From bfc06719cbf4f6cabd84f83d675af09c197eaec5 Mon Sep 17 00:00:00 2001 From: petretiandrea Date: Fri, 18 Oct 2024 10:29:08 +0200 Subject: [PATCH] [SRTP-41] Initialize terraform (#2) --- .github/workflows/pr-title.yaml | 56 ++++ .github/workflows/static-analysis-pr.yaml | 16 ++ .github/workflows/static-analysis.yaml | 16 ++ .gitignore | 39 +++ .pre-commit-config.yaml | 14 + .spectral.yml | 1 + .terraform-version | 1 + scripts/terraform.sh | 324 ++++++++++++++++++++++ scripts/terraform_run_all.sh | 61 ++++ src/rtp/.terraform.lock.hcl | 42 +++ src/rtp/00_data.tf | 4 + src/rtp/01_apim_core.tf | 30 ++ src/rtp/02_api_mock.tf | 50 ++++ src/rtp/99_locals.tf | 7 + src/rtp/99_main.tf | 29 ++ src/rtp/99_variables.tf | 50 ++++ src/rtp/api/test/mock_policy.xml | 31 +++ src/rtp/api_product/base_policy.xml | 26 ++ src/rtp/env/dev/backend.ini | 1 + src/rtp/env/dev/backend.tfvars | 4 + src/rtp/env/dev/terraform.tfvars | 16 ++ src/rtp/env/prod/backend.ini | 1 + src/rtp/env/prod/backend.tfvars | 4 + src/rtp/env/prod/terraform.tfvars | 16 ++ src/rtp/env/uat/backend.ini | 1 + src/rtp/env/uat/backend.tfvars | 4 + src/rtp/env/uat/terraform.tfvars | 16 ++ src/rtp/terraform.sh | 1 + 28 files changed, 861 insertions(+) create mode 100644 .github/workflows/pr-title.yaml create mode 100644 .github/workflows/static-analysis-pr.yaml create mode 100644 .github/workflows/static-analysis.yaml create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 .spectral.yml create mode 100644 .terraform-version create mode 100755 scripts/terraform.sh create mode 100644 scripts/terraform_run_all.sh create mode 100644 src/rtp/.terraform.lock.hcl create mode 100644 src/rtp/00_data.tf create mode 100644 src/rtp/01_apim_core.tf create mode 100644 src/rtp/02_api_mock.tf create mode 100644 src/rtp/99_locals.tf create mode 100644 src/rtp/99_main.tf create mode 100644 src/rtp/99_variables.tf create mode 100644 src/rtp/api/test/mock_policy.xml create mode 100644 src/rtp/api_product/base_policy.xml create mode 100644 src/rtp/env/dev/backend.ini create mode 100644 src/rtp/env/dev/backend.tfvars create mode 100644 src/rtp/env/dev/terraform.tfvars create mode 100644 src/rtp/env/prod/backend.ini create mode 100644 src/rtp/env/prod/backend.tfvars create mode 100644 src/rtp/env/prod/terraform.tfvars create mode 100644 src/rtp/env/uat/backend.ini create mode 100644 src/rtp/env/uat/backend.tfvars create mode 100644 src/rtp/env/uat/terraform.tfvars create mode 120000 src/rtp/terraform.sh diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml new file mode 100644 index 0000000..a364f88 --- /dev/null +++ b/.github/workflows/pr-title.yaml @@ -0,0 +1,56 @@ +name: Validate PR title + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +jobs: + main: + name: Validate PR title + runs-on: ubuntu-22.04 + steps: + # Please look up the latest version from + # https://github.com/amannn/action-semantic-pull-request/releases + # from https://github.com/amannn/action-semantic-pull-request/commits/main + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + # Configure which types are allowed. + # Default: https://github.com/commitizen/conventional-commit-types + types: | + fix + feat + docs + chore + breaking + # Configure that a scope must always be provided. + requireScope: false + # Configure additional validation for the subject based on a regex. + # This example ensures the subject starts with an uppercase character. + subjectPattern: ^.+$ + # If `subjectPattern` is configured, you can use this property to override + # the default error message that is shown when the pattern doesn't match. + # The variables `subject` and `title` can be used within the message. + subjectPatternError: | + The subject "{subject}" found in the pull request title "{title}" + didn't match the configured pattern. Please ensure that the subject + starts with an uppercase character. + # For work-in-progress PRs you can typically use draft pull requests + # from Github. However, private repositories on the free plan don't have + # this option and therefore this action allows you to opt-in to using the + # special "[WIP]" prefix to indicate this state. This will avoid the + # validation of the PR title and the pull request checks remain pending. + # Note that a second check will be reported if this is enabled. + wip: true + # When using "Squash and merge" on a PR with only one commit, GitHub + # will suggest using that commit message instead of the PR title for the + # merge commit, and it's easy to commit this by mistake. Enable this option + # to also validate the commit message for one commit PRs. + validateSingleCommit: false + # Related to `validateSingleCommit` you can opt-in to validate that the PR + # title matches a single commit to avoid confusion. + validateSingleCommitMatchesPrTitle: false \ No newline at end of file diff --git a/.github/workflows/static-analysis-pr.yaml b/.github/workflows/static-analysis-pr.yaml new file mode 100644 index 0000000..c95c1fc --- /dev/null +++ b/.github/workflows/static-analysis-pr.yaml @@ -0,0 +1,16 @@ +name: Static Analysis PR + +on: + push: + branches-ignore: + - main + +jobs: + static_analysis: + runs-on: ubuntu-22.04 + + steps: + - name: Static Analysis + uses: pagopa/eng-github-actions-iac-template/azure/terraform-static-analysis@1e65ac158f5f60d3e46d3621dd4321f7b6e2d80d # v1.8.0 + with: + precommit_version: 'v1.86.0@sha256:fed35dd9347aa3dd3e59a870dbc4500245dae26910d84065a6f66fe61afceaa8' \ No newline at end of file diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml new file mode 100644 index 0000000..638524d --- /dev/null +++ b/.github/workflows/static-analysis.yaml @@ -0,0 +1,16 @@ +name: Static Analysis + +on: + push: + branches: + - main + +jobs: + static_analysis: + runs-on: ubuntu-22.04 + + steps: + - name: Static Analysis + uses: pagopa/eng-github-actions-iac-template/azure/terraform-static-analysis@1e65ac158f5f60d3e46d3621dd4321f7b6e2d80d # v1.8.0 + with: + precommit_version: 'v1.86.0@sha256:fed35dd9347aa3dd3e59a870dbc4500245dae26910d84065a6f66fe61afceaa8' \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f6e80bc --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +.vscode + +# Local .terraform directories +**/.terraform/* + +# tfplan files +**/tfplan + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +*.DS_Store +*.log +.idea +.vscode \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..58e45f0 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,14 @@ +repos: + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.86.0 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - markdown --sort-by required + - id: terraform_tfsec + - id: terraform_validate + args: + - --init-args=-lockfile=readonly + - --args=-json + - --args=-no-color \ No newline at end of file diff --git a/.spectral.yml b/.spectral.yml new file mode 100644 index 0000000..1d37769 --- /dev/null +++ b/.spectral.yml @@ -0,0 +1 @@ +extends: ["spectral:oas"] \ No newline at end of file diff --git a/.terraform-version b/.terraform-version new file mode 100644 index 0000000..ff2fd4f --- /dev/null +++ b/.terraform-version @@ -0,0 +1 @@ +1.8.5 \ No newline at end of file diff --git a/scripts/terraform.sh b/scripts/terraform.sh new file mode 100755 index 0000000..2bde4b0 --- /dev/null +++ b/scripts/terraform.sh @@ -0,0 +1,324 @@ +#!/bin/bash +############################################################ +# Terraform script for managing infrastructure on Azure +# Fingerprint: d2hhdHlvdXdhbnQ/Cg== +############################################################ +# Global variables +# Version format x.y accepted +vers="1.11" +script_name=$(basename "$0") +git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/azure/${script_name}" +tmp_file="${script_name}.new" +# Check if the third parameter exists and is a file +if [ -n "$3" ] && [ -f "$3" ]; then + FILE_ACTION=true +else + FILE_ACTION=false +fi + +# Define functions +function clean_environment() { + rm -rf .terraform + rm tfplan 2>/dev/null + echo "cleaned!" +} + +function download_tool() { + #default value + cpu_type="intel" + os_type=$(uname) + + # only on MacOS + if [ "$os_type" == "Darwin" ]; then + cpu_brand=$(sysctl -n machdep.cpu.brand_string) + if grep -q -i "intel" <<< "$cpu_brand"; then + cpu_type="intel" + else + cpu_type="arm" + fi + fi + + echo $cpu_type + tool=$1 + git_repo="https://raw.githubusercontent.com/pagopa/eng-common-scripts/main/golang/${tool}_${cpu_type}" + if ! command -v $tool &> /dev/null; then + if ! curl -sL "$git_repo" -o "$tool"; then + echo "Error downloading ${tool}" + return 1 + else + chmod +x $tool + echo "${tool} downloaded! Please note this tool WON'T be copied in your **/bin folder for safety reasons. +You need to do it yourself!" + read -p "Press enter to continue" + + + fi + fi +} + +function extract_resources() { + TF_FILE=$1 + ENV=$2 + TARGETS="" + + # Check if the file exists + if [ ! -f "$TF_FILE" ]; then + echo "File $TF_FILE does not exist." + exit 1 + fi + + # Check if the directory exists + if [ ! -d "./env/$ENV" ]; then + echo "Directory ./env/$ENV does not exist." + exit 1 + fi + + TMP_FILE=$(mktemp) + grep -E '^resource|^module' $TF_FILE > $TMP_FILE + + while read -r line ; do + TYPE=$(echo $line | cut -d '"' -f 1 | tr -d ' ') + if [ "$TYPE" == "module" ]; then + NAME=$(echo $line | cut -d '"' -f 2) + TARGETS+=" -target=\"$TYPE.$NAME\"" + else + NAME1=$(echo $line | cut -d '"' -f 2) + NAME2=$(echo $line | cut -d '"' -f 4) + TARGETS+=" -target=\"$NAME1.$NAME2\"" + fi + done < $TMP_FILE + + rm $TMP_FILE + + echo "./terraform.sh $action $ENV $TARGETS" +} + +function help_usage() { + echo "terraform.sh Version ${vers}" + echo + echo "Usage: ./script.sh [ACTION] [ENV] [OTHER OPTIONS]" + echo "es. ACTION: init, apply, plan, etc." + echo "es. ENV: dev, uat, prod, etc." + echo + echo "Available actions:" + echo " clean Remove .terraform* folders and tfplan files" + echo " help This help" + echo " list List every environment available" + echo " update Update this script if possible" + echo " summ Generate summary of Terraform plan" + echo " tflist Generate an improved output of terraform state list" + echo " tlock Generate or update the dependency lock file" + echo " * any terraform option" +} + +function init_terraform() { + if [ -n "$env" ]; then + terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" $other + else + echo "ERROR: no env configured!" + exit 1 + fi +} + +function list_env() { + # Check if env directory exists + if [ ! -d "./env" ]; then + echo "No environment directory found" + exit 1 + fi + + # List subdirectories under env directory + env_list=$(ls -d ./env/*/ 2>/dev/null) + + # Check if there are any subdirectories + if [ -z "$env_list" ]; then + echo "No environments found" + exit 1 + fi + + # Print the list of environments + echo "Available environments:" + for env in $env_list; do + env_name=$(echo "$env" | sed 's#./env/##;s#/##') + echo "- $env_name" + done +} + +function other_actions() { + if [ -n "$env" ] && [ -n "$action" ]; then + terraform "$action" -var-file="./env/$env/terraform.tfvars" -compact-warnings $other + else + echo "ERROR: no env or action configured!" + exit 1 + fi +} + +function state_output_taint_actions() { + if [ "$action" == "tflist" ]; then + # If 'tflist' is not installed globally and there is no 'tflist' file in the current directory, + # attempt to download the 'tflist' tool + if ! command -v tflist &> /dev/null && [ ! -f "tflist" ]; then + download_tool "tflist" + if [ $? -ne 0 ]; then + echo "Error: Failed to download tflist!!" + exit 1 + else + echo "tflist downloaded!" + fi + fi + if command -v tflist &> /dev/null; then + terraform state list | tflist + else + terraform state list | ./tflist + fi + else + terraform $action $other + fi +} + + +function parse_tfplan_option() { + # Create an array to contain arguments that do not start with '-tfplan=' + local other_args=() + + # Loop over all arguments + for arg in "$@"; do + # If the argument starts with '-tfplan=', extract the file name + if [[ "$arg" =~ ^-tfplan= ]]; then + echo "${arg#*=}" + else + # If the argument does not start with '-tfplan=', add it to the other_args array + other_args+=("$arg") + fi + done + + # Print all arguments in other_args separated by spaces + echo "${other_args[@]}" +} + +function tfsummary() { + local plan_file + plan_file=$(parse_tfplan_option "$@") + if [ -z "$plan_file" ]; then + plan_file="tfplan" + fi + action="plan" + other="-out=${plan_file}" + other_actions + if [ -n "$(command -v tf-summarize)" ]; then + tf-summarize -tree "${plan_file}" + else + echo "tf-summarize is not installed" + fi + if [ "$plan_file" == "tfplan" ]; then + rm $plan_file + fi +} + +function update_script() { + # Check if the repository was cloned successfully + if ! curl -sL "$git_repo" -o "$tmp_file"; then + echo "Error cloning the repository" + rm "$tmp_file" 2>/dev/null + return 1 + fi + + # Check if a newer version exists + remote_vers=$(sed -n '8s/vers="\(.*\)"/\1/p' "$tmp_file") + if [ "$(printf '%s\n' "$vers" "$remote_vers" | sort -V | tail -n 1)" == "$vers" ]; then + echo "The local script version is equal to or newer than the remote version." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Check the fingerprint + local_fingerprint=$(sed -n '4p' "$0") + remote_fingerprint=$(sed -n '4p' "$tmp_file") + + if [ "$local_fingerprint" != "$remote_fingerprint" ]; then + echo "The local and remote file fingerprints do not match." + rm "$tmp_file" 2>/dev/null + return 0 + fi + + # Show the current and available versions to the user + echo "Current script version: $vers" + echo "Available script version: $remote_vers" + + # Ask the user if they want to update the script + read -rp "Do you want to update the script to version $remote_vers? (y/n): " answer + + if [ "$answer" == "y" ] || [ "$answer" == "Y" ]; then + # Replace the local script with the updated version + cp "$tmp_file" "$script_name" + chmod +x "$script_name" + rm "$tmp_file" 2>/dev/null + + echo "Script successfully updated to version $remote_vers" + else + echo "Update canceled by the user" + fi + + rm "$tmp_file" 2>/dev/null +} + +# Check arguments number +if [ "$#" -lt 1 ]; then + help_usage + exit 0 +fi + +# Parse arguments +action=$1 +env=$2 +filetf=$3 +shift 2 +other=$@ + +if [ -n "$env" ]; then + # shellcheck source=/dev/null + source "./env/$env/backend.ini" + if [ -z "$(command -v az)" ]; then + echo "az not found, cannot proceed" + exit 1 + fi + az account set -s "${subscription}" +fi + +# Call appropriate function based on action +case $action in + clean) + clean_environment + ;; + ?|help|-h) + help_usage + ;; + init) + init_terraform "$other" + ;; + list) + list_env + ;; + output|state|taint|tflist) + init_terraform + state_output_taint_actions $other + ;; + summ) + init_terraform + tfsummary "$other" + ;; + tlock) + terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=linux_amd64 + ;; + update) + update_script + ;; + *) + if [ "$FILE_ACTION" = true ]; then + extract_resources "$filetf" "$env" + else + init_terraform + other_actions "$other" + fi + ;; +esac \ No newline at end of file diff --git a/scripts/terraform_run_all.sh b/scripts/terraform_run_all.sh new file mode 100644 index 0000000..ed074c2 --- /dev/null +++ b/scripts/terraform_run_all.sh @@ -0,0 +1,61 @@ +#!/bin/bash + + + +# +# bash .utils/terraform_run_all.sh +# bash .utils/terraform_run_all.sh init +# + +# 'set -e' tells the shell to exit if any of the foreground command fails, +# i.e. exits with a non-zero status. +set -eu + +pids=() +ACTION="$1" + +array=( + 'src/cittadini::itn-dev' + 'src/monitor::itn-dev' +) + +function rm_terraform { + find . \( -iname ".terraform*" ! -iname ".terraform-docs*" ! -iname ".terraform-version" ! -iname ".terraform.lock.hcl" \) -print0 | xargs -0 rm -rf +} + +# echo "[INFO] 🪚 Delete all .terraform folders" +# rm_terraform + +echo "[INFO] 🏁 Init all terraform repos" +for index in "${array[@]}" ; do + FOLDER="${index%%::*}" + COMMAND="${index##*::}" + pushd "$(pwd)/${FOLDER}" + echo "$FOLDER - $COMMAND" + echo "🔬 folder: $(pwd) in under terraform: $ACTION action" + sh terraform.sh "$ACTION" "$COMMAND" + + terraform providers lock \ + -platform=windows_amd64 \ + -platform=darwin_amd64 \ + -platform=darwin_arm64 \ + -platform=linux_amd64 & + + pids+=($!) + popd +done + + +# Wait for each specific process to terminate. +# Instead of this loop, a single call to 'wait' would wait for all the jobs +# to terminate, but it would not give us their exit status. +# +for pid in "${pids[@]}"; do + # + # Waiting on a specific PID makes the wait command return with the exit + # status of that process. Because of the 'set -e' setting, any exit status + # other than zero causes the current shell to terminate with that exit + # status as well. + # + wait "$pid" +done \ No newline at end of file diff --git a/src/rtp/.terraform.lock.hcl b/src/rtp/.terraform.lock.hcl new file mode 100644 index 0000000..a393664 --- /dev/null +++ b/src/rtp/.terraform.lock.hcl @@ -0,0 +1,42 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.53.1" + constraints = "~> 2.52" + hashes = [ + "h1:2rk36pu4YyhBVz/Mf4swYCQxaB31iPaXOiWNlqZMXbM=", + "zh:162916b037e5133f49298b0ffa3e7dcef7d76530a8ca738e7293373980f73c68", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:492931cea4f30887ab5bca36a8556dfcb897288eddd44619c0217fc5da2d57e7", + "zh:4c895e450e18335ad8714cc6d3488fc1a78816ad2851a91b06cb2ef775dd7c66", + "zh:60d92fdaf7235574201f2d8f68f733ee00a822993b3fc95e6952e09e6ec76999", + "zh:67a169119efa41c1fb867ef1a8e79bf03472a2324384c36eb55370c817dcce42", + "zh:9dd4d5ed9233cf9329262200bc5a1aa60942b80dbc611e2ef4b09f47531b39b1", + "zh:a3c160e35b9e40fc1497b83c2f37a8e24565b05a1783c7733609f3695735c2a9", + "zh:a4a221da42b1f46e7c436c7145e5beaadfd9d03f3be6fd526d132c03f18a5979", + "zh:af0d3476a9702d2287e168e3baa670e64daab9c9b01c01e17025a5248f3e28e9", + "zh:e3579bff7894f3d36066b74ec324be6d28f56a42a387a2b8a0eabf33cbff86df", + "zh:f1749ee8ad972ae6424665aa9d2c0ece8c40c51d41ec2f38b863148cb437e865", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.116.0" + constraints = "~> 3.108" + hashes = [ + "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", + ] +} diff --git a/src/rtp/00_data.tf b/src/rtp/00_data.tf new file mode 100644 index 0000000..d5cbd42 --- /dev/null +++ b/src/rtp/00_data.tf @@ -0,0 +1,4 @@ +data "azurerm_api_management" "this" { + name = local.apim_name + resource_group_name = local.apim_rg +} \ No newline at end of file diff --git a/src/rtp/01_apim_core.tf b/src/rtp/01_apim_core.tf new file mode 100644 index 0000000..e70cab1 --- /dev/null +++ b/src/rtp/01_apim_core.tf @@ -0,0 +1,30 @@ +# ------------------------------------------------------------------------------ +# Product. +# ------------------------------------------------------------------------------ +resource "azurerm_api_management_product" "rtp" { + api_management_name = data.azurerm_api_management.this.name + resource_group_name = data.azurerm_api_management.this.resource_group_name + + product_id = "rtp" + display_name = "RTP Request To Pay" + description = "RTP Request To Pay" + + subscription_required = false + published = true +} + +resource "azurerm_api_management_product_policy" "rtp_api_product" { + product_id = azurerm_api_management_product.rtp.product_id + api_management_name = data.azurerm_api_management.this.name + resource_group_name = data.azurerm_api_management.this.resource_group_name + + xml_content = file("./api_product/base_policy.xml") +} + +resource "azurerm_api_management_group" "rtp_group" { + name = var.domain + resource_group_name = data.azurerm_api_management.this.resource_group_name + api_management_name = data.azurerm_api_management.this.name + display_name = upper(var.domain) +} + diff --git a/src/rtp/02_api_mock.tf b/src/rtp/02_api_mock.tf new file mode 100644 index 0000000..9dd064e --- /dev/null +++ b/src/rtp/02_api_mock.tf @@ -0,0 +1,50 @@ +## RTP Mock API ## +resource "azurerm_api_management_api" "rtp_mock_api" { + name = "${var.env_short}-rtp-mock-api" + api_management_name = data.azurerm_api_management.this.name + resource_group_name = data.azurerm_api_management.this.resource_group_name + + revision = "1" + description = "RTP MOCK API" + display_name = "RTP MOCK API" + path = "rtp/mock" + protocols = ["https"] + subscription_required = false + + depends_on = [azurerm_api_management_product.rtp] +} + +resource "azurerm_api_management_product_api" "rtp_mock_product_api" { + api_management_name = data.azurerm_api_management.this.name + resource_group_name = data.azurerm_api_management.this.resource_group_name + api_name = azurerm_api_management_api.rtp_mock_api.name + product_id = azurerm_api_management_product.rtp.product_id + depends_on = [azurerm_api_management_product.rtp, azurerm_api_management_api.rtp_mock_api] +} + + +## RTP Mock Operations ## +resource "azurerm_api_management_api_operation" "rtp_mock_create_ticket" { + operation_id = "rtp_mock_create_ticket" + api_name = azurerm_api_management_api.rtp_mock_api.name + api_management_name = data.azurerm_api_management.this.name + resource_group_name = data.azurerm_api_management.this.resource_group_name + display_name = "RTP Mock create ticket" + method = "POST" + url_template = "/api/v1/create" + description = "Endpoint for create a rtp ticket api" +} + +resource "azurerm_api_management_api_operation_policy" "rtp_mock_create_ticket_policy" { + api_name = azurerm_api_management_api_operation.rtp_mock_create_ticket.api_name + api_management_name = azurerm_api_management_api_operation.rtp_mock_create_ticket.api_management_name + resource_group_name = azurerm_api_management_api_operation.rtp_mock_create_ticket.resource_group_name + operation_id = azurerm_api_management_api_operation.rtp_mock_create_ticket.operation_id + + xml_content = templatefile("./api/test/mock_policy.xml", { + env = var.env + }) + + depends_on = [azurerm_api_management_api_operation.rtp_mock_create_ticket] + +} \ No newline at end of file diff --git a/src/rtp/99_locals.tf b/src/rtp/99_locals.tf new file mode 100644 index 0000000..01f792b --- /dev/null +++ b/src/rtp/99_locals.tf @@ -0,0 +1,7 @@ +locals { + project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" + product = "${var.prefix}-${var.env_short}" + + apim_name = "${local.product}-apim" + apim_rg = "${local.product}-api-rg" +} \ No newline at end of file diff --git a/src/rtp/99_main.tf b/src/rtp/99_main.tf new file mode 100644 index 0000000..3bf6462 --- /dev/null +++ b/src/rtp/99_main.tf @@ -0,0 +1,29 @@ +terraform { + required_version = ">=1.3.0" + + required_providers { + azuread = { + source = "hashicorp/azuread" + version = "~> 2.52" + } + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.108" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features { + key_vault { + purge_soft_delete_on_destroy = false + } + } +} + +module "__v3__" { + # https://github.com/pagopa/terraform-azurerm-v3/releases/tag/v8.39.0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git?ref=e64f39b63d46e8c05470e30eca873f44a0ab7f1b" +} \ No newline at end of file diff --git a/src/rtp/99_variables.tf b/src/rtp/99_variables.tf new file mode 100644 index 0000000..50b61b1 --- /dev/null +++ b/src/rtp/99_variables.tf @@ -0,0 +1,50 @@ +variable "prefix" { + type = string + validation { + condition = ( + length(var.prefix) <= 6 + ) + error_message = "Max length is 6 chars." + } +} + +variable "env" { + type = string + description = "Environment" +} + +variable "env_short" { + type = string + validation { + condition = ( + length(var.env_short) <= 1 + ) + error_message = "Max length is 1 chars." + } +} + +variable "location" { + type = string +} + +variable "location_short" { + type = string + description = "Location short like eg: neu, weu.." +} + +variable "tags" { + type = map(any) + default = { + CreatedBy = "Terraform" + } +} + +variable "domain" { + type = string + validation { + condition = ( + length(var.domain) <= 12 + ) + error_message = "Max length is 12 chars." + } +} diff --git a/src/rtp/api/test/mock_policy.xml b/src/rtp/api/test/mock_policy.xml new file mode 100644 index 0000000..5507cb1 --- /dev/null +++ b/src/rtp/api/test/mock_policy.xml @@ -0,0 +1,31 @@ + + + + + + + application/json + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/rtp/api_product/base_policy.xml b/src/rtp/api_product/base_policy.xml new file mode 100644 index 0000000..dcfe583 --- /dev/null +++ b/src/rtp/api_product/base_policy.xml @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/rtp/env/dev/backend.ini b/src/rtp/env/dev/backend.ini new file mode 100644 index 0000000..5d2d018 --- /dev/null +++ b/src/rtp/env/dev/backend.ini @@ -0,0 +1 @@ +subscription=DEV-CSTAR \ No newline at end of file diff --git a/src/rtp/env/dev/backend.tfvars b/src/rtp/env/dev/backend.tfvars new file mode 100644 index 0000000..bf16ea1 --- /dev/null +++ b/src/rtp/env/dev/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "io-infra-rg" +storage_account_name = "cstarinfrastterraformdev" +container_name = "azurermstate" +key = "rtp-apim-product-rtp-dev.terraform.tfstate" \ No newline at end of file diff --git a/src/rtp/env/dev/terraform.tfvars b/src/rtp/env/dev/terraform.tfvars new file mode 100644 index 0000000..76d3cdd --- /dev/null +++ b/src/rtp/env/dev/terraform.tfvars @@ -0,0 +1,16 @@ +# general +prefix = "cstar" +env_short = "d" +env = "dev" +domain = "rtp" +location = "westeurope" +location_short = "weu" + +tags = { + CreatedBy = "Terraform" + Environment = "DEV" + Owner = "CSTAR" + Source = "https://github.com/pagopa/cstar-infrastructure" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" + Application = "RTP" +} diff --git a/src/rtp/env/prod/backend.ini b/src/rtp/env/prod/backend.ini new file mode 100644 index 0000000..18b0a97 --- /dev/null +++ b/src/rtp/env/prod/backend.ini @@ -0,0 +1 @@ +subscription=PROD-CSTAR \ No newline at end of file diff --git a/src/rtp/env/prod/backend.tfvars b/src/rtp/env/prod/backend.tfvars new file mode 100644 index 0000000..b377358 --- /dev/null +++ b/src/rtp/env/prod/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "io-infra-rg" +storage_account_name = "cstarinfrastterraform" +container_name = "azurermstate" +key = "rtp-apim-product-rtp-prod.terraform.tfstate" \ No newline at end of file diff --git a/src/rtp/env/prod/terraform.tfvars b/src/rtp/env/prod/terraform.tfvars new file mode 100644 index 0000000..9592fb6 --- /dev/null +++ b/src/rtp/env/prod/terraform.tfvars @@ -0,0 +1,16 @@ +# general +prefix = "cstar" +env_short = "p" +env = "prod" +domain = "rtp" +location = "westeurope" +location_short = "weu" + +tags = { + CreatedBy = "Terraform" + Environment = "PROD" + Owner = "CSTAR" + Source = "https://github.com/pagopa/cstar-infrastructure" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" + Application = "RTP" +} diff --git a/src/rtp/env/uat/backend.ini b/src/rtp/env/uat/backend.ini new file mode 100644 index 0000000..4ec6fba --- /dev/null +++ b/src/rtp/env/uat/backend.ini @@ -0,0 +1 @@ +subscription=UAT-CSTAR \ No newline at end of file diff --git a/src/rtp/env/uat/backend.tfvars b/src/rtp/env/uat/backend.tfvars new file mode 100644 index 0000000..fd35cfa --- /dev/null +++ b/src/rtp/env/uat/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "io-infra-rg" +storage_account_name = "cstarinfrastterraformuat" +container_name = "azurermstate" +key = "rtp-apim-product-rtp-uat.terraform.tfstate" \ No newline at end of file diff --git a/src/rtp/env/uat/terraform.tfvars b/src/rtp/env/uat/terraform.tfvars new file mode 100644 index 0000000..b60828f --- /dev/null +++ b/src/rtp/env/uat/terraform.tfvars @@ -0,0 +1,16 @@ +# general +prefix = "cstar" +env_short = "u" +env = "uat" +domain = "rtp" +location = "westeurope" +location_short = "weu" + +tags = { + CreatedBy = "Terraform" + Environment = "UAT" + Owner = "CSTAR" + Source = "https://github.com/pagopa/cstar-infrastructure" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" + Application = "RTP" +} diff --git a/src/rtp/terraform.sh b/src/rtp/terraform.sh new file mode 120000 index 0000000..165ae70 --- /dev/null +++ b/src/rtp/terraform.sh @@ -0,0 +1 @@ +../../scripts/terraform.sh \ No newline at end of file