chore: Added stuff to deploy to CSTAR-dev subscription. (#149)

src/main/terraform/data.tf

@@ -2,38 +2,38 @@
 # Container Apps Environment.
 # ------------------------------------------------------------------------------
 data "azurerm_container_app_environment" "mil" {
-  name                = "${local.project}-cae"
-  resource_group_name = "${local.project}-app-rg"
+  name                = var.cae_name
+  resource_group_name = var.cae_resource_group_name
 }
 
 # ------------------------------------------------------------------------------
 # Identity for this Container App.
 # ------------------------------------------------------------------------------
 data "azurerm_user_assigned_identity" "auth" {
-  resource_group_name = "${local.project}-identity-rg"
-  name                = "${var.prefix}-${var.env_short}-auth-identity"
+  resource_group_name = var.id_name
+  name                = var.id_resource_group_name
 }
 
 # ------------------------------------------------------------------------------
 # General purpose key vault used to protect secrets.
 # ------------------------------------------------------------------------------
 data "azurerm_key_vault" "general" {
-  name                = "${local.project}-general-kv"
-  resource_group_name = "${local.project}-sec-rg"
+  name                = var.general_kv_name
+  resource_group_name = var.general_kv_resource_group_name
 }
 
 # ------------------------------------------------------------------------------
 # Key vault for cryptographics operations.
 # ------------------------------------------------------------------------------
 data "azurerm_key_vault" "auth" {
-  name                = "${local.project}-auth-kv"
-  resource_group_name = "${local.project}-sec-rg"
+  name                = var.auth_kv_name
+  resource_group_name = var.auth_kv_resource_group_name
 }
 
 # ------------------------------------------------------------------------------
 # Storage account containing configuration files.
 # ------------------------------------------------------------------------------
 data "azurerm_storage_account" "auth" {
-  name                = "${var.prefix}${var.env_short}authst"
-  resource_group_name = "${local.project}-data-rg"
+  name                = var.auth_st_name
+  resource_group_name = var.auth_st_resource_group_name
 }

src/main/terraform/env/cstar-d-tier-0/backend.ini

@@ -0,0 +1 @@
+subscription=DEV-cstar

src/main/terraform/env/cstar-d-tier-0/backend.tfvars

@@ -0,0 +1,4 @@
+resource_group_name  = "terraform-state-rg"
+storage_account_name = "tfappdevcstar"
+container_name       = "terraform-state"
+key                  = "tier-0-auth.tfstate"

src/main/terraform/env/cstar-d-tier-0/terraform.tfvars

@@ -0,0 +1,63 @@
+# ------------------------------------------------------------------------------
+# General variables.
+# ------------------------------------------------------------------------------
+prefix         = "cstar"
+env_short      = "d"
+env            = "dev"
+location       = "westeurope" # this will be "italynorth"
+location_short = "weu"        # this will be "itn"
+domain         = "tier-0"
+
+tags = {
+  CreatedBy   = "Terraform"
+  Environment = "dev"
+  Owner       = "cstar"
+  Source      = "https://github.com/pagopa/mil-auth/tree/main/src/main/terraform"
+  CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+}
+
+# ------------------------------------------------------------------------------
+# External resources.
+# ------------------------------------------------------------------------------
+cae_name                       = "cstar-d-tier-0-cae"
+cae_resource_group_name        = "cstar-d-tier-0-app-rg"
+id_name                        = "cstar-d-tier-0-auth-id"
+id_resource_group_name         = "cstar-d-tier-0-identity-rg"
+general_kv_name                = "cstar-d-tier-0-gen-kv"
+general_kv_resource_group_name = "cstar-d-tier-0-sec-rg"
+auth_kv_name                   = "cstar-d-tier-0-auth-kv"
+auth_kv_resource_group_name    = "cstar-d-tier-0-sec-rg"
+auth_st_name                   = "cstardtier0authst"
+auth_st_resource_group_name    = "cstar-d-tier-0-data-rg"
+
+# ------------------------------------------------------------------------------
+# Names of key vault secrets.
+# ------------------------------------------------------------------------------
+cosmosdb_account_primary_mongodb_connection_string_kv_secret   = "cosmosdb-account-tier-0-primary-mongodb-connection-string"
+cosmosdb_account_secondary_mongodb_connection_string_kv_secret = "cosmosdb-account-tier-0-secondary-mongodb-connection-string"
+storage_account_primary_blob_endpoint_kv_secret                = "storage-account-auth-primary-blob-endpoint"
+key_vault_auth_vault_uri_kv_secret                             = "key-vault-auth-vault-uri"
+application_insigths_connection-string_kv_secret               = "core-application-insigths-connection-string"
+
+# ------------------------------------------------------------------------------
+# Configuration of the microservice.
+# ------------------------------------------------------------------------------
+mil_auth_quarkus_log_level                 = "ERROR"
+mil_auth_app_log_level                     = "DEBUG"
+mil_auth_json_log                          = true
+mil_auth_quarkus_rest_client_logging_scope = "all"
+mil_auth_cryptoperiod                      = 43200
+mil_auth_keysize                           = 2048
+mil_auth_access_duration                   = 900
+mil_auth_refresh_duration                  = 3600
+mil_auth_image                             = "ghcr.io/pagopa/mil-auth:latest"
+mil_auth_cpu                               = 1
+mil_auth_memory                            = "2Gi"
+mil_auth_max_replicas                      = 5
+mil_auth_min_replicas                      = 1
+mil_auth_keyvault_maxresults               = 20
+mil_auth_keyvault_backoff_num_of_attempts  = 5
+mil_auth_mongodb_connect_timeout           = "5s"
+mil_auth_mongodb_read_timeout              = "10s"
+mil_auth_mongodb_server_selection_timeout  = "5s"
+mil_auth_base_url                          = "https://mil-d-apim.azure-api.net/mil-auth"

src/main/terraform/env/dev-cd/terraform.tfvars

@@ -1,23 +1,46 @@
-#
-# General
-#
+# ------------------------------------------------------------------------------
+# General variables.
+# ------------------------------------------------------------------------------
+prefix         = "mil"
 env_short      = "d"
 env            = "dev"
-prefix         = "mil"
 location       = "westeurope" # this will be "italynorth"
 location_short = "weu"        # this will be "itn"
 
 tags = {
   CreatedBy   = "Terraform"
   Environment = "DEV"
   Owner       = "mil"
-  Source      = "https://github.com/pagopa/mil-infra"
+  Source      = "https://github.com/pagopa/mil-auth/tree/main/src/main/terraform"
   CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
 }
 
-#
-# mil-auth
-#
+# ------------------------------------------------------------------------------
+# External resources.
+# ------------------------------------------------------------------------------
+cae_name                       = "mil-d-cae"
+cae_resource_group_name        = "mil-d-app-rg"
+id_name                        = "mil-d-auth-identity"
+id_resource_group_name         = "mil-d-identity-rg"
+general_kv_name                = "mil-d-general-kv"
+general_kv_resource_group_name = "mil-d-sec-rg"
+auth_kv_name                   = "mil-d-auth-kv"
+auth_kv_resource_group_name    = "mil-d-sec-rg"
+auth_st_name                   = "mildauthst"
+auth_st_resource_group_name    = "mil-d-data-rg"
+
+# ------------------------------------------------------------------------------
+# Names of key vault secrets.
+# ------------------------------------------------------------------------------
+cosmosdb_account_primary_mongodb_connection_string_kv_secret   = "cosmosdb-account-mil-primary-mongodb-connection-string"
+cosmosdb_account_secondary_mongodb_connection_string_kv_secret = "cosmosdb-account-mil-secondary-mongodb-connection-string"
+storage_account_primary_blob_endpoint_kv_secret                = "storage-account-auth-primary-blob-endpoint"
+key_vault_auth_vault_uri_kv_secret                             = "key-vault-auth-vault-uri"
+application_insigths_connection-string_kv_secret               = "application-insigths-mil-connection-string"
+
+# ------------------------------------------------------------------------------
+# Configuration of the microservice.
+# ------------------------------------------------------------------------------
 mil_auth_quarkus_log_level                 = "ERROR"
 mil_auth_app_log_level                     = "DEBUG"
 mil_auth_json_log                          = true
@@ -26,7 +49,6 @@ mil_auth_cryptoperiod                      = 43200
 mil_auth_keysize                           = 2048
 mil_auth_access_duration                   = 900
 mil_auth_refresh_duration                  = 3600
-mil_auth_openapi_descriptor                = "https://raw.githubusercontent.com/pagopa/mil-auth/main/src/main/resources/META-INF/openapi.yaml"
 mil_auth_image                             = "ghcr.io/pagopa/mil-auth:latest"
 mil_auth_cpu                               = 1
 mil_auth_memory                            = "2Gi"

src/main/terraform/env/uat-cd/terraform.tfvars

@@ -1,23 +1,46 @@
-#
-# General
-#
+# ------------------------------------------------------------------------------
+# General variables.
+# ------------------------------------------------------------------------------
+prefix         = "mil"
 env_short      = "u"
 env            = "uat"
-prefix         = "mil"
 location       = "westeurope" # this will be "italynorth"
 location_short = "weu"        # this will be "itn"
 
 tags = {
   CreatedBy   = "Terraform"
   Environment = "UAT"
   Owner       = "mil"
-  Source      = "https://github.com/pagopa/mil-infra"
+  Source      = "https://github.com/pagopa/mil-auth/tree/main/src/main/terraform"
   CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
 }
 
-#
-# mil-auth
-#
+# ------------------------------------------------------------------------------
+# External resources.
+# ------------------------------------------------------------------------------
+cae_name                       = "mil-u-cae"
+cae_resource_group_name        = "mil-u-app-rg"
+id_name                        = "mil-u-auth-identity"
+id_resource_group_name         = "mil-u-identity-rg"
+general_kv_name                = "mil-u-general-kv"
+general_kv_resource_group_name = "mil-u-sec-rg"
+auth_kv_name                   = "mil-u-auth-kv"
+auth_kv_resource_group_name    = "mil-u-sec-rg"
+auth_st_name                   = "miluauthst"
+auth_st_resource_group_name    = "mil-u-data-rg"
+
+# ------------------------------------------------------------------------------
+# Names of key vault secrets.
+# ------------------------------------------------------------------------------
+cosmosdb_account_primary_mongodb_connection_string_kv_secret   = "cosmosdb-account-mil-primary-mongodb-connection-string"
+cosmosdb_account_secondary_mongodb_connection_string_kv_secret = "cosmosdb-account-mil-secondary-mongodb-connection-string"
+storage_account_primary_blob_endpoint_kv_secret                = "storage-account-auth-primary-blob-endpoint"
+key_vault_auth_vault_uri_kv_secret                             = "key-vault-auth-vault-uri"
+application_insigths_connection-string_kv_secret               = "application-insigths-mil-connection-string"
+
+# ------------------------------------------------------------------------------
+# Configuration of the microservice.
+# ------------------------------------------------------------------------------
 mil_auth_quarkus_log_level                 = "ERROR"
 mil_auth_app_log_level                     = "DEBUG"
 mil_auth_json_log                          = true
@@ -26,7 +49,6 @@ mil_auth_cryptoperiod                      = 43200
 mil_auth_keysize                           = 2048
 mil_auth_access_duration                   = 900
 mil_auth_refresh_duration                  = 3600
-mil_auth_openapi_descriptor                = "https://raw.githubusercontent.com/pagopa/mil-auth/main/src/main/resources/META-INF/openapi.yaml"
 mil_auth_image                             = "ghcr.io/pagopa/mil-auth:latest"
 mil_auth_cpu                               = 1
 mil_auth_memory                            = "2Gi"

src/main/terraform/locals.tf

@@ -1,4 +1,6 @@
 locals {
-  project = "${var.prefix}-${var.env_short}"
-  domain = "mil"
+  #
+  # Project label.
+  #
+  project = var.domain == "" ? "${var.prefix}-${var.env_short}" : "${var.prefix}-${var.env_short}-${var.domain}"
 }

src/main/terraform/variables.tf

@@ -45,14 +45,91 @@ variable "tags" {
   type = map(any)
 }
 
-variable "user_managed_identity_endpoint" {
-  type        = string
-  default     = "http://169.254.169.254/metadata/identity/oauth2/token"
-  description = "Endpoint to get the access token to use to access to Azure resources when User Managed Identity is in use."
+variable "domain" {
+  type    = string
+  default = ""
+}
+
+# ------------------------------------------------------------------------------
+# Container Apps Environment.
+# ------------------------------------------------------------------------------
+variable "cae_name" {
+  type = string
+}
+
+variable "cae_resource_group_name" {
+  type = string
+}
+
+# ------------------------------------------------------------------------------
+# Identity for this Container App.
+# ------------------------------------------------------------------------------
+variable "id_name" {
+  type = string
+}
+
+variable "id_resource_group_name" {
+  type = string
+}
+
+# ------------------------------------------------------------------------------
+# General purpose key vault used to protect secrets.
+# ------------------------------------------------------------------------------
+variable "general_kv_name" {
+  type = string
+}
+
+variable "general_kv_resource_group_name" {
+  type = string
+}
+
+# ------------------------------------------------------------------------------
+# Key vault for cryptographics operations.
+# ------------------------------------------------------------------------------
+variable "auth_kv_name" {
+  type = string
+}
+
+variable "auth_kv_resource_group_name" {
+  type = string
+}
+
+# ------------------------------------------------------------------------------
+# Storage account containing configuration files.
+# ------------------------------------------------------------------------------
+variable "auth_st_name" {
+  type = string
+}
+
+variable "auth_st_resource_group_name" {
+  type = string
 }
 
 # ------------------------------------------------------------------------------
-# Specific variables definition.
+# Names of key vault secrets.
+# ------------------------------------------------------------------------------
+variable "cosmosdb_account_primary_mongodb_connection_string_kv_secret" {
+  type = string
+}
+
+variable "cosmosdb_account_secondary_mongodb_connection_string_kv_secret" {
+  type = string
+}
+
+variable "storage_account_primary_blob_endpoint_kv_secret" {
+  type = string
+}
+
+variable "key_vault_auth_vault_uri_kv_secret" {
+  type = string
+}
+
+variable "application_insigths_connection_string_kv_secret" {
+  type = string
+}
+
+# ------------------------------------------------------------------------------
+# Specific to auth microservice.
 # ------------------------------------------------------------------------------
 variable "mil_auth_quarkus_log_level" {
   type    = string
@@ -95,10 +172,6 @@ variable "mil_auth_refresh_duration" {
   default = 3600
 }
 
-variable "mil_auth_openapi_descriptor" {
-  type = string
-}
-
 variable "mil_auth_image" {
   type = string
 }