fix

pagopa · Oct 24, 2024 · 579b943 · 579b943
1 parent c894faa
commit 579b943
Show file tree

Hide file tree

Showing 9 changed files with 90 additions and 40 deletions.
diff --git a/src/domains/afm-common/03_cosmosdb_afm.tf b/src/domains/afm-common/03_cosmosdb_afm.tf
@@ -22,41 +22,34 @@ module "afm_marketplace_cosmosdb_snet" {
 }
 
 module "afm_marketplace_cosmosdb_account" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v6.7.0"
-
-  name     = "${local.project}-marketplace-cosmos-account"
-  location = var.location
-  domain   = var.domain
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=add-analytical_storage_enabled-2-cosmos"
 
+  name                = "${local.project}-marketplace-cosmos-account"
+  location            = var.location
   resource_group_name = azurerm_resource_group.afm_rg.name
-  offer_type          = var.afm_marketplace_cosmos_db_params.offer_type
-  kind                = var.afm_marketplace_cosmos_db_params.kind
+  domain              = var.domain
+
+  offer_type                 = var.afm_marketplace_cosmos_db_params.offer_type
+  kind                       = var.afm_marketplace_cosmos_db_params.kind
+  capabilities               = var.afm_marketplace_cosmos_db_params.capabilities
+  enable_free_tier           = var.afm_marketplace_cosmos_db_params.enable_free_tier
+  analytical_storage_enabled = var.afm_marketplace_cosmos_db_params.analytical_storage_enabled
+
+  public_network_access_enabled      = var.afm_marketplace_cosmos_db_params.public_network_access_enabled
+  private_endpoint_enabled           = var.afm_marketplace_cosmos_db_params.private_endpoint_enabled
+  subnet_id                          = module.afm_marketplace_cosmosdb_snet.id
+  private_dns_zone_sql_ids           = [data.azurerm_private_dns_zone.cosmos.id]
+  is_virtual_network_filter_enabled  = var.afm_marketplace_cosmos_db_params.is_virtual_network_filter_enabled
+  allowed_virtual_network_subnet_ids = var.afm_marketplace_cosmos_db_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id, data.azurerm_subnet.apiconfig_subnet.id]
 
-  public_network_access_enabled    = var.afm_marketplace_cosmos_db_params.public_network_access_enabled
+  consistency_policy               = var.afm_marketplace_cosmos_db_params.consistency_policy
+  main_geo_location_location       = var.location
   main_geo_location_zone_redundant = var.afm_marketplace_cosmos_db_params.main_geo_location_zone_redundant
+  additional_geo_locations         = var.afm_marketplace_cosmos_db_params.additional_geo_locations
 
-  enable_free_tier          = var.afm_marketplace_cosmos_db_params.enable_free_tier
+  backup_continuous_enabled = var.afm_marketplace_cosmos_db_params.backup_continuous_enabled
   enable_automatic_failover = true
-
-  capabilities       = var.afm_marketplace_cosmos_db_params.capabilities
-  consistency_policy = var.afm_marketplace_cosmos_db_params.consistency_policy
-
-  main_geo_location_location = var.location
-  additional_geo_locations   = var.afm_marketplace_cosmos_db_params.additional_geo_locations
-  backup_continuous_enabled  = var.afm_marketplace_cosmos_db_params.backup_continuous_enabled
-
-  is_virtual_network_filter_enabled = var.afm_marketplace_cosmos_db_params.is_virtual_network_filter_enabled
-
-  ip_range = ""
-
-  # add data.azurerm_subnet.<my_service>.id
-  allowed_virtual_network_subnet_ids = var.afm_marketplace_cosmos_db_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id, data.azurerm_subnet.apiconfig_subnet.id]
-
-  # private endpoint
-  private_endpoint_name    = "${local.project}-marketplace-cosmos-sql-endpoint"
-  private_endpoint_enabled = var.afm_marketplace_cosmos_db_params.private_endpoint_enabled
-  subnet_id                = module.afm_marketplace_cosmosdb_snet.id
-  private_dns_zone_ids     = [data.azurerm_private_dns_zone.cosmos.id]
+  ip_range                  = ""
 
   tags = var.tags
 }
@@ -202,4 +195,4 @@ module "afm_marketplace_cosmosdb_containers" {
 #   depends_on = [
 #     module.afm_marketplace_cosmosdb_account
 #   ]
-# }
+# }
diff --git a/src/domains/afm-common/99_variables.tf b/src/domains/afm-common/99_variables.tf
@@ -122,6 +122,7 @@ variable "afm_marketplace_cosmos_db_params" {
     public_network_access_enabled     = bool
     is_virtual_network_filter_enabled = bool
     backup_continuous_enabled         = bool
+    analytical_storage_enabled        = bool
   })
 }
 

diff --git a/src/domains/afm-common/env/weu-dev/terraform.tfvars b/src/domains/afm-common/env/weu-dev/terraform.tfvars
@@ -49,6 +49,7 @@ afm_marketplace_cosmos_db_params = {
 
   backup_continuous_enabled = false
 
+  analytical_storage_enabled = true
 }
 
 cidr_subnet_afm_marketplace_cosmosdb = ["10.1.151.0/24"]

diff --git a/src/domains/afm-common/env/weu-prod/terraform.tfvars b/src/domains/afm-common/env/weu-prod/terraform.tfvars
@@ -35,9 +35,9 @@ afm_marketplace_cosmos_db_params = {
   capabilities = []
   offer_type   = "Standard"
   consistency_policy = {
-    consistency_level       = "BoundedStaleness"
-    max_interval_in_seconds = 300
-    max_staleness_prefix    = 100000
+    consistency_level       = "Strong" # "BoundedStaleness"
+    max_interval_in_seconds = 5 # 300
+    max_staleness_prefix    = 100 # 100000
   }
   server_version                   = "4.0"
   main_geo_location_zone_redundant = true
@@ -56,6 +56,7 @@ afm_marketplace_cosmos_db_params = {
 
   backup_continuous_enabled = true
 
+  analytical_storage_enabled = false
 }
 
 cidr_subnet_afm_marketplace_cosmosdb = ["10.1.151.0/24"]

diff --git a/src/domains/afm-common/env/weu-uat/terraform.tfvars b/src/domains/afm-common/env/weu-uat/terraform.tfvars
@@ -51,6 +51,7 @@ afm_marketplace_cosmos_db_params = {
 
   backup_continuous_enabled = false
 
+  analytical_storage_enabled = true
 }
 
 cidr_subnet_afm_marketplace_cosmosdb = ["10.1.151.0/24"]

diff --git a/src/domains/afm-secrets/.terraform.lock.hcl b/src/domains/afm-secrets/.terraform.lock.hcl
diff --git a/src/domains/afm-secrets/secret/weu-dev/noedit_secret_enc.json b/src/domains/afm-secrets/secret/weu-dev/noedit_secret_enc.json
@@ -1,6 +1,6 @@
 {
-	"afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:YaOrDvXFUhKIQkFj6ZzSTS3wjXo=,iv:/x2gmiHjXNA2Slqz8JpuL7N+rNWGrd482y5nvHfFGdg=,tag:vCwKCN5ljVTke2kuuvdjtA==,type:str]",
-	"afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:XC6VYdPWPvwc+CziNKjuZ8QUaLiErgoLM//ASAPQB2ebYnRM/QgOFw==,iv:aXh2DUAyZ43UeoRPuZ3toKjGaytMv3lHYO3N/ncoFBE=,tag:esOikoegtK46W2HzrarzEg==,type:str]",
+	"afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:fjRcLLL+3HAkKdQ5vgWwika94kg=,iv:+ApyNnJWb7mXZK6vPjxms6D2MJP2fs/4BJQBGWadv4g=,tag:hlXrltSZKe6hQjjY2MIAOw==,type:str]",
+	"afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:944zMeqwn6Vz+4aAhsOmcwGewmv6fdcTcl84wb5b05Teydt2L35Wjw==,iv:+PruWCHmtgWTICdDwBqqdU5NGWsLX8Ma20e+lcnZ9gM=,tag:RSNYyyp+5y8nlJWz6+HKqg==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -9,16 +9,16 @@
 				"vault_url": "https://pagopa-d-afm-kv.vault.azure.net",
 				"name": "pagopa-d-afm-sops-key",
 				"version": "a43c2d58349044a2815377d93007237c",
-				"created_at": "2024-09-24T13:33:24Z",
-				"enc": "R1EuXCKN4_xI1Cbwgj3bBQodCri-YwGpZKKlIGSovvFsobzEHIULSqF_N88sSBH7qzjbGLMpIyMLui-UQsS4EuZXbTZb3sqo3IrmXJZpnI9-YaZ5OTMhZC-Cr-etYC0RdycFu8ekG5F4cD_zhU_RdOXsoCStB-vMGd8zPwKC-es4sLIJ3GENXGmqvumWuU3G7f5uuTaAXz1LIAC2ltOhJ0becyc64r1fRSIZOGjz2XPciSSZWY6OYZmpkPSsgJ5VPG5zk7fwuh1hOsbxllSy36Q5pm1CskKOwbMze2DfX_Jr436e-c3nqGsk3eE0VZ5PMQQ_eDUQwWraAB0ilLyB2w"
+				"created_at": "2024-10-24T07:56:53Z",
+				"enc": "wvhRWGIKpx43KnxuFx6uoqZNUrc1F6Rf0AGnrHqmo7vEPkuLSnKUXKW0YkFCbR3EHPL5DZU-gDgo0vkuOL-JEbnYoBmYQ6kEcmrne8dnqVofGs7UenjzK8T8xVcjmxGpnGct__KI9L2UPRlEL_7QrKKES8Jk9o8hJglmgGO1YOVvg9Xv049wufjz-jgPLxj19PimPESt7MwsLDfcH5Op2ynruA1ubtD93zGYz0WBuBsLUaZEkImgGLI7ERmfiWFKKFUnS1tvZeY0gsKbtuZ3ZJdey5pjFRUAi4GdhAmGIaMFHcC7VHFE00ldVUtV8eb3CaHBP3kyGw7VWFOiY-bPvA"
 			}
 		],
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-09-25T15:09:41Z",
-		"mac": "ENC[AES256_GCM,data:eX5rCwIpA/k7kUrRchnWQBM2ygOMb2fbHgl9N/XkWjZ7b5fsDiqSzrgHVHTxAoMNEczSxnsFXCyPuCOUDrHzfzOdFTZZZtk3WZiWwZCGEbSDE9kI0IP5zk/W9Lsoinj8hsOG8a77Cx0/aU9mcK91tVzXNROLQgs3d45XjfyNQP4=,iv:oMcZz7ntv/7Tacfa1ACLubDh9QJN0Q8LCpAkDeWQUYE=,tag:riz2sLT/kLRCSGpYYDSShg==,type:str]",
+		"lastmodified": "2024-10-24T07:58:08Z",
+		"mac": "ENC[AES256_GCM,data:5r/dKSuh7LgjUofSdMe9U00R8bemAFCIjKjxqhXNAsTxGUqI8cbRy/j7GNlMERgqrToHHeBl7DXHdH06bHT4Z1BuLRe15znnbOxZxhCGxy7OZrHEZmqLpy9S1+x88kil5MCdSdt6TKz5zbKOALuIXLuBzCNOk6zECD9ZvoxtQWE=,iv:gg8SC6xdE8p//2CZ7sv4llMqt+fLsKycS0bi9qHR1bI=,tag:NUwP/P7ggpBMOmO1fkOEAA==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.0"
+		"version": "3.9.1"
 	}
 }
diff --git a/src/domains/afm-secrets/secret/weu-prod/noedit_secret_enc.json b/src/domains/afm-secrets/secret/weu-prod/noedit_secret_enc.json
@@ -0,0 +1,24 @@
+{
+	"afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:Ti6eI6B5r82NNY8=,iv:qWDjXffOBF0CaOYKswAersR3a9s6nML1MBrANOgDfA8=,tag:dVTfhmUpiYpJVPM9BygZdQ==,type:str]",
+	"afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:W4cVp086XUD1FTw=,iv:UXDmOuIl3IRUElaYtXCoid7afwG/GyGspgpOKQ1Fcnw=,tag:rF4CAfrHaEUf3McIbr4z1w==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": [
+			{
+				"vault_url": "https://pagopa-p-afm-kv.vault.azure.net",
+				"name": "pagopa-p-afm-sops-key",
+				"version": "fe0ef44b4ae140e59435afd78873c12f",
+				"created_at": "2024-10-24T10:21:44Z",
+				"enc": "np-oSDjik0eOozi44UkyGMzFG3JG_Wq_dbvywLP0ae0IgnavlERB5njyxQYEt2mP-Cd1WQchvxoKCivIw0Yly_0Wp23lGTNhUnKiWvD29yE3y-zxQwGQAa3FIB1exIMAG-4xUmCtl1iUDl9X95bj3Qa7_93Fsqce1tzNf22o0LBCpod84g9iQwZcUOOhxOMyNJ6MOee9sETp5-W2H9_IAMDV3I1rKFbCSzsHzCwI1PCjtGfJ8I4mo2fP00gtNEcbHAjhUsYSt68KZhdHPVfFIVot1Aqxq3oJB_xe1OzBEkgcBJ4dMouTt1L86hKHMEcoFgsfHb_RBNRdEBZBIE3vtQ"
+			}
+		],
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2024-10-24T10:23:36Z",
+		"mac": "ENC[AES256_GCM,data:x5x9kGb7VA34tuFS/79AXpENNxFLdTiR5YWAS/wFIQ1FjvysR92FpKMKgmv7//ZXSXqkfSNDH74hhe2AN3g/5d5RCwv0WMWj+KxNGjr2xCgk7hd1n0I0LBo0Cjkg3nqOe/mmNM6zNh63rzs+hisBEq/CPDVscu6NAgqK6dpIjRQ=,iv:1v82ZBm52YLMznsS9INQD3CQZ0FoDH8anUwCvoG1kEU=,tag:l9wIqKVGgPwjpP6/FIHTSA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.1"
+	}
+}
diff --git a/src/domains/afm-secrets/secret/weu-uat/noedit_secret_enc.json b/src/domains/afm-secrets/secret/weu-uat/noedit_secret_enc.json
@@ -0,0 +1,24 @@
+{
+	"afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:dsi+BRoW4OIyoxo=,iv:fn6X/QM4ac0Bh6pmkpVlQ5bgYm28MJZKeCg/hSYgh/4=,tag:yTGSpIc+MH6fd+v3+Zy1yw==,type:str]",
+	"afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:I8UDMX4184T989k=,iv:AzRl/rqHDNVf04+F9z1EXiMEhmQ3gtaIzNSU17bku8k=,tag:WTC3rBbA0Ab9W9kxF8J5uw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": [
+			{
+				"vault_url": "https://pagopa-u-afm-kv.vault.azure.net",
+				"name": "pagopa-u-afm-sops-key",
+				"version": "add26e5b260f4416af08770320fe27aa",
+				"created_at": "2024-10-22T05:29:47Z",
+				"enc": "eg0gevcLHVe52m1e8LF9pYzXSFKtX197UvzNH1ArluZO7Cwdawe17aFsf6Q7KKu5ohu-9LUSM5fBvuWk7qArp6sM-oiWvmRegd7tYPc3K3sM6t1wiOR55TbJuck0ucE-OzVwGe00qBHL1ksOkSMs9bCQ0zdgUJ0UW6R9j6tuOJHHOxW8__j0MZK0bQsPVtOkgLn-UaJczHeO2Xf34ct8W5K8_wF1V9BLxFTS_Kz7SFd8xVGj0rxxcXiSE1lAJaEe__v1qa_9zONO-5X7MklURoGinu27IqOTz8PvSo2XmTFFwQMmfZlMt_FDEwo66SJJTZwzZsibh5UgUvhg0Mo01w"
+			}
+		],
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2024-10-24T10:22:17Z",
+		"mac": "ENC[AES256_GCM,data:q91G3ciPcYfFdAj3wT47UGi4H0nIYC0DvebPQMj9sd8phz0H4ApIvF+6O1/qbW/wsE7w021r41hFfa8YyLJ4d4p+cwGBgVjs24R2zHNCX7Z9M0o2pbuUp/2/uk6AnWVJNxpyzNFTAvc9yPRFXKTnR0kiGI1PdZ04RGTi1LBDGAM=,iv:fT/XCVdASdQZMwh4xKZyLTwAs9RW0KVkf+2GabiZJEM=,tag:9L82qBWR1VemReEtuMQ4eA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.1"
+	}
+}