feat: IDH modules tests (#157)

* upgrated to v4 modules

* terraform script updated

* minor fix

* first try

* fixed idh modules

* pre-commit fixs

* updated provider to avoid errors

* pre-commit fixs

Author: diegoitaliait

src/10_networking/env/dev/terraform.tfvars

@@ -46,7 +46,7 @@ cidr_subnet_apim_stv2                 = ["10.1.152.0/24"]
 ### Italy
 cidr_vnet_italy = ["10.3.0.0/16"]
 
-cidr_subnet_vpn      = ["10.3.2.0/24"]
+cidr_subnet_vpn = ["10.3.2.0/24"]
 
 cidr_subnet_dnsforwarder_lb   = ["10.3.200.0/29"]
 cidr_subnet_dnsforwarder_vmss = ["10.3.200.8/29"]
@@ -63,5 +63,3 @@ vpn_pip_sku           = "Standard"
 
 
 dns_forwarder_vmss_image_version = "v20250214"
-
-

src/domains/testit-common/.terraform.lock.hcl

@@ -6,7 +6,7 @@ resource "azurerm_resource_group" "sec_rg_domain" {
 }
 
 module "key_vault_domain" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault?ref=v8.13.0"
+  source = "./.terraform/modules/__v4__/key_vault"
 
   name                       = "${local.project}-kv"
   location                   = azurerm_resource_group.sec_rg_domain.location

src/domains/testit-common/01_keyvault_0.tf

@@ -1,5 +1,5 @@
 module "workload_identity_init" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init?ref=v8.42.1"
+  source = "./.terraform/modules/__v4__/kubernetes_workload_identity_init"
 
   workload_identity_name_prefix         = var.domain
   workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name

src/domains/testit-common/02_workload_identity.tf

@@ -42,7 +42,7 @@ locals {
 
 # create a module for each 20 repos
 module "identity_cd_01" {
-  source = "github.com/pagopa/terraform-azurerm-v3//github_federated_identity?ref=v8.13.0"
+  source = "./.terraform/modules/__v4__/github_federated_identity"
   # pagopa-<ENV><DOMAIN>-<COUNTER>-github-<PERMS>-identity
   prefix    = var.prefix
   env_short = var.env_short

src/domains/testit-common/10_github_identity.tf

@@ -0,0 +1,120 @@
+resource "azurerm_resource_group" "idh_rg" {
+  location = var.location
+  name     = "${local.project}-idh-rg"
+}
+
+
+module "cosmosdb_account" {
+  count  = local.idh_enabled ? 1 : 0
+  source = "./.terraform/modules/__v4__/IDH/cosmosdb_account"
+
+  domain                     = var.domain
+  name                       = "${local.project}-idh-cosmos-account"
+  resource_group_name        = azurerm_resource_group.idh_rg.name
+  location                   = var.location
+  main_geo_location_location = var.location
+  product_name               = "dvopla"
+  env                        = "dev"
+  idh_resource_tier          = "cosmos_mongo6"
+  tags                       = {}
+}
+
+
+module "event_hub" {
+  count  = local.idh_enabled ? 1 : 0
+  source = "./.terraform/modules/__v4__/IDH/event_hub"
+
+  name                = "${local.project}-idh-evh"
+  product_name        = "dvopla"
+  env                 = "dev"
+  idh_resource_tier   = "standard"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.idh_rg.name
+  tags                = {}
+}
+
+
+module "key_vault" {
+  count  = local.idh_enabled ? 1 : 0
+  source = "./.terraform/modules/__v4__/IDH/key_vault"
+
+  name                = "${local.product_ita}-idh-kv"
+  idh_resource_tier   = "standard"
+  product_name        = "dvopla"
+  env                 = "dev"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.idh_rg.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  tags                = {}
+}
+
+
+module "redis" {
+  count  = local.idh_enabled ? 1 : 0
+  source = "./.terraform/modules/__v4__/IDH/redis"
+
+  name                = "${local.project}-idh-redis"
+  product_name        = "dvopla"
+  env                 = "dev"
+  idh_resource_tier   = "basic"
+  location            = var.location
+  resource_group_name = azurerm_resource_group.idh_rg.name
+  tags                = {}
+}
+
+
+module "storage_account" {
+  count  = local.idh_enabled ? 1 : 0
+  source = "./.terraform/modules/__v4__/IDH/storage_account"
+
+  name = replace("${local.project}-idh-sa", "-", "")
+
+  product_name        = "dvopla"
+  env                 = "dev"
+  idh_resource_tier   = "basic"
+  domain              = var.domain
+  location            = var.location
+  resource_group_name = azurerm_resource_group.idh_rg.name
+  tags                = {}
+}
+
+module "subnet" {
+  count  = local.idh_enabled ? 1 : 0
+  source = "./.terraform/modules/__v4__/IDH/subnet"
+
+  name                 = "${local.project}-idh-snet"
+  resource_group_name  = data.azurerm_virtual_network.vnet_ita.resource_group_name
+  virtual_network_name = data.azurerm_virtual_network.vnet_ita.name
+  service_endpoints    = ["Microsoft.Storage"]
+  idh_resource_tier    = "postgres_flexible"
+  product_name         = "dvopla"
+  env                  = "dev"
+}
+
+resource "random_password" "postgres_password" {
+  count       = local.idh_enabled ? 1 : 0
+  length      = 20
+  special     = true
+  min_lower   = 3
+  min_upper   = 3
+  min_numeric = 3
+  min_special = 3
+}
+
+module "postgres_flexible_server" {
+  count = local.idh_enabled ? 1 : 0
+
+  source = "./.terraform/modules/__v4__/IDH/postgres_flexible_server"
+
+  name                       = "${local.project}-idh-flexible"
+  idh_resource_tier          = "pgflex2"
+  product_name               = "dvopla"
+  env                        = "dev"
+  location                   = var.location
+  resource_group_name        = azurerm_resource_group.idh_rg.name
+  delegated_subnet_id        = module.subnet[0].subnet_id
+  administrator_login        = "adminuser"
+  administrator_password     = random_password.postgres_password[0].result
+  log_analytics_workspace_id = data.azurerm_log_analytics_workspace.log_analytics.id
+  tags                       = {}
+}

src/domains/testit-common/50_idh.tf

@@ -1,16 +1,12 @@
 terraform {
   required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "<= 3.116.0"
-    }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "<= 2.47.0"
+      version = "~> 3.1"
     }
-    null = {
-      source  = "hashicorp/null"
-      version = "<= 3.2.1"
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "<= 4.30"
     }
   }
 
@@ -28,3 +24,8 @@ provider "azurerm" {
 data "azurerm_subscription" "current" {}
 
 data "azurerm_client_config" "current" {}
+
+module "__v4__" {
+  # https://github.com/pagopa/terraform-azurerm-v4/releases/tag/v7.0.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v4.git?ref=92fa18c908a4d6485f495dcf3a033d1472c98d29"
+}

src/domains/testit-common/99_main.tf

@@ -18,6 +18,7 @@ locals {
   dns_zone_public_name  = "devopslab.pagopa.it"
   dns_zone_private_name = "internal.devopslab.pagopa.it"
 
+  idh_enabled = false
 }
 
 variable "prefix" {

src/domains/testit-common/99_variables.tf

@@ -3,17 +3,24 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | <= 2.47.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.116.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | <= 3.2.1 |
+| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | ~> 3.1 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 4.30 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_identity_cd_01"></a> [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.13.0 |
-| <a name="module_key_vault_domain"></a> [key\_vault\_domain](#module\_key\_vault\_domain) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.13.0 |
-| <a name="module_workload_identity_init"></a> [workload\_identity\_init](#module\_workload\_identity\_init) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init | v8.42.1 |
+| <a name="module___v4__"></a> [\_\_v4\_\_](#module\_\_\_v4\_\_) | git::https://github.com/pagopa/terraform-azurerm-v4.git | 92fa18c908a4d6485f495dcf3a033d1472c98d29 |
+| <a name="module_cosmosdb_account"></a> [cosmosdb\_account](#module\_cosmosdb\_account) | ./.terraform/modules/__v4__/IDH/cosmosdb_account | n/a |
+| <a name="module_event_hub"></a> [event\_hub](#module\_event\_hub) | ./.terraform/modules/__v4__/IDH/event_hub | n/a |
+| <a name="module_identity_cd_01"></a> [identity\_cd\_01](#module\_identity\_cd\_01) | ./.terraform/modules/__v4__/github_federated_identity | n/a |
+| <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | ./.terraform/modules/__v4__/IDH/key_vault | n/a |
+| <a name="module_key_vault_domain"></a> [key\_vault\_domain](#module\_key\_vault\_domain) | ./.terraform/modules/__v4__/key_vault | n/a |
+| <a name="module_postgres_flexible_server"></a> [postgres\_flexible\_server](#module\_postgres\_flexible\_server) | ./.terraform/modules/__v4__/IDH/postgres_flexible_server | n/a |
+| <a name="module_redis"></a> [redis](#module\_redis) | ./.terraform/modules/__v4__/IDH/redis | n/a |
+| <a name="module_storage_account"></a> [storage\_account](#module\_storage\_account) | ./.terraform/modules/__v4__/IDH/storage_account | n/a |
+| <a name="module_subnet"></a> [subnet](#module\_subnet) | ./.terraform/modules/__v4__/IDH/subnet | n/a |
+| <a name="module_workload_identity_init"></a> [workload\_identity\_init](#module\_workload\_identity\_init) | ./.terraform/modules/__v4__/kubernetes_workload_identity_init | n/a |
 
 ## Resources
 
@@ -23,8 +30,10 @@
 | [azurerm_key_vault_access_policy.adgroup_developers_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.adgroup_externals_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.gha_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
+| [azurerm_resource_group.idh_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.sec_rg_domain](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [null_resource.github_runner_app_permissions_to_namespace_cd_01](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [random_password.postgres_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
 | [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
 | [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |