From 25b1d3d68956db143d228c0a6a04521d0312b73d Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Tue, 4 Feb 2025 19:25:03 +0100 Subject: [PATCH 01/10] [PAGOPA-2625] feat: defining new PostgreSQL for FdR-Fase3 --- src/domains/fdr-common/03_postgresql.tf | 9 +++++++++ src/domains/fdr-common/README.md | 1 + 2 files changed, 10 insertions(+) diff --git a/src/domains/fdr-common/03_postgresql.tf b/src/domains/fdr-common/03_postgresql.tf index 45c62b6a58..4e81ae7002 100644 --- a/src/domains/fdr-common/03_postgresql.tf +++ b/src/domains/fdr-common/03_postgresql.tf @@ -96,6 +96,15 @@ resource "azurerm_postgresql_flexible_server_database" "fdr_db" { charset = "utf8" } + +# FdR database +resource "azurerm_postgresql_flexible_server_database" "fdr3_db" { + name = "fdr3" + server_id = module.postgres_flexible_server_fdr.id + collation = "en_US.utf8" + charset = "utf8" +} + # https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-limits # DEV D4s_v3 / D4ds_v4 4 16 GiB 1719 1716 # UAT D8s_v3 / D8ds_V4 8 32 GiB 3438 3435 diff --git a/src/domains/fdr-common/README.md b/src/domains/fdr-common/README.md index 96a858237e..ccec7d6704 100644 --- a/src/domains/fdr-common/README.md +++ b/src/domains/fdr-common/README.md @@ -64,6 +64,7 @@ | [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_min_pool_size](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | | [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_shared_preoload_libraries](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | | [azurerm_postgresql_flexible_server_configuration.fdr_db_flex_wal_level](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource | +| [azurerm_postgresql_flexible_server_database.fdr3_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource | | [azurerm_postgresql_flexible_server_database.fdr_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource | | [azurerm_postgresql_flexible_server_database.fdr_replica_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource | | [azurerm_postgresql_flexible_server_virtual_endpoint.virtual_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_virtual_endpoint) | resource | From 335e6e1954bb1a554ff5be2c431d5512c1ba409d Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 11:06:37 +0100 Subject: [PATCH 02/10] [PAGOPA-2625] feat: including Liquibase XML structs for FdR3's DB --- .../changelog/fdr3/0/db.changelog-0.xml | 161 ++++++++++++++++++ .../changelog/fdr3/db.changelog-master-0.xml | 10 ++ .../fdr3/db.changelog-master-1.0.0.xml | 10 ++ 3 files changed, 181 insertions(+) create mode 100644 src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml create mode 100644 src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-0.xml create mode 100644 src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-1.0.0.xml diff --git a/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml new file mode 100644 index 0000000000..37a5408ec4 --- /dev/null +++ b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml @@ -0,0 +1,161 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-0.xml b/src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-0.xml new file mode 100644 index 0000000000..3dbcdb3199 --- /dev/null +++ b/src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-0.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-1.0.0.xml b/src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-1.0.0.xml new file mode 100644 index 0000000000..9a6923e486 --- /dev/null +++ b/src/psql/fdr/liquibase/changelog/fdr3/db.changelog-master-1.0.0.xml @@ -0,0 +1,10 @@ + + + + + + + + From 09e6135090f1276f8654fe560eb9b0bed4cbf63e Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 11:07:18 +0100 Subject: [PATCH 03/10] [PAGOPA-2625] feat: adding pipelines for FdR3's DB --- .devops/fdr3-db-migration-pipelines.yml | 205 ++++++++++++++++++++++++ .devops/fdr3-db-schema-pipelines.yml | 88 ++++++++++ 2 files changed, 293 insertions(+) create mode 100644 .devops/fdr3-db-migration-pipelines.yml create mode 100644 .devops/fdr3-db-schema-pipelines.yml diff --git a/.devops/fdr3-db-migration-pipelines.yml b/.devops/fdr3-db-migration-pipelines.yml new file mode 100644 index 0000000000..7eae93b881 --- /dev/null +++ b/.devops/fdr3-db-migration-pipelines.yml @@ -0,0 +1,205 @@ +pr: none +trigger: none +#trigger: +# - develop + +pool: + vmImage: 'ubuntu-latest' + +parameters: + - name: k8sEnv + displayName: K8s Environment + type: string + default: dev + values: + - dev + - it + - prf + - uat + - prd + # version of liquibase db.changelog-master-*.xml to run + - name: dbVersion + displayName: Database Version + type: string + # liquibase context to run specific changelogs,default to '_' to run only uncontexted changelogs + - name: lbContexts + displayName: Liquibase Contexts + type: string + default: '_' + # liquibase log level if needed finer logs + - name: lbLogLevel + displayName: Liquibase Log Level + type: string + default: INFO + values: + - INFO + - FINE + - WARNING + - SEVERE + +variables: + ${{ if eq(parameters.k8sEnv, 'dev') }}: + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_DEV)' + JDBC_URL: jdbc:postgresql://pagopa-d-weu-fdr-flexible-postgresql.postgres.database.azure.com:5432/fdr3?sslmode=require&prepareThreshold=0 + KEY_VAULT_NAME: pagopa-d-fdr-kv + poolImage: 'pagopa-dev-linux-infra' + ${{ if eq(parameters.k8sEnv, 'it') }}: + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_DEV)' + JDBC_URL: jdbc:postgresql://pagopa-d-weu-fdr-flexible-postgresql.postgres.database.azure.com:5432/fdr3-replica?sslmode=require&prepareThreshold=0 + KEY_VAULT_NAME: pagopa-d-fdr-kv + poolImage: 'pagopa-dev-linux-infra' + ${{ elseif eq(parameters.k8sEnv, 'prf') }}: + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_UAT)' + JDBC_URL: jdbc:postgresql://pagopa-u-weu-fdr-flexible-postgresql.postgres.database.azure.com:6432/fdr3-replica?sslmode=require&prepareThreshold=0 + KEY_VAULT_NAME: pagopa-u-fdr-kv + poolImage: 'pagopa-uat-linux-infra' + ${{ elseif eq(parameters.k8sEnv, 'uat') }}: + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_UAT)' + JDBC_URL: jdbc:postgresql://pagopa-u-weu-fdr-flexible-postgresql.postgres.database.azure.com:6432/fdr3?sslmode=require&prepareThreshold=0 + KEY_VAULT_NAME: pagopa-u-fdr-kv + poolImage: 'pagopa-uat-linux-infra' + ${{ elseif eq(parameters.k8sEnv, 'prd') }}: + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_PROD)' + JDBC_URL: jdbc:postgresql://pagopa-p-weu-fdr-flexible-postgresql.postgres.database.azure.com:6432/fdr3?sslmode=require&prepareThreshold=0 + KEY_VAULT_NAME: pagopa-p-fdr-kv + poolImage: 'pagopa-prod-linux-infra' + APPROVE_NOTIFY_GROUP: '[pagoPA-iac]\pagopa-iac-externals-team' + APPROVE_NOTIFY_ADMIN: '[pagoPA-iac]\Project Administrators' + FDR3_USERNAME: fdr3 + FDR3_SCHEMA: fdr + +stages: + - stage: liquibase_status + displayName: "Liquibase status" + jobs: + - job: liquibase_status_job + pool: $(poolImage) + displayName: "Liquibase status and validation" + steps: + - checkout: self + - script: | + cd $(Pipeline.Workspace) + mkdir liquibase-app + wget -c https://github.com/liquibase/liquibase/releases/download/v4.17.1/liquibase-4.17.1.tar.gz + tar -xzf liquibase-4.17.1.tar.gz -C liquibase-app + rm -rf liquibase-4.17.1.tar.gz + ls -la liquibase-app + echo "##vso[task.prependpath]$(Pipeline.Workspace)/liquibase-app" + displayName: "Install Liquibase" + - script: | + cd $(Pipeline.Workspace) + mkdir java + wget -c https://download.java.net/java/GA/jdk11/9/GPL/openjdk-11.0.2_linux-x64_bin.tar.gz + tar -xzf openjdk-11.0.2_linux-x64_bin.tar.gz -C java + rm -rf openjdk-11.0.2_linux-x64_bin.tar.gz + ls -la java + echo "##vso[task.prependpath]$(Pipeline.Workspace)/java/jdk-11.0.2/bin" + echo "##vso[task.setvariable variable=JAVA_HOME;]$(Pipeline.Workspace)/java/jdk-11.0.2" + displayName: "Install Java" + - task: AzureKeyVault@2 + displayName: "Get $(KEY_VAULT_NAME) secrets" + inputs: + azureSubscription: $(AZURE_SERVICE_CONNECTION) + keyVaultName: $(KEY_VAULT_NAME) + secretsFilter: 'db-fdr3-password' + - script: | + liquibase \ + --url="$(JDBC_URL)" \ + --username="$(FDR3_USERNAME)" \ + --password="$(db-fdr3-password)" \ + --classpath=src/psql/fdr/liquibase/changelog/fdr3 \ + --changeLogFile=db.changelog-master-${{ parameters.dbVersion }}.xml \ + --liquibaseSchemaName="$(FDR3_SCHEMA)" \ + --defaultSchemaName="$(FDR3_SCHEMA)" \ + --contexts="${{ parameters.lbContexts }}" \ + --log-level=${{ parameters.lbLogLevel }} \ + status -Dschema=$(FDR3_SCHEMA) + displayName: "fdr3 db status" + - script: | + liquibase \ + --url="$(JDBC_URL)" \ + --username="$(FDR3_USERNAME)" \ + --password="$(db-fdr3-password)" \ + --classpath=src/psql/fdr/liquibase/changelog/fdr3 \ + --changeLogFile=db.changelog-master-${{ parameters.dbVersion }}.xml \ + --liquibaseSchemaName="$(FDR3_SCHEMA)" \ + --defaultSchemaName="$(FDR3_SCHEMA)" \ + --contexts="${{ parameters.lbContexts }}" \ + --log-level=${{ parameters.lbLogLevel }} \ + validate -Dschema=$(FDR3_SCHEMA) + displayName: "fdr3 db validate" + - job: prd_approval + dependsOn: liquibase_status_job + condition: eq('${{ parameters.k8sEnv }}', 'prd') + pool: server + displayName: "Approval" + timeoutInMinutes: 16 + steps: + - task: ManualValidation@0 + timeoutInMinutes: 15 + inputs: + notifyUsers: | + $(APPROVE_NOTIFY_GROUP) + $(APPROVE_NOTIFY_ADMIN) + instructions: "Please check liquibase status and validation for each database and resume if correct" + onTimeout: 'reject' + - job: initialization + pool: $(poolImage) + dependsOn: [liquibase_status_job,prd_approval] + condition: or(and(eq('${{ parameters.k8sEnv }}', 'dev'),eq('${{ parameters.k8sEnv }}', 'it'),eq('${{ parameters.k8sEnv }}', 'prf'),eq('${{ parameters.k8sEnv }}', 'uat'), not(failed('liquibase_status_job'))),and(eq('${{ parameters.k8sEnv }}', 'prd'),not(failed('prd_approval')))) + displayName: "Update fdr DB ${{ parameters.k8sEnv }}" + steps: + - checkout: self + clean: true + persistCredentials: true + - script: | + cd $(Pipeline.Workspace) + mkdir liquibase-app + wget -c https://github.com/liquibase/liquibase/releases/download/v4.17.1/liquibase-4.17.1.tar.gz + tar -xzf liquibase-4.17.1.tar.gz -C liquibase-app + rm -rf liquibase-4.17.1.tar.gz + ls -la liquibase-app + echo "##vso[task.prependpath]$(Pipeline.Workspace)/liquibase-app" + displayName: "Install Liquibase" + - script: | + cd $(Pipeline.Workspace) + mkdir java + wget -c https://download.java.net/java/GA/jdk11/9/GPL/openjdk-11.0.2_linux-x64_bin.tar.gz + tar -xzf openjdk-11.0.2_linux-x64_bin.tar.gz -C java + rm -rf openjdk-11.0.2_linux-x64_bin.tar.gz + ls -la java + echo "##vso[task.prependpath]$(Pipeline.Workspace)/java/jdk-11.0.2/bin" + echo "##vso[task.setvariable variable=JAVA_HOME;]$(Pipeline.Workspace)/java/jdk-11.0.2" + displayName: "Install Java" + - task: AzureKeyVault@2 + displayName: "Get $(KEY_VAULT_NAME) secrets" + inputs: + azureSubscription: $(AZURE_SERVICE_CONNECTION) + keyVaultName: $(KEY_VAULT_NAME) + secretsFilter: 'db-fdr3-password' + - script: | + liquibase \ + --url="$(JDBC_URL)" \ + --username="$(FDR3_USERNAME)" \ + --password="$(db-fdr3-password)" \ + --classpath=src/psql/fdr/liquibase/changelog/fdr3 \ + --changeLogFile=db.changelog-master-${{ parameters.dbVersion }}.xml \ + --liquibaseSchemaName="$(FDR3_SCHEMA)" \ + --defaultSchemaName="$(FDR3_SCHEMA)" \ + --contexts="${{ parameters.lbContexts }}" \ + --log-level=${{ parameters.lbLogLevel }} \ + update -Dschema=$(FDR3_SCHEMA) + displayName: "Run Liquibase fdr3" + - script: | + liquibase \ + --url="$(JDBC_URL)" \ + --username="$(FDR3_USERNAME)" \ + --password="$(db-fdr3-password)" \ + --classpath=src/psql/fdr/liquibase/changelog/fdr3 \ + --changeLogFile=db.changelog-master-${{ parameters.dbVersion }}.xml \ + --liquibaseSchemaName="$(FDR3_SCHEMA)" \ + --defaultSchemaName="$(FDR3_SCHEMA)" \ + --contexts="${{ parameters.lbContexts }}" \ + --log-level=${{ parameters.lbLogLevel }} \ + tag ${{ parameters.dbVersion }} + displayName: "Tag fdr3" diff --git a/.devops/fdr3-db-schema-pipelines.yml b/.devops/fdr3-db-schema-pipelines.yml new file mode 100644 index 0000000000..721768f769 --- /dev/null +++ b/.devops/fdr3-db-schema-pipelines.yml @@ -0,0 +1,88 @@ +pr: none +trigger: none +#trigger: +# - develop + +pool: + vmImage: 'ubuntu-latest' + +parameters: + - name: k8sEnv + displayName: K8s Environment + type: string + default: dev + values: + - dev + - it + - prf + - uat + - prd + +variables: + ${{ if eq(parameters.k8sEnv, 'dev') }}: + DB_HOST: pagopa-d-weu-fdr-flexible-postgresql + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_DEV)' + KEY_VAULT_NAME: 'pagopa-d-fdr-kv' + DATABASE_NAME: fdr3 + poolImage: 'pagopa-dev-linux-infra' + ${{ elseif eq(parameters.k8sEnv, 'uat') }}: + DB_HOST: pagopa-u-weu-fdr-flexible-postgresql + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_UAT)' + KEY_VAULT_NAME: 'pagopa-u-fdr-kv' + DATABASE_NAME: fdr3 + poolImage: 'pagopa-uat-linux-infra' + ${{ elseif eq(parameters.k8sEnv, 'prd') }}: + DB_HOST: pagopa-p-weu-fdr-flexible-postgresql + AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_PROD)' + KEY_VAULT_NAME: 'pagopa-p-fdr-kv' + DATABASE_NAME: fdr3 + poolImage: 'pagopa-prod-linux-infra' + ADMIN_USERNAME: azureuser + FDR3_USERNAME: fdr3 + FDR3_SCHEMA: fdr + +stages: + - stage: initialization_jobs + displayName: "Init ${{ parameters.k8sEnv }}" + jobs: + - job: initialization + pool: $(poolImage) + displayName: "Schemas creation job" + steps: + - task: AzureKeyVault@2 + displayName: "Get secrets" + inputs: + azureSubscription: $(AZURE_SERVICE_CONNECTION) + keyVaultName: $(KEY_VAULT_NAME) + secretsFilter: 'db-administrator-login-password,db-fdr3-password' + - task: AzureCLI@2 + displayName: "create all schemas" + inputs: + azureSubscription: $(AZURE_SERVICE_CONNECTION) + scriptLocation: inlineScript + scriptType: bash + inlineScript: | + + create_schema () { + SCHEMA=$1 + USER=$2 + PASS=$3 + az config set extension.use_dynamic_install=yes_without_prompt + az postgres flexible-server execute --name $(DB_HOST) --admin-user $(ADMIN_USERNAME) \ + --admin-password '$(db-administrator-login-password)' --database-name "$(DATABASE_NAME)" \ + --querytext " + do \$\$ + BEGIN + IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$USER') THEN + CREATE ROLE $USER LOGIN PASSWORD '$PASS'; + END IF; + + GRANT ALL PRIVILEGES ON DATABASE \"$DATABASE_NAME\" TO \"$USER\"; + GRANT \"$USER\" to $ADMIN_USERNAME; + CREATE SCHEMA IF NOT EXISTS \"$SCHEMA\" AUTHORIZATION \"$USER\"; + END + \$\$; + " + } + + create_schema "$FDR3_SCHEMA" "$FDR3_USERNAME" "$(db-fdr3-password)" From 212216367b15bea144f851f4df24daaafb5b312c Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 11:18:11 +0100 Subject: [PATCH 04/10] [PAGOPA-2625] fix: renaming pipeline files --- ...gration-pipelines.yml => fdr-fase3-db-migration-pipelines.yml} | 0 ...-db-schema-pipelines.yml => fdr-fase3-db-schema-pipelines.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .devops/{fdr3-db-migration-pipelines.yml => fdr-fase3-db-migration-pipelines.yml} (100%) rename .devops/{fdr3-db-schema-pipelines.yml => fdr-fase3-db-schema-pipelines.yml} (100%) diff --git a/.devops/fdr3-db-migration-pipelines.yml b/.devops/fdr-fase3-db-migration-pipelines.yml similarity index 100% rename from .devops/fdr3-db-migration-pipelines.yml rename to .devops/fdr-fase3-db-migration-pipelines.yml diff --git a/.devops/fdr3-db-schema-pipelines.yml b/.devops/fdr-fase3-db-schema-pipelines.yml similarity index 100% rename from .devops/fdr3-db-schema-pipelines.yml rename to .devops/fdr-fase3-db-schema-pipelines.yml From 49808059c22cf4ed5c03d089008efc84bf8d5535 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 11:24:18 +0100 Subject: [PATCH 05/10] [PAGOPA-2625] feat: adding read-write FdR3-DB user's password --- src/domains/fdr-secret/secret/weu-dev/noedit_secret_enc.json | 5 +++-- src/domains/fdr-secret/secret/weu-uat/noedit_secret_enc.json | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/domains/fdr-secret/secret/weu-dev/noedit_secret_enc.json b/src/domains/fdr-secret/secret/weu-dev/noedit_secret_enc.json index 31ffd9f196..ec0c8e93f4 100644 --- a/src/domains/fdr-secret/secret/weu-dev/noedit_secret_enc.json +++ b/src/domains/fdr-secret/secret/weu-dev/noedit_secret_enc.json @@ -4,6 +4,7 @@ "ai-connection-string": "ENC[AES256_GCM,data:+W4Dv8HOnrPP+jNZFCs5/BoA9tWXBc2czt0OBLj0Fxv1sAh66dSB2gDe4LU37nLhmDJXpNptjuYX+IFt7bwxuRRBC1r/Nlo1jt1JAn8NHokdHgpKiFxz8DOsktXTkE78vo0aWlMOJRhwCRYdxxd+9tEJRBzh3Qkt7vMCDayLT0GIwO4g23AMbfRlQQNN3w7S7Ec7QtXLgLDNcKHHmJhkhPj/DdCWTjso2xJwki3KpLciwSO83BBjMcTcfIfALseSK8vA,iv:ez49Ux1jbP/8glj0/0oDIifvIKN8OIuJDQyxukgtOWo=,tag:ZnqCeKqIFnVooV820tPE+g==,type:str]", "api-config-cache-subscription-key-string": "ENC[AES256_GCM,data:6xFFHZ4KxxA8X6xFMSpw6Y7Kpm4MbDKj8ayAbVhbFI8=,iv:uVD9eDW7rQ9pLEYx9jlef9z57k4G282kBBAtU/45AvQ=,tag:XyKhV7JOih0aG+8KDA386w==,type:str]", "db-fdr-password": "ENC[AES256_GCM,data:Fn8HIPEqEmU=,iv:r1m1+n5z1DItoYnT9BuFagy7UlTvNB71NH8LaxtRAvs=,tag:Mqlre5MtNmp0NNP6JV34pQ==,type:str]", + "db-fdr3-password": "ENC[AES256_GCM,data:8SWt7a2BR7s=,iv:lnYKS95chCHoRO9CMgNNM290ox7aV09rND8rcOuLCSw=,tag:GkseYSXXZX4AkBOrpbhdmg==,type:str]", "lightbend-key": "ENC[AES256_GCM,data:gzgOODmngRF3AEBmJ3366CyhZFoUFqQRSA5+NLR2y88kkmtapll7tPH3AxWTIf6f,iv:XzZrxSMJiZEgDmHaUNv/JT5EzkKCxDuEgniW0jVhwS0=,tag:+h1Hib8sUSVU3AOUDXUUCA==,type:str]", "otel-auth-bearer": "ENC[AES256_GCM,data:BQU9CPZY8Gh31MSgb6uIWqAxsRoeDu8f7P2hkIrYdL+3W86HBmikJ36mpsxBk31U5Zk4StwgRZRBBRxAcNd1PBeO2CuTu7m9h8w4tU1vb/k1nyWFtCB0XFjDm0b7BGfxi3gWlInhvLB9qJgT+6sb,iv:IAZoO9XhxiZjmR4ln26u1Q815WjTlXFNc+i/NTEzPlQ=,tag:RGjXz24L3cXGfYhOo9RlLg==,type:str]", "fdr-subscription-key-string": "ENC[AES256_GCM,data:UXMoH3B1PojqrppL2OcJ2ZikcJssUyko2sn69KBQE+Q=,iv:FWNfyGUUQbeKXx1vvMLLo3ETIEscYr3u1M54RyOpx9o=,tag:5Mp4/BqwhsRSs/c7qJBt6A==,type:str]", @@ -32,8 +33,8 @@ ], "hc_vault": null, "age": null, - "lastmodified": "2025-01-30T13:54:29Z", - "mac": "ENC[AES256_GCM,data:E0nkKY/v3V32grX8CQZlU05dlllqT2WVGnyEgt5dnsSw50nl0YDG+FjgwLotXc41wg1/idX4rD08LTjT2DncXj08xgMJLHFcjaR4V+XyqFvTTJXsWOMfwtVjutn7gMcbbuMVYsIZcKHIjuJOOtVScr83lf23CsQuQfWlkEL+AL4=,iv:fM+V4tmqi33tUmd95I+i8nMkyAJvwrfUuYqNVoNAjJQ=,tag:XLOPCYMeBwn27C63/7czGA==,type:str]", + "lastmodified": "2025-02-06T10:22:33Z", + "mac": "ENC[AES256_GCM,data:b8TB1q4OtxqvnUNtNXdaPnaAU93RfCQNpOyanaSqXXjDa/c0Hy5D4XfaDKnSUPbwjDsOuoYHRWzWQPxT7XWx5Tqvq1EZ5QdKBnNmNhQge6tMW4rbor8PTOuLqUDh/PyX5MtqwViQCBYr6CuPF8fe+xjne6e2dFztXtUmql0dlRw=,iv:meubHoMQEbbz2nCZKCAitZn6UmvJH8+B3Fq6tZUgJuI=,tag:+sMGxu0Yhe7GqN4w71RJAg==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.9.1" diff --git a/src/domains/fdr-secret/secret/weu-uat/noedit_secret_enc.json b/src/domains/fdr-secret/secret/weu-uat/noedit_secret_enc.json index a77931f540..afb820b1d5 100644 --- a/src/domains/fdr-secret/secret/weu-uat/noedit_secret_enc.json +++ b/src/domains/fdr-secret/secret/weu-uat/noedit_secret_enc.json @@ -4,6 +4,7 @@ "ai-connection-string": "ENC[AES256_GCM,data:ihdPVzwEP1jdNE80b1U/lzxAEh/m5Wre22CtR2KRQNJe+eFkt36pjEvqyrZ/EgLyX6L7ifHXm0F1S0U1qsPvW+ezkPBOYWKxTkudnniUoG4TH2/gxNht8WRZpcq+3UKk2ri59sNWPRTNdE6om9IkNSG/2a+DiJKHe5szcty0LMUyTwAHd9odMzZ+14nI1ymlVAt9BRXG+1/F8oUknk0RzF65oUtB00ns3zu5v+kl3WLLzKSBLBh6nw88jfoJDU/ZCtd0,iv:O0pzBe4dHRXWHXmj2WcSTjwHdA4iEHgj8YDjwf5Sk2c=,tag:qp1yn1UkknbWBEb5JpOGsg==,type:str]", "api-config-cache-subscription-key-string": "ENC[AES256_GCM,data:UQHPGVyAvjOZvSrKawbDTSy2qnUDWWZ7J5c8NyS01Fo=,iv:RkCD9v3vGeLGkaJkY6dr3vTcBKpYLyawA8iLePl+G/0=,tag:KjWFHcmhzWLWCyR7LpgbAA==,type:str]", "db-fdr-password": "ENC[AES256_GCM,data:mAhAXUHHCZo=,iv:Xj3lKhVVp5g148J9wIiJC5mxOCtUtp0aEo/HXiaBSpc=,tag:vD4Q3ZNhlDDLe1kmm++vWg==,type:str]", + "db-fdr3-password": "ENC[AES256_GCM,data:B3FkvB0dNtk=,iv:bTIeB1LPTJV0pAfqzH7HwcJBNxENZnDizj+oFfA5wu4=,tag:F7ALI24s4BQZkiD6g0lmZA==,type:str]", "lightbend-key": "ENC[AES256_GCM,data:PhwhJuMWcxXZURQZAEMdWJylg+5SB3GVw5NDTr899oFH0bp7xaPFqzryhc8bfGvq,iv:1e94UEID5sUagLESTgAS4jDqTuewRC+YX/UA7vE3zsQ=,tag:ZOYKNE35Cehw+F8VuLCPUw==,type:str]", "otel-auth-bearer": "ENC[AES256_GCM,data:QR3yEM4nVQ+DNizmff1x5+UjDaY4vKz3Imu2g/t6qDG8361puCF8/4WumdgYJhNs0LuAOAGEHE7b9yYq10IB47KB5Uoac5SgvWiy82hkzPbj66EsMBpnu3VpRL2+9b6fMybNgdq6WCfSB37VZn3b,iv:fKEyyGHrNcFJ8EnR+G1wgSRvWcMW6bhbq838bKi/3gU=,tag:kejlnVORdXWIS4IrOag7Sg==,type:str]", "fdr-subscription-key-string": "ENC[AES256_GCM,data:x1khv1tZZnt5Jzpx4id86rGkLZxkybU5Z7z++do8SHo=,iv:gBF8kEb9uX/CA9aSJ1vpjZYzM2hACjXQAFC3hvuquc8=,tag:u+a2s676sJOL57sVPjVkjw==,type:str]", @@ -32,8 +33,8 @@ ], "hc_vault": null, "age": null, - "lastmodified": "2025-01-30T13:56:22Z", - "mac": "ENC[AES256_GCM,data:6ZFCu7p3o/991dqE7dyU0/GhUq+cpe+ugHKh6HLq8x27WYYo+44xttH7DQW4W8HznLv13iscbuUifLe6ZvrTuvF0CTlK8t/0Jg6b0ygEhsldQpy6vIBPCwY2iynm6eeVbR4WVsAV76t9Zx90zNcXFww5HeHmWi8zToYi/N79/v0=,iv:d9qrQy8ZgNoWzDsWagofcp6B2tiE+E723Y/Qs3UJ41g=,tag:CpOPG3EnFdaYbZvu9K+v9g==,type:str]", + "lastmodified": "2025-02-06T10:23:14Z", + "mac": "ENC[AES256_GCM,data:wCpcPofFKkuIEpYl0BoubNyAEZRtSo6eZD8QkbwqVLrqWmqDITObyvF+VyjcGtyCi0znKzB8AJAyXlNbgPdoyajFvlGTnd8rYEHLl6h5uauV7ODBawvObZpqVSIN7MtvCezPtkIVmVnWNAvgEF+QpW2pTYEnE1JGSy1Zyk7Wytk=,iv:ycNLXk5cDtPI4ELnUkpFLD4wGsmV0QNfsu29cwr0fX8=,tag:505THP3COabdn+96IqyE5w==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.9.1" From 740a7e598ff39f75aedfca37ca59294f512d31da Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 11:25:43 +0100 Subject: [PATCH 06/10] [PAGOPA-2625] fix: changing duplicated Liquibase change-set ID --- src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml index 37a5408ec4..2159d0d514 100644 --- a/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml +++ b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml @@ -152,7 +152,7 @@ - + From 770f34e1d1c55d152e3337091974df9eea0e9e68 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 11:44:37 +0100 Subject: [PATCH 07/10] [PAGOPA-2625] fix: using internal DNS and changing schema name --- .devops/fdr-fase3-db-migration-pipelines.yml | 12 ++++++------ .devops/fdr-fase3-db-schema-pipelines.yml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.devops/fdr-fase3-db-migration-pipelines.yml b/.devops/fdr-fase3-db-migration-pipelines.yml index 7eae93b881..72c7cb6087 100644 --- a/.devops/fdr-fase3-db-migration-pipelines.yml +++ b/.devops/fdr-fase3-db-migration-pipelines.yml @@ -40,33 +40,33 @@ parameters: variables: ${{ if eq(parameters.k8sEnv, 'dev') }}: AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_DEV)' - JDBC_URL: jdbc:postgresql://pagopa-d-weu-fdr-flexible-postgresql.postgres.database.azure.com:5432/fdr3?sslmode=require&prepareThreshold=0 + JDBC_URL: jdbc:postgresql://fdr-db.d.internal.postgresql.pagopa.it:5432/fdr3?sslmode=require&prepareThreshold=0 KEY_VAULT_NAME: pagopa-d-fdr-kv poolImage: 'pagopa-dev-linux-infra' ${{ if eq(parameters.k8sEnv, 'it') }}: AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_DEV)' - JDBC_URL: jdbc:postgresql://pagopa-d-weu-fdr-flexible-postgresql.postgres.database.azure.com:5432/fdr3-replica?sslmode=require&prepareThreshold=0 + JDBC_URL: jdbc:postgresql://fdr-db.d.internal.postgresql.pagopa.it:5432/fdr3-replica?sslmode=require&prepareThreshold=0 KEY_VAULT_NAME: pagopa-d-fdr-kv poolImage: 'pagopa-dev-linux-infra' ${{ elseif eq(parameters.k8sEnv, 'prf') }}: AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_UAT)' - JDBC_URL: jdbc:postgresql://pagopa-u-weu-fdr-flexible-postgresql.postgres.database.azure.com:6432/fdr3-replica?sslmode=require&prepareThreshold=0 + JDBC_URL: jdbc:postgresql://fdr-db.u.internal.postgresql.pagopa.it:6432/fdr3-replica?sslmode=require&prepareThreshold=0 KEY_VAULT_NAME: pagopa-u-fdr-kv poolImage: 'pagopa-uat-linux-infra' ${{ elseif eq(parameters.k8sEnv, 'uat') }}: AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_UAT)' - JDBC_URL: jdbc:postgresql://pagopa-u-weu-fdr-flexible-postgresql.postgres.database.azure.com:6432/fdr3?sslmode=require&prepareThreshold=0 + JDBC_URL: jdbc:postgresql://fdr-db.u.internal.postgresql.pagopa.it:6432/fdr3?sslmode=require&prepareThreshold=0 KEY_VAULT_NAME: pagopa-u-fdr-kv poolImage: 'pagopa-uat-linux-infra' ${{ elseif eq(parameters.k8sEnv, 'prd') }}: AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_PROD)' - JDBC_URL: jdbc:postgresql://pagopa-p-weu-fdr-flexible-postgresql.postgres.database.azure.com:6432/fdr3?sslmode=require&prepareThreshold=0 + JDBC_URL: jdbc:postgresql://fdr-db.pd.internal.postgresql.pagopa.it:6432/fdr3?sslmode=require&prepareThreshold=0 KEY_VAULT_NAME: pagopa-p-fdr-kv poolImage: 'pagopa-prod-linux-infra' APPROVE_NOTIFY_GROUP: '[pagoPA-iac]\pagopa-iac-externals-team' APPROVE_NOTIFY_ADMIN: '[pagoPA-iac]\Project Administrators' FDR3_USERNAME: fdr3 - FDR3_SCHEMA: fdr + FDR3_SCHEMA: fdr3 stages: - stage: liquibase_status diff --git a/.devops/fdr-fase3-db-schema-pipelines.yml b/.devops/fdr-fase3-db-schema-pipelines.yml index 721768f769..0a032cc786 100644 --- a/.devops/fdr-fase3-db-schema-pipelines.yml +++ b/.devops/fdr-fase3-db-schema-pipelines.yml @@ -39,7 +39,7 @@ variables: poolImage: 'pagopa-prod-linux-infra' ADMIN_USERNAME: azureuser FDR3_USERNAME: fdr3 - FDR3_SCHEMA: fdr + FDR3_SCHEMA: fdr3 stages: - stage: initialization_jobs From 9e32897bb4f205f6111b829c6abec76c01cabe74 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 11:46:10 +0100 Subject: [PATCH 08/10] [PAGOPA-2625] fix: removing typo on URL --- .devops/fdr-fase3-db-migration-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devops/fdr-fase3-db-migration-pipelines.yml b/.devops/fdr-fase3-db-migration-pipelines.yml index 72c7cb6087..0461ce82a8 100644 --- a/.devops/fdr-fase3-db-migration-pipelines.yml +++ b/.devops/fdr-fase3-db-migration-pipelines.yml @@ -60,7 +60,7 @@ variables: poolImage: 'pagopa-uat-linux-infra' ${{ elseif eq(parameters.k8sEnv, 'prd') }}: AZURE_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_PROD)' - JDBC_URL: jdbc:postgresql://fdr-db.pd.internal.postgresql.pagopa.it:6432/fdr3?sslmode=require&prepareThreshold=0 + JDBC_URL: jdbc:postgresql://fdr-db.p.internal.postgresql.pagopa.it:6432/fdr3?sslmode=require&prepareThreshold=0 KEY_VAULT_NAME: pagopa-p-fdr-kv poolImage: 'pagopa-prod-linux-infra' APPROVE_NOTIFY_GROUP: '[pagoPA-iac]\pagopa-iac-externals-team' From 86468ceded41439cb7ebe2a8d6c85505f4b84779 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 6 Feb 2025 14:21:42 +0100 Subject: [PATCH 09/10] [PAGOPA-2625] fix: resolved typo on constant --- src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml index 2159d0d514..f7b5aad5cf 100644 --- a/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml +++ b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml @@ -35,13 +35,13 @@ - + - + @@ -85,7 +85,7 @@ - + From 626629b951d46404c575a948b784afde0b68e1ed Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 7 Feb 2025 09:13:04 +0100 Subject: [PATCH 10/10] [PAGOPA-2625] feat: adding table on Liquibase struct --- .../changelog/fdr3/0/db.changelog-0.xml | 203 +++++++++++------- 1 file changed, 128 insertions(+), 75 deletions(-) diff --git a/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml index f7b5aad5cf..21e0137e60 100644 --- a/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml +++ b/src/psql/fdr/liquibase/changelog/fdr3/0/db.changelog-0.xml @@ -3,13 +3,16 @@ > - + - + - + + + + @@ -84,78 +87,128 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +