Add examples and e2e tests to AppConfiguration modules

.dockerignore

@@ -0,0 +1,34 @@
+# git
+.git
+.gitignore
+
+# node
+node_modules
+.env
+dist
+.pnpm-store
+vite.config.*.timestamp*
+vitest.config.*.timestamp*
+
+# Go
+terraform-provider-azure
+providers/azure/terraform-provider-azure
+
+# Terraform
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+**/modules/**/.terraform.lock.hcl
+**/_modules/**/.terraform.lock.hcl
+
+# MacOS
+*.DS_Store
+
+# NX
+.nx/cache
+.nx/workspace-data
+.github/instructions/nx.instructions.md

.github/workflows/_release-docker-e2e-appconfiguration.yaml

@@ -0,0 +1,45 @@
+# Build and publish the application Docker image for the E2E App Configuration - including all scenarios.
+
+name: Publish E2E App Configuration - All Scenarios
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - CES-1469-aggiungere-esempi-del-modulo-da-usare-per-i-test-e-2-e
+    # paths:
+    #   - "infra/modules/azure_app_configuration/tests/apps/all_scenarios/**"
+
+env:
+  MODULE_NAME: "azure_app_configuration"
+
+jobs:
+  publish:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      attestations: write
+      packages: write
+    env:
+      IMAGE_NAME: "pagopa/e2e-appconfiguration-all-scenarios"
+      IMAGE_TAG: "latest"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Docker Build and Push
+        id: docker_build
+        uses: pagopa/dx/actions/docker-build-push@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          dockerfile_path: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/Dockerfile
+          dockerfile_context: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/src
+          docker_image_name: ${{ env.IMAGE_NAME }}
+          docker_image_description: "Web app which exposes endpoints to access App Configuration. Used for E2E tests of the Azure App Configuration Terraform module."
+          docker_image_authors: "PagoPA"
+          build_platforms: "linux/amd64,linux/arm64"
+          push_to_registry: true

go.work

@@ -1,6 +1,8 @@
-go 1.25.3
+go 1.25.4
 
 use (
+	./infra/modules/azure_app_configuration/tests
+	./infra/modules/azure_app_configuration/tests/apps/all_scenarios/src
 	./infra/modules/azure_cosmos_account/tests
 	./providers/aws
 	./providers/aws/tools

go.work.sum

@@ -18,12 +18,11 @@ github.com/Azure/azure-sdk-for-go v64.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 h1:5YTBM8QDVIBN3sxBil89WfdAAqDZbyJTgh688DSxX5w=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 h1:KpMC6LFL7mqpExyMC9jVOYRiVhLmamjeZfRsUpB7l4s=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0/go.mod h1:J7MUC/wtRpfGVbQ5sIItY5/FuVWmvzlY21WAOfQnq/I=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.0/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appcontainers/armappcontainers/v3 v3.0.0 h1:NYYoOOPGOqUXw/bGIVd6OY/K8J23a18IAlAx1tOHWNo=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appcontainers/armappcontainers/v3 v3.0.0/go.mod h1:LDN3sr8FJ36sY6ZmMes6Q2vHJ+5r1aFsE3wEo7VbXJg=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
@@ -172,6 +171,7 @@ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sebdah/goldie v1.0.0 h1:9GNhIat69MSlz/ndaBg48vl9dF5fI+NBB6kfOxgfkMc=
@@ -233,7 +233,6 @@ golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
 golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
 golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
@@ -282,7 +281,6 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
 golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
 golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=

infra/modules/azure_app_configuration/examples/keyvault_integration/README.md

@@ -0,0 +1,43 @@
+# keyvault_integration
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.13.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 4.0 |
+| <a name="requirement_pagopa-dx"></a> [pagopa-dx](#requirement\_pagopa-dx) | ~> 0.8 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.7 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_appcs_with_kv"></a> [appcs\_with\_kv](#module\_appcs\_with\_kv) | pagopa-dx/azure-app-configuration/azurerm | ~> 0.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
+| [azurerm_private_endpoint.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
+| [azurerm_resource_group.e2e_appcs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [random_integer.appcs_instance](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+| [azurerm_private_dns_zone.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
+| [azurerm_resource_group.network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_subnet.pep](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
+| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+| [azurerm_virtual_network.e2e](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_name"></a> [name](#output\_name) | n/a |
+<!-- END_TF_DOCS -->

infra/modules/azure_app_configuration/examples/keyvault_integration/data.tf

@@ -0,0 +1,29 @@
+data "azurerm_client_config" "current" {}
+
+data "azurerm_subscription" "current" {}
+
+data "azurerm_private_dns_zone" "kv" {
+  name                = "privatelink.vaultcore.azure.net"
+  resource_group_name = local.e2e_virtual_network.resource_group_name
+}
+
+data "azurerm_virtual_network" "e2e" {
+  name                = local.e2e_virtual_network.name
+  resource_group_name = local.e2e_virtual_network.resource_group_name
+}
+
+data "azurerm_subnet" "pep" {
+  name = provider::pagopa-dx::resource_name(merge(local.naming_config, {
+    name          = "pep",
+    resource_type = "subnet"
+  }))
+  virtual_network_name = data.azurerm_virtual_network.e2e.name
+  resource_group_name  = data.azurerm_virtual_network.e2e.resource_group_name
+}
+
+data "azurerm_resource_group" "network" {
+  name = provider::pagopa-dx::resource_name(merge(local.naming_config, {
+    name          = "network"
+    resource_type = "resource_group"
+  }))
+}

infra/modules/azure_app_configuration/examples/keyvault_integration/fixtures.tf

@@ -0,0 +1,111 @@
+resource "azurerm_resource_group" "e2e_appcs" {
+  name = provider::pagopa-dx::resource_name(merge(local.naming_config, {
+    domain        = "e2e"
+    name          = "appcs",
+    resource_type = "resource_group"
+  }))
+  location = local.environment.location
+
+  tags = local.tags
+}
+
+resource "azurerm_key_vault" "kv" {
+  name                          = provider::dx::resource_name(merge(local.naming_config, { resource_type = "key_vault", domain = "e2e", instance_number = random_integer.appcs_instance.result }))
+  location                      = azurerm_resource_group.e2e_appcs.location
+  resource_group_name           = azurerm_resource_group.e2e_appcs.name
+  tenant_id                     = data.azurerm_client_config.current.tenant_id
+  sku_name                      = "standard"
+  rbac_authorization_enabled    = true
+  purge_protection_enabled      = true
+  soft_delete_retention_days    = 7
+  public_network_access_enabled = false
+  network_acls {
+    bypass         = "AzureServices"
+    default_action = "Deny"
+  }
+  tags = local.tags
+}
+
+resource "azurerm_private_endpoint" "kv" {
+  name                = provider::dx::resource_name(merge(local.naming_config, { resource_type = "key_vault_private_endpoint", domain = "e2e", instance_number = random_integer.appcs_instance.result }))
+  location            = azurerm_resource_group.e2e_appcs.location
+  resource_group_name = azurerm_resource_group.e2e_appcs.name
+  subnet_id           = data.azurerm_subnet.pep.id
+
+  private_service_connection {
+    name                           = provider::dx::resource_name(merge(local.naming_config, { resource_type = "key_vault_private_endpoint", domain = "e2e", instance_number = random_integer.appcs_instance.result }))
+    private_connection_resource_id = azurerm_key_vault.kv.id
+    is_manual_connection           = false
+    subresource_names              = ["vault"]
+  }
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [data.azurerm_private_dns_zone.kv.id]
+  }
+
+  tags = local.tags
+}
+
+resource "dx_available_subnet_cidr" "private_app" {
+  virtual_network_id = data.azurerm_virtual_network.e2e.id
+  prefix_length      = 26
+}
+
+resource "azurerm_subnet" "private_app" {
+  name = provider::dx::resource_name(merge(local.naming_config, {
+    name          = "appcs-private",
+    resource_type = "container_instance_subnet"
+  }))
+  resource_group_name  = local.e2e_virtual_network.resource_group_name
+  virtual_network_name = local.e2e_virtual_network.name
+  address_prefixes     = [dx_available_subnet_cidr.private_app.cidr_block]
+
+  delegation {
+    name = "Microsoft.ContainerInstance/containerGroups"
+
+    service_delegation {
+      name = "Microsoft.ContainerInstance/containerGroups"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/action",
+      ]
+    }
+  }
+}
+
+resource "azurerm_container_group" "private_app" {
+  name = provider::dx::resource_name(
+    merge(local.naming_config, { name = "appcs-private", resource_type = "container_instance" })
+  )
+  location            = local.environment.location
+  resource_group_name = azurerm_resource_group.e2e_appcs.name
+
+  identity { type = "SystemAssigned" }
+
+  os_type = "Linux"
+
+  container {
+    name   = "network-access"
+    image  = local.docker_image
+    cpu    = "0.5"
+    memory = "1.5"
+    ports {
+      port = 8080
+    }
+  }
+
+  ip_address_type = "Private"
+
+  subnet_ids = [
+    azurerm_subnet.private_app.id
+  ]
+
+  diagnostics {
+    log_analytics {
+      workspace_id  = data.azurerm_log_analytics_workspace.e2e.workspace_id
+      workspace_key = data.azurerm_log_analytics_workspace.e2e.primary_shared_key
+    }
+  }
+
+  tags = local.tags
+}

infra/modules/azure_app_configuration/examples/keyvault_integration/locals.tf

@@ -0,0 +1,38 @@
+locals {
+  tags = {
+    CostCenter     = "TS000 - Tecnologia e Servizi"
+    CreatedBy      = "Terraform"
+    Environment    = "Dev"
+    BusinessUnit   = "DevEx"
+    Source         = "https://github.com/pagopa/dx/tests/azure_app_configuration"
+    ManagementTeam = "Developer Experience"
+    TestSuite      = "e2e"
+  }
+
+  environment = {
+    prefix          = "dx"
+    env_short       = "d"
+    location        = "italynorth"
+    app_name        = "e2e"
+    instance_number = "01"
+  }
+
+  naming_config = {
+    prefix          = local.environment.prefix,
+    environment     = local.environment.env_short,
+    location        = local.environment.location,
+    name            = local.environment.app_name,
+    instance_number = tonumber(local.environment.instance_number),
+  }
+
+  e2e_virtual_network = {
+    name = provider::pagopa-dx::resource_name(merge(local.naming_config, {
+      name          = "e2e",
+      resource_type = "virtual_network"
+    }))
+    resource_group_name = provider::pagopa-dx::resource_name(merge(local.naming_config, {
+      name          = "e2e",
+      resource_type = "resource_group"
+    }))
+  }
+}

infra/modules/azure_app_configuration/examples/keyvault_integration/mut.tf

@@ -0,0 +1,31 @@
+resource "random_integer" "appcs_instance" {
+  min = 1
+  max = 99
+}
+
+module "appcs_with_kv" {
+  source  = "pagopa-dx/azure-app-configuration/azurerm"
+  version = "~> 0.0"
+
+  environment         = (merge(local.environment, { instance_number = random_integer.appcs_instance.result }))
+  resource_group_name = azurerm_resource_group.e2e_appcs.name
+
+  subscription_id = data.azurerm_subscription.current.subscription_id
+
+  subnet_pep_id = data.azurerm_subnet.pep.id
+  virtual_network = {
+    name                = local.e2e_virtual_network.name
+    resource_group_name = local.e2e_virtual_network.resource_group_name
+  }
+
+  private_dns_zone_resource_group_name = data.azurerm_resource_group.network.name
+
+  key_vault = {
+    has_rbac_support    = true
+    name                = azurerm_key_vault.kv.name
+    resource_group_name = azurerm_key_vault.kv.resource_group_name
+    subscription_id     = data.azurerm_subscription.current.subscription_id
+  }
+
+  tags = local.tags
+}

infra/modules/azure_app_configuration/examples/keyvault_integration/outputs.tf

@@ -0,0 +1,7 @@
+output "name" {
+  value = module.appcs_with_kv.name
+}
+
+output "private_app_ip_address" {
+  value = azurerm_container_group.private_app.ip_address
+}