diff --git a/src/core/README.md b/src/core/README.md
index 0bea099a2..b2e33cf10 100644
--- a/src/core/README.md
+++ b/src/core/README.md
@@ -80,9 +80,6 @@
| [function\_assets\_cdn\_staging\_slot](#module\_function\_assets\_cdn\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v7.61.0 |
| [function\_elt](#module\_function\_elt) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app | v7.62.0 |
| [function\_elt\_snetout](#module\_function\_elt\_snetout) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
-| [function\_eucovidcert](#module\_function\_eucovidcert) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app | v7.61.0 |
-| [function\_eucovidcert\_snet](#module\_function\_eucovidcert\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
-| [function\_eucovidcert\_staging\_slot](#module\_function\_eucovidcert\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v7.61.0 |
| [function\_messages\_cqrs](#module\_function\_messages\_cqrs) | github.com/pagopa/terraform-azurerm-v3//function_app | v7.62.0 |
| [function\_messages\_cqrs\_snet](#module\_function\_messages\_cqrs\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
| [function\_messages\_cqrs\_staging\_slot](#module\_function\_messages\_cqrs\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v7.61.0 |
@@ -233,7 +230,6 @@
| [azurerm_monitor_autoscale_setting.function_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_autoscale_setting.function_app_async](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_autoscale_setting.function_assets_cdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
-| [azurerm_monitor_autoscale_setting.function_eucovidcert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_autoscale_setting.function_messages_cqrs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_autoscale_setting.function_public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_autoscale_setting.function_services_autoscale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
@@ -243,7 +239,6 @@
| [azurerm_monitor_metric_alert.function_assets_health_check](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_monitor_metric_alert.function_assets_http_server_errors](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_monitor_metric_alert.function_assets_response_time](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
-| [azurerm_monitor_metric_alert.function_eucovidcert_health_check](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_monitor_metric_alert.iopstapi_throttling_low_availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_monitor_metric_alert.too_many_http_5xx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_monitor_scheduled_query_rules_alert.mailup_alert_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
@@ -356,7 +351,6 @@
| [azurerm_subnet_nat_gateway_association.app_backendl1_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_nat_gateway_association.app_backendl2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_nat_gateway_association.app_backendli_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
-| [azurerm_subnet_nat_gateway_association.function_eucovidcert_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_network_security_group_association.snet_nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
| [azurerm_user_assigned_identity.appgateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
| [azurerm_web_application_firewall_policy.api_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/web_application_firewall_policy) | resource |
@@ -455,16 +449,6 @@
| [azurerm_key_vault_secret.fn_app_beta_users](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.fn_eucovidcert_API_KEY_APPBACKEND](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.fn_eucovidcert_API_KEY_PUBLICIOEVENTDISPATCHER](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_CLIENT_CERT](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_CLIENT_KEY](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_SERVER_CA](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_CLIENT_CERT](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_CLIENT_KEY](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_SERVER_CA](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_CLIENT_CERT](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_CLIENT_KEY](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_SERVER_CA](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
-| [azurerm_key_vault_secret.fn_eucovidcert_FNSERVICES_API_KEY](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.fn_messages_APP_MESSAGES_BETA_FISCAL_CODES](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.fn_services_beta_users](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.fn_services_email_service_blacklist_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
@@ -485,13 +469,13 @@
| [azurerm_key_vault_secret.sec_storage_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.sec_workspace_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.services_exclusion_list](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
+| [azurerm_linux_function_app.eucovidcert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
| [azurerm_linux_function_app.function_cgn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_function_app) | data source |
| [azurerm_linux_web_app.app_backend_app_services](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
| [azurerm_linux_web_app.appservice_devportal_be](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
| [azurerm_linux_web_app.appservice_selfcare_be](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
| [azurerm_linux_web_app.cms_backoffice_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
| [azurerm_linux_web_app.firmaconio_selfcare_web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
-| [azurerm_resource_group.eucovidcert_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_resource_group.notifications_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
| [azurerm_storage_account.citizen_auth_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.iopstapp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
@@ -499,10 +483,10 @@
| [azurerm_storage_account.lollipop_assertions_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.notifications](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.push_notifications_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
-| [azurerm_storage_account.steucovid](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.storage_apievents](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.userbackups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_storage_account.userdatadownload](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
+| [azurerm_subnet.function_eucovidcert_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_subnet.functions_fast_login_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_subnet.ioweb_profile_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
| [azurerm_subnet.services_cms_backoffice_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
diff --git a/src/core/app_backend.tf b/src/core/app_backend.tf
index 38825e1e9..96aeeb022 100644
--- a/src/core/app_backend.tf
+++ b/src/core/app_backend.tf
@@ -60,7 +60,7 @@ locals {
IO_SIGN_API_KEY = data.azurerm_key_vault_secret.app_backend_IO_SIGN_API_KEY.value
CGN_OPERATOR_SEARCH_API_URL = "https://cgnonboardingportal-p-op.azurewebsites.net" # prod subscription
CGN_OPERATOR_SEARCH_API_KEY = data.azurerm_key_vault_secret.app_backend_CGN_OPERATOR_SEARCH_API_KEY_PROD.value
- EUCOVIDCERT_API_URL = "https://${module.function_eucovidcert.default_hostname}/api/v1"
+ EUCOVIDCERT_API_URL = "https://${data.azurerm_linux_function_app.eucovidcert.default_hostname}/api/v1"
EUCOVIDCERT_API_KEY = data.azurerm_key_vault_secret.fn_eucovidcert_API_KEY_APPBACKEND.value
APP_MESSAGES_API_KEY = data.azurerm_key_vault_secret.app_backend_APP_MESSAGES_API_KEY.value
LOLLIPOP_API_URL = "https://io-p-weu-lollipop-fn.azurewebsites.net"
@@ -554,6 +554,16 @@ data "azurerm_key_vault_secret" "app_backend_RECEIPT_SERVICE_API_KEY" {
key_vault_id = module.key_vault_common.id
}
+data "azurerm_key_vault_secret" "fn_eucovidcert_API_KEY_APPBACKEND" {
+ name = "funceucovidcert-KEY-APPBACKEND"
+ key_vault_id = module.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_API_KEY_PUBLICIOEVENTDISPATCHER" {
+ name = "funceucovidcert-KEY-PUBLICIOEVENTDISPATCHER"
+ key_vault_id = module.key_vault.id
+}
+
#tfsec:ignore:AZU023
resource "azurerm_key_vault_secret" "appbackend-REDIS-PASSWORD" {
name = "appbackend-REDIS-PASSWORD"
diff --git a/src/core/data.tf b/src/core/data.tf
index 9faf73cd5..f7178aee2 100644
--- a/src/core/data.tf
+++ b/src/core/data.tf
@@ -274,3 +274,18 @@ data "azurerm_linux_web_app" "appservice_selfcare_be" {
name = "${local.project}-app-selfcare-be"
resource_group_name = "${local.project}-selfcare-be-rg"
}
+
+#
+# EuCovid
+#
+
+data "azurerm_linux_function_app" "eucovidcert" {
+ resource_group_name = "${local.project}-rg-eucovidcert"
+ name = format("%s-eucovidcert-fn", local.project)
+}
+
+data "azurerm_subnet" "function_eucovidcert_snet" {
+ name = format("%s-eucovidcert-snet", local.project)
+ resource_group_name = azurerm_resource_group.rg_common.name
+ virtual_network_name = module.vnet_common.name
+}
diff --git a/src/core/function_eucovidcert.tf b/src/core/function_eucovidcert.tf
deleted file mode 100644
index 216c955ef..000000000
--- a/src/core/function_eucovidcert.tf
+++ /dev/null
@@ -1,378 +0,0 @@
-#
-# SECRETS
-#
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_API_KEY_APPBACKEND" {
- name = "funceucovidcert-KEY-APPBACKEND"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_API_KEY_PUBLICIOEVENTDISPATCHER" {
- name = "funceucovidcert-KEY-PUBLICIOEVENTDISPATCHER"
- key_vault_id = module.key_vault.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_PROD_CLIENT_CERT" {
- name = "eucovidcert-DGC-PROD-CLIENT-CERT"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_PROD_CLIENT_KEY" {
- name = "eucovidcert-DGC-PROD-CLIENT-KEY"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_PROD_SERVER_CA" {
- name = "eucovidcert-DGC-PROD-SERVER-CA"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_UAT_CLIENT_CERT" {
- name = "eucovidcert-DGC-UAT-CLIENT-CERT"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_UAT_CLIENT_KEY" {
- name = "eucovidcert-DGC-UAT-CLIENT-KEY"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_UAT_SERVER_CA" {
- name = "eucovidcert-DGC-UAT-SERVER-CA"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_LOAD_TEST_CLIENT_KEY" {
- name = "eucovidcert-DGC-LOAD-TEST-CLIENT-KEY"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_LOAD_TEST_CLIENT_CERT" {
- name = "eucovidcert-DGC-LOAD-TEST-CLIENT-CERT"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_LOAD_TEST_SERVER_CA" {
- name = "eucovidcert-DGC-LOAD-TEST-SERVER-CA"
- key_vault_id = module.key_vault_common.id
-}
-
-data "azurerm_key_vault_secret" "fn_eucovidcert_FNSERVICES_API_KEY" {
- name = "fn3services-KEY-EUCOVIDCERT"
- key_vault_id = module.key_vault_common.id
-}
-
-#
-# RESOUCE GROUP
-#
-data "azurerm_resource_group" "eucovidcert_rg" {
- name = format("%s-rg-eucovidcert", local.project)
-}
-
-data "azurerm_storage_account" "steucovid" {
- name = "${replace(local.project, "-", "")}steucovidcert"
- resource_group_name = "${local.project}-rg-eucovidcert"
-}
-
-#
-# APP CONFIGURATION
-#
-
-locals {
- function_eucovidcert = {
- app_settings_common = {
- FUNCTIONS_WORKER_RUNTIME = "node"
- WEBSITE_RUN_FROM_PACKAGE = "1"
- WEBSITE_DNS_SERVER = "168.63.129.16"
- FUNCTIONS_WORKER_PROCESS_COUNT = "4"
- NODE_ENV = "production"
-
- // Keepalive fields are all optionals
- FETCH_KEEPALIVE_ENABLED = "true"
- FETCH_KEEPALIVE_SOCKET_ACTIVE_TTL = "110000"
- FETCH_KEEPALIVE_MAX_SOCKETS = "40"
- FETCH_KEEPALIVE_MAX_FREE_SOCKETS = "10"
- FETCH_KEEPALIVE_FREE_SOCKET_TIMEOUT = "30000"
- FETCH_KEEPALIVE_TIMEOUT = "60000"
-
- DGC_UAT_FISCAL_CODES = local.test_users_eu_covid_cert_flat
- # we need test_users_store_review_flat because app IO reviewers must read a valid certificate response
- LOAD_TEST_FISCAL_CODES = join(",", [
- local.test_users_store_review_flat,
- local.test_users_internal_load_flat
- ])
-
- DGC_UAT_URL = "https://servizi-pnval.dgc.gov.it"
- DGC_LOAD_TEST_URL = "https://io-p-fn3-mockdgc.azurewebsites.net"
- DGC_PROD_URL = "https://servizi-pn.dgc.gov.it"
- DGC_PROD_CLIENT_CERT = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_CLIENT_CERT.value)
- DGC_PROD_CLIENT_KEY = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_CLIENT_KEY.value)
- DGC_PROD_SERVER_CA = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_SERVER_CA.value)
- DGC_UAT_CLIENT_CERT = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_CLIENT_CERT.value)
- DGC_UAT_CLIENT_KEY = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_CLIENT_KEY.value)
- DGC_UAT_SERVER_CA = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_SERVER_CA.value)
- DGC_LOAD_TEST_CLIENT_KEY = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_CLIENT_KEY.value)
- DGC_LOAD_TEST_CLIENT_CERT = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_CLIENT_CERT.value)
- DGC_LOAD_TEST_SERVER_CA = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_SERVER_CA.value)
-
- // Events configs
- EventsQueueStorageConnection = data.azurerm_storage_account.steucovid.primary_connection_string
- EUCOVIDCERT_PROFILE_CREATED_QUEUE_NAME = "eucovidcert-profile-created"
- QueueStorageConnection = data.azurerm_storage_account.steucovid.primary_connection_string
- EUCOVIDCERT_NOTIFY_NEW_PROFILE_QUEUE_NAME = "notify-new-profile"
- TableStorageConnection = data.azurerm_storage_account.steucovid.primary_connection_string
- EUCOVIDCERT_TRACE_NOTIFY_NEW_PROFILE_TABLE_NAME = "TraceNotifyNewProfile"
-
- FNSERVICES_API_URL = join(",", formatlist("https://%s/api/v1", module.function_services.*.default_hostname))
- FNSERVICES_API_KEY = data.azurerm_key_vault_secret.fn_eucovidcert_FNSERVICES_API_KEY.value
-
- }
- }
-}
-
-# Subnet to host app function
-module "function_eucovidcert_snet" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.61.0"
- name = format("%s-eucovidcert-snet", local.project)
- address_prefixes = var.cidr_subnet_eucovidcert
- resource_group_name = azurerm_resource_group.rg_common.name
- virtual_network_name = module.vnet_common.name
- private_endpoint_network_policies_enabled = false
-
- service_endpoints = [
- "Microsoft.Web",
- "Microsoft.Storage",
- ]
-
- delegation = {
- name = "default"
- service_delegation = {
- name = "Microsoft.Web/serverFarms"
- actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
- }
- }
-}
-
-resource "azurerm_subnet_nat_gateway_association" "function_eucovidcert_snet" {
- nat_gateway_id = module.nat_gateway.id
- subnet_id = module.function_eucovidcert_snet.id
-}
-
-#tfsec:ignore:azure-storage-queue-services-logging-enabled:exp:2022-05-01 # already ignored, maybe a bug in tfsec
-module "function_eucovidcert" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app?ref=v7.61.0"
-
- resource_group_name = data.azurerm_resource_group.eucovidcert_rg.name
- name = format("%s-eucovidcert-fn", local.project)
- location = var.location
- health_check_path = "/api/v1/info"
-
- node_version = "14"
- runtime_version = "~4"
-
- always_on = "true"
- application_insights_instrumentation_key = azurerm_application_insights.application_insights.instrumentation_key
-
- app_service_plan_info = {
- kind = var.function_eucovidcert_kind
- sku_tier = var.function_eucovidcert_sku_tier
- sku_size = var.function_eucovidcert_sku_size
- maximum_elastic_worker_count = 0
- worker_count = null
- zone_balancing_enabled = null
- }
-
- app_settings = merge(
- local.function_eucovidcert.app_settings_common,
- {
- "AzureWebJobs.NotifyNewProfileToDGC.Disabled" = "0"
- }
- )
-
- sticky_app_setting_names = [
- "AzureWebJobs.NotifyNewProfileToDGC.Disabled",
- "AzureWebJobs.OnProfileCreatedEvent.Disabled"
- ]
-
- subnet_id = module.function_eucovidcert_snet.id
-
- allowed_subnets = [
- module.function_eucovidcert_snet.id,
- module.app_backendl1_snet.id,
- module.app_backendl2_snet.id,
- module.function_pblevtdispatcher_snetout.id,
- module.apim_v2_snet.id,
- ]
-
- tags = var.tags
-}
-
-module "function_eucovidcert_staging_slot" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot?ref=v7.61.0"
-
- name = "staging"
- location = var.location
- resource_group_name = data.azurerm_resource_group.eucovidcert_rg.name
- function_app_id = module.function_eucovidcert.id
- app_service_plan_id = module.function_eucovidcert.app_service_plan_id
- health_check_path = "/api/v1/info"
-
- storage_account_name = module.function_eucovidcert.storage_account.name
- storage_account_access_key = module.function_eucovidcert.storage_account.primary_access_key
-
- node_version = "14"
- always_on = "true"
- runtime_version = "~4"
- application_insights_instrumentation_key = azurerm_application_insights.application_insights.instrumentation_key
-
- app_settings = merge(
- local.function_eucovidcert.app_settings_common,
- {
- "AzureWebJobs.NotifyNewProfileToDGC.Disabled" = "1"
- }
- )
-
- subnet_id = module.function_eucovidcert_snet.id
-
- allowed_subnets = [
- module.azdoa_snet[0].id,
- module.function_eucovidcert_snet.id,
- module.app_backendl1_snet.id,
- module.app_backendl2_snet.id,
- module.function_pblevtdispatcher_snetout.id,
- module.apim_v2_snet.id,
- ]
-
- tags = var.tags
-}
-
-resource "azurerm_monitor_autoscale_setting" "function_eucovidcert" {
- name = format("%s-autoscale", module.function_eucovidcert.name)
- resource_group_name = data.azurerm_resource_group.eucovidcert_rg.name
- location = var.location
- target_resource_id = module.function_eucovidcert.app_service_plan_id
-
- profile {
- name = "default"
-
- capacity {
- default = var.function_eucovidcert_autoscale_default
- minimum = var.function_eucovidcert_autoscale_minimum
- maximum = var.function_eucovidcert_autoscale_maximum
- }
-
- rule {
- metric_trigger {
- metric_name = "Requests"
- metric_resource_id = module.function_eucovidcert.id
- metric_namespace = "microsoft.web/sites"
- time_grain = "PT1M"
- statistic = "Average"
- time_window = "PT5M"
- time_aggregation = "Average"
- operator = "GreaterThan"
- threshold = 3000
- divide_by_instance_count = false
- }
-
- scale_action {
- direction = "Increase"
- type = "ChangeCount"
- value = "2"
- cooldown = "PT5M"
- }
- }
-
- rule {
- metric_trigger {
- metric_name = "CpuPercentage"
- metric_resource_id = module.function_eucovidcert.app_service_plan_id
- metric_namespace = "microsoft.web/serverfarms"
- time_grain = "PT1M"
- statistic = "Average"
- time_window = "PT5M"
- time_aggregation = "Average"
- operator = "GreaterThan"
- threshold = 45
- divide_by_instance_count = false
- }
-
- scale_action {
- direction = "Increase"
- type = "ChangeCount"
- value = "2"
- cooldown = "PT5M"
- }
- }
-
- rule {
- metric_trigger {
- metric_name = "Requests"
- metric_resource_id = module.function_eucovidcert.id
- metric_namespace = "microsoft.web/sites"
- time_grain = "PT1M"
- statistic = "Average"
- time_window = "PT5M"
- time_aggregation = "Average"
- operator = "LessThan"
- threshold = 2000
- divide_by_instance_count = false
- }
-
- scale_action {
- direction = "Decrease"
- type = "ChangeCount"
- value = "1"
- cooldown = "PT20M"
- }
- }
-
- rule {
- metric_trigger {
- metric_name = "CpuPercentage"
- metric_resource_id = module.function_eucovidcert.app_service_plan_id
- metric_namespace = "microsoft.web/serverfarms"
- time_grain = "PT1M"
- statistic = "Average"
- time_window = "PT5M"
- time_aggregation = "Average"
- operator = "LessThan"
- threshold = 30
- divide_by_instance_count = false
- }
-
- scale_action {
- direction = "Decrease"
- type = "ChangeCount"
- value = "1"
- cooldown = "PT20M"
- }
- }
- }
-}
-
-## Alerts
-
-resource "azurerm_monitor_metric_alert" "function_eucovidcert_health_check" {
-
- name = "${module.function_eucovidcert.name}-health-check-failed"
- resource_group_name = data.azurerm_resource_group.eucovidcert_rg.name
- scopes = [module.function_eucovidcert.id]
- description = "${module.function_eucovidcert.name} health check failed"
- severity = 1
- frequency = "PT5M"
- auto_mitigate = false
- enabled = false
-
- criteria {
- metric_namespace = "Microsoft.Web/sites"
- metric_name = "HealthCheckStatus"
- aggregation = "Average"
- operator = "LessThan"
- threshold = 50
- }
-
- action {
- action_group_id = azurerm_monitor_action_group.error_action_group.id
- }
-}
diff --git a/src/core/function_publiceventdispatcher.tf b/src/core/function_publiceventdispatcher.tf
index 92334e979..01fe9aa8e 100644
--- a/src/core/function_publiceventdispatcher.tf
+++ b/src/core/function_publiceventdispatcher.tf
@@ -93,7 +93,7 @@ module "function_pblevtdispatcher" {
webhooks = jsonencode([
# EUCovidCert PROD
{
- url = format("https://%s/api/v1/io-events-webhook", module.function_eucovidcert.default_hostname),
+ url = format("https://%s/api/v1/io-events-webhook", data.azurerm_linux_function_app.eucovidcert.default_hostname),
headers = { "X-Functions-Key" = data.azurerm_key_vault_secret.fn_eucovidcert_API_KEY_PUBLICIOEVENTDISPATCHER.value },
attributes = { serviceId = "01F73DNTMJTCEZQKJDFNB53KEB" },
subscriptions = ["service:subscribed"]
@@ -183,7 +183,7 @@ module "function_pblevtdispatcher_v4" {
webhooks = jsonencode([
# EUCovidCert PROD
{
- url = format("https://%s/api/v1/io-events-webhook", module.function_eucovidcert.default_hostname),
+ url = format("https://%s/api/v1/io-events-webhook", data.azurerm_linux_function_app.eucovidcert.default_hostname),
headers = { "X-Functions-Key" = data.azurerm_key_vault_secret.fn_eucovidcert_API_KEY_PUBLICIOEVENTDISPATCHER.value },
attributes = { serviceId = "01F73DNTMJTCEZQKJDFNB53KEB" },
subscriptions = ["service:subscribed"]
diff --git a/src/core/function_services.tf b/src/core/function_services.tf
index 705264f60..7e7066fd5 100644
--- a/src/core/function_services.tf
+++ b/src/core/function_services.tf
@@ -235,7 +235,7 @@ module "function_services" {
module.services_snet[count.index].id,
module.azdoa_snet[0].id,
module.apim_v2_snet.id,
- module.function_eucovidcert_snet.id,
+ data.azurerm_subnet.function_eucovidcert_snet.id,
]
# Action groups for alerts
@@ -295,7 +295,7 @@ module "function_services_staging_slot" {
module.services_snet[count.index].id,
module.azdoa_snet[0].id,
module.apim_v2_snet.id,
- module.function_eucovidcert_snet.id,
+ data.azurerm_subnet.function_eucovidcert_snet.id,
]
tags = var.tags
diff --git a/src/domains/eucovidcert/_modules/function_apps/alerts.tf b/src/domains/eucovidcert/_modules/function_apps/alerts.tf
new file mode 100644
index 000000000..7f2e9c0fd
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/alerts.tf
@@ -0,0 +1,25 @@
+resource "azurerm_monitor_metric_alert" "function_eucovidcert_health_check" {
+
+ name = "${module.function_eucovidcert.name}-health-check-failed"
+ resource_group_name = var.resource_group_name
+ scopes = [module.function_eucovidcert.id]
+ description = "${module.function_eucovidcert.name} health check failed"
+ severity = 1
+ frequency = "PT5M"
+ auto_mitigate = false
+ enabled = false
+
+ criteria {
+ metric_namespace = "Microsoft.Web/sites"
+ metric_name = "HealthCheckStatus"
+ aggregation = "Average"
+ operator = "LessThan"
+ threshold = 50
+ }
+
+ action {
+ action_group_id = data.azurerm_monitor_action_group.error_action_group.id
+ }
+
+ tags = var.tags
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/autoscalers.tf b/src/domains/eucovidcert/_modules/function_apps/autoscalers.tf
new file mode 100644
index 000000000..b9ea557da
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/autoscalers.tf
@@ -0,0 +1,106 @@
+resource "azurerm_monitor_autoscale_setting" "function_eucovidcert" {
+ name = "${module.function_eucovidcert.name}-autoscale"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ target_resource_id = module.function_eucovidcert.app_service_plan_id
+
+ profile {
+ name = "default"
+
+ capacity {
+ default = 10
+ minimum = 1
+ maximum = 20
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Requests"
+ metric_resource_id = module.function_eucovidcert.id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 3000
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "2"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "CpuPercentage"
+ metric_resource_id = module.function_eucovidcert.app_service_plan_id
+ metric_namespace = "microsoft.web/serverfarms"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 45
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "2"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Requests"
+ metric_resource_id = module.function_eucovidcert.id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 2000
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT20M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "CpuPercentage"
+ metric_resource_id = module.function_eucovidcert.app_service_plan_id
+ metric_namespace = "microsoft.web/serverfarms"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 30
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT20M"
+ }
+ }
+ }
+
+ tags = var.tags
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/data.tf b/src/domains/eucovidcert/_modules/function_apps/data.tf
new file mode 100644
index 000000000..2fe0f7f91
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/data.tf
@@ -0,0 +1,115 @@
+data "azurerm_application_insights" "application_insights" {
+ name = format("%s-ai-common", var.project)
+ resource_group_name = local.resource_group_name_common
+}
+
+data "azurerm_subnet" "snet_apim_v2" {
+ name = "apimv2api"
+ virtual_network_name = local.vnet_name_common
+ resource_group_name = local.resource_group_name_common
+}
+
+data "azurerm_subnet" "snet_azdoa" {
+ name = "azure-devops"
+ virtual_network_name = local.vnet_name_common
+ resource_group_name = local.resource_group_name_common
+}
+
+data "azurerm_subnet" "snet_backendl1" {
+ name = "appbackendl1"
+ virtual_network_name = local.vnet_name_common
+ resource_group_name = local.resource_group_name_common
+}
+
+data "azurerm_subnet" "snet_backendl2" {
+ name = "appbackendl2"
+ virtual_network_name = local.vnet_name_common
+ resource_group_name = local.resource_group_name_common
+}
+
+data "azurerm_subnet" "snet_pblevtdispatcher" {
+ name = "fnpblevtdispatcherout"
+ virtual_network_name = local.vnet_name_common
+ resource_group_name = local.resource_group_name_common
+}
+
+data "azurerm_linux_function_app" "function_services" {
+ count = 2
+ name = "${var.project}-services-fn-${count.index + 1}"
+ resource_group_name = "${var.project}-services-rg-${count.index + 1}"
+}
+
+data "azurerm_key_vault" "key_vault_common" {
+ name = "${var.project}-kv-common"
+ resource_group_name = local.resource_group_name_common
+}
+
+data "azurerm_key_vault" "key_vault" {
+ name = "${var.project}-kv"
+ resource_group_name = local.resource_group_name_sec
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_API_KEY_APPBACKEND" {
+ name = "funceucovidcert-KEY-APPBACKEND"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_API_KEY_PUBLICIOEVENTDISPATCHER" {
+ name = "funceucovidcert-KEY-PUBLICIOEVENTDISPATCHER"
+ key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_PROD_CLIENT_CERT" {
+ name = "eucovidcert-DGC-PROD-CLIENT-CERT"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_PROD_CLIENT_KEY" {
+ name = "eucovidcert-DGC-PROD-CLIENT-KEY"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_PROD_SERVER_CA" {
+ name = "eucovidcert-DGC-PROD-SERVER-CA"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_UAT_CLIENT_CERT" {
+ name = "eucovidcert-DGC-UAT-CLIENT-CERT"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_UAT_CLIENT_KEY" {
+ name = "eucovidcert-DGC-UAT-CLIENT-KEY"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_UAT_SERVER_CA" {
+ name = "eucovidcert-DGC-UAT-SERVER-CA"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_LOAD_TEST_CLIENT_KEY" {
+ name = "eucovidcert-DGC-LOAD-TEST-CLIENT-KEY"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_LOAD_TEST_CLIENT_CERT" {
+ name = "eucovidcert-DGC-LOAD-TEST-CLIENT-CERT"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_DGC_LOAD_TEST_SERVER_CA" {
+ name = "eucovidcert-DGC-LOAD-TEST-SERVER-CA"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_key_vault_secret" "fn_eucovidcert_FNSERVICES_API_KEY" {
+ name = "fn3services-KEY-EUCOVIDCERT"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+data "azurerm_monitor_action_group" "error_action_group" {
+ name = "${replace("${var.project}", "-", "")}error"
+ resource_group_name = local.resource_group_name_common
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf
new file mode 100644
index 000000000..d6f0a96b0
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/function_app_eucovidcert.tf
@@ -0,0 +1,85 @@
+module "function_eucovidcert" {
+ source = "github.com/pagopa/terraform-azurerm-v3//function_app?ref=v7.69.1"
+
+ resource_group_name = var.resource_group_name
+ name = "${var.project}-eucovidcert-fn"
+ location = var.location
+ health_check_path = "/api/v1/info"
+
+ node_version = "14"
+ runtime_version = "~4"
+
+ always_on = "true"
+ application_insights_instrumentation_key = data.azurerm_application_insights.application_insights.instrumentation_key
+
+ app_service_plan_info = {
+ kind = "Linux"
+ sku_size = "P1v3"
+ maximum_elastic_worker_count = 0
+ worker_count = null
+ zone_balancing_enabled = false
+ }
+
+ app_settings = merge(
+ local.function_eucovidcert.app_settings,
+ {
+ "AzureWebJobs.NotifyNewProfileToDGC.Disabled" = "0"
+ }
+ )
+
+ sticky_app_setting_names = [
+ "AzureWebJobs.NotifyNewProfileToDGC.Disabled",
+ "AzureWebJobs.OnProfileCreatedEvent.Disabled"
+ ]
+
+ subnet_id = var.subnet_id
+
+ allowed_subnets = [
+ var.subnet_id,
+ data.azurerm_subnet.snet_backendl1.id,
+ data.azurerm_subnet.snet_backendl2.id,
+ data.azurerm_subnet.snet_pblevtdispatcher.id,
+ data.azurerm_subnet.snet_apim_v2.id,
+ ]
+
+ tags = var.tags
+}
+
+module "function_eucovidcert_staging_slot" {
+ source = "github.com/pagopa/terraform-azurerm-v3//function_app_slot?ref=v7.69.1"
+
+ name = "staging"
+ location = var.location
+ resource_group_name = var.resource_group_name
+ function_app_id = module.function_eucovidcert.id
+ app_service_plan_id = module.function_eucovidcert.app_service_plan_id
+ health_check_path = "/api/v1/info"
+
+ storage_account_name = module.function_eucovidcert.storage_account.name
+ storage_account_access_key = module.function_eucovidcert.storage_account.primary_access_key
+
+ node_version = "14"
+ always_on = "true"
+ runtime_version = "~4"
+ application_insights_instrumentation_key = data.azurerm_application_insights.application_insights.instrumentation_key
+
+ app_settings = merge(
+ local.function_eucovidcert.app_settings,
+ {
+ "AzureWebJobs.NotifyNewProfileToDGC.Disabled" = "1"
+ }
+ )
+
+ subnet_id = var.subnet_id
+
+ allowed_subnets = [
+ data.azurerm_subnet.snet_azdoa.id,
+ var.subnet_id,
+ data.azurerm_subnet.snet_backendl1.id,
+ data.azurerm_subnet.snet_backendl2.id,
+ data.azurerm_subnet.snet_pblevtdispatcher.id,
+ data.azurerm_subnet.snet_apim_v2.id,
+ ]
+
+ tags = var.tags
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/locals.tf b/src/domains/eucovidcert/_modules/function_apps/locals.tf
new file mode 100644
index 000000000..5533a7108
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/locals.tf
@@ -0,0 +1,54 @@
+locals {
+ resource_group_name_sec = "${var.project}-sec-rg"
+ resource_group_name_common = "${var.project}-rg-common"
+ vnet_name_common = "${var.project}-vnet-common"
+
+ function_eucovidcert = {
+ app_settings = {
+ FUNCTIONS_WORKER_RUNTIME = "node"
+ WEBSITE_RUN_FROM_PACKAGE = "1"
+ WEBSITE_DNS_SERVER = "168.63.129.16"
+ FUNCTIONS_WORKER_PROCESS_COUNT = "4"
+ NODE_ENV = "production"
+
+ // Keepalive fields are all optionals
+ FETCH_KEEPALIVE_ENABLED = "true"
+ FETCH_KEEPALIVE_SOCKET_ACTIVE_TTL = "110000"
+ FETCH_KEEPALIVE_MAX_SOCKETS = "40"
+ FETCH_KEEPALIVE_MAX_FREE_SOCKETS = "10"
+ FETCH_KEEPALIVE_FREE_SOCKET_TIMEOUT = "30000"
+ FETCH_KEEPALIVE_TIMEOUT = "60000"
+
+ DGC_UAT_FISCAL_CODES = module.tests.test_users.eu_covid_cert_flat
+ # we need test_users_store_review_flat because app IO reviewers must read a valid certificate response
+ LOAD_TEST_FISCAL_CODES = join(",", [
+ module.tests.test_users.store_review_flat,
+ module.tests.test_users.internal_load_flat
+ ])
+
+ DGC_UAT_URL = "https://servizi-pnval.dgc.gov.it"
+ DGC_LOAD_TEST_URL = "https://io-p-fn3-mockdgc.azurewebsites.net"
+ DGC_PROD_URL = "https://servizi-pn.dgc.gov.it"
+ DGC_PROD_CLIENT_CERT = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_CLIENT_CERT.value)
+ DGC_PROD_CLIENT_KEY = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_CLIENT_KEY.value)
+ DGC_PROD_SERVER_CA = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_PROD_SERVER_CA.value)
+ DGC_UAT_CLIENT_CERT = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_CLIENT_CERT.value)
+ DGC_UAT_CLIENT_KEY = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_CLIENT_KEY.value)
+ DGC_UAT_SERVER_CA = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_UAT_SERVER_CA.value)
+ DGC_LOAD_TEST_CLIENT_KEY = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_CLIENT_KEY.value)
+ DGC_LOAD_TEST_CLIENT_CERT = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_CLIENT_CERT.value)
+ DGC_LOAD_TEST_SERVER_CA = trimspace(data.azurerm_key_vault_secret.fn_eucovidcert_DGC_LOAD_TEST_SERVER_CA.value)
+
+ // Events configs
+ EventsQueueStorageConnection = var.storage_account_eucovidcert_primary_connection_string
+ EUCOVIDCERT_PROFILE_CREATED_QUEUE_NAME = "eucovidcert-profile-created"
+ QueueStorageConnection = var.storage_account_eucovidcert_primary_connection_string
+ EUCOVIDCERT_NOTIFY_NEW_PROFILE_QUEUE_NAME = "notify-new-profile"
+ TableStorageConnection = var.storage_account_eucovidcert_primary_connection_string
+ EUCOVIDCERT_TRACE_NOTIFY_NEW_PROFILE_TABLE_NAME = "TraceNotifyNewProfile"
+
+ FNSERVICES_API_URL = join(",", formatlist("https://%s/api/v1", data.azurerm_linux_function_app.function_services.*.default_hostname))
+ FNSERVICES_API_KEY = data.azurerm_key_vault_secret.fn_eucovidcert_FNSERVICES_API_KEY.value
+ }
+ }
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/main.tf b/src/domains/eucovidcert/_modules/function_apps/main.tf
new file mode 100644
index 000000000..fe3796d05
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/main.tf
@@ -0,0 +1,8 @@
+terraform {
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ }
+ }
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/outputs.tf b/src/domains/eucovidcert/_modules/function_apps/outputs.tf
new file mode 100644
index 000000000..319ee233d
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/outputs.tf
@@ -0,0 +1,6 @@
+output "function_app_eucovidcert" {
+ value = {
+ id = module.function_eucovidcert.id
+ name = module.function_eucovidcert.name
+ }
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/tests.tf b/src/domains/eucovidcert/_modules/function_apps/tests.tf
new file mode 100644
index 000000000..28d58ff4d
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/tests.tf
@@ -0,0 +1,3 @@
+module "tests" {
+ source = "../../../tests"
+}
diff --git a/src/domains/eucovidcert/_modules/function_apps/variables.tf b/src/domains/eucovidcert/_modules/function_apps/variables.tf
new file mode 100644
index 000000000..9d4349b6a
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/function_apps/variables.tf
@@ -0,0 +1,30 @@
+variable "project" {
+ type = string
+ description = "IO prefix and short environment"
+}
+
+variable "location" {
+ type = string
+ description = "Azure region"
+}
+
+variable "tags" {
+ type = map(any)
+ description = "Resource tags"
+}
+
+variable "resource_group_name" {
+ type = string
+ description = "Name of the resource group where resources will be created"
+}
+
+variable "subnet_id" {
+ type = string
+ description = "Id of the subnet to use for Function Apps"
+}
+
+variable "storage_account_eucovidcert_primary_connection_string" {
+ type = string
+ sensitive = true
+ description = "EuCovidCert StorageAccount connection string to save into app configs"
+}
diff --git a/src/domains/eucovidcert/_modules/networking/data.tf b/src/domains/eucovidcert/_modules/networking/data.tf
new file mode 100644
index 000000000..02f4bf2ec
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/networking/data.tf
@@ -0,0 +1,9 @@
+data "azurerm_virtual_network" "vnet_common" {
+ name = "${var.project}-vnet-common"
+ resource_group_name = local.resource_group_common
+}
+
+data "azurerm_nat_gateway" "nat_gateway" {
+ name = "${var.project}-natgw"
+ resource_group_name = local.resource_group_common
+}
diff --git a/src/domains/eucovidcert/_modules/networking/locals.tf b/src/domains/eucovidcert/_modules/networking/locals.tf
new file mode 100644
index 000000000..3cedaf4f1
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/networking/locals.tf
@@ -0,0 +1,3 @@
+locals {
+ resource_group_common = "${var.project}-rg-common"
+}
diff --git a/src/domains/eucovidcert/_modules/networking/main.tf b/src/domains/eucovidcert/_modules/networking/main.tf
new file mode 100644
index 000000000..fe3796d05
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/networking/main.tf
@@ -0,0 +1,8 @@
+terraform {
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ }
+ }
+}
diff --git a/src/domains/eucovidcert/_modules/networking/outputs.tf b/src/domains/eucovidcert/_modules/networking/outputs.tf
new file mode 100644
index 000000000..19542cfe6
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/networking/outputs.tf
@@ -0,0 +1,6 @@
+output "subnet_eucovidcert" {
+ value = {
+ id = module.function_eucovidcert_snet.id
+ name = module.function_eucovidcert_snet.name
+ }
+}
diff --git a/src/domains/eucovidcert/_modules/networking/subnet_eucovidcert.tf b/src/domains/eucovidcert/_modules/networking/subnet_eucovidcert.tf
new file mode 100644
index 000000000..f12dd29ef
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/networking/subnet_eucovidcert.tf
@@ -0,0 +1,28 @@
+module "function_eucovidcert_snet" {
+ source = "github.com/pagopa/terraform-azurerm-v3//subnet?ref=v7.69.1"
+
+ name = "${var.project}-eucovidcert-snet"
+ address_prefixes = [var.cidr_subnet_eucovidcert]
+ resource_group_name = data.azurerm_virtual_network.vnet_common.resource_group_name
+ virtual_network_name = data.azurerm_virtual_network.vnet_common.name
+
+ private_endpoint_network_policies_enabled = false
+
+ service_endpoints = [
+ "Microsoft.Web",
+ "Microsoft.Storage",
+ ]
+
+ delegation = {
+ name = "default"
+ service_delegation = {
+ name = "Microsoft.Web/serverFarms"
+ actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+ }
+ }
+}
+
+resource "azurerm_subnet_nat_gateway_association" "function_eucovidcert_snet" {
+ nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id
+ subnet_id = module.function_eucovidcert_snet.id
+}
diff --git a/src/domains/eucovidcert/_modules/networking/variables.tf b/src/domains/eucovidcert/_modules/networking/variables.tf
new file mode 100644
index 000000000..8e3c43f50
--- /dev/null
+++ b/src/domains/eucovidcert/_modules/networking/variables.tf
@@ -0,0 +1,9 @@
+variable "project" {
+ type = string
+ description = "IO prefix and short environment"
+}
+
+variable "cidr_subnet_eucovidcert" {
+ type = string
+ description = "CIDR block for EuCovidCert subnet"
+}
diff --git a/src/domains/eucovidcert/_modules/storage_accounts/outputs.tf b/src/domains/eucovidcert/_modules/storage_accounts/outputs.tf
index 6cd2ef425..b749abae8 100644
--- a/src/domains/eucovidcert/_modules/storage_accounts/outputs.tf
+++ b/src/domains/eucovidcert/_modules/storage_accounts/outputs.tf
@@ -5,3 +5,8 @@ output "storage_account_eucovidcert" {
resource_group_name = var.resource_group_name
}
}
+
+output "storage_account_eucovidcert_primary_connection_string" {
+ value = module.storage_account_eucovidcert.primary_connection_string
+ sensitive = true
+}
diff --git a/src/domains/eucovidcert/prod/westeurope/README.md b/src/domains/eucovidcert/prod/westeurope/README.md
index c27e07624..f8ff96cad 100644
--- a/src/domains/eucovidcert/prod/westeurope/README.md
+++ b/src/domains/eucovidcert/prod/westeurope/README.md
@@ -10,6 +10,8 @@
| Name | Source | Version |
|------|--------|---------|
+| [function\_apps](#module\_function\_apps) | ../../_modules/function_apps | n/a |
+| [networking](#module\_networking) | ../../_modules/networking | n/a |
| [resource\_groups](#module\_resource\_groups) | ../../_modules/resource_groups | n/a |
| [storage\_accounts](#module\_storage\_accounts) | ../../_modules/storage_accounts | n/a |
@@ -23,5 +25,9 @@ No inputs.
## Outputs
-No outputs.
+| Name | Description |
+|------|-------------|
+| [function\_app\_eucovidcert](#output\_function\_app\_eucovidcert) | n/a |
+| [resource\_group\_eucovidcert](#output\_resource\_group\_eucovidcert) | n/a |
+| [storage\_account\_eucovidcert](#output\_storage\_account\_eucovidcert) | n/a |
diff --git a/src/domains/eucovidcert/prod/westeurope/function_apps.tf b/src/domains/eucovidcert/prod/westeurope/function_apps.tf
new file mode 100644
index 000000000..06e866eff
--- /dev/null
+++ b/src/domains/eucovidcert/prod/westeurope/function_apps.tf
@@ -0,0 +1,12 @@
+module "function_apps" {
+ source = "../../_modules/function_apps"
+
+ project = local.project
+ location = local.location
+ resource_group_name = module.resource_groups.resource_group_eucovidcert.name
+
+ subnet_id = module.networking.subnet_eucovidcert.id
+ storage_account_eucovidcert_primary_connection_string = module.storage_accounts.storage_account_eucovidcert_primary_connection_string
+
+ tags = local.tags
+}
diff --git a/src/domains/eucovidcert/prod/westeurope/networking.tf b/src/domains/eucovidcert/prod/westeurope/networking.tf
new file mode 100644
index 000000000..9b8f73036
--- /dev/null
+++ b/src/domains/eucovidcert/prod/westeurope/networking.tf
@@ -0,0 +1,9 @@
+module "networking" {
+ source = "../../_modules/networking"
+
+ project = local.project
+
+ # inferred from vnet-common with cidr 10.0.0.0/16
+ # https://github.com/pagopa/io-infra/blob/d5101ef7b24bc262b8a7773a9690a00afe9ec92e/src/core/network.tf#L8
+ cidr_subnet_eucovidcert = "10.0.132.192/26"
+}
diff --git a/src/domains/eucovidcert/prod/westeurope/outputs.tf b/src/domains/eucovidcert/prod/westeurope/outputs.tf
index e69de29bb..e073d7cfe 100644
--- a/src/domains/eucovidcert/prod/westeurope/outputs.tf
+++ b/src/domains/eucovidcert/prod/westeurope/outputs.tf
@@ -0,0 +1,20 @@
+output "resource_group_eucovidcert" {
+ value = {
+ id = module.resource_groups.resource_group_eucovidcert.id
+ name = module.resource_groups.resource_group_eucovidcert.name
+ }
+}
+
+output "function_app_eucovidcert" {
+ value = {
+ id = module.function_apps.function_app_eucovidcert.id
+ name = module.function_apps.function_app_eucovidcert.name
+ }
+}
+
+output "storage_account_eucovidcert" {
+ value = {
+ id = module.storage_accounts.storage_account_eucovidcert.id
+ name = module.storage_accounts.storage_account_eucovidcert.name
+ }
+}
diff --git a/src/domains/tests/test_users.tf b/src/domains/tests/test_users.tf
new file mode 100644
index 000000000..e864baa1a
--- /dev/null
+++ b/src/domains/tests/test_users.tf
@@ -0,0 +1,276 @@
+locals {
+ # A list of fiscal codes to be used by internal team for functional, e2e tests on IO
+ test_users_internal = [
+ "EEEEEE00E00E000A",
+ "EEEEEE00E00E000B",
+ "EEEEEE00E00E000C",
+ "EEEEEE00E00E000D",
+ "EEEEEE00E00E000E",
+ ]
+ # A list of fiscal codes to be used by internal team for load tests on IO
+ test_users_internal_load = [
+ "AAAAAA00A00A000C",
+ "AAAAAA00A00A000D",
+ "AAAAAA00A00A000E",
+ ]
+ # A list of fiscal codes to be used by app stores to review IO App
+ test_users_store_review = [
+ "AAAAAA00A00A000B",
+ ]
+ # A list of fiscal codes to be used to test EU Covid Certificate initiative on IO
+ test_users_eu_covid_cert = [
+ "PRVPRV25A01H501B",
+ "XXXXXP25A01H501L",
+ "YYYYYP25A01H501K",
+ "KKKKKP25A01H501U",
+ "QQQQQP25A01H501S",
+ "WWWWWP25A01H501A",
+ "ZZZZZP25A01H501J",
+ "JJJJJP25A01H501X",
+ "GGGGGP25A01H501Z",
+ ]
+
+ # A list of fiscal code to be uset to execute load test for Fast Login initiative on IO
+ test_users_fast_login_load_test = [
+ "LVTEST00A00A000X",
+ "LVTEST00A00A001X",
+ "LVTEST00A00A002X",
+ "LVTEST00A00A003X",
+ "LVTEST00A00A004X",
+ "LVTEST00A00A005X",
+ "LVTEST00A00A006X",
+ "LVTEST00A00A007X",
+ "LVTEST00A00A008X",
+ "LVTEST00A00A009X",
+ "LVTEST00A00A010X",
+ "LVTEST00A00A011X",
+ "LVTEST00A00A012X",
+ "LVTEST00A00A013X",
+ "LVTEST00A00A014X",
+ "LVTEST00A00A015X",
+ "LVTEST00A00A016X",
+ "LVTEST00A00A017X",
+ "LVTEST00A00A018X",
+ "LVTEST00A00A019X",
+ "LVTEST00A00A020X",
+ "LVTEST00A00A021X",
+ "LVTEST00A00A022X",
+ "LVTEST00A00A023X",
+ "LVTEST00A00A024X",
+ "LVTEST00A00A025X",
+ "LVTEST00A00A026X",
+ "LVTEST00A00A027X",
+ "LVTEST00A00A028X",
+ "LVTEST00A00A029X",
+ "LVTEST00A00A030X",
+ "LVTEST00A00A031X",
+ "LVTEST00A00A032X",
+ "LVTEST00A00A033X",
+ "LVTEST00A00A034X",
+ "LVTEST00A00A035X",
+ "LVTEST00A00A036X",
+ "LVTEST00A00A037X",
+ "LVTEST00A00A038X",
+ "LVTEST00A00A039X",
+ "LVTEST00A00A040X",
+ "LVTEST00A00A041X",
+ "LVTEST00A00A042X",
+ "LVTEST00A00A043X",
+ "LVTEST00A00A044X",
+ "LVTEST00A00A045X",
+ "LVTEST00A00A046X",
+ "LVTEST00A00A047X",
+ "LVTEST00A00A048X",
+ "LVTEST00A00A049X",
+ "LVTEST00A00A050X",
+ "LVTEST00A00A051X",
+ "LVTEST00A00A052X",
+ "LVTEST00A00A053X",
+ "LVTEST00A00A054X",
+ "LVTEST00A00A055X",
+ "LVTEST00A00A056X",
+ "LVTEST00A00A057X",
+ "LVTEST00A00A058X",
+ "LVTEST00A00A059X",
+ "LVTEST00A00A060X",
+ "LVTEST00A00A061X",
+ "LVTEST00A00A062X",
+ "LVTEST00A00A063X",
+ "LVTEST00A00A064X",
+ "LVTEST00A00A065X",
+ "LVTEST00A00A066X",
+ "LVTEST00A00A067X",
+ "LVTEST00A00A068X",
+ "LVTEST00A00A069X",
+ "LVTEST00A00A070X",
+ "LVTEST00A00A071X",
+ "LVTEST00A00A072X",
+ "LVTEST00A00A073X",
+ "LVTEST00A00A074X",
+ "LVTEST00A00A075X",
+ "LVTEST00A00A076X",
+ "LVTEST00A00A077X",
+ "LVTEST00A00A078X",
+ "LVTEST00A00A079X",
+ "LVTEST00A00A080X",
+ "LVTEST00A00A081X",
+ "LVTEST00A00A082X",
+ "LVTEST00A00A083X",
+ "LVTEST00A00A084X",
+ "LVTEST00A00A085X",
+ "LVTEST00A00A086X",
+ "LVTEST00A00A087X",
+ "LVTEST00A00A088X",
+ "LVTEST00A00A089X",
+ "LVTEST00A00A090X",
+ "LVTEST00A00A091X",
+ "LVTEST00A00A092X",
+ "LVTEST00A00A093X",
+ "LVTEST00A00A094X",
+ "LVTEST00A00A095X",
+ "LVTEST00A00A096X",
+ "LVTEST00A00A097X",
+ "LVTEST00A00A098X",
+ "LVTEST00A00A099X",
+ "LVTEST00A00A100X",
+ "LVTEST00A00A101X",
+ "LVTEST00A00A102X",
+ "LVTEST00A00A103X",
+ "LVTEST00A00A104X",
+ "LVTEST00A00A105X",
+ "LVTEST00A00A106X",
+ "LVTEST00A00A107X",
+ "LVTEST00A00A108X",
+ "LVTEST00A00A109X",
+ "LVTEST00A00A110X",
+ "LVTEST00A00A111X",
+ "LVTEST00A00A112X",
+ "LVTEST00A00A113X",
+ "LVTEST00A00A114X",
+ "LVTEST00A00A115X",
+ "LVTEST00A00A116X",
+ "LVTEST00A00A117X",
+ "LVTEST00A00A118X",
+ "LVTEST00A00A119X",
+ "LVTEST00A00A120X",
+ "LVTEST00A00A121X",
+ "LVTEST00A00A122X",
+ "LVTEST00A00A123X",
+ "LVTEST00A00A124X",
+ "LVTEST00A00A125X",
+ "LVTEST00A00A126X",
+ "LVTEST00A00A127X",
+ "LVTEST00A00A128X",
+ "LVTEST00A00A129X",
+ "LVTEST00A00A130X",
+ "LVTEST00A00A131X",
+ "LVTEST00A00A132X",
+ "LVTEST00A00A133X",
+ "LVTEST00A00A134X",
+ "LVTEST00A00A135X",
+ "LVTEST00A00A136X",
+ "LVTEST00A00A137X",
+ "LVTEST00A00A138X",
+ "LVTEST00A00A139X",
+ "LVTEST00A00A140X",
+ "LVTEST00A00A141X",
+ "LVTEST00A00A142X",
+ "LVTEST00A00A143X",
+ "LVTEST00A00A144X",
+ "LVTEST00A00A145X",
+ "LVTEST00A00A146X",
+ "LVTEST00A00A147X",
+ "LVTEST00A00A148X",
+ "LVTEST00A00A149X",
+ "LVTEST00A00A150X",
+ "LVTEST00A00A151X",
+ "LVTEST00A00A152X",
+ "LVTEST00A00A153X",
+ "LVTEST00A00A154X",
+ "LVTEST00A00A155X",
+ "LVTEST00A00A156X",
+ "LVTEST00A00A157X",
+ "LVTEST00A00A158X",
+ "LVTEST00A00A159X",
+ "LVTEST00A00A160X",
+ "LVTEST00A00A161X",
+ "LVTEST00A00A162X",
+ "LVTEST00A00A163X",
+ "LVTEST00A00A164X",
+ "LVTEST00A00A165X",
+ "LVTEST00A00A166X",
+ "LVTEST00A00A167X",
+ "LVTEST00A00A168X",
+ "LVTEST00A00A169X",
+ "LVTEST00A00A170X",
+ "LVTEST00A00A171X",
+ "LVTEST00A00A172X",
+ "LVTEST00A00A173X",
+ "LVTEST00A00A174X",
+ "LVTEST00A00A175X",
+ "LVTEST00A00A176X",
+ "LVTEST00A00A177X",
+ "LVTEST00A00A178X",
+ "LVTEST00A00A179X",
+ "LVTEST00A00A180X",
+ "LVTEST00A00A181X",
+ "LVTEST00A00A182X",
+ "LVTEST00A00A183X",
+ "LVTEST00A00A184X",
+ "LVTEST00A00A185X",
+ "LVTEST00A00A186X",
+ "LVTEST00A00A187X",
+ "LVTEST00A00A188X",
+ "LVTEST00A00A189X",
+ "LVTEST00A00A190X",
+ "LVTEST00A00A191X",
+ "LVTEST00A00A192X",
+ "LVTEST00A00A193X",
+ "LVTEST00A00A194X",
+ "LVTEST00A00A195X",
+ "LVTEST00A00A196X",
+ "LVTEST00A00A197X",
+ "LVTEST00A00A198X",
+ "LVTEST00A00A199X"
+ ]
+
+ # A list of fiscal code to be used to test for Unique Email Enforcement initiative on IO
+ test_users_unique_email_test = [
+ "UEETST00A00A000X",
+ "UEETST00A00A001X",
+ ]
+}
+
+output "test_users" {
+ value = {
+
+ # All previous sets, ensembled
+ all = join(",",
+ flatten([
+ local.test_users_internal,
+ local.test_users_internal_load,
+ local.test_users_store_review,
+ local.test_users_eu_covid_cert,
+ local.test_users_fast_login_load_test,
+ local.test_users_unique_email_test,
+ ]
+ )
+ )
+
+ internal_flat = join(",",
+ flatten([local.test_users_internal])
+ )
+
+ internal_load_flat = join(",",
+ flatten([local.test_users_internal_load])
+ )
+
+ store_review_flat = join(",",
+ flatten([local.test_users_store_review])
+ )
+
+ eu_covid_cert_flat = join(",",
+ flatten([local.test_users_eu_covid_cert])
+ )
+ }
+}