feat: [PAYMCLOUD-580] Setup Container App Env on Hub-Spoke VNET (#3633)

* cae hub spoke

* cruscotto & payopt on new cae

* printit

Author: umbcoppolabottazzi

src/core-itn/.terraform.lock.hcl

@@ -35,3 +35,9 @@ data "azurerm_key_vault_secret" "cstar_subscription_id" {
   name         = "cstar-subscription-id"
   key_vault_id = module.key_vault.id
 }
+
+### Vnet Hub - Spoke
+data "azurerm_virtual_network" "spoke_tools" {
+  name                = "${local.product_ita}-spoke-tools-vnet"
+  resource_group_name = "${local.product_ita}-network-hub-spoke-rg"
+}

src/core-itn/00_network.tf

@@ -3,7 +3,7 @@
 #
 resource "azurerm_resource_group" "rg_ita_vnet" {
   name     = "${local.product_ita}-vnet-rg"
-  location = var.location_ita
+  location = var.location
 
   tags = module.tag_config.tags
 }
@@ -12,7 +12,7 @@ module "vnet_italy" {
   source              = "./.terraform/modules/__v4__/virtual_network"
   count               = 1
   name                = "${local.product_ita}-vnet"
-  location            = var.location_ita
+  location            = var.location
   resource_group_name = azurerm_resource_group.rg_ita_vnet.name
 
   address_space        = var.cidr_vnet_italy
@@ -25,7 +25,7 @@ module "vnet_italy" {
 module "vnet_integration_cstar" {
   source              = "./.terraform/modules/__v4__/virtual_network"
   name                = "${local.product_ita}-cstar-integration-vnet"
-  location            = var.location_ita
+  location            = var.location
   resource_group_name = azurerm_resource_group.rg_ita_vnet.name
 
   address_space        = var.cidr_vnet_italy_cstar_integration
@@ -169,4 +169,19 @@ module "cstar_integration_private_endpoint_snet" {
   name                 = "${local.product_ita}-private-endpoint-snet"
   resource_group_name  = azurerm_resource_group.rg_ita_vnet.name
   virtual_network_name = module.vnet_integration_cstar.name
+
+  tags = module.tag_config.tags
 }
+
+module "spoke_subnet_container_app" {
+  source = "./.terraform/modules/__v4__/IDH/subnet"
+
+  env                  = var.env
+  idh_resource_tier    = "container_app_environment"
+  name                 = "${local.project}-spoke-tools-cae-subnet"
+  product_name         = var.prefix
+  resource_group_name  = data.azurerm_virtual_network.spoke_tools.resource_group_name
+  virtual_network_name = data.azurerm_virtual_network.spoke_tools.name
+
+  tags = module.tag_config.tags
+}

src/core-itn/01_network.tf

@@ -20,3 +20,25 @@ resource "azurerm_container_app_environment" "tools_cae" {
 
   tags = module.tag_config.tags
 }
+
+resource "azurerm_container_app_environment" "spoke_cae" {
+  count = var.is_feature_enabled.container_app_tools_cae ? 1 : 0
+
+  name = "${local.project}-spoke-tools-cae"
+
+  location            = azurerm_resource_group.tools_rg[0].location
+  resource_group_name = azurerm_resource_group.tools_rg[0].name
+
+  log_analytics_workspace_id     = azurerm_log_analytics_workspace.log_analytics_workspace.id
+  infrastructure_subnet_id       = module.spoke_subnet_container_app.id
+  internal_load_balancer_enabled = true
+  public_network_access          = "Disabled"
+
+  tags = module.tag_config.tags
+
+  lifecycle {
+    ignore_changes = [
+      infrastructure_resource_group_name
+    ]
+  }
+}

src/core-itn/90_tools_cae.tf

@@ -1,14 +1,7 @@
 locals {
   product     = "${var.prefix}-${var.env_short}"
-  product_ita = "${var.prefix}-${var.env_short}-${var.location_short_ita}"
-  project     = "${var.prefix}-${var.env_short}-${var.location_short_ita}-${var.domain}"
-
-  monitor_appinsights_name        = "${local.product}-appinsights"
-  monitor_action_group_slack_name = "SlackPagoPA"
-  monitor_action_group_email_name = "PagoPA"
-
-  vnet_name                = "${var.prefix}-${var.env_short}-${var.location_short}-vnet"
-  vnet_resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-vnet-rg"
+  product_ita = "${var.prefix}-${var.env_short}-${var.location_short}"
+  project     = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
 
   # peerings
   vnet_core_name                = "${local.product}-vnet"

src/core-itn/99_locals.tf

@@ -48,6 +48,6 @@ data "azurerm_client_config" "current" {}
 
 
 module "__v4__" {
-  # 7.2.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v4.git?ref=5c38b6fc6e2aa2c2c3e94be5dd6bb6ee8d690a49"
+  # 8.4.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v4.git?ref=91f7e70706ce328dc819a908d6e953f0b7b0fed3"
 }

src/core-itn/99_main.tf

@@ -58,25 +58,6 @@ variable "location_short" {
   description = "One of wue, neu"
 }
 
-### Italy location
-variable "location_ita" {
-  type        = string
-  description = "Main location"
-  default     = "italynorth"
-}
-
-variable "location_short_ita" {
-  type = string
-  validation {
-    condition = (
-      length(var.location_short_ita) == 3
-    )
-    error_message = "Length must be 3 chars."
-  }
-  description = "Location short for italy: itn"
-  default     = "itn"
-}
-
 variable "vnet_ita_ddos_protection_plan" {
   type = object({
     id     = string

src/core-itn/99_variables.tf

@@ -108,12 +108,13 @@ No outputs.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v4__"></a> [\_\_v4\_\_](#module\_\_\_v4\_\_) | git::https://github.com/pagopa/terraform-azurerm-v4.git | 5c38b6fc6e2aa2c2c3e94be5dd6bb6ee8d690a49 |
+| <a name="module___v4__"></a> [\_\_v4\_\_](#module\_\_\_v4\_\_) | git::https://github.com/pagopa/terraform-azurerm-v4.git | 91f7e70706ce328dc819a908d6e953f0b7b0fed3 |
 | <a name="module_common_private_endpoint_snet"></a> [common\_private\_endpoint\_snet](#module\_common\_private\_endpoint\_snet) | ./.terraform/modules/__v4__/subnet | n/a |
 | <a name="module_container_registry_ita"></a> [container\_registry\_ita](#module\_container\_registry\_ita) | ./.terraform/modules/__v4__/container_registry | n/a |
 | <a name="module_cstar_integration_private_endpoint_snet"></a> [cstar\_integration\_private\_endpoint\_snet](#module\_cstar\_integration\_private\_endpoint\_snet) | ./.terraform/modules/__v4__/IDH/subnet | n/a |
 | <a name="module_domain_key_vault_secrets_query"></a> [domain\_key\_vault\_secrets\_query](#module\_domain\_key\_vault\_secrets\_query) | ./.terraform/modules/__v4__/key_vault_secrets_query | n/a |
 | <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | ./.terraform/modules/__v4__/key_vault | n/a |
+| <a name="module_spoke_subnet_container_app"></a> [spoke\_subnet\_container\_app](#module\_spoke\_subnet\_container\_app) | ./.terraform/modules/__v4__/IDH/subnet | n/a |
 | <a name="module_tag_config"></a> [tag\_config](#module\_tag\_config) | ../tag_config | n/a |
 | <a name="module_vnet_cstar_integration_to_vnet_ita_peering"></a> [vnet\_cstar\_integration\_to\_vnet\_ita\_peering](#module\_vnet\_cstar\_integration\_to\_vnet\_ita\_peering) | ./.terraform/modules/__v4__/virtual_network_peering | n/a |
 | <a name="module_vnet_cstar_integration_to_vnet_weu_peering"></a> [vnet\_cstar\_integration\_to\_vnet\_weu\_peering](#module\_vnet\_cstar\_integration\_to\_vnet\_weu\_peering) | ./.terraform/modules/__v4__/virtual_network_peering | n/a |
@@ -127,6 +128,7 @@ No outputs.
 | Name | Type |
 |------|------|
 | [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) | resource |
+| [azurerm_container_app_environment.spoke_cae](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app_environment) | resource |
 | [azurerm_container_app_environment.tools_cae](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app_environment) | resource |
 | [azurerm_key_vault_access_policy.ad_group_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.adgroup_developers_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
@@ -197,6 +199,7 @@ No outputs.
 | [azurerm_resource_group.rg_vnet_integration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 | [azurerm_user_assigned_identity.iac_federated_azdo](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source |
+| [azurerm_virtual_network.spoke_tools](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 | [azurerm_virtual_network.vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 | [azurerm_virtual_network.vnet_integration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 
@@ -224,9 +227,7 @@ No outputs.
 | <a name="input_law_retention_in_days"></a> [law\_retention\_in\_days](#input\_law\_retention\_in\_days) | The workspace data retention in days | `number` | n/a | yes |
 | <a name="input_law_sku"></a> [law\_sku](#input\_law\_sku) | Sku of the Log Analytics Workspace | `string` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
-| <a name="input_location_ita"></a> [location\_ita](#input\_location\_ita) | Main location | `string` | `"italynorth"` | no |
 | <a name="input_location_short"></a> [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes |
-| <a name="input_location_short_ita"></a> [location\_short\_ita](#input\_location\_short\_ita) | Location short for italy: itn | `string` | `"itn"` | no |
 | <a name="input_log_analytics_workspace_name"></a> [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes |
 | <a name="input_log_analytics_workspace_resource_group_name"></a> [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
 | <a name="input_monitor_resource_group_name"></a> [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |

src/core-itn/README.md

@@ -1,12 +1,9 @@
-prefix             = "pagopa"
-env_short          = "d"
-env                = "dev"
-domain             = "core"
-location           = "italynorth"
-location_short     = "itn"
-location_ita       = "italynorth"
-location_short_ita = "itn"
-
+prefix         = "pagopa"
+env_short      = "d"
+env            = "dev"
+domain         = "core"
+location       = "italynorth"
+location_short = "itn"
 
 ### Feature Flag
 is_feature_enabled = {

src/core-itn/env/dev/terraform.tfvars

@@ -1,12 +1,9 @@
-prefix             = "pagopa"
-env_short          = "p"
-env                = "prod"
-domain             = "core"
-location           = "italynorth"
-location_short     = "itn"
-location_ita       = "italynorth"
-location_short_ita = "itn"
-
+prefix         = "pagopa"
+env_short      = "p"
+env            = "prod"
+domain         = "core"
+location       = "italynorth"
+location_short = "itn"
 
 ### Feature Flag
 is_feature_enabled = {