fix static analysis & merge conflits

pagopa · Oct 3, 2024 · 6005641 · 6005641
2 parents 0548f5b + 2c3493d
commit 6005641
Show file tree

Hide file tree

Showing 53 changed files with 573 additions and 588 deletions.
diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
@@ -13,4 +13,4 @@ jobs:
       - name: Static Analysis
         uses: pagopa/eng-github-actions-iac-template/azure/terraform-static-analysis@59c12b7a846423d62c27c9905686a7a1fd71c003 # v1.7.0
         with:
-          precommit_version: 'v1.92.0@sha256:832bdb7acc66ec43cd443b4f05de63b7dc8e76b610530c41b7dea44e25469d7a'
+          precommit_version: 'v1.96.1@sha256:9aea677ac51d67eb96b3bbb4cf93b16afdde5476f984e75e87888850d18146c9'
diff --git a/.github/workflows/static_analysis_pr.yml b/.github/workflows/static_analysis_pr.yml
@@ -13,4 +13,4 @@ jobs:
       - name: Static Analysis
         uses: pagopa/eng-github-actions-iac-template/azure/terraform-static-analysis@59c12b7a846423d62c27c9905686a7a1fd71c003 # v1.7.0
         with:
-          precommit_version: 'v1.92.0@sha256:832bdb7acc66ec43cd443b4f05de63b7dc8e76b610530c41b7dea44e25469d7a'
+          precommit_version: 'v1.96.1@sha256:9aea677ac51d67eb96b3bbb4cf93b16afdde5476f984e75e87888850d18146c9'
diff --git a/.identity/README.md b/.identity/README.md
@@ -1,7 +1,7 @@
 # .identity
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -55,4 +55,4 @@
 | <a name="output_ci_service_principal_github_action_name"></a> [ci\_service\_principal\_github\_action\_name](#output\_ci\_service\_principal\_github\_action\_name) | n/a |
 | <a name="output_subscription_id"></a> [subscription\_id](#output\_subscription\_id) | n/a |
 | <a name="output_tenant_id"></a> [tenant\_id](#output\_tenant\_id) | n/a |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -22,7 +22,7 @@ repos:
       - id: detect-private-key
   ## terraform
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.86.0
+    rev: v1.96.1
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/.terraform-version b/.terraform-version
@@ -1 +1 @@
-1.8.5
+1.9.6
diff --git a/.utils/terraform_run_all.sh b/.utils/terraform_run_all.sh
@@ -29,6 +29,8 @@ array=(
     'src/domains/umberto-common::dev'
     'src/domains/test-app::itn-dev'
     'src/domains/test-common::itn-dev'
+    'src/domains/test-common::itn-dev'
+    'src/domains/test-app::itn-dev'
     'src/elk-monitoring::dev01'
     'src/grafana-monitoring::dev01'
     'src/packer::dev'
@@ -50,11 +52,11 @@ for index in "${array[@]}" ; do
         echo "🔬 folder: $(pwd) in under terraform: $ACTION action"
         sh terraform.sh "$ACTION" "$COMMAND" &
 
-        # terraform providers lock \
-        #   -platform=windows_amd64 \
-        #   -platform=darwin_amd64 \
-        #   -platform=darwin_arm64 \
-        #   -platform=linux_amd64
+         terraform providers lock \
+           -platform=windows_amd64 \
+           -platform=darwin_amd64 \
+           -platform=darwin_arm64 \
+           -platform=linux_amd64
 
         pids+=($!)
     popd

diff --git a/src/aks-platform/.terraform.lock.hcl b/src/aks-platform/.terraform.lock.hcl
diff --git a/src/aks-platform/03_aks_middleware.tf b/src/aks-platform/03_aks_middleware.tf
@@ -7,7 +7,7 @@ resource "azurerm_resource_group" "rg_velero" {
 
 # Workload identity init
 module "velero_workload_identity_init" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init?ref=velero-workload-identity"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init?ref=v8.46.0"
 
   workload_identity_location            = var.location
   workload_identity_name_prefix         = "velero"
@@ -22,7 +22,7 @@ resource "kubernetes_namespace" "velero_namespace" {
 
 # Cluster Velero + Workload identity configuration
 module "velero_aks_workload_identity" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=velero-workload-identity"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=v8.46.0"
 
   prefix          = var.prefix
   location        = var.location

diff --git a/src/aks-platform/05_argocd.tf b/src/aks-platform/05_argocd.tf
@@ -8,6 +8,9 @@ resource "kubernetes_namespace" "namespace_argocd" {
   ]
 }
 
+#
+# Setup ArgoCD
+#
 resource "helm_release" "argocd" {
   name      = "argo"
   chart     = "https://github.com/argoproj/argo-helm/releases/download/argo-cd-${var.argocd_helm_release_version}/argo-cd-${var.argocd_helm_release_version}.tgz"
@@ -23,32 +26,22 @@ resource "helm_release" "argocd" {
   ]
 }
 
-resource "random_password" "argocd_admin_password" {
-  length           = 12
-  special          = true
-  override_special = "_%@"
-
-  depends_on = [helm_release.argocd]
+data "azurerm_key_vault_secret" "argocd_admin_password" {
+  key_vault_id = data.azurerm_key_vault.kv_core_ita.id
+  name         = "argocd-admin-password"
 }
 
 resource "null_resource" "argocd_change_admin_password" {
 
   triggers = {
-    helm_revision   = helm_release.argocd.metadata[0].revision,
-    argocd_password = random_password.argocd_admin_password.result
+    argocd_password = data.azurerm_key_vault_secret.argocd_admin_password.value
   }
 
   provisioner "local-exec" {
-    command = "kubectl -n argocd patch secret argocd-secret -p '{\"stringData\": {\"admin.password\":  \"${bcrypt(random_password.argocd_admin_password.result)}\", \"admin.passwordMtime\": \"'$(date +%FT%T%Z)'\"}}'"
+    command = "kubectl -n argocd patch secret argocd-secret -p '{\"stringData\": {\"admin.password\":  \"${bcrypt(data.azurerm_key_vault_secret.argocd_admin_password.value)}\", \"admin.passwordMtime\": \"'$(date +%FT%T%Z)'\"}}'"
   }
 }
 
-resource "azurerm_key_vault_secret" "argocd_admin_password" {
-  key_vault_id = data.azurerm_key_vault.kv_core_ita.id
-  name         = "argocd-admin-password"
-  value        = random_password.argocd_admin_password.result
-}
-
 resource "azurerm_key_vault_secret" "argocd_admin_username" {
   key_vault_id = data.azurerm_key_vault.kv_core_ita.id
   name         = "argocd-admin-username"

diff --git a/src/aks-platform/README.md b/src/aks-platform/README.md
@@ -23,7 +23,7 @@ Launch the cluster creation
 Re-enable all the resource, commented before to complete the procedure
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -49,14 +49,13 @@ Re-enable all the resource, commented before to complete the procedure
 | <a name="module_keda_workload_identity_configuration"></a> [keda\_workload\_identity\_configuration](#module\_keda\_workload\_identity\_configuration) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_configuration | v8.45.0 |
 | <a name="module_keda_workload_identity_init"></a> [keda\_workload\_identity\_init](#module\_keda\_workload\_identity\_init) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init | v8.45.0 |
 | <a name="module_nginx_ingress"></a> [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.7.0 |
-| <a name="module_velero_aks_workload_identity"></a> [velero\_aks\_workload\_identity](#module\_velero\_aks\_workload\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero | velero-workload-identity |
-| <a name="module_velero_workload_identity_init"></a> [velero\_workload\_identity\_init](#module\_velero\_workload\_identity\_init) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init | velero-workload-identity |
+| <a name="module_velero_aks_workload_identity"></a> [velero\_aks\_workload\_identity](#module\_velero\_aks\_workload\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero | v8.46.0 |
+| <a name="module_velero_workload_identity_init"></a> [velero\_workload\_identity\_init](#module\_velero\_workload\_identity\_init) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init | v8.46.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [azurerm_key_vault_secret.argocd_admin_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.argocd_admin_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_kubernetes_cluster_node_pool.spot_node_pool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource |
 | [azurerm_kubernetes_cluster_node_pool.user_nodepool_default](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource |
@@ -87,7 +86,6 @@ Re-enable all the resource, commented before to complete the procedure
 | [kubernetes_namespace.velero_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [null_resource.argocd_change_admin_password](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.create_vnet_core_aks_link](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_password.argocd_admin_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
 | [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
 | [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
@@ -98,6 +96,7 @@ Re-enable all the resource, commented before to complete the procedure
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 | [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_registry) | data source |
 | [azurerm_key_vault.kv_core_ita](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
+| [azurerm_key_vault_secret.argocd_admin_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source |
 | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
@@ -168,4 +167,4 @@ Re-enable all the resource, commented before to complete the procedure
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/aks-platform/argocd/argocd_application_games.yaml.tpl b/src/aks-platform/argocd/argocd_application_games.yaml.tpl