From 0c3fd07c246c49519280b0605e224304fec39705 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis <117269497+andrea-deri@users.noreply.github.com> Date: Wed, 5 Jun 2024 12:18:26 +0200 Subject: [PATCH] [NOD-905] feat: add OpEx dashboards for internal, psp and organization APIs (#64) * [NOD-905] feat: add OpEx dashboards for internal, psp and organization APIs * [NOD-905] fix: updated secrets * [NOD-905] fix: removed storage account * [NOD-905] fix: updated identity folder --------- Co-authored-by: Francesco Cesareo --- .github/workflows/08_create_dashboard.yml | 111 +++++++++++++++++++ .identity/00_data.tf | 62 +++++++++-- .identity/02_application_action.tf | 6 - .identity/03_github_environment.tf | 1 + .identity/99_variables.tf | 4 +- .opex/env/prod/internal/backend.ini | 1 + .opex/env/prod/internal/backend.tfvars | 4 + .opex/env/prod/internal/config.yaml | 12 ++ .opex/env/prod/internal/terraform.tfvars | 11 ++ .opex/env/prod/organization/backend.ini | 1 + .opex/env/prod/organization/backend.tfvars | 4 + .opex/env/prod/organization/config.yaml | 12 ++ .opex/env/prod/organization/terraform.tfvars | 11 ++ .opex/env/prod/psp/backend.ini | 1 + .opex/env/prod/psp/backend.tfvars | 4 + .opex/env/prod/psp/config.yaml | 12 ++ .opex/env/prod/psp/terraform.tfvars | 11 ++ helm/Chart.lock | 6 + 18 files changed, 256 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/08_create_dashboard.yml delete mode 100644 .identity/02_application_action.tf create mode 100644 .opex/env/prod/internal/backend.ini create mode 100644 .opex/env/prod/internal/backend.tfvars create mode 100644 .opex/env/prod/internal/config.yaml create mode 100644 .opex/env/prod/internal/terraform.tfvars create mode 100644 .opex/env/prod/organization/backend.ini create mode 100644 .opex/env/prod/organization/backend.tfvars create mode 100644 .opex/env/prod/organization/config.yaml create mode 100644 .opex/env/prod/organization/terraform.tfvars create mode 100644 .opex/env/prod/psp/backend.ini create mode 100644 .opex/env/prod/psp/backend.tfvars create mode 100644 .opex/env/prod/psp/config.yaml create mode 100644 .opex/env/prod/psp/terraform.tfvars create mode 100644 helm/Chart.lock diff --git a/.github/workflows/08_create_dashboard.yml b/.github/workflows/08_create_dashboard.yml new file mode 100644 index 00000000..ad2e4eb8 --- /dev/null +++ b/.github/workflows/08_create_dashboard.yml @@ -0,0 +1,111 @@ +name: Create Dashboard + +# Controls when the workflow will run +on: + push: + branches: + - main + paths: + - 'openapi/**' + - '.github/workflows/08_create_dashboard.yaml' + - '.opex/**' + + workflow_dispatch: + +permissions: + id-token: write + contents: read + deployments: write + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + dashboard: + # The type of runner that the job will run on + runs-on: ubuntu-22.04 + + strategy: + matrix: + environment: [prod] + environment: + name: ${{ matrix.environment }} + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + - name: Checkout + id: checkout + # from https://github.com/actions/checkout/commits/main + uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 + with: + persist-credentials: false + + # from https://github.com/pagopa/opex-dashboard-azure-action/ + # Internal APIs + - uses: pagopa/opex-dashboard-azure-action@v1.1.2 + with: + environment: ${{ matrix.environment }} + api-name: + config: .opex/env/${{ matrix.environment }}/internal/config.yaml + client-id: ${{ secrets.CLIENT_ID }} + tenant-id: ${{ secrets.TENANT_ID }} + subscription-id: ${{ secrets.INTERNAL_SUBSCRIPTION_ID }} + # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action + docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d + + # from https://github.com/pagopa/opex-dashboard-azure-action/ + # Organizations APIs + - uses: pagopa/opex-dashboard-azure-action@v1.1.2 + with: + environment: ${{ matrix.environment }} + api-name: + config: .opex/env/${{ matrix.environment }}/organization/config.yaml + client-id: ${{ secrets.CLIENT_ID }} + tenant-id: ${{ secrets.TENANT_ID }} + subscription-id: ${{ secrets.ORG_SUBSCRIPTION_ID }} + # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action + docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d + + # from https://github.com/pagopa/opex-dashboard-azure-action/ + # PSPs APIs + - uses: pagopa/opex-dashboard-azure-action@v1.1.2 + with: + environment: ${{ matrix.environment }} + api-name: + config: .opex/env/${{ matrix.environment }}/psp/config.yaml + client-id: ${{ secrets.CLIENT_ID }} + tenant-id: ${{ secrets.TENANT_ID }} + subscription-id: ${{ secrets.PSP_SUBSCRIPTION_ID }} + # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action + docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d + + delete_github_deployments: + runs-on: ubuntu-latest + needs: dashboard + if: ${{ always() }} + steps: + - name: Delete Previous deployments + uses: actions/github-script@v6 + env: + SHA_HEAD: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.sha) || github.sha}} + with: + script: | + const { SHA_HEAD } = process.env + + const deployments = await github.rest.repos.listDeployments({ + owner: context.repo.owner, + repo: context.repo.repo, + sha: SHA_HEAD + }); + await Promise.all( + deployments.data.map(async (deployment) => { + await github.rest.repos.createDeploymentStatus({ + owner: context.repo.owner, + repo: context.repo.repo, + deployment_id: deployment.id, + state: 'inactive' + }); + return github.rest.repos.deleteDeployment({ + owner: context.repo.owner, + repo: context.repo.repo, + deployment_id: deployment.id + }); + }) + ); \ No newline at end of file diff --git a/.identity/00_data.tf b/.identity/00_data.tf index a7b5fc3c..037a4306 100644 --- a/.identity/00_data.tf +++ b/.identity/00_data.tf @@ -1,7 +1,16 @@ +data "azurerm_storage_account" "tf_storage_account" { + name = "pagopainfraterraform${var.env}" + resource_group_name = "io-infra-rg" +} + data "azurerm_resource_group" "dashboards" { name = "dashboards" } +data "azurerm_resource_group" "apim_resource_group" { + name = "${local.product}-api-rg" +} + data "azurerm_kubernetes_cluster" "aks" { name = local.aks_cluster.name resource_group_name = local.aks_cluster.resource_group_name @@ -41,6 +50,22 @@ data "azurerm_key_vault_secret" "key_vault_bot_token" { key_vault_id = data.azurerm_key_vault.key_vault.id } +data "azurerm_key_vault_secret" "key_vault_cucumber_token" { + name = "cucumber-token" + key_vault_id = data.azurerm_key_vault.key_vault.id +} + +data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" { + name = "slack-webhook-url" + key_vault_id = data.azurerm_key_vault.domain_key_vault.id +} + +data "azurerm_key_vault_secret" "integration_test_internal_subscription_key" { + count = var.env_short == "p" ? 0 : 1 + name = "integration-test-internal-subscription-key" + key_vault_id = data.azurerm_key_vault.domain_key_vault.id +} + data "azurerm_key_vault_secret" "integration_test_psp_subscription_key" { count = var.env_short == "p" ? 0 : 1 name = "integration-test-psp-subscription-key" @@ -53,26 +78,43 @@ data "azurerm_key_vault_secret" "integration_test_org_subscription_key" { key_vault_id = data.azurerm_key_vault.domain_key_vault.id } +data "azurerm_key_vault_secret" "opex_internal_subscription_key" { + count = var.env_short == "p" ? 1 : 0 + name = "opex-internal-subscription-key" + key_vault_id = data.azurerm_key_vault.domain_key_vault.id +} + +data "azurerm_key_vault_secret" "opex_psp_subscription_key" { + count = var.env_short == "p" ? 1 : 0 + name = "opex-psp-subscription-key" + key_vault_id = data.azurerm_key_vault.domain_key_vault.id +} + +data "azurerm_key_vault_secret" "opex_org_subscription_key" { + count = var.env_short == "p" ? 1 : 0 + name = "opex-org-subscription-key" + key_vault_id = data.azurerm_key_vault.domain_key_vault.id +} + data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" { name = "slack-webhook-url" key_vault_id = data.azurerm_key_vault.domain_key_vault.id } -data "azurerm_key_vault_secret" "key_vault_integration_test_slack_webhook_url" { - name = "integrationtest-slack-webhook-url" - key_vault_id = data.azurerm_key_vault.nodo_key_vault.id -} +#data "azurerm_resource_group" "app_rg" { +# name = "${local.prefix}-${var.env_short}-${local.location_short}-${local.domain}-rg" +#} +# +#data "azurerm_storage_account" "integration_test_storage_account" { +# name = local.integration_test.storage_account_name +# resource_group_name = local.integration_test.storage_account_rg +#} data "azurerm_user_assigned_identity" "identity_cd" { - name = "${local.product}-${local.domain}-01-github-cd-identity" + name = "${local.product}-${local.domain}-01-github-cd-identity" resource_group_name = "${local.product}-identity-rg" } -data "azurerm_storage_account" "integration_test_storage_account" { - name = local.integration_test.storage_account_name - resource_group_name = local.integration_test.storage_account_rg -} - data "azurerm_user_assigned_identity" "identity_ci" { name = "${local.product}-${local.domain}-01-github-ci-identity" resource_group_name = "${local.product}-identity-rg" diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf deleted file mode 100644 index 4a371a38..00000000 --- a/.identity/02_application_action.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "azurerm_storage_container" "test-data-container" { - count = var.env_short == "p" ? 0 : 1 - name = local.github.repository - storage_account_name = data.azurerm_storage_account.integration_test_storage_account.name - container_access_type = "blob" -} diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf index f427f2a3..ac75136d 100644 --- a/.identity/03_github_environment.tf +++ b/.identity/03_github_environment.tf @@ -24,6 +24,7 @@ locals { "CD_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id, "CI_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_ci.client_id, "TENANT_ID" : data.azurerm_client_config.current.tenant_id, + "INTERNAL_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_internal_subscription_key[0].value : data.azurerm_key_vault_secret.opex_internal_subscription_key[0].value, "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id, "PSP_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_psp_subscription_key[0].value : "" "ORG_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_org_subscription_key[0].value : "" diff --git a/.identity/99_variables.tf b/.identity/99_variables.tf index 4b740c56..21bd11ef 100644 --- a/.identity/99_variables.tf +++ b/.identity/99_variables.tf @@ -13,8 +13,8 @@ locals { integration_test = { storage_account_name = "${local.prefix}${var.env_short}${local.location_short}sharedtstdtsa" - storage_account_rg = "${local.prefix}-${var.env_short}-${local.location_short}-shared-tst-dt-rg" - reports_folder = local.github.repository + storage_account_rg = "${local.prefix}-${var.env_short}-${local.location_short}-shared-tst-dt-rg" + reports_folder = local.github.repository } aks_cluster = { diff --git a/.opex/env/prod/internal/backend.ini b/.opex/env/prod/internal/backend.ini new file mode 100644 index 00000000..432abea3 --- /dev/null +++ b/.opex/env/prod/internal/backend.ini @@ -0,0 +1 @@ +subscription=PROD-pagoPA \ No newline at end of file diff --git a/.opex/env/prod/internal/backend.tfvars b/.opex/env/prod/internal/backend.tfvars new file mode 100644 index 00000000..80177043 --- /dev/null +++ b/.opex/env/prod/internal/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "io-infra-rg" +storage_account_name = "pagopainfraterraformprod" +container_name = "azurermstate" +key = "opex.pagopa-fdr.terraform.tfstate" \ No newline at end of file diff --git a/.opex/env/prod/internal/config.yaml b/.opex/env/prod/internal/config.yaml new file mode 100644 index 00000000..7400a1d5 --- /dev/null +++ b/.opex/env/prod/internal/config.yaml @@ -0,0 +1,12 @@ +oa3_spec: ./openapi/openapi_internal.json # If start with http the file would be downloaded from the internet +name: opex_pagopa-fdr-internal +location: West Europe +timespan: 5m # Default, a number or a timespan https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/timespan +data_source: /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-api-rg/providers/Microsoft.ApiManagement/service/pagopa-p-apim +resource_type: api-management +action_groups: + - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/PagoPA + - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/SlackPagoPA +overrides: + hosts: # Use these hosts instead of those inside the OpenApi spec + - api.platform.pagopa.it \ No newline at end of file diff --git a/.opex/env/prod/internal/terraform.tfvars b/.opex/env/prod/internal/terraform.tfvars new file mode 100644 index 00000000..a837ae16 --- /dev/null +++ b/.opex/env/prod/internal/terraform.tfvars @@ -0,0 +1,11 @@ +prefix = "pagopa" +env_short = "p" + + +tags = { + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-fdr" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} \ No newline at end of file diff --git a/.opex/env/prod/organization/backend.ini b/.opex/env/prod/organization/backend.ini new file mode 100644 index 00000000..432abea3 --- /dev/null +++ b/.opex/env/prod/organization/backend.ini @@ -0,0 +1 @@ +subscription=PROD-pagoPA \ No newline at end of file diff --git a/.opex/env/prod/organization/backend.tfvars b/.opex/env/prod/organization/backend.tfvars new file mode 100644 index 00000000..80177043 --- /dev/null +++ b/.opex/env/prod/organization/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "io-infra-rg" +storage_account_name = "pagopainfraterraformprod" +container_name = "azurermstate" +key = "opex.pagopa-fdr.terraform.tfstate" \ No newline at end of file diff --git a/.opex/env/prod/organization/config.yaml b/.opex/env/prod/organization/config.yaml new file mode 100644 index 00000000..ca8dc35b --- /dev/null +++ b/.opex/env/prod/organization/config.yaml @@ -0,0 +1,12 @@ +oa3_spec: ./openapi/openapi_organization.json # If start with http the file would be downloaded from the internet +name: opex_pagopa-fdr-organization +location: West Europe +timespan: 5m # Default, a number or a timespan https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/timespan +data_source: /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-api-rg/providers/Microsoft.ApiManagement/service/pagopa-p-apim +resource_type: api-management +action_groups: + - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/PagoPA + - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/SlackPagoPA +overrides: + hosts: # Use these hosts instead of those inside the OpenApi spec + - api.platform.pagopa.it \ No newline at end of file diff --git a/.opex/env/prod/organization/terraform.tfvars b/.opex/env/prod/organization/terraform.tfvars new file mode 100644 index 00000000..a837ae16 --- /dev/null +++ b/.opex/env/prod/organization/terraform.tfvars @@ -0,0 +1,11 @@ +prefix = "pagopa" +env_short = "p" + + +tags = { + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-fdr" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} \ No newline at end of file diff --git a/.opex/env/prod/psp/backend.ini b/.opex/env/prod/psp/backend.ini new file mode 100644 index 00000000..432abea3 --- /dev/null +++ b/.opex/env/prod/psp/backend.ini @@ -0,0 +1 @@ +subscription=PROD-pagoPA \ No newline at end of file diff --git a/.opex/env/prod/psp/backend.tfvars b/.opex/env/prod/psp/backend.tfvars new file mode 100644 index 00000000..80177043 --- /dev/null +++ b/.opex/env/prod/psp/backend.tfvars @@ -0,0 +1,4 @@ +resource_group_name = "io-infra-rg" +storage_account_name = "pagopainfraterraformprod" +container_name = "azurermstate" +key = "opex.pagopa-fdr.terraform.tfstate" \ No newline at end of file diff --git a/.opex/env/prod/psp/config.yaml b/.opex/env/prod/psp/config.yaml new file mode 100644 index 00000000..edfb2138 --- /dev/null +++ b/.opex/env/prod/psp/config.yaml @@ -0,0 +1,12 @@ +oa3_spec: ./openapi/openapi_psp.json # If start with http the file would be downloaded from the internet +name: opex_pagopa-fdr-psp +location: West Europe +timespan: 5m # Default, a number or a timespan https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/timespan +data_source: /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-api-rg/providers/Microsoft.ApiManagement/service/pagopa-p-apim +resource_type: api-management +action_groups: + - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/PagoPA + - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/SlackPagoPA +overrides: + hosts: # Use these hosts instead of those inside the OpenApi spec + - api.platform.pagopa.it \ No newline at end of file diff --git a/.opex/env/prod/psp/terraform.tfvars b/.opex/env/prod/psp/terraform.tfvars new file mode 100644 index 00000000..a837ae16 --- /dev/null +++ b/.opex/env/prod/psp/terraform.tfvars @@ -0,0 +1,11 @@ +prefix = "pagopa" +env_short = "p" + + +tags = { + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "pagoPA" + Source = "https://github.com/pagopa/pagopa-fdr" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" +} \ No newline at end of file diff --git a/helm/Chart.lock b/helm/Chart.lock new file mode 100644 index 00000000..1d172c3d --- /dev/null +++ b/helm/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: microservice-chart + repository: https://pagopa.github.io/aks-microservice-chart-blueprint + version: 3.0.0 +digest: sha256:fbefefd4270c2f7fdaf9bc98b73465b58db72bdfeafcbb607c2736ba5fe67a5e +generated: "2023-07-11T17:02:31.30818+02:00"