feat: Paymcloud 33 sonde ndp (#2689)

src/synthetic-monitoring/00_data.tf

@@ -16,6 +16,12 @@ data "azurerm_monitor_action_group" "slack" {
   name                = local.monitor_action_group_slack_name
 }
 
+data "azurerm_monitor_action_group" "infra_opsgenie" {
+  count               = var.env_short == "p" ? 1 : 0
+  resource_group_name = local.monitor_resource_group_name
+  name                = local.monitor_action_group_infra_opsgenie_name
+}
+
 data "azurerm_monitor_action_group" "email" {
   resource_group_name = local.monitor_resource_group_name
   name                = local.monitor_action_group_email_name
@@ -43,3 +49,7 @@ data "azurerm_subnet" "private_endpoint_subnet" {
   virtual_network_name = data.azurerm_virtual_network.vnet_core.name
 }
 
+data "azurerm_public_ip" "appgateway_public_ip" {
+  name                = format("%s-appgateway-pip", local.product)
+  resource_group_name = data.azurerm_resource_group.rg_vnet_core.name
+}

src/synthetic-monitoring/00_secrets.tf

@@ -0,0 +1,10 @@
+module "secret_core" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query?ref=v8.54.0"
+
+  resource_group = local.key_vault_rg_name
+  key_vault_name = local.key_vault_name
+
+  secrets = [
+    "synthetic-monitoring-nodo-subscription-key"
+  ]
+}

src/synthetic-monitoring/01_analytics_workspace.tf

@@ -5,12 +5,13 @@ resource "azurerm_resource_group" "synthetic_rg" {
 
 
 resource "azurerm_log_analytics_workspace" "log_analytics_workspace" {
-  name                = "${local.project}-law"
-  location            = azurerm_resource_group.synthetic_rg.location
-  resource_group_name = azurerm_resource_group.synthetic_rg.name
-  sku                 = var.law_sku
-  retention_in_days   = var.law_retention_in_days
-  daily_quota_gb      = var.law_daily_quota_gb
+  name                               = "${local.project}-law"
+  location                           = azurerm_resource_group.synthetic_rg.location
+  resource_group_name                = azurerm_resource_group.synthetic_rg.name
+  sku                                = var.law_sku
+  retention_in_days                  = var.law_retention_in_days
+  daily_quota_gb                     = var.law_daily_quota_gb
+  reservation_capacity_in_gb_per_day = var.env_short == "p" ? 100 : null
 
   tags = var.tags
 }

src/synthetic-monitoring/02_monitoring.tf

@@ -1,19 +1,18 @@
 module "monitoring_function" {
-
   depends_on = [azurerm_application_insights.application_insights]
-
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//monitoring_function?ref=v7.60.0"
+  source     = "./.terraform/modules/__v3__/monitoring_function"
+  legacy     = false
 
   location            = var.location
   prefix              = "${local.product}-${var.location_short}"
   resource_group_name = azurerm_resource_group.synthetic_rg.name
 
   application_insight_name              = azurerm_application_insights.application_insights.name
   application_insight_rg_name           = azurerm_application_insights.application_insights.resource_group_name
-  application_insights_action_group_ids = [data.azurerm_monitor_action_group.slack.id]
+  application_insights_action_group_ids = var.env_short == "p" ? [data.azurerm_monitor_action_group.infra_opsgenie[0].id] : [data.azurerm_monitor_action_group.slack.id]
 
   docker_settings = {
-    image_tag = "v1.7.0@sha256:08b88e12aa79b423a96a96274786b4d1ad5a2a4cf6c72fcd1a52b570ba034b18"
+    image_tag = "v1.10.0@sha256:1686c4a719dc1a3c270f98f527ebc34179764ddf53ee3089febcb26df7a2d71d"
   }
 
   job_settings = {
@@ -36,10 +35,15 @@ module "monitoring_function" {
     enabled = var.self_alert_enabled
   }
   monitoring_configuration_encoded = templatefile("${path.module}/monitoring_configuration.json.tpl", {
-    env_name                   = var.env,
-    env_short                  = var.env_short,
-    api_dot_env_name           = var.env == "prod" ? "api" : "api.${var.env}"
-    internal_api_domain_prefix = "weu${var.env}"
-    internal_api_domain_suffix = var.env == "prod" ? "internal.platform.pagopa.it" : "internal.${var.env}.platform.pagopa.it"
+    env_name                                 = var.env,
+    env_short                                = var.env_short,
+    api_dot_env_name                         = var.env == "prod" ? "api" : "api.${var.env}"
+    internal_api_domain_prefix               = "weu${var.env}"
+    internal_api_domain_suffix               = var.env == "prod" ? "internal.platform.pagopa.it" : "internal.${var.env}.platform.pagopa.it"
+    nodo_subscription_key                    = nonsensitive(module.secret_core.values["synthetic-monitoring-nodo-subscription-key"].value)
+    appgw_public_ip                          = data.azurerm_public_ip.appgateway_public_ip.ip_address
+    check_position_body                      = var.check_position_body
+    alert_enabled                            = var.synthetic_alerts_enabled
+    verify_payment_internal_expected_outcome = var.verify_payment_internal_expected_outcome
   })
 }

src/synthetic-monitoring/99_locals.tf

@@ -4,15 +4,18 @@ locals {
   project = "${local.product}-${var.location_short}-${local.domain}"
 
 
-  monitor_appinsights_name        = "${local.product}-appinsights"
-  monitor_action_group_slack_name = "SlackPagoPA"
-  monitor_action_group_email_name = "PagoPA"
-  monitor_resource_group_name     = "${local.product}-monitor-rg"
+  monitor_appinsights_name                 = "${local.product}-appinsights"
+  monitor_action_group_slack_name          = "SlackPagoPA"
+  monitor_action_group_email_name          = "PagoPA"
+  monitor_action_group_infra_opsgenie_name = "InfraOpsgenie"
+  monitor_resource_group_name              = "${local.product}-monitor-rg"
 
   vnet_core_resource_group_name               = "${local.product}-vnet-rg"
   vnet_core_name                              = "${local.product}-vnet"
   log_analytics_workspace_name                = "${local.product}-law"
   log_analytics_workspace_resource_group_name = "${local.product}-monitor-rg"
 
+  key_vault_name    = "pagopa-${var.env_short}-kv"
+  key_vault_rg_name = "pagopa-${var.env_short}-sec-rg"
 
 }

src/synthetic-monitoring/99_main.tf

@@ -10,7 +10,7 @@ terraform {
     }
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "<= 3.85.0"
+      version = "<= 4.0.0"
     }
     null = {
       source  = "hashicorp/null"
@@ -33,3 +33,7 @@ data "azurerm_subscription" "current" {}
 
 data "azurerm_client_config" "current" {}
 
+module "__v3__" {
+  # v8.64.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=ff49c94c7bfb8f2867e550483d8acc125bf516a7"
+}

src/synthetic-monitoring/99_variables.tf

@@ -95,4 +95,21 @@ variable "self_alert_enabled" {
 }
 
 
+variable "check_position_body" {
+  type = object({
+    fiscal_code   = string
+    notice_number = string
+  })
+  description = "(Required) fiscal code and notice number to be used in synthetic checkposition request body"
+}
+
+variable "synthetic_alerts_enabled" {
+  type        = bool
+  default     = false
+  description = "(Optional) Enables alerts generated by the synthetic monitoring probe"
+}
 
+variable "verify_payment_internal_expected_outcome" {
+  type        = string
+  description = "(Required) Expected outcome for verify payment notice internal"
+}

src/synthetic-monitoring/README.md

@@ -7,14 +7,16 @@
 |------|---------|
 | <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) | <= 1.11.0 |
 | <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | <= 2.21.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.85.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 4.0.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | <= 3.2.1 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_monitoring_function"></a> [monitoring\_function](#module\_monitoring\_function) | git::https://github.com/pagopa/terraform-azurerm-v3.git//monitoring_function | v7.60.0 |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | ff49c94c7bfb8f2867e550483d8acc125bf516a7 |
+| <a name="module_monitoring_function"></a> [monitoring\_function](#module\_monitoring\_function) | ./.terraform/modules/__v3__/monitoring_function | n/a |
+| <a name="module_secret_core"></a> [secret\_core](#module\_secret\_core) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query | v8.54.0 |
 
 ## Resources
 
@@ -26,8 +28,10 @@
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 | [azurerm_container_app_environment.tools_cae](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_app_environment) | data source |
 | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
+| [azurerm_monitor_action_group.infra_opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_private_dns_zone.storage_account_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
+| [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source |
 | [azurerm_resource_group.rg_vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_resource_group.tools_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_subnet.private_endpoint_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |
@@ -38,6 +42,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_check_position_body"></a> [check\_position\_body](#input\_check\_position\_body) | (Required) fiscal code and notice number to be used in synthetic checkposition request body | <pre>object({<br/>    fiscal_code   = string<br/>    notice_number = string<br/>  })</pre> | n/a | yes |
 | <a name="input_enabled_resource"></a> [enabled\_resource](#input\_enabled\_resource) | Feature flags | <pre>object({<br/>    container_app_tools_cae = optional(bool, false),<br/>  })</pre> | n/a | yes |
 | <a name="input_env"></a> [env](#input\_env) | n/a | `string` | n/a | yes |
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
@@ -49,8 +54,10 @@
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
 | <a name="input_self_alert_enabled"></a> [self\_alert\_enabled](#input\_self\_alert\_enabled) | (Optional) enables the alert on the function itself | `bool` | `true` | no |
 | <a name="input_storage_account_replication_type"></a> [storage\_account\_replication\_type](#input\_storage\_account\_replication\_type) | (Required) table storage replication type | `string` | n/a | yes |
+| <a name="input_synthetic_alerts_enabled"></a> [synthetic\_alerts\_enabled](#input\_synthetic\_alerts\_enabled) | (Optional) Enables alerts generated by the synthetic monitoring probe | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/>  "CreatedBy": "Terraform"<br/>}</pre> | no |
 | <a name="input_use_private_endpoint"></a> [use\_private\_endpoint](#input\_use\_private\_endpoint) | (Required) if true enables the usage of private endpoint | `bool` | n/a | yes |
+| <a name="input_verify_payment_internal_expected_outcome"></a> [verify\_payment\_internal\_expected\_outcome](#input\_verify\_payment\_internal\_expected\_outcome) | (Required) Expected outcome for verify payment notice internal | `string` | n/a | yes |
 
 ## Outputs
 

src/synthetic-monitoring/env/weu-dev/terraform.tfvars

@@ -30,3 +30,12 @@ law_daily_quota_gb    = 10
 self_alert_enabled    = false
 
 force = "v1"
+
+#
+# monitoring template variables
+#
+check_position_body = {
+  fiscal_code   = "66666666666"
+  notice_number = "310115803416020234"
+}
+verify_payment_internal_expected_outcome = "KO"

src/synthetic-monitoring/env/weu-prod/terraform.tfvars

@@ -21,8 +21,19 @@ tags = {
 enabled_resource = {
   container_app_tools_cae = true
 }
-
+synthetic_alerts_enabled = true
 
 law_sku               = "CapacityReservation" # TODO verify why it is changed from PerGB2018 to CapacityReservation
 law_retention_in_days = 30
 law_daily_quota_gb    = -1
+
+#
+# monitoring template variables
+#
+check_position_body = {
+  fiscal_code   = "00876220633"
+  notice_number = "001000000136265862"
+}
+verify_payment_internal_expected_outcome = "OK"
+
+

src/synthetic-monitoring/env/weu-uat/terraform.tfvars

@@ -26,3 +26,12 @@ enabled_resource = {
 law_sku               = "PerGB2018"
 law_retention_in_days = 30
 law_daily_quota_gb    = 10
+
+#
+# monitoring template variables
+#
+check_position_body = {
+  fiscal_code   = "15376371009"
+  notice_number = "351173232582781477"
+}
+verify_payment_internal_expected_outcome = "KO"