feat: Paymcloud 579 pg replica in data (#3630)

* wip

* precommit

* added spoke_replica variable

* fixed vnet

* fixed metabase references

* precommit

Author: mamari90

src/db-security-configuration/env/prod/terraform.tfvars

@@ -6,7 +6,7 @@ env       = "prod"
 databases = {
   GPS = {
     type                    = "postgresql"
-    host                    = "pagopa-p-weu-gpd-pgflex.postgres.database.azure.com"
+    host                    = "pagopa-p-weu-gpd-pgflex-ve.reader.postgres.database.azure.com"
     db_name                 = "apd"
     username                = "metabase"
     password_required       = true
@@ -26,7 +26,7 @@ databases = {
   }
   Nodo = {
     type                    = "postgresql"
-    host                    = "pagopa-p-itn-nodo-flexible-postgresql.postgres.database.azure.com"
+    host                    = "pagopa-p-weu-nodo-pgflex-ve.reader.postgres.database.azure.com"
     db_name                 = "nodo"
     username                = "metabase"
     password_required       = true
@@ -46,7 +46,7 @@ databases = {
   }
   FDR = {
     type                    = "postgresql"
-    host                    = "pagopa-p-itn-fdr-flexible-postgresql.postgres.database.azure.com"
+    host                    = "pagopa-p-weu-fdr-pgflex-ve.reader.postgres.database.azure.com"
     db_name                 = "fdr"
     username                = "metabase"
     password_required       = true
@@ -56,7 +56,7 @@ databases = {
   }
   FDR3 = {
     type                    = "postgresql"
-    host                    = "pagopa-p-itn-fdr-flexible-postgresql.postgres.database.azure.com"
+    host                    = "pagopa-p-weu-fdr-pgflex-ve.reader.postgres.database.azure.com"
     db_name                 = "fdr3"
     username                = "metabase"
     password_required       = true

src/domains/fdr-common/.terraform.lock.hcl

@@ -9,6 +9,11 @@ data "azurerm_virtual_network" "vnet_italy" {
   resource_group_name = local.vnet_italy_rg_name
 }
 
+data "azurerm_virtual_network" "spoke_data_vnet" {
+  name                = local.spoke_data_vnet_name
+  resource_group_name = local.hub_spoke_vnet_rg_name
+}
+
 data "azurerm_private_dns_zone" "internal" {
   name                = local.internal_dns_zone_name
   resource_group_name = local.internal_dns_zone_resource_group_name

src/domains/fdr-common/01_network.tf

@@ -1,37 +1,32 @@
+
 # Postgres Flexible Server subnet
-module "postgres_flexible_snet_itn_replica" {
-  count                                         = var.geo_replica_enabled ? 1 : 0
-  source                                        = "./.terraform/modules/__v4__/subnet"
-  name                                          = "${local.project_replica}-pgres-flexible-snet"
-  address_prefixes                              = var.geo_replica_cidr_subnet_postgresql
-  resource_group_name                           = data.azurerm_virtual_network.vnet_italy.resource_group_name
-  virtual_network_name                          = data.azurerm_virtual_network.vnet_italy.name
-  service_endpoints                             = ["Microsoft.Storage"]
-  private_link_service_network_policies_enabled = true
-
-  delegation = {
-    name = "delegation"
-    service_delegation = {
-      name = "Microsoft.DBforPostgreSQL/flexibleServers"
-      actions = [
-        "Microsoft.Network/virtualNetworks/subnets/join/action",
-      ]
-    }
-  }
-}
 
+module "postgres_flexible_itn_spoke_snet_replica" {
+  count                = var.geo_replica_enabled ? 1 : 0
+  source               = "./.terraform/modules/__v4__/IDH/subnet"
+  name                 = "${local.project_replica}-pgres-spoke-flexible-snet"
+  resource_group_name  = data.azurerm_virtual_network.spoke_data_vnet.resource_group_name
+  virtual_network_name = data.azurerm_virtual_network.spoke_data_vnet.name
+  service_endpoints    = ["Microsoft.Storage"]
+
+  env               = var.env
+  idh_resource_tier = "postgres_flexible"
+  product_name      = var.prefix
+
+  tags = module.tag_config.tags
+}
 
 
-module "postgresql_fdr_replica_itn_db" {
+module "postgresql_fdr_spoke_replica_itn_db" {
   source = "./.terraform/modules/__v4__/postgres_flexible_server_replica"
   count  = var.geo_replica_enabled ? 1 : 0
 
-  name                = "${local.project_replica}-flexible-postgresql"
+  name                = "${local.project_replica}-spoke-flexible-postgresql"
   resource_group_name = azurerm_resource_group.db_rg.name
   location            = var.location_replica
 
   private_dns_zone_id      = var.env_short != "d" ? data.azurerm_private_dns_zone.postgres.id : null
-  delegated_subnet_id      = module.postgres_flexible_snet_itn_replica[0].id
+  delegated_subnet_id      = module.postgres_flexible_itn_spoke_snet_replica[0].id
   private_endpoint_enabled = var.pgres_flex_params.pgres_flex_private_endpoint_enabled
 
   sku_name   = var.pgres_flex_params.sku_name
@@ -57,7 +52,7 @@ resource "azurerm_postgresql_flexible_server_virtual_endpoint" "virtual_endpoint
   count             = var.geo_replica_enabled ? 1 : 0
   name              = "${local.project}-pgflex-ve"
   source_server_id  = module.postgres_flexible_server_fdr.id
-  replica_server_id = module.postgresql_fdr_replica_itn_db[0].id
+  replica_server_id = module.postgresql_fdr_spoke_replica_itn_db[0].id
   type              = "ReadWrite"
 }
 

src/domains/fdr-common/03_postgresql_replica.tf

@@ -25,6 +25,10 @@ locals {
   vnet_italy_name    = "${local.product}-${var.location_replica_short}-vnet"
   vnet_italy_rg_name = "${local.product}-${var.location_replica_short}-vnet-rg"
 
+
+  spoke_data_vnet_name   = "${local.product}-${var.location_replica_short}-spoke-data-vnet"
+  hub_spoke_vnet_rg_name = "${local.product}-${var.location_replica_short}-network-hub-spoke-rg"
+
   acr_name                = replace("${local.product}commonacr", "-", "")
   acr_resource_group_name = "${local.product}-container-registry-rg"
 

src/domains/fdr-common/99_locals.tf

@@ -26,10 +26,10 @@
 | <a name="module_identity_cd_01"></a> [identity\_cd\_01](#module\_identity\_cd\_01) | ./.terraform/modules/__v4__/github_federated_identity | n/a |
 | <a name="module_identity_ci_01"></a> [identity\_ci\_01](#module\_identity\_ci\_01) | ./.terraform/modules/__v4__/github_federated_identity | n/a |
 | <a name="module_identity_oidc_01"></a> [identity\_oidc\_01](#module\_identity\_oidc\_01) | ./.terraform/modules/__v4__/github_federated_identity | n/a |
+| <a name="module_postgres_flexible_itn_spoke_snet_replica"></a> [postgres\_flexible\_itn\_spoke\_snet\_replica](#module\_postgres\_flexible\_itn\_spoke\_snet\_replica) | ./.terraform/modules/__v4__/IDH/subnet | n/a |
 | <a name="module_postgres_flexible_server_fdr"></a> [postgres\_flexible\_server\_fdr](#module\_postgres\_flexible\_server\_fdr) | ./.terraform/modules/__v4__/postgres_flexible_server | n/a |
 | <a name="module_postgres_flexible_snet"></a> [postgres\_flexible\_snet](#module\_postgres\_flexible\_snet) | ./.terraform/modules/__v4__/subnet | n/a |
-| <a name="module_postgres_flexible_snet_itn_replica"></a> [postgres\_flexible\_snet\_itn\_replica](#module\_postgres\_flexible\_snet\_itn\_replica) | ./.terraform/modules/__v4__/subnet | n/a |
-| <a name="module_postgresql_fdr_replica_itn_db"></a> [postgresql\_fdr\_replica\_itn\_db](#module\_postgresql\_fdr\_replica\_itn\_db) | ./.terraform/modules/__v4__/postgres_flexible_server_replica | n/a |
+| <a name="module_postgresql_fdr_spoke_replica_itn_db"></a> [postgresql\_fdr\_spoke\_replica\_itn\_db](#module\_postgresql\_fdr\_spoke\_replica\_itn\_db) | ./.terraform/modules/__v4__/postgres_flexible_server_replica | n/a |
 | <a name="module_tag_config"></a> [tag\_config](#module\_tag\_config) | ../../tag_config | n/a |
 | <a name="module_workload_identity"></a> [workload\_identity](#module\_workload\_identity) | ./.terraform/modules/__v4__/kubernetes_workload_identity_init | n/a |
 
@@ -124,6 +124,7 @@
 | [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_subnet.aks_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+| [azurerm_virtual_network.spoke_data_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 | [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 | [azurerm_virtual_network.vnet_italy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 

src/domains/fdr-common/README.md

@@ -8,6 +8,11 @@ data "azurerm_virtual_network" "vnet_italy" {
   resource_group_name = local.vnet_italy_resource_group_name
 }
 
+data "azurerm_virtual_network" "spoke_data_vnet" {
+  name                = local.spoke_data_vnet_name
+  resource_group_name = local.hub_spoke_vnet_rg_name
+}
+
 data "azurerm_virtual_network" "vnet_italy_cstar_integration" {
   name                = local.vnet_italy_name
   resource_group_name = local.vnet_italy_resource_group_name

src/domains/gps-common/.terraform.lock.hcl

@@ -1,38 +1,31 @@
+
 #
 ## Postgres Flexible Server subnet
-module "postgres_flexible_itn_snet_replica" {
-  count                                         = var.geo_replica_enabled ? 1 : 0
-  source                                        = "./.terraform/modules/__v4__/subnet"
-  name                                          = "${local.project_replica}-pgres-flexible-snet"
-  address_prefixes                              = var.geo_replica_cidr_subnet_postgresql
-  resource_group_name                           = data.azurerm_virtual_network.vnet_italy.resource_group_name
-  virtual_network_name                          = data.azurerm_virtual_network.vnet_italy.name
-  service_endpoints                             = ["Microsoft.Storage"]
-  private_link_service_network_policies_enabled = true
-
-  delegation = {
-    name = "delegation"
-    service_delegation = {
-      name = "Microsoft.DBforPostgreSQL/flexibleServers"
-      actions = [
-        "Microsoft.Network/virtualNetworks/subnets/join/action",
-      ]
-    }
-  }
+module "postgres_flexible_itn_spoke_snet_replica" {
+  count                = var.geo_replica_enabled ? 1 : 0
+  source               = "./.terraform/modules/__v4__/IDH/subnet"
+  name                 = "${local.project_replica}-pgres-spoke-flexible-snet"
+  resource_group_name  = data.azurerm_virtual_network.spoke_data_vnet.resource_group_name
+  virtual_network_name = data.azurerm_virtual_network.spoke_data_vnet.name
+  service_endpoints    = ["Microsoft.Storage"]
+
+  env               = var.env
+  idh_resource_tier = "postgres_flexible"
+  product_name      = var.prefix
+
+  tags = module.tag_config.tags
 }
 
-
-
-module "postgresql_gpd_itn_replica_db" {
+module "postgresql_gpd_itn_replica_spoke_db" {
   source = "./.terraform/modules/__v4__/postgres_flexible_server_replica"
   count  = var.geo_replica_enabled ? 1 : 0
 
-  name                = "${local.project_replica}-pgflex"
+  name                = "${local.project_replica}-spoke-pgflex"
   resource_group_name = azurerm_resource_group.flex_data[0].name
   location            = var.location_replica
 
   private_dns_zone_id      = var.env_short != "d" ? data.azurerm_private_dns_zone.postgres.id : null
-  delegated_subnet_id      = module.postgres_flexible_itn_snet_replica[0].id
+  delegated_subnet_id      = module.postgres_flexible_itn_spoke_snet_replica[0].id
   private_endpoint_enabled = var.pgres_flex_params.private_endpoint_enabled
 
   sku_name = var.pgres_flex_params.sku_name
@@ -54,12 +47,11 @@ module "postgresql_gpd_itn_replica_db" {
   tags                       = module.tag_config.tags
 }
 
-
 resource "azurerm_postgresql_flexible_server_virtual_endpoint" "virtual_endpoint" {
   count             = var.geo_replica_enabled ? 1 : 0
   name              = "${local.product}-${var.location_short}-gpd-pgflex-ve"
   source_server_id  = module.postgres_flexible_server_private_db.id
-  replica_server_id = module.postgresql_gpd_itn_replica_db[0].id
+  replica_server_id = module.postgresql_gpd_itn_replica_spoke_db[0].id
   type              = "ReadWrite"
 }
 
@@ -71,4 +63,3 @@ resource "azurerm_private_dns_cname_record" "cname_record" {
   ttl                 = 300
   record              = "${azurerm_postgresql_flexible_server_virtual_endpoint.virtual_endpoint[0].name}.writer.postgres.database.azure.com"
 }
-

src/domains/gps-common/00_data.tf

@@ -20,6 +20,9 @@ locals {
   vnet_name                = "${local.product}-vnet"
   vnet_resource_group_name = "${local.product}-vnet-rg"
 
+  spoke_data_vnet_name   = "${local.product}-${var.location_replica_short}-spoke-data-vnet"
+  hub_spoke_vnet_rg_name = "${local.product}-${var.location_replica_short}-network-hub-spoke-rg"
+
   vnet_italy_name                   = "${local.product}-itn-vnet"
   vnet_italy_cstar_integration_name = "${local.product}-itn-cstar-integration-vnet"
   vnet_italy_resource_group_name    = "${local.product}-itn-vnet-rg"