diff --git a/src/domains/afm-common/03_cosmosdb_afm.tf b/src/domains/afm-common/03_cosmosdb_afm.tf index 0c46464898..fa95300475 100644 --- a/src/domains/afm-common/03_cosmosdb_afm.tf +++ b/src/domains/afm-common/03_cosmosdb_afm.tf @@ -22,41 +22,34 @@ module "afm_marketplace_cosmosdb_snet" { } module "afm_marketplace_cosmosdb_account" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v6.7.0" - - name = "${local.project}-marketplace-cosmos-account" - location = var.location - domain = var.domain + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=add-analytical_storage_enabled-2-cosmos" + name = "${local.project}-marketplace-cosmos-account" + location = var.location resource_group_name = azurerm_resource_group.afm_rg.name - offer_type = var.afm_marketplace_cosmos_db_params.offer_type - kind = var.afm_marketplace_cosmos_db_params.kind + domain = var.domain + + offer_type = var.afm_marketplace_cosmos_db_params.offer_type + kind = var.afm_marketplace_cosmos_db_params.kind + capabilities = var.afm_marketplace_cosmos_db_params.capabilities + enable_free_tier = var.afm_marketplace_cosmos_db_params.enable_free_tier + analytical_storage_enabled = var.afm_marketplace_cosmos_db_params.analytical_storage_enabled + + public_network_access_enabled = var.afm_marketplace_cosmos_db_params.public_network_access_enabled + private_endpoint_enabled = var.afm_marketplace_cosmos_db_params.private_endpoint_enabled + subnet_id = module.afm_marketplace_cosmosdb_snet.id + private_dns_zone_sql_ids = [data.azurerm_private_dns_zone.cosmos.id] + is_virtual_network_filter_enabled = var.afm_marketplace_cosmos_db_params.is_virtual_network_filter_enabled + allowed_virtual_network_subnet_ids = var.afm_marketplace_cosmos_db_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id, data.azurerm_subnet.apiconfig_subnet.id] - public_network_access_enabled = var.afm_marketplace_cosmos_db_params.public_network_access_enabled + consistency_policy = var.afm_marketplace_cosmos_db_params.consistency_policy + main_geo_location_location = var.location main_geo_location_zone_redundant = var.afm_marketplace_cosmos_db_params.main_geo_location_zone_redundant + additional_geo_locations = var.afm_marketplace_cosmos_db_params.additional_geo_locations - enable_free_tier = var.afm_marketplace_cosmos_db_params.enable_free_tier + backup_continuous_enabled = var.afm_marketplace_cosmos_db_params.backup_continuous_enabled enable_automatic_failover = true - - capabilities = var.afm_marketplace_cosmos_db_params.capabilities - consistency_policy = var.afm_marketplace_cosmos_db_params.consistency_policy - - main_geo_location_location = var.location - additional_geo_locations = var.afm_marketplace_cosmos_db_params.additional_geo_locations - backup_continuous_enabled = var.afm_marketplace_cosmos_db_params.backup_continuous_enabled - - is_virtual_network_filter_enabled = var.afm_marketplace_cosmos_db_params.is_virtual_network_filter_enabled - - ip_range = "" - - # add data.azurerm_subnet..id - allowed_virtual_network_subnet_ids = var.afm_marketplace_cosmos_db_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id, data.azurerm_subnet.apiconfig_subnet.id] - - # private endpoint - private_endpoint_name = "${local.project}-marketplace-cosmos-sql-endpoint" - private_endpoint_enabled = var.afm_marketplace_cosmos_db_params.private_endpoint_enabled - subnet_id = module.afm_marketplace_cosmosdb_snet.id - private_dns_zone_ids = [data.azurerm_private_dns_zone.cosmos.id] + ip_range = "" tags = var.tags } @@ -202,4 +195,4 @@ module "afm_marketplace_cosmosdb_containers" { # depends_on = [ # module.afm_marketplace_cosmosdb_account # ] -# } \ No newline at end of file +# } diff --git a/src/domains/afm-common/99_variables.tf b/src/domains/afm-common/99_variables.tf index e878d9c986..73ef7b9cb7 100644 --- a/src/domains/afm-common/99_variables.tf +++ b/src/domains/afm-common/99_variables.tf @@ -122,6 +122,7 @@ variable "afm_marketplace_cosmos_db_params" { public_network_access_enabled = bool is_virtual_network_filter_enabled = bool backup_continuous_enabled = bool + analytical_storage_enabled = bool }) } diff --git a/src/domains/afm-common/env/weu-dev/terraform.tfvars b/src/domains/afm-common/env/weu-dev/terraform.tfvars index 1a54a279b9..760d464874 100644 --- a/src/domains/afm-common/env/weu-dev/terraform.tfvars +++ b/src/domains/afm-common/env/weu-dev/terraform.tfvars @@ -49,6 +49,7 @@ afm_marketplace_cosmos_db_params = { backup_continuous_enabled = false + analytical_storage_enabled = true } cidr_subnet_afm_marketplace_cosmosdb = ["10.1.151.0/24"] diff --git a/src/domains/afm-common/env/weu-prod/terraform.tfvars b/src/domains/afm-common/env/weu-prod/terraform.tfvars index 626ec240ca..edcb85ecb5 100644 --- a/src/domains/afm-common/env/weu-prod/terraform.tfvars +++ b/src/domains/afm-common/env/weu-prod/terraform.tfvars @@ -35,9 +35,9 @@ afm_marketplace_cosmos_db_params = { capabilities = [] offer_type = "Standard" consistency_policy = { - consistency_level = "BoundedStaleness" - max_interval_in_seconds = 300 - max_staleness_prefix = 100000 + consistency_level = "Strong" # "BoundedStaleness" + max_interval_in_seconds = 5 # 300 + max_staleness_prefix = 100 # 100000 } server_version = "4.0" main_geo_location_zone_redundant = true @@ -56,6 +56,7 @@ afm_marketplace_cosmos_db_params = { backup_continuous_enabled = true + analytical_storage_enabled = false } cidr_subnet_afm_marketplace_cosmosdb = ["10.1.151.0/24"] diff --git a/src/domains/afm-common/env/weu-uat/terraform.tfvars b/src/domains/afm-common/env/weu-uat/terraform.tfvars index 39053a355d..ea116fbffb 100644 --- a/src/domains/afm-common/env/weu-uat/terraform.tfvars +++ b/src/domains/afm-common/env/weu-uat/terraform.tfvars @@ -51,6 +51,7 @@ afm_marketplace_cosmos_db_params = { backup_continuous_enabled = false + analytical_storage_enabled = true } cidr_subnet_afm_marketplace_cosmosdb = ["10.1.151.0/24"] diff --git a/src/domains/afm-secrets/.terraform.lock.hcl b/src/domains/afm-secrets/.terraform.lock.hcl index b9e53664fc..064959af16 100644 --- a/src/domains/afm-secrets/.terraform.lock.hcl +++ b/src/domains/afm-secrets/.terraform.lock.hcl @@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/azuread" { version = "2.21.0" constraints = "2.21.0" hashes = [ + "h1:KbY8dRdbfTwTzEBcdOFdD50JX8CUG5Mni25D2+k1rGc=", "h1:qHYbB6LJsYPVUcd7QkZ5tU+IX+10VcUG4NzsmIuWdlE=", "zh:18c56e0478e8b3849f6d52f7e0ee495538e7fce66f22fc84a79599615e50ad1c", "zh:1b95ba8dddc46c744b2d2be7da6fafaa8ebd8368d46ff77416a95cb7d622251e", @@ -25,6 +26,7 @@ provider "registry.terraform.io/hashicorp/azurerm" { version = "2.99.0" constraints = "2.99.0" hashes = [ + "h1:/M8yLHqv0uOm9IbHRa4yZvQORr9ir1QyJyIyjGs4ryQ=", "h1:/ZY1j8YgB5GeqPnjT8avyRFjUcGH3rCk1xGLKcUCtWc=", "zh:08d81e72e97351538ab4d15548942217bf0c4d3b79ad3f4c95d8f07f902d2fa6", "zh:11fdfa4f42d6b6f01371f336fea56f28a1db9e7b490c5ca0b352f6bbca5a27f1", @@ -44,6 +46,7 @@ provider "registry.terraform.io/hashicorp/external" { version = "2.2.3" constraints = "2.2.3" hashes = [ + "h1:648ZjJR81c2W1OLtYmUQa9/1rGr3vvZSuX9dR1ucGWY=", "h1:D2RKjqoU26isFINpmeKG9NS0LvkPmrQkNXeYO2TdgyA=", "zh:184ecd339d764de845db0e5b8a9c87893dcd0c9d822167f73658f89d80ec31c9", "zh:2661eaca31d17d6bbb18a8f673bbfe3fe1b9b7326e60d0ceb302017003274e3c", @@ -65,6 +68,7 @@ provider "registry.terraform.io/hashicorp/kubernetes" { constraints = "2.16.1" hashes = [ "h1:PO4Ye/+lu5hCaUEOtwNOldQYoA0dqL1bcBICIpdlcd8=", + "h1:kO/d+ZMZYM2tNMMFHZqBmVR0MeemoGnI2G2NSN92CrU=", "zh:06224975f5910d41e73b35a4d5079861da2c24f9353e3ebb015fbb3b3b996b1c", "zh:2bc400a8d9fe7755cca27c2551564a9e2609cfadc77f526ef855114ee02d446f", "zh:3a479014187af1d0aec3a1d3d9c09551b801956fe6dd29af1186dec86712731b", @@ -85,6 +89,7 @@ provider "registry.terraform.io/hashicorp/null" { constraints = "3.1.1" hashes = [ "h1:Pctug/s/2Hg5FJqjYcTM0kPyx3AoYK1MpRWO0T9V2ns=", + "h1:YvH6gTaQzGdNv+SKTZujU1O0bO+Pw6vJHOPhqgN8XNs=", "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", diff --git a/src/domains/afm-secrets/secret/weu-dev/noedit_secret_enc.json b/src/domains/afm-secrets/secret/weu-dev/noedit_secret_enc.json index 318beb1f4d..24cdd829dd 100644 --- a/src/domains/afm-secrets/secret/weu-dev/noedit_secret_enc.json +++ b/src/domains/afm-secrets/secret/weu-dev/noedit_secret_enc.json @@ -1,6 +1,6 @@ { - "afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:YaOrDvXFUhKIQkFj6ZzSTS3wjXo=,iv:/x2gmiHjXNA2Slqz8JpuL7N+rNWGrd482y5nvHfFGdg=,tag:vCwKCN5ljVTke2kuuvdjtA==,type:str]", - "afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:XC6VYdPWPvwc+CziNKjuZ8QUaLiErgoLM//ASAPQB2ebYnRM/QgOFw==,iv:aXh2DUAyZ43UeoRPuZ3toKjGaytMv3lHYO3N/ncoFBE=,tag:esOikoegtK46W2HzrarzEg==,type:str]", + "afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:fjRcLLL+3HAkKdQ5vgWwika94kg=,iv:+ApyNnJWb7mXZK6vPjxms6D2MJP2fs/4BJQBGWadv4g=,tag:hlXrltSZKe6hQjjY2MIAOw==,type:str]", + "afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:944zMeqwn6Vz+4aAhsOmcwGewmv6fdcTcl84wb5b05Teydt2L35Wjw==,iv:+PruWCHmtgWTICdDwBqqdU5NGWsLX8Ma20e+lcnZ9gM=,tag:RSNYyyp+5y8nlJWz6+HKqg==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -9,16 +9,16 @@ "vault_url": "https://pagopa-d-afm-kv.vault.azure.net", "name": "pagopa-d-afm-sops-key", "version": "a43c2d58349044a2815377d93007237c", - "created_at": "2024-09-24T13:33:24Z", - "enc": "R1EuXCKN4_xI1Cbwgj3bBQodCri-YwGpZKKlIGSovvFsobzEHIULSqF_N88sSBH7qzjbGLMpIyMLui-UQsS4EuZXbTZb3sqo3IrmXJZpnI9-YaZ5OTMhZC-Cr-etYC0RdycFu8ekG5F4cD_zhU_RdOXsoCStB-vMGd8zPwKC-es4sLIJ3GENXGmqvumWuU3G7f5uuTaAXz1LIAC2ltOhJ0becyc64r1fRSIZOGjz2XPciSSZWY6OYZmpkPSsgJ5VPG5zk7fwuh1hOsbxllSy36Q5pm1CskKOwbMze2DfX_Jr436e-c3nqGsk3eE0VZ5PMQQ_eDUQwWraAB0ilLyB2w" + "created_at": "2024-10-24T07:56:53Z", + "enc": "wvhRWGIKpx43KnxuFx6uoqZNUrc1F6Rf0AGnrHqmo7vEPkuLSnKUXKW0YkFCbR3EHPL5DZU-gDgo0vkuOL-JEbnYoBmYQ6kEcmrne8dnqVofGs7UenjzK8T8xVcjmxGpnGct__KI9L2UPRlEL_7QrKKES8Jk9o8hJglmgGO1YOVvg9Xv049wufjz-jgPLxj19PimPESt7MwsLDfcH5Op2ynruA1ubtD93zGYz0WBuBsLUaZEkImgGLI7ERmfiWFKKFUnS1tvZeY0gsKbtuZ3ZJdey5pjFRUAi4GdhAmGIaMFHcC7VHFE00ldVUtV8eb3CaHBP3kyGw7VWFOiY-bPvA" } ], "hc_vault": null, "age": null, - "lastmodified": "2024-09-25T15:09:41Z", - "mac": "ENC[AES256_GCM,data:eX5rCwIpA/k7kUrRchnWQBM2ygOMb2fbHgl9N/XkWjZ7b5fsDiqSzrgHVHTxAoMNEczSxnsFXCyPuCOUDrHzfzOdFTZZZtk3WZiWwZCGEbSDE9kI0IP5zk/W9Lsoinj8hsOG8a77Cx0/aU9mcK91tVzXNROLQgs3d45XjfyNQP4=,iv:oMcZz7ntv/7Tacfa1ACLubDh9QJN0Q8LCpAkDeWQUYE=,tag:riz2sLT/kLRCSGpYYDSShg==,type:str]", + "lastmodified": "2024-10-24T07:58:08Z", + "mac": "ENC[AES256_GCM,data:5r/dKSuh7LgjUofSdMe9U00R8bemAFCIjKjxqhXNAsTxGUqI8cbRy/j7GNlMERgqrToHHeBl7DXHdH06bHT4Z1BuLRe15znnbOxZxhCGxy7OZrHEZmqLpy9S1+x88kil5MCdSdt6TKz5zbKOALuIXLuBzCNOk6zECD9ZvoxtQWE=,iv:gg8SC6xdE8p//2CZ7sv4llMqt+fLsKycS0bi9qHR1bI=,tag:NUwP/P7ggpBMOmO1fkOEAA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.9.0" + "version": "3.9.1" } } \ No newline at end of file diff --git a/src/domains/afm-secrets/secret/weu-prod/noedit_secret_enc.json b/src/domains/afm-secrets/secret/weu-prod/noedit_secret_enc.json new file mode 100644 index 0000000000..6e1748c4a6 --- /dev/null +++ b/src/domains/afm-secrets/secret/weu-prod/noedit_secret_enc.json @@ -0,0 +1,24 @@ +{ + "afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:Ti6eI6B5r82NNY8=,iv:qWDjXffOBF0CaOYKswAersR3a9s6nML1MBrANOgDfA8=,tag:dVTfhmUpiYpJVPM9BygZdQ==,type:str]", + "afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:W4cVp086XUD1FTw=,iv:UXDmOuIl3IRUElaYtXCoid7afwG/GyGspgpOKQ1Fcnw=,tag:rF4CAfrHaEUf3McIbr4z1w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-p-afm-kv.vault.azure.net", + "name": "pagopa-p-afm-sops-key", + "version": "fe0ef44b4ae140e59435afd78873c12f", + "created_at": "2024-10-24T10:21:44Z", + "enc": "np-oSDjik0eOozi44UkyGMzFG3JG_Wq_dbvywLP0ae0IgnavlERB5njyxQYEt2mP-Cd1WQchvxoKCivIw0Yly_0Wp23lGTNhUnKiWvD29yE3y-zxQwGQAa3FIB1exIMAG-4xUmCtl1iUDl9X95bj3Qa7_93Fsqce1tzNf22o0LBCpod84g9iQwZcUOOhxOMyNJ6MOee9sETp5-W2H9_IAMDV3I1rKFbCSzsHzCwI1PCjtGfJ8I4mo2fP00gtNEcbHAjhUsYSt68KZhdHPVfFIVot1Aqxq3oJB_xe1OzBEkgcBJ4dMouTt1L86hKHMEcoFgsfHb_RBNRdEBZBIE3vtQ" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-10-24T10:23:36Z", + "mac": "ENC[AES256_GCM,data:x5x9kGb7VA34tuFS/79AXpENNxFLdTiR5YWAS/wFIQ1FjvysR92FpKMKgmv7//ZXSXqkfSNDH74hhe2AN3g/5d5RCwv0WMWj+KxNGjr2xCgk7hd1n0I0LBo0Cjkg3nqOe/mmNM6zNh63rzs+hisBEq/CPDVscu6NAgqK6dpIjRQ=,iv:1v82ZBm52YLMznsS9INQD3CQZ0FoDH8anUwCvoG1kEU=,tag:l9wIqKVGgPwjpP6/FIHTSA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/src/domains/afm-secrets/secret/weu-uat/noedit_secret_enc.json b/src/domains/afm-secrets/secret/weu-uat/noedit_secret_enc.json new file mode 100644 index 0000000000..2639ca3204 --- /dev/null +++ b/src/domains/afm-secrets/secret/weu-uat/noedit_secret_enc.json @@ -0,0 +1,24 @@ +{ + "afm-fee-reporting-s3-key-id": "ENC[AES256_GCM,data:dsi+BRoW4OIyoxo=,iv:fn6X/QM4ac0Bh6pmkpVlQ5bgYm28MJZKeCg/hSYgh/4=,tag:yTGSpIc+MH6fd+v3+Zy1yw==,type:str]", + "afm-fee-reporting-s3-key-secret": "ENC[AES256_GCM,data:I8UDMX4184T989k=,iv:AzRl/rqHDNVf04+F9z1EXiMEhmQ3gtaIzNSU17bku8k=,tag:WTC3rBbA0Ab9W9kxF8J5uw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": [ + { + "vault_url": "https://pagopa-u-afm-kv.vault.azure.net", + "name": "pagopa-u-afm-sops-key", + "version": "add26e5b260f4416af08770320fe27aa", + "created_at": "2024-10-22T05:29:47Z", + "enc": "eg0gevcLHVe52m1e8LF9pYzXSFKtX197UvzNH1ArluZO7Cwdawe17aFsf6Q7KKu5ohu-9LUSM5fBvuWk7qArp6sM-oiWvmRegd7tYPc3K3sM6t1wiOR55TbJuck0ucE-OzVwGe00qBHL1ksOkSMs9bCQ0zdgUJ0UW6R9j6tuOJHHOxW8__j0MZK0bQsPVtOkgLn-UaJczHeO2Xf34ct8W5K8_wF1V9BLxFTS_Kz7SFd8xVGj0rxxcXiSE1lAJaEe__v1qa_9zONO-5X7MklURoGinu27IqOTz8PvSo2XmTFFwQMmfZlMt_FDEwo66SJJTZwzZsibh5UgUvhg0Mo01w" + } + ], + "hc_vault": null, + "age": null, + "lastmodified": "2024-10-24T10:22:17Z", + "mac": "ENC[AES256_GCM,data:q91G3ciPcYfFdAj3wT47UGi4H0nIYC0DvebPQMj9sd8phz0H4ApIvF+6O1/qbW/wsE7w021r41hFfa8YyLJ4d4p+cwGBgVjs24R2zHNCX7Z9M0o2pbuUp/2/uk6AnWVJNxpyzNFTAvc9yPRFXKTnR0kiGI1PdZ04RGTi1LBDGAM=,iv:fT/XCVdASdQZMwh4xKZyLTwAs9RW0KVkf+2GabiZJEM=,tag:9L82qBWR1VemReEtuMQ4eA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file