diff --git a/src/domains/checkout-app/.terraform.lock.hcl b/src/domains/checkout-app/.terraform.lock.hcl index 508bb1df60..292f352242 100644 --- a/src/domains/checkout-app/.terraform.lock.hcl +++ b/src/domains/checkout-app/.terraform.lock.hcl @@ -5,7 +5,10 @@ provider "registry.terraform.io/azure/azapi" { version = "1.3.0" constraints = "<= 1.3.0" hashes = [ + "h1:OWZNYEGEIunmpxEcbGveH+kkdELQfMCUYxLt1b25UOc=", "h1:b4PzksrgRiHgOTVXIMTODOAlsvdj3uWSdCvA7lw+9ik=", + "h1:h/ZVYAapVQ+W0R4P5IK/Mvsi84jiYTggmgJHZgfVbfg=", + "h1:zpNS7i+p+MeA4h6xCbwXzcKtMeAn3je9k6J7DZQqReY=", "zh:0923b297c5b71ed584e5f3a0b2393e80244076e85102a90438159833353274b0", "zh:11fa2922aa98ca55beaf7cc33c7edbde81bbd405fdfea2955276c7f5a8537240", "zh:14af830fb6091d084bfc2711c8e9c7bf05aa3c56fe8fd8e2fb4eddeb345be88d", @@ -22,22 +25,27 @@ provider "registry.terraform.io/azure/azapi" { } provider "registry.terraform.io/hashicorp/azuread" { - version = "2.47.0" - constraints = "<= 2.47.0" + version = "3.0.2" + constraints = "<= 3.0.2" hashes = [ + "h1:HNrx7UJEDY5Kbx/r1LRQDWnziqvB6x3IU+pEA8Vq7dw=", "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", + "h1:k0kPplqH7FWmnYeCXXrFIeCshgF1tC4LLhfk66bos3w=", + "h1:sYCyzbPpSYu2XDah8XqBUITQAfB0x4j4Twh6lw2C4CA=", + "h1:yQqvUtgtrYKGpIygdM8P6N+pvMWJJWIsVdPow29VE20=", "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", - "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f", - "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17", - "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569", - "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a", - "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e", - "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee", - "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57", - "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb", - "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", ] } @@ -45,7 +53,10 @@ provider "registry.terraform.io/hashicorp/azurerm" { version = "4.57.0" constraints = "> 4.0.0, ~> 4.0" hashes = [ + "h1:Fa+0G/+9CtvcJHHHfblgOOKzyECXi62l8iq4lok3VXY=", "h1:NhgHn/RyZRDXMa7pEQlGv/9B+wjk48E+lvgq4asFKHs=", + "h1:np64nM0m4G2QG4bqi2nZl3F72XhufPLApaP0oQ3GviA=", + "h1:rjN0+XlMl5wCVtwi2gGI6n3AbRwHFudCb+7szNFabm0=", "zh:05e1cc7fee7829919b772ca6ce893d9c2abb3535ebff172df38f7358cdaf8f9e", "zh:30122203abc381660582f989c9e53874bd9ff93e25476a5536ea0ae37dd51f4b", "zh:4a90f008f7707d95f8f9aca90f140a9ca0e9506b0a6d436fe516de4026cacd86", @@ -64,6 +75,9 @@ provider "registry.terraform.io/hashicorp/azurerm" { provider "registry.terraform.io/hashicorp/external" { version = "2.3.5" hashes = [ + "h1:1JSWWSmVSxzHGbD4RmaNUsdGsr2hPo+WwYaluyWv7vY=", + "h1:FnUk98MI5nOh3VJ16cHf8mchQLewLfN1qZG/MqNgPrI=", + "h1:ORX3G4aEHO9sFP3dyv821JJTF9qa8J9XVp441SvvjvA=", "h1:smKSos4zs57pJjQrNuvGBpSWth2el9SgePPbPHo0aps=", "zh:6e89509d056091266532fa64de8c06950010498adf9070bf6ff85bc485a82562", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", @@ -81,30 +95,47 @@ provider "registry.terraform.io/hashicorp/external" { } provider "registry.terraform.io/hashicorp/helm" { - version = "2.12.0" - constraints = "~> 2.12, <= 2.12.0" + version = "2.12.1" + constraints = "~> 2.12, <= 2.12.1" hashes = [ + "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", + "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", "h1:nk9CCuHkvoJZbbI90ybKiVlU2SUQCIdsmREzOoDtY8Q=", + "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", + "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", "zh:08aa5b177db2603a0ecf9728f867cbccbd663f4a3867251729604692c21cd28f", "zh:13ce638a3f5f88c9e0da951472619d4449172a3f5cb0332eaba87964456c88ac", + "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", + "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", + "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", "zh:43e90052d05a4adde7aab9df2d6b807de0bbae550a9b7a76f93d946c30cf9814", "zh:4451cf0f8bd3a62a72451d0941eb936b2ff5089bf7acf80a28d82f486e19188e", "zh:490ce970334cf398dc48bf9239854578a4d1ef7227048606ee4bb838a83d231e", + "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", + "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", + "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", + "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", "zh:97c14100faeb8c9e237338925b3f2443489e6099684f8636c966dad05c19a6f6", "zh:9da8bb2250ff9a160279206563957f25ae4ba0242698dc22181d677a6ff13aba", "zh:a4bb8fea89baae7bb1a7c0a99d32e4e39c9ad822efa8ad76821cabf3b5f0da5b", + "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", + "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", "zh:c006da0cb8e80d37f7386336671018b3e437113a9fd54b32954b454731da6376", "zh:da8d7c2b7c8256f2c0c968a2e1690ffb7a183a3daa911e98fa15f6d2c0562ea1", + "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", + "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fedf8e76f2d03de84819f0192974433b13dc668f901e98672af05e3d3fd13a03", ] } provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.30.0" - constraints = "~> 2.27, ~> 2.30, <= 2.30.0" + constraints = "~> 2.27, 2.30.0, ~> 2.30" hashes = [ + "h1:+Je5UPTWMmO4eG5ep1WfujkXQI9tDk0OsMU4olU76Bg=", + "h1:KFBOyOGlS+BGrDfbuVdBhTIRefDo+vJEO/IooUR6T4g=", "h1:wRVWY3sK32BNInDOlQnoGSmL638f3jjLFypCAotwpc8=", + "h1:z0Gy1p59XfS9MawIqCck7m2eeEEhAj6D7n8Ngglu8vE=", "zh:06531333a72fe6d2829f37a328e08a3fc4ed66226344a003b62418a834ac6c69", "zh:34480263939ef5007ce65c9f4945df5cab363f91e5260ae552bcd9f2ffeed444", "zh:59e71f9177da570c33507c44828288264c082d512138c5755800f2cd706c62bc", @@ -121,21 +152,29 @@ provider "registry.terraform.io/hashicorp/kubernetes" { } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "~> 3.2, <= 3.2.1" + version = "3.2.4" + constraints = "~> 3.2, <= 3.3.2" hashes = [ + "h1:+Ag4hSb4qQjNtAS6gj2+gsGl7v0iB/Bif6zZZU8lXsw=", + "h1:127ts0CG8hFk1bHIfrBsKxcnt9bAYQCq3udWM+AACH8=", "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", + "h1:L5V05xwp/Gto1leRryuesxjMfgZwjb7oool4WS1UEFQ=", + "h1:hkf5w5B6q8e2A42ND2CjAvgvSN3puAosDmOJb3zCVQM=", "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2", "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43", + "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a", + "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991", + "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f", + "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e", + "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615", + "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442", + "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5", + "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f", + "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f", ] } diff --git a/src/domains/checkout-app/05_checkout_fe_frontdoor_cdn.tf b/src/domains/checkout-app/05_checkout_fe_frontdoor_cdn.tf new file mode 100644 index 0000000000..3e293d7ee9 --- /dev/null +++ b/src/domains/checkout-app/05_checkout_fe_frontdoor_cdn.tf @@ -0,0 +1,259 @@ +locals { + # Front Door CDN specific locals + # NOTE: After switch, rename these to match ecommerce pattern: + # cdn_frontdoor_npg_sdk_hostname → npg_sdk_hostname + # cdn_frontdoor_csp_header_name → content_security_policy_header_name + cdn_frontdoor_npg_sdk_hostname = var.env_short == "p" ? "xpay.nexigroup.com" : "stg-ta.nexigroup.com" + cdn_frontdoor_csp_header_name = "Content-Security-Policy" + cdn_storage_account_name = "${local.project}cdnsa" + cdn_index_document = "index.html" + cdn_error_document = "index.html" + + # DNS Zone Key for the main CDN (the one configured in the module) + dns_zone_key = "${var.dns_zone_checkout}.${var.external_domain}" + + # Custom domains configuration - Front Door CDN creation only (PR #2 / PIDM-1151) + # NOTE: custom_domains is empty to avoid Azure conflict with CDN Classic + # Azure doesn't allow the same domain on both CDN Classic and Front Door simultaneously + # DNS switch will happen in a separate PR (PR #3 / PIDM-1410) which will (process to be validated): + # 1. Remove custom domain from CDN Classic + # 2. Add custom domain to Front Door (with enable_dns_records = false for staged DNS switch) + custom_domains_for_switch = [ + { + domain_name = local.dns_zone_key + dns_name = data.azurerm_dns_zone.checkout_public[0].name + dns_resource_group_name = data.azurerm_dns_zone.checkout_public[0].resource_group_name + ttl = var.dns_default_ttl_sec + enable_dns_records = false + } + ] + + # empty for now, will be set to custom_domains_for_switch in PR #3 + custom_domains = [] + + global_delivery_rules = [ + { + order = 1 + # HSTS and Content-Security-Policy + modify_response_header_actions = [ + { + action = "Overwrite" + name = "Strict-Transport-Security" + value = "max-age=31536000" + }, + # Content-Security-Policy + { + action = "Overwrite" + name = local.cdn_frontdoor_csp_header_name + value = format("default-src 'self'; connect-src 'self' https://api.%s.%s https://api-eu.mixpanel.com https://privacyportalde-cdn.onetrust.com https://privacyportal-de.onetrust.com", var.dns_zone_prefix, var.external_domain) + }, + { + action = "Append" + name = local.cdn_frontdoor_csp_header_name + value = " https://recaptcha.net/;" + }, + { + action = "Append" + name = local.cdn_frontdoor_csp_header_name + value = "frame-ancestors 'none'; object-src 'none'; frame-src 'self' https://www.google.com *.platform.pagopa.it *.nexigroup.com *.recaptcha.net recaptcha.net https://recaptcha.google.com;" + } + ] + }, + { + order = 2 + modify_response_header_actions = [ + { + action = "Append" + name = local.cdn_frontdoor_csp_header_name + value = "img-src 'self' https://assets.cdn.io.italia.it www.gstatic.com/recaptcha data: https://assets.cdn.platform.pagopa.it https://privacyportalde-cdn.onetrust.com;" + }, + { + action = "Append" + name = local.cdn_frontdoor_csp_header_name + value = "script-src 'self' 'sha256-LIYUdRhA1kkKYXZ4mrNoTMM7+5ehEwuxwv4/FRhgems=' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://privacyportalde-cdn.onetrust.com https://${local.cdn_frontdoor_npg_sdk_hostname};" + }, + { + action = "Append" + name = local.cdn_frontdoor_csp_header_name + value = "style-src 'self' 'unsafe-inline' https://privacyportalde-cdn.onetrust.com; font-src 'self' https://privacyportalde-cdn.onetrust.com; worker-src www.recaptcha.net blob:;" + }, + { + action = "Overwrite" + name = "X-Frame-Options" + value = "SAMEORIGIN" + } + ] + } + ] + + delivery_custom_rules = [ + { + name = "CorsFontForNPG" + order = 5 + + // conditions + url_path_conditions = [] + cookies_conditions = [] + device_conditions = [] + http_version_conditions = [] + post_arg_conditions = [] + query_string_conditions = [] + remote_address_conditions = [] + request_body_conditions = [] + request_header_conditions = [{ + selector = "Origin" + operator = "Equal" + match_values = ["https://${local.cdn_frontdoor_npg_sdk_hostname}"] + transforms = [] + negate_condition = false + }] + request_method_conditions = [] + request_scheme_conditions = [] + request_uri_conditions = [] + url_file_extension_conditions = [] + url_file_name_conditions = [] + + // actions + modify_response_header_actions = [{ + action = "Overwrite" + name = "Access-Control-Allow-Origin" + value = "https://${local.cdn_frontdoor_npg_sdk_hostname}" + }] + url_redirect_actions = [] + url_rewrite_actions = [] + } + ] + + delivery_rule_rewrites = [ + { + name = "RewriteRules" + order = 3 + + url_path_conditions = [{ + condition_type = "url_path_condition" + operator = "EndsWith" + match_values = ["/dona", "/dona/"] + transforms = [] + negate_condition = false + }] + + url_rewrite_actions = [{ + source_pattern = "/" + destination = "/dona.html" + preserve_unmatched_path = false + }] + }, + { + name = "RewriteRulesTerms" + order = 4 + + url_path_conditions = [{ + condition_type = "url_path_condition" + operator = "Equal" + match_values = ["/termini-di-servizio"] + transforms = [] + negate_condition = false + }] + + url_rewrite_actions = [{ + source_pattern = "/" + destination = "/terms/it.html" + preserve_unmatched_path = false + }] + } + ] +} + +/** + * Checkout resource group + * NOTE: Currently defined in 05_checkout_fe.tf + * After switch: uncomment this block and delete 05_checkout_fe.tf + */ +# resource "azurerm_resource_group" "checkout_fe_rg" { +# count = var.checkout_enabled ? 1 : 0 +# name = format("%s-checkout-fe-rg", local.parent_project) +# location = var.location +# +# tags = module.tag_config.tags +# } + +/** + * CDN Front Door + * NOTE: After cleanup, rename module to "checkout_cdn" and run: + * terraform state mv module.checkout_cdn_frontdoor module.checkout_cdn + */ +module "checkout_cdn_frontdoor" { + source = "./.terraform/modules/__v4__/cdn_frontdoor" + + cdn_prefix_name = local.project + resource_group_name = azurerm_resource_group.checkout_fe_rg[0].name // refers to resource group in 05_checkout_fe.tf, to be changed after cleanup + location = var.location + + https_rewrite_enabled = true + + log_analytics_workspace_id = data.azurerm_log_analytics_workspace.log_analytics.id + + storage_account_name = local.cdn_storage_account_name + storage_account_index_document = local.cdn_index_document + storage_account_error_404_document = local.cdn_error_document + storage_account_replication_type = var.checkout_cdn_storage_replication_type + + keyvault_id = data.azurerm_key_vault.key_vault.id + tenant_id = data.azurerm_client_config.current.tenant_id + + querystring_caching_behaviour = "IgnoreQueryString" + + custom_domains = local.custom_domains + + global_delivery_rules = local.global_delivery_rules + delivery_custom_rules = local.delivery_custom_rules + delivery_rule_rewrites = local.delivery_rule_rewrites + + tags = module.tag_config.tags +} + +/** + * Web Test for CDN + * NOTE: After cleanup, rename module to "checkout_fe_web_test" and run: + * terraform state mv module.checkout_fe_frontdoor_web_test module.checkout_fe_web_test + */ +module "checkout_fe_frontdoor_web_test" { + count = var.env_short == "p" ? 1 : 0 + source = "./.terraform/modules/__v4__/application_insights_standard_web_test" + + https_endpoint = "https://${module.checkout_cdn_frontdoor.fqdn}" + https_endpoint_path = "/index.html" + alert_name = "${local.project}-fe-web-test" + location = var.location + alert_enabled = true + application_insights_resource_group = data.azurerm_resource_group.monitor_rg.name + application_insights_id = data.azurerm_application_insights.application_insights.id + application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.email.id] + https_probe_method = "GET" + timeout = 10 + frequency = 300 + https_probe_threshold = 99 + metric_frequency = "PT5M" + metric_window_size = "PT1H" + retry_enabled = true +} + +# Outputs for CDN +# These outputs are useful before DNS switch for: +# - Testing the Front Door via .azurefd.net URL +# - Verifying storage account name for pipeline configuration +# After DNS switch, access via custom domain (e.g. checkout.pagopa.it) instead and remove these outputs +output "checkout_cdn_endpoint" { + value = module.checkout_cdn_frontdoor.hostname + description = "CDN endpoint hostname" +} + +output "checkout_cdn_fqdn" { + value = module.checkout_cdn_frontdoor.fqdn + description = "CDN FQDN" +} + +output "checkout_cdn_storage_account_name" { + value = module.checkout_cdn_frontdoor.storage_name + description = "CDN storage account name" +} diff --git a/src/domains/checkout-app/99_main.tf b/src/domains/checkout-app/99_main.tf index b205f2b375..1d3c0632f1 100644 --- a/src/domains/checkout-app/99_main.tf +++ b/src/domains/checkout-app/99_main.tf @@ -1,4 +1,6 @@ terraform { + required_version = ">= 1.9.0" + required_providers { azurerm = { source = "hashicorp/azurerm" @@ -6,19 +8,19 @@ terraform { } azuread = { source = "hashicorp/azuread" - version = "<= 2.47.0" + version = "<= 3.0.2" } null = { source = "hashicorp/null" - version = "<= 3.2.1" + version = "<= 3.3.2" } kubernetes = { source = "hashicorp/kubernetes" - version = "<= 2.30.0" + version = "= 2.30.0" } helm = { source = "hashicorp/helm" - version = "<= 2.12.0" + version = "<= 2.12.1" } azapi = { source = "azure/azapi" @@ -52,6 +54,6 @@ provider "helm" { } module "__v4__" { - # v8.3.0 - source = "git::https://github.com/pagopa/terraform-azurerm-v4?ref=a065466aa740278f591260ced27957dac1f6b6ae" + # v8.3.2 + source = "git::https://github.com/pagopa/terraform-azurerm-v4?ref=5bd8befbaf30b3759f2355bf3e46a85acba0a6f7" } diff --git a/src/domains/checkout-app/99_variables.tf b/src/domains/checkout-app/99_variables.tf index 62a34a3730..9a6d704c22 100644 --- a/src/domains/checkout-app/99_variables.tf +++ b/src/domains/checkout-app/99_variables.tf @@ -205,3 +205,9 @@ variable "k8s_kube_config_path_prefix" { type = string default = "~/.kube" } + +variable "dns_default_ttl_sec" { + type = number + description = "The DNS default TTL in seconds" + default = 3600 +}