[EC-179] Add Terraform configuration to map Storage Accounts with Bonus data backup

.github/workflows/bonus_cd.yaml

@@ -0,0 +1,19 @@
+name: Continuous Delivery on bonus
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - "src/domains/bonus/**"
+
+jobs:
+  release_prod:
+    uses: pagopa/dx/.github/workflows/infra_apply.yaml@main
+    name: Terraform Apply
+    secrets: inherit
+    with:
+      environment: prod
+      base_path: "src/domains/bonus"
+      use_private_agent: false

.github/workflows/bonus_ci.yaml

@@ -0,0 +1,25 @@
+name: Continuous Integration on bonus
+
+on:
+  merge_group:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+      - ready_for_review
+    paths:
+      - "src/domains/bonus/**"
+      - ".github/workflows/bonus_**"
+
+jobs:
+  code_review_prod:
+    uses: pagopa/dx/.github/workflows/infra_plan.yaml@main
+    name: Terraform Plan
+    secrets: inherit
+    with:
+      environment: prod
+      base_path: "src/domains/bonus"
+      use_private_agent: false

src/domains/bonus/prod/README.md

@@ -0,0 +1,56 @@
+# IO Infra - Bonus
+
+<!-- markdownlint-disable -->
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.16.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_resource_group.rg_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_storage_account.bonus_backup_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
+| [azurerm_storage_account.bonus_backup_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
+| [azurerm_storage_container.bonus_activations_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.bonus_activations_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.bonus_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.bonus_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.bonus_leases_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.bonus_leases_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.bonus_processing_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.bonus_processing_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.change_feed_leases_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.change_feed_leases_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.eligibility_checks_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.eligibility_checks_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.redeemed_requests_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.redeemed_requests_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.user_bonuses_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_container.user_bonuses_itn_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
+| [azurerm_storage_object_replication.itn_01_to_gwc_01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_object_replication) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_storage_account_primary"></a> [storage\_account\_primary](#output\_storage\_account\_primary) | n/a |
+| <a name="output_storage_account_secondary"></a> [storage\_account\_secondary](#output\_storage\_account\_secondary) | n/a |
+<!-- END_TF_DOCS -->

src/domains/bonus/prod/locals.tf

@@ -0,0 +1,20 @@
+locals {
+  prefix                   = "io"
+  env_short                = "p"
+  location                 = "italynorth"
+  location_short           = "itn"
+  secondary_location       = "germanywestcentral"
+  secondary_location_short = "gwc"
+  domain                   = "bonus"
+  project                  = "${local.prefix}-${local.env_short}-${local.location_short}-${local.domain}"
+  secondary_project        = "${local.prefix}-${local.env_short}-${local.secondary_location_short}-${local.domain}"
+
+  tags = {
+    CostCenter     = "TS000 - Tecnologia e Servizi"
+    CreatedBy      = "Terraform"
+    Environment    = "Prod"
+    BusinessUnit   = "App IO"
+    ManagementTeam = "IO Bonus & Pagamenti"
+    Source         = "https://github.com/pagopa/io-infra/blob/main/src/domains/bonus/prod"
+  }
+}

src/domains/bonus/prod/main.tf

@@ -0,0 +1,20 @@
+terraform {
+
+  backend "azurerm" {
+    resource_group_name  = "terraform-state-rg"
+    storage_account_name = "iopitntfst001"
+    container_name       = "terraform-state"
+    key                  = "io-infra.bonus.prod.tfstate"
+  }
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

src/domains/bonus/prod/outputs.tf

@@ -0,0 +1,15 @@
+output "storage_account_primary" {
+  value = {
+    id                  = azurerm_storage_account.bonus_backup_itn_01.id
+    name                = azurerm_storage_account.bonus_backup_itn_01.name
+    resource_group_name = azurerm_storage_account.bonus_backup_itn_01.resource_group_name
+  }
+}
+
+output "storage_account_secondary" {
+  value = {
+    id                  = azurerm_storage_account.bonus_backup_gwc_01.id
+    name                = azurerm_storage_account.bonus_backup_gwc_01.name
+    resource_group_name = azurerm_storage_account.bonus_backup_gwc_01.resource_group_name
+  }
+}

src/domains/bonus/prod/resource_group.tf

@@ -0,0 +1,6 @@
+resource "azurerm_resource_group" "rg_itn_01" {
+  name     = "${local.project}-rg-01"
+  location = local.location
+
+  tags = local.tags
+}

src/domains/bonus/prod/storage_account.tf

@@ -0,0 +1,125 @@
+resource "azurerm_storage_account" "bonus_backup_itn_01" {
+  name                = replace("${local.project}backupst01", "-", "")
+  resource_group_name = azurerm_resource_group.rg_itn_01.name
+  location            = local.location
+
+  account_kind             = "StorageV2"
+  account_tier             = "Standard"
+  account_replication_type = "ZRS"
+  access_tier              = "Cool"
+
+  public_network_access_enabled = true
+
+  shared_access_key_enabled       = false
+  default_to_oauth_authentication = true
+
+  blob_properties {
+    versioning_enabled       = true
+    change_feed_enabled      = true
+    last_access_time_enabled = true
+
+    delete_retention_policy {
+      days = 7
+    }
+
+    restore_policy {
+      days = 5
+    }
+
+    container_delete_retention_policy {
+      days = 10
+    }
+  }
+
+  tags = local.tags
+}
+
+resource "azurerm_storage_account" "bonus_backup_gwc_01" {
+  name                = replace("${local.secondary_project}backupst01", "-", "")
+  resource_group_name = azurerm_resource_group.rg_itn_01.name
+  location            = local.secondary_location
+
+  account_kind             = "StorageV2"
+  account_tier             = "Standard"
+  account_replication_type = "ZRS"
+  access_tier              = "Cool"
+
+  public_network_access_enabled = true
+
+  shared_access_key_enabled       = false
+  default_to_oauth_authentication = true
+
+  blob_properties {
+    versioning_enabled       = true
+    change_feed_enabled      = true
+    last_access_time_enabled = true
+
+    delete_retention_policy {
+      days = 7
+    }
+
+    restore_policy {
+      days = 5
+    }
+
+    container_delete_retention_policy {
+      days = 10
+    }
+  }
+
+  tags = local.tags
+}
+
+resource "azurerm_storage_object_replication" "itn_01_to_gwc_01" {
+  source_storage_account_id      = azurerm_storage_account.bonus_backup_itn_01.id
+  destination_storage_account_id = azurerm_storage_account.bonus_backup_gwc_01.id
+
+  rules {
+    source_container_name      = azurerm_storage_container.bonus_itn_01.name
+    destination_container_name = azurerm_storage_container.bonus_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+
+  rules {
+    source_container_name      = azurerm_storage_container.redeemed_requests_itn_01.name
+    destination_container_name = azurerm_storage_container.redeemed_requests_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+
+
+  rules {
+    source_container_name      = azurerm_storage_container.bonus_activations_itn_01.name
+    destination_container_name = azurerm_storage_container.bonus_activations_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+
+  rules {
+    source_container_name      = azurerm_storage_container.bonus_leases_itn_01.name
+    destination_container_name = azurerm_storage_container.bonus_leases_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+
+  rules {
+    source_container_name      = azurerm_storage_container.bonus_processing_itn_01.name
+    destination_container_name = azurerm_storage_container.bonus_processing_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+
+  rules {
+    source_container_name      = azurerm_storage_container.change_feed_leases_itn_01.name
+    destination_container_name = azurerm_storage_container.change_feed_leases_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+
+  rules {
+    source_container_name      = azurerm_storage_container.eligibility_checks_itn_01.name
+    destination_container_name = azurerm_storage_container.eligibility_checks_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+
+  rules {
+    source_container_name      = azurerm_storage_container.user_bonuses_itn_01.name
+    destination_container_name = azurerm_storage_container.user_bonuses_gwc_01.name
+    copy_blobs_created_after   = "Everything"
+  }
+}