feat: Added blueprint-common (#85)

* added blueprint-common

* pre-commit fixs

src/aks-platform/02_aks.tf

@@ -109,34 +109,34 @@ module "aks" {
 }
 
 module "velero" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=8171afb"
-  count = var.aks_enabled ? 1 : 0
-  backup_storage_container_name = "velero-backup"
-  subscription_id = data.azurerm_subscription.current.subscription_id
-  tenant_id = data.azurerm_subscription.current.tenant_id
-  resource_group_name = azurerm_resource_group.rg_aks_backup.name
-  prefix = "devopla"
-  aks_cluster_name = module.aks[count.index].name
-  aks_cluster_rg = azurerm_resource_group.rg_aks.name
-  location = var.location
-  use_storage_private_endpoint = true
-  private_endpoint_subnet_id = data.azurerm_subnet.private_endpoint_subnet.id
+  source                              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=8171afb"
+  count                               = var.aks_enabled ? 1 : 0
+  backup_storage_container_name       = "velero-backup"
+  subscription_id                     = data.azurerm_subscription.current.subscription_id
+  tenant_id                           = data.azurerm_subscription.current.tenant_id
+  resource_group_name                 = azurerm_resource_group.rg_aks_backup.name
+  prefix                              = "devopla"
+  aks_cluster_name                    = module.aks[count.index].name
+  aks_cluster_rg                      = azurerm_resource_group.rg_aks.name
+  location                            = var.location
+  use_storage_private_endpoint        = true
+  private_endpoint_subnet_id          = data.azurerm_subnet.private_endpoint_subnet.id
   storage_account_private_dns_zone_id = data.azurerm_private_dns_zone.storage_account_private_dns_zone.id
 
   tags = var.tags
 }
 
 module "aks_namespace_backup" {
   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_velero_backup?ref=f38e1ca"
-  count = var.aks_enabled ? 1 : 0
+  count  = var.aks_enabled ? 1 : 0
   # required
-  backup_name = "daily-backup"
-  namespaces = ["ALL"]
+  backup_name      = "daily-backup"
+  namespaces       = ["ALL"]
   aks_cluster_name = module.aks[count.index].name
 
   # optional
-  ttl = "72h0m0s"
-  schedule = "0 3 * * *" #refers to UTC timezone
+  ttl             = "72h0m0s"
+  schedule        = "0 3 * * *" #refers to UTC timezone
   volume_snapshot = false
 
   depends_on = [

src/aks-platform/99_locals.tf

@@ -3,10 +3,10 @@ locals {
   project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
 
   # AKS
-  aks_rg_name      = "${local.project}-aks-rg"
+  aks_rg_name        = "${local.project}-aks-rg"
   aks_backup_rg_name = "${local.project}-aks-backup-rg"
-  aks_cluster_name = "${local.project}-aks"
-  velero_rg_name   = "${local.project}-velero"
+  aks_cluster_name   = "${local.project}-aks"
+  velero_rg_name     = "${local.project}-velero"
 
   # VNET
   vnet_core_resource_group_name = "${local.product}-vnet-rg"

src/aks-platform/README.md

@@ -38,15 +38,18 @@ Re-enable all the resource, commented before to complete the procedure
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v7.2.0 |
+| <a name="module_aks_namespace_backup"></a> [aks\_namespace\_backup](#module\_aks\_namespace\_backup) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_velero_backup | f38e1ca |
 | <a name="module_keda_pod_identity"></a> [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v6.20.1 |
 | <a name="module_nginx_ingress"></a> [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.7.0 |
 | <a name="module_snet_aks"></a> [snet\_aks](#module\_snet\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.20.1 |
+| <a name="module_velero"></a> [velero](#module\_velero) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero | 8171afb |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [azurerm_resource_group.rg_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_resource_group.rg_aks_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_role_assignment.aks_to_acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.keda_monitoring_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.managed_identity_operator_vs_aks_managed_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
@@ -74,10 +77,12 @@ Re-enable all the resource, commented before to complete the procedure
 | [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source |
 | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
+| [azurerm_private_dns_zone.storage_account_private_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
 | [azurerm_public_ip.pip_aks_outboud](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source |
 | [azurerm_resource_group.rg_monitor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_resource_group.vnet_aks_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_resource_group.vnet_core_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_subnet.private_endpoint_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 | [azurerm_virtual_network.vnet_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 | [azurerm_virtual_network.vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |

src/core/02_dns_private.tf

@@ -52,6 +52,3 @@ resource "azurerm_private_dns_zone_virtual_network_link" "storage_account_vnet"
   private_dns_zone_name = azurerm_private_dns_zone.storage_account.name
   virtual_network_id    = module.vnet.id
 }
-
-
-

src/core/README.md

@@ -69,7 +69,9 @@ az network dns zone show \
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
 | [azurerm_private_dns_zone.internal_devopslab](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource |
 | [azurerm_private_dns_zone.privatelink_postgres_database_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource |
+| [azurerm_private_dns_zone.storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
+| [azurerm_private_dns_zone_virtual_network_link.storage_account_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_public_ip.aks_outbound](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
 | [azurerm_public_ip.appgateway_beta_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |

src/coreplus/01_network_aks_platform.tf

@@ -85,7 +85,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vnet_aks" {
 
 
 resource "azurerm_private_dns_zone_virtual_network_link" "storage_account_vnet" {
-  for_each = { for n in var.aks_networks : n.domain_name => n }
+  for_each              = { for n in var.aks_networks : n.domain_name => n }
   name                  = module.vnet_aks[each.key].name
   resource_group_name   = data.azurerm_resource_group.rg_vnet.name
   private_dns_zone_name = data.azurerm_private_dns_zone.storage.name

src/coreplus/README.md

@@ -50,6 +50,7 @@
 | [azurerm_key_vault_access_policy.app_gateway_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
 | [azurerm_private_dns_a_record.api_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource |
+| [azurerm_private_dns_zone_virtual_network_link.storage_account_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.vnet_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_public_ip.outbound_ip_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
 | [azurerm_resource_group.app_service_docker_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -85,6 +86,7 @@
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
 | [azurerm_private_dns_zone.privatelink_postgres_database_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
+| [azurerm_private_dns_zone.storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
 | [azurerm_public_ip.appgateway_beta_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source |
 | [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source |
 | [azurerm_resource_group.kv_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |

src/domains/blueprint-common/00_azuread.tf

@@ -0,0 +1,16 @@
+# Azure AD
+data "azuread_group" "adgroup_admin" {
+  display_name = "${local.product}-adgroup-admin"
+}
+
+data "azuread_group" "adgroup_developers" {
+  display_name = "${local.product}-adgroup-developers"
+}
+
+data "azuread_group" "adgroup_externals" {
+  display_name = "${local.product}-adgroup-externals"
+}
+
+data "azuread_group" "adgroup_security" {
+  display_name = "${local.product}-adgroup-security"
+}

src/domains/blueprint-common/00_monitor.tf

@@ -0,0 +1,23 @@
+data "azurerm_resource_group" "monitor_rg" {
+  name = var.monitor_resource_group_name
+}
+
+data "azurerm_log_analytics_workspace" "log_analytics" {
+  name                = var.log_analytics_workspace_name
+  resource_group_name = var.log_analytics_workspace_resource_group_name
+}
+
+data "azurerm_application_insights" "application_insights" {
+  name                = local.monitor_appinsights_name
+  resource_group_name = data.azurerm_resource_group.monitor_rg.name
+}
+
+data "azurerm_monitor_action_group" "slack" {
+  resource_group_name = var.monitor_resource_group_name
+  name                = local.monitor_action_group_slack_name
+}
+
+data "azurerm_monitor_action_group" "email" {
+  resource_group_name = var.monitor_resource_group_name
+  name                = local.monitor_action_group_email_name
+}

src/domains/blueprint-common/00_network.tf

@@ -0,0 +1,13 @@
+data "azurerm_virtual_network" "vnet_core" {
+  name                = local.vnet_core_name
+  resource_group_name = local.vnet_core_resource_group_name
+}
+
+data "azurerm_resource_group" "rg_vnet_core" {
+  name = local.vnet_core_resource_group_name
+}
+
+data "azurerm_dns_zone" "public" {
+  name                = local.dns_zone_public_name
+  resource_group_name = local.vnet_core_resource_group_name
+}