sent any logs for the last 5 minutes." @@ -691,7 +691,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_avg_lag_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-kafka-consumer-avg-lag-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Kafka consumer average lag is greater than 15 over the last 10 minutes. Based on the 'kafka_consumer_fetch_manager_records_lag_max' metric." @@ -730,7 +730,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_email_dependency_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-email-dependency-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "Internal email microservice: error count exceeded threshold (> 10 in 5m)" @@ -767,7 +767,7 @@ QUERY resource "azurerm_monitor_scheduled_query_rules_alert" "pari_eprel_dependency_alert" { count = contains(["p", "u"], var.env_short) ? 1 : 0 name = "pari-eprel-dependency-alert" - resource_group_name = azurerm_resource_group.idpay_monitoring_rg.name + resource_group_name = local.monitor_rg location = var.location description = "EPREL dependency: error count exceeded threshold (> 10 in 5m)" From 6c99bf9e858c6e8302e921f0f816df22f507fc42 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Fri, 10 Oct 2025 12:57:53 +0200 Subject: [PATCH 11/18] [LTBE-16] fix requested changes --- src/70_domains/idpay_common/11_monitor.tf | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index d54ac793..a0eb07e5 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -45,8 +45,19 @@ resource "azurerm_api_management_logger" "apim_logger" { } ### Action Group -data "azurerm_monitor_action_group" "email" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 - resource_group_name = local.monitor_rg +resource "azurerm_monitor_action_group" "email" { + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = local.monitor_action_group_email_name -} + resource_group_name = local.monitor_rg + short_name = "pari-email" + enabled = true + + dynamic "email_receiver" { + for_each = var.env_short == "u" ? [1] : [] + content { + name = "pari-alerts-email_-EmailAction-" + email_address = "pari.alert.test@gmail.com" + use_common_alert_schema = false + } + } +} \ No newline at end of file From 3092ec49051cf678cbec480bf684042836803d84 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Fri, 10 Oct 2025 13:02:28 +0200 Subject: [PATCH 12/18] [LTBE-16] fix requested changes --- src/70_domains/idpay_common/12_alerts.tf | 44 ++++++++++++------------ 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/src/70_domains/idpay_common/12_alerts.tf b/src/70_domains/idpay_common/12_alerts.tf index 73bf3b98..550eda9e 100644 --- a/src/70_domains/idpay_common/12_alerts.tf +++ b/src/70_domains/idpay_common/12_alerts.tf @@ -28,7 +28,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent – save API alert (5xx/401/429)" custom_webhook_payload = "{}" } @@ -64,7 +64,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent – save API alert (400)" custom_webhook_payload = "{}" } @@ -100,7 +100,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent GET /consent alert (5xx/401/429)" custom_webhook_payload = "{}" } @@ -136,7 +136,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Portal Consent GET /consent alert (400)" custom_webhook_payload = "{}" } @@ -172,7 +172,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files – upload API alert (5xx/401/429)" custom_webhook_payload = "{}" } @@ -208,7 +208,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files – upload API alert (400)" custom_webhook_payload = "{}" } @@ -238,7 +238,7 @@ AppRequests QUERY action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files verify alert" custom_webhook_payload = "{}" } @@ -279,7 +279,7 @@ AppRequests QUERY action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Products update status alert" custom_webhook_payload = "{}" } @@ -319,7 +319,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][CRITICAL] GET /products alert: High 5xx errors" custom_webhook_payload = "{}" } @@ -354,7 +354,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][CRITICAL] GET /products alert: High 400 errors" custom_webhook_payload = "{}" } @@ -391,7 +391,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][CRITICAL] GET /products alert: Availability is below 99%" custom_webhook_payload = "{}" } @@ -427,7 +427,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] User Permissions alert (5xx or 401/429)" custom_webhook_payload = "{}" } @@ -463,7 +463,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] User Permissions alert (400)" custom_webhook_payload = "{}" } @@ -499,7 +499,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Product files – list API alert (5xx)" custom_webhook_payload = "{}" } @@ -535,7 +535,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Error report download API alert (5xx)" custom_webhook_payload = "{}" } @@ -571,7 +571,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Batch list API alert (5xx)" custom_webhook_payload = "{}" } @@ -607,7 +607,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Institution by ID API alert (5xx)" custom_webhook_payload = "{}" } @@ -638,7 +638,7 @@ AppRequests QUERY action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Institutions list API alert (5xx)" custom_webhook_payload = "{}" } @@ -679,7 +679,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] Kafka Consumer Absent: idpay-checkiban-eval-consumer-group" custom_webhook_payload = "{}" } @@ -718,7 +718,7 @@ QUERY } action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] Kafka Consumer Lag Alert" custom_webhook_payload = "{}" } @@ -750,7 +750,7 @@ AppDependencies QUERY action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI] Internal Email microservice dependency alert" custom_webhook_payload = "{}" } @@ -787,7 +787,7 @@ AppDependencies QUERY action { - action_group = [data.azurerm_monitor_action_group.email[0].id] + action_group = [azurerm_monitor_action_group.email[0].id] email_subject = "[PARI][HIGH] EPREL external dependency alert" custom_webhook_payload = "{}" } From 7ded128ba05f7db2560d76d3c96ef6e4f3f387f8 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Fri, 10 Oct 2025 15:24:09 +0200 Subject: [PATCH 13/18] [LTBE-16] fix precommit --- src/70_domains/idpay_common/11_monitor.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/70_domains/idpay_common/11_monitor.tf b/src/70_domains/idpay_common/11_monitor.tf index a0eb07e5..6e8e049d 100644 --- a/src/70_domains/idpay_common/11_monitor.tf +++ b/src/70_domains/idpay_common/11_monitor.tf @@ -46,7 +46,7 @@ resource "azurerm_api_management_logger" "apim_logger" { ### Action Group resource "azurerm_monitor_action_group" "email" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 + count = contains(["p", "u"], var.env_short) ? 1 : 0 name = local.monitor_action_group_email_name resource_group_name = local.monitor_rg short_name = "pari-email" @@ -60,4 +60,4 @@ resource "azurerm_monitor_action_group" "email" { use_common_alert_schema = false } } -} \ No newline at end of file +} From 95fc9988b6424f512088d6549f1ad936579b9c5e Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Tue, 14 Oct 2025 16:35:34 +0200 Subject: [PATCH 14/18] [LTBE-16] fix alert --- src/70_domains/idpay_common/12_alerts.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/70_domains/idpay_common/12_alerts.tf b/src/70_domains/idpay_common/12_alerts.tf index 550eda9e..3130d9cf 100644 --- a/src/70_domains/idpay_common/12_alerts.tf +++ b/src/70_domains/idpay_common/12_alerts.tf @@ -658,7 +658,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_abse resource_group_name = local.monitor_rg location = var.location - description = "Kafka consumer 'idpay-checkiban-eval-consumer-group' has not sent any logs for the last 5 minutes." + description = "Kafka consumer 'idpay-asset-register-consumer-group' has not reported its lag metric for the last 5 minutes." enabled = true severity = 1 @@ -668,9 +668,10 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_abse data_source_id = azurerm_log_analytics_workspace.log_analytics_workspace.id query = < ago(5m) -| where Message has "groupId=idpay-asset-register-consumer-group" +| where Name == "kafka_consumer_fetch_manager_records_lag_max" +| where Properties has "idpay-asset-register-consumer-group" QUERY trigger { @@ -680,7 +681,7 @@ QUERY action { action_group = [azurerm_monitor_action_group.email[0].id] - email_subject = "[PARI][HIGH] Kafka Consumer Absent: idpay-checkiban-eval-consumer-group" + email_subject = "[PARI][HIGH] Kafka Consumer Absent: idpay-asset-register-consumer-group" custom_webhook_payload = "{}" } } From 9f706ebc085cbd0f58f57c800af2aaf3630f9de3 Mon Sep 17 00:00:00 2001 From: DanieleRanaldo Date: Thu, 16 Oct 2025 10:25:56 +0200 Subject: [PATCH 15/18] [LTBE-16] removed kafka alerts --- src/70_domains/idpay_common/12_alerts.tf | 80 ++---------------------- 1 file changed, 4 insertions(+), 76 deletions(-) diff --git a/src/70_domains/idpay_common/12_alerts.tf b/src/70_domains/idpay_common/12_alerts.tf index 3130d9cf..b7940229 100644 --- a/src/70_domains/idpay_common/12_alerts.tf +++ b/src/70_domains/idpay_common/12_alerts.tf @@ -1,3 +1,7 @@ +# ============================================================= +# Alert API EIE +# ============================================================= + # ============================================================= # Portal Consent – post (5xx, 401, 429 errors over 5 minutes) # ============================================================= @@ -649,82 +653,6 @@ QUERY } } -# ======================================================= -# Kafka Consumer - Absent Consumer Alert (5 min) -# ======================================================= -resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_absent_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 - name = "pari-kafka-consumer-absent-alert" - resource_group_name = local.monitor_rg - location = var.location - - description = "Kafka consumer 'idpay-asset-register-consumer-group' has not reported its lag metric for the last 5 minutes." - enabled = true - severity = 1 - - frequency = 5 - time_window = 5 - - data_source_id = azurerm_log_analytics_workspace.log_analytics_workspace.id - - query = < ago(5m) -| where Name == "kafka_consumer_fetch_manager_records_lag_max" -| where Properties has "idpay-asset-register-consumer-group" -QUERY - - trigger { - operator = "Equal" - threshold = 0 - } - - action { - action_group = [azurerm_monitor_action_group.email[0].id] - email_subject = "[PARI][HIGH] Kafka Consumer Absent: idpay-asset-register-consumer-group" - custom_webhook_payload = "{}" - } -} - -# ======================================================= -# Kafka Consumer - Average Lag Alert (10 min) -# ======================================================= -resource "azurerm_monitor_scheduled_query_rules_alert" "pari_kafka_consumer_avg_lag_alert" { - count = contains(["p", "u"], var.env_short) ? 1 : 0 - name = "pari-kafka-consumer-avg-lag-alert" - resource_group_name = local.monitor_rg - location = var.location - - description = "Kafka consumer average lag is greater than 15 over the last 10 minutes. Based on the 'kafka_consumer_fetch_manager_records_lag_max' metric." - enabled = true - severity = 1 - - frequency = 5 - time_window = 10 - - data_source_id = azurerm_log_analytics_workspace.log_analytics_workspace.id - - query = < ago(10m) -| where Name == "kafka_consumer_fetch_manager_records_lag_max" -| where Properties has "idpay-asset-register-consumer-group" -| summarize AvgLag = avg(Value) -| where AvgLag > 15 -QUERY - - trigger { - operator = "GreaterThanOrEqual" - threshold = 1 - } - - action { - action_group = [azurerm_monitor_action_group.email[0].id] - email_subject = "[PARI][HIGH] Kafka Consumer Lag Alert" - custom_webhook_payload = "{}" - } -} - # ======================================================= # Internal dependency – E-mail service # ======================================================= From 4b0696e986ad1a00696eeeb06fe2da23160c5a01 Mon Sep 17 00:00:00 2001 From: and-mora Date: Thu, 16 Oct 2025 10:36:58 +0200 Subject: [PATCH 16/18] pre-commit --- src/70_domains/idpay_common/env/itn-dev/terraform.tfvars | 6 +++--- src/70_domains/idpay_common/env/itn-prod/terraform.tfvars | 6 +++--- src/70_domains/idpay_common/env/itn-uat/terraform.tfvars | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars index 38aab088..9fc270e4 100644 --- a/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-dev/terraform.tfvars @@ -79,9 +79,9 @@ aks_nodepool_green = { } #Monitoring -law_sku = "PerGB2018" -law_retention_in_days = 30 -law_daily_quota_gb = 5 +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 5 #OneIdentity diff --git a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars index 8c268bf3..69dc7165 100644 --- a/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-prod/terraform.tfvars @@ -87,9 +87,9 @@ aks_nodepool_green = { } #Monitoring -law_sku = "PerGB2018" -law_retention_in_days = 30 -law_daily_quota_gb = 200 +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 200 #OneIdentity oneidentity_base_url = "https://oneid.pagopa.it" diff --git a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars index 04ac8000..1ebaa8b1 100644 --- a/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars +++ b/src/70_domains/idpay_common/env/itn-uat/terraform.tfvars @@ -79,9 +79,9 @@ aks_nodepool_green = { } #Monitoring -law_sku = "PerGB2018" -law_retention_in_days = 30 -law_daily_quota_gb = 15 +law_sku = "PerGB2018" +law_retention_in_days = 30 +law_daily_quota_gb = 15 #OneIdentity oneidentity_base_url = "https://uat.oneid.pagopa.it" From 5ca99cbb2fb6347ef3c795cf418b73ddf3b990bb Mon Sep 17 00:00:00 2001 From: and-mora Date: Thu, 16 Oct 2025 15:46:43 +0200 Subject: [PATCH 17/18] restore file --- .../03_cosmos_mongodb_accounts_configuration.tf | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/70_domains/idpay_common/03_cosmos_mongodb_accounts_configuration.tf b/src/70_domains/idpay_common/03_cosmos_mongodb_accounts_configuration.tf index a0ad00b1..64ece5bf 100644 --- a/src/70_domains/idpay_common/03_cosmos_mongodb_accounts_configuration.tf +++ b/src/70_domains/idpay_common/03_cosmos_mongodb_accounts_configuration.tf @@ -517,7 +517,6 @@ resource "azurerm_cosmosdb_mongo_database" "databases" { "idpay-beneficiari", "idpay-pagamenti", "idpay-iniziative", - "rdb", ]) name = each.key @@ -526,8 +525,11 @@ resource "azurerm_cosmosdb_mongo_database" "databases" { throughput = null - autoscale_settings { - max_throughput = 1000 + dynamic "autoscale_settings" { + for_each = var.env == "dev" ? [] : [1] + content { + max_throughput = 1000 + } } lifecycle { From ccd7d96729957b5bf13a99692f1c2132e0143d0f Mon Sep 17 00:00:00 2001 From: and-mora Date: Thu, 16 Oct 2025 15:47:25 +0200 Subject: [PATCH 18/18] restore file --- src/70_domains/idpay_common/99_locals.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/src/70_domains/idpay_common/99_locals.tf b/src/70_domains/idpay_common/99_locals.tf index 86ec8b0f..c8087e78 100644 --- a/src/70_domains/idpay_common/99_locals.tf +++ b/src/70_domains/idpay_common/99_locals.tf @@ -141,7 +141,6 @@ locals { azurerm_cosmosdb_mongo_database.databases["idpay-beneficiari"], azurerm_cosmosdb_mongo_database.databases["idpay-pagamenti"], azurerm_cosmosdb_mongo_database.databases["idpay-iniziative"], - azurerm_cosmosdb_mongo_database.databases["rdb"], ] # Data Explorer