-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#IOPID-1262] Add opex dashboard for api_public.yaml (#1044)
- Loading branch information
Showing
25 changed files
with
442 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
name: Opex Dashboard api_public | ||
|
||
# Controls when the workflow will run | ||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- master | ||
paths: | ||
- 'api_public.yaml' | ||
- '.github/workflows/opex_api_public.yml' | ||
- '.opex/api_public/**' | ||
pull_request: | ||
types: | ||
- opened | ||
- edited | ||
- synchronize | ||
- reopened | ||
paths: | ||
- 'api_public.yaml' | ||
- '.github/workflows/opex_api_public.yml' | ||
- '.opex/api_public/**' | ||
|
||
env: | ||
# opex-demo client_id | ||
# CLIENT_ID: 10ab3c51-f734-4782-abe9-3e998a1a2e84 | ||
CLIENT_ID: 712582b4-1e38-4329-bfd2-5cd186e82529 | ||
TENANT_ID: 7788edaf-0346-4068-9d79-c868aed15b3d | ||
SUBSCRIPTION_ID: ec285037-c673-4f58-b594-d7c480da4e8b | ||
API_NAME: api_public | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
build: | ||
# The type of runner that the job will run on | ||
runs-on: ubuntu-22.04 | ||
|
||
strategy: | ||
matrix: | ||
environment: [prod] | ||
|
||
# Steps represent a sequence of tasks that will be executed as part of the job | ||
steps: | ||
- name: Checkout | ||
id: checkout | ||
# from https://github.com/actions/checkout/commits/main | ||
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 | ||
with: | ||
persist-credentials: false | ||
fetch-depth: 0 | ||
|
||
# from https://github.com/pagopa/opex-dashboard-azure-action/ | ||
- uses: pagopa/opex-dashboard-azure-action@v1.1.2 | ||
with: | ||
environment: ${{ matrix.environment }} | ||
api-name: ${{ env.API_NAME }} | ||
config: .opex/${{ env.API_NAME }}/env/${{ matrix.environment }}/config.yaml | ||
client-id: ${{ env.CLIENT_ID }} | ||
tenant-id: ${{ env.TENANT_ID }} | ||
subscription-id: ${{ env.SUBSCRIPTION_ID }} | ||
# from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action | ||
docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,7 +42,7 @@ dist | |
local.* | ||
|
||
# Exclude .npmrc file | ||
.npmrc | ||
.npmrc | ||
|
||
# Exclude Codetour plugin folder | ||
.tours | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
*.tfsec | ||
|
||
# Crash log files | ||
crash.log | ||
|
||
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most | ||
# .tfvars files are managed as part of configuration and so should be included in | ||
# version control. | ||
# | ||
# example.tfvars | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
1.3.6 |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
locals { | ||
github = { | ||
org = "pagopa" | ||
repository = "io-backend" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
terraform { | ||
required_version = ">=1.3.0" | ||
|
||
required_providers { | ||
azuread = { | ||
source = "hashicorp/azuread" | ||
version = "2.30.0" | ||
} | ||
azurerm = { | ||
source = "hashicorp/azurerm" | ||
version = "3.33.0" | ||
} | ||
} | ||
|
||
backend "azurerm" {} | ||
} | ||
|
||
provider "azurerm" { | ||
features {} | ||
} | ||
|
||
data "azurerm_subscription" "current" {} | ||
|
||
data "azurerm_client_config" "current" {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
terraform { | ||
required_version = ">=1.3.0" | ||
|
||
required_providers { | ||
azuread = { | ||
source = "hashicorp/azuread" | ||
version = "2.30.0" | ||
} | ||
azurerm = { | ||
source = "hashicorp/azurerm" | ||
version = "3.33.0" | ||
} | ||
} | ||
} | ||
|
||
provider "azurerm" { | ||
features {} | ||
} | ||
|
||
data "azurerm_subscription" "current" {} | ||
|
||
data "azurerm_client_config" "current" {} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
data "azurerm_storage_account" "tfstate_app" { | ||
name = "tfapp${lower(replace(data.azurerm_subscription.current.display_name, "-", ""))}" | ||
resource_group_name = "terraform-state-rg" | ||
} | ||
|
||
data "azurerm_resource_group" "dashboards" { | ||
name = "dashboards" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
resource "azuread_application" "master" { | ||
display_name = "github-${local.github.org}-${local.github.repository}-master" | ||
} | ||
|
||
resource "azuread_service_principal" "master" { | ||
application_id = azuread_application.master.application_id | ||
} | ||
|
||
resource "azuread_application_federated_identity_credential" "master" { | ||
application_object_id = azuread_application.master.object_id | ||
display_name = "github-federated" | ||
description = "github-federated" | ||
audiences = ["api://AzureADTokenExchange"] | ||
issuer = "https://token.actions.githubusercontent.com" | ||
subject = "repo:${local.github.org}/${local.github.repository}:ref:refs/heads/master" | ||
} | ||
|
||
output "azure_master_client_id" { | ||
value = azuread_service_principal.master.application_id | ||
} | ||
|
||
output "azure_master_application_id" { | ||
value = azuread_service_principal.master.application_id | ||
} | ||
|
||
output "azure_master_object_id" { | ||
value = azuread_service_principal.master.object_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
resource "azurerm_role_assignment" "master_terraform_subscription" { | ||
scope = data.azurerm_subscription.current.id | ||
role_definition_name = "Reader" | ||
principal_id = azuread_service_principal.master.object_id | ||
} | ||
|
||
resource "azurerm_role_assignment" "master_terraform_storage_account_tfstate_app" { | ||
scope = data.azurerm_storage_account.tfstate_app.id | ||
role_definition_name = "Contributor" | ||
principal_id = azuread_service_principal.master.object_id | ||
} | ||
|
||
resource "azurerm_role_assignment" "master_terraform_resource_group_dashboards" { | ||
scope = data.azurerm_resource_group.dashboards.id | ||
role_definition_name = "Contributor" | ||
principal_id = azuread_service_principal.master.object_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
resource "azuread_application" "pullrequest" { | ||
display_name = "github-${local.github.org}-${local.github.repository}-pullrequest" | ||
} | ||
|
||
resource "azuread_service_principal" "pullrequest" { | ||
application_id = azuread_application.pullrequest.application_id | ||
} | ||
|
||
resource "azuread_application_federated_identity_credential" "pullrequest" { | ||
application_object_id = azuread_application.pullrequest.object_id | ||
display_name = "github-federated" | ||
description = "github-federated" | ||
audiences = ["api://AzureADTokenExchange"] | ||
issuer = "https://token.actions.githubusercontent.com" | ||
subject = "repo:${local.github.org}/${local.github.repository}:pull_request" | ||
} | ||
|
||
output "azure_pullrequest_client_id" { | ||
value = azuread_service_principal.pullrequest.application_id | ||
} | ||
|
||
output "azure_pullrequest_application_id" { | ||
value = azuread_service_principal.pullrequest.application_id | ||
} | ||
|
||
output "azure_pullrequest_object_id" { | ||
value = azuread_service_principal.pullrequest.object_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
resource "azurerm_role_assignment" "pullrequest_terraform_subscription" { | ||
scope = data.azurerm_subscription.current.id | ||
role_definition_name = "Reader" | ||
principal_id = azuread_service_principal.pullrequest.object_id | ||
} | ||
|
||
resource "azurerm_role_assignment" "pullrequest_terraform_storage_account_tfstate_app" { | ||
scope = data.azurerm_storage_account.tfstate_app.id | ||
role_definition_name = "Contributor" | ||
principal_id = azuread_service_principal.pullrequest.object_id | ||
} | ||
|
||
resource "azurerm_role_assignment" "pullrequest_terraform_resource_group_dashboards" { | ||
scope = data.azurerm_resource_group.dashboards.id | ||
role_definition_name = "Contributor" | ||
principal_id = azuread_service_principal.pullrequest.object_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
output "tenant_id" { | ||
value = data.azurerm_client_config.current.tenant_id | ||
} | ||
|
||
output "subscription_id" { | ||
value = data.azurerm_subscription.current.subscription_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
subscription=PROD-IO |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
resource_group_name = "terraform-state-rg" | ||
storage_account_name = "tfappprodio" | ||
container_name = "terraform-state" | ||
key = "io-backend.tfstate" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
prefix = "io" | ||
env_short = "p" | ||
|
||
tags = { | ||
CreatedBy = "Terraform" | ||
Environment = "Prod" | ||
Owner = "io" | ||
Source = "https://github.com/pagopa/io-backend" | ||
CostCenter = "TS310 - PAGAMENTI & SERVIZI" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
ACTION=$1 | ||
ENV=$2 | ||
shift 2 | ||
other="$@" | ||
# must be subscription in lower case | ||
subscription="" | ||
BACKEND_CONFIG_PATH="./env/${ENV}/backend.tfvars" | ||
|
||
if [ -z "$ACTION" ]; then | ||
echo "[ERROR] Missed ACTION: init, apply, plan" | ||
exit 0 | ||
fi | ||
|
||
if [ -z "$ENV" ]; then | ||
echo "[ERROR] ENV should be: dev, uat or prod." | ||
exit 0 | ||
fi | ||
|
||
# | ||
# 🏁 Source & init shell | ||
# | ||
|
||
# shellcheck source=/dev/null | ||
source "./env/$ENV/backend.ini" | ||
|
||
# Subscription set | ||
az account set -s "${subscription}" | ||
|
||
# if using cygwin, we have to transcode the WORKDIR | ||
if [[ $WORKDIR == /cygdrive/* ]]; then | ||
WORKDIR=$(cygpath -w $WORKDIR) | ||
fi | ||
|
||
# Helm | ||
export HELM_DEBUG=1 | ||
|
||
# | ||
# 🌎 Terraform | ||
# | ||
if echo "init plan apply refresh import output state taint destroy" | grep -w "$ACTION" > /dev/null; then | ||
if [ "$ACTION" = "init" ]; then | ||
echo "[INFO] init tf on ENV: ${ENV}" | ||
terraform "$ACTION" -backend-config="${BACKEND_CONFIG_PATH}" $other | ||
elif [ "$ACTION" = "output" ] || [ "$ACTION" = "state" ] || [ "$ACTION" = "taint" ]; then | ||
# init terraform backend | ||
terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}" | ||
terraform "$ACTION" $other | ||
else | ||
# init terraform backend | ||
echo "[INFO] init tf on ENV: ${ENV}" | ||
terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}" | ||
|
||
echo "[INFO] run tf with: ${ACTION} on ENV: ${ENV} and other: >${other}<" | ||
terraform "${ACTION}" -var-file="./env/${ENV}/terraform.tfvars" -compact-warnings $other | ||
fi | ||
else | ||
echo "[ERROR] ACTION not allowed." | ||
exit 1 | ||
fi |
Oops, something went wrong.