Skip to content

Commit

Permalink
Merge branch 'main' into aks-italy-prod-update
Browse files Browse the repository at this point in the history
  • Loading branch information
@diegolagospagopa
diegolagospagopa authored Jun 25, 2024
2 parents aa2562c + 8e742ae commit 56ac93c
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 92 deletions.
148 changes: 59 additions & 89 deletions src/core/appgateway.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ locals {
routes_apiupload = {
upload = {
listener = "upload"
backend = "apim"
backend = "apimupload"
rewrite_rule_set_name = "rewrite-rule-set-api"
}
}
Expand Down Expand Up @@ -284,12 +284,12 @@ locals {
backends_upload = {
apimupload = {
protocol = "Https"
host = trim(var.upload_endpoint_enabled ? azurerm_dns_a_record.dns_a_upload[0].fqdn : "", ".")
host = trim(var.upload_endpoint_enabled ? azurerm_dns_a_record.dns_a_api.fqdn : "", ".")
port = 443
ip_addresses = var.enabled_features.apim_v2 ? data.azurerm_api_management.apim_v2[0].private_ip_addresses : (var.enabled_features.apim_migrated ? data.azurerm_api_management.apim_migrated[0].private_ip_addresses : module.apim[0].private_ip_addresses)
fqdns = var.upload_endpoint_enabled ? [azurerm_dns_a_record.dns_a_upload[0].fqdn] : []
fqdns = var.upload_endpoint_enabled ? [azurerm_dns_a_record.dns_a_api.fqdn] : []
probe = "/status-0123456789abcdef"
probe_name = "probe-apim"
probe_name = "probe-apimupload"
request_timeout = 300 # long timeout for heavy api request ( ex. FDR flow managment, GPD upload, ... )
pick_host_name_from_backend = false
}
Expand Down Expand Up @@ -463,60 +463,60 @@ module "app_gw" {
response_header_configurations = []
url = null
},
# {
# name = "http-deny-path-only-to-upload-allowed-path"
# rule_sequence = 4
# conditions = [
# {
# variable = "var_host"
# pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain)
# ignore_case = true
# negate = false
# },
# {
# variable = "var_uri_path"
# pattern = join("|", var.app_gateway_allowed_paths_upload)
# ignore_case = true
# negate = true
# },
# ]
# request_header_configurations = []
# response_header_configurations = []
# url = {
# path = "notfound"
# query_string = null
# }
# },
# {
# name = "http-deny-path-only-upload-soap-fdr"
# rule_sequence = 4
# conditions = [
# {
# variable = "var_host"
# pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain)
# ignore_case = true
# negate = false
# },
# {
# variable = "http_req_Content-Type"
# pattern = "application/xml"
# ignore_case = true
# negate = false
# },
# {
# variable = "http_req_SOAPAction"
# pattern = join("|", var.app_gateway_allowed_fdr_soap_action)
# ignore_case = true
# negate = true
# },
# ]
# request_header_configurations = []
# response_header_configurations = []
# url = {
# path = "notfound"
# query_string = null
# }
# },
{
name = "http-deny-path-only-to-upload-allowed-path"
rule_sequence = 4
conditions = [
{
variable = "var_host"
pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain)
ignore_case = true
negate = false
},
{
variable = "var_uri_path"
pattern = join("|", var.app_gateway_allowed_paths_upload)
ignore_case = true
negate = true
},
]
request_header_configurations = []
response_header_configurations = []
url = {
path = "notfound"
query_string = null
}
},
{
name = "http-deny-path-only-upload-soap-fdr"
rule_sequence = 4
conditions = [
{
variable = "var_host"
pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain)
ignore_case = true
negate = false
},
{
variable = "http_req_Content-Type"
pattern = "application/xml"
ignore_case = true
negate = false
},
{
variable = "http_req_SOAPAction"
pattern = join("|", var.app_gateway_allowed_fdr_soap_action)
ignore_case = true
negate = true
},
]
request_header_configurations = []
response_header_configurations = []
url = {
path = "notfound"
query_string = null
}
},
]
},
{
Expand All @@ -540,37 +540,7 @@ module "app_gw" {
},
]
},
# {
# name = "rewrite-rule-set-fdr"
# rewrite_rules = [
# {
# name = "http-deny-path-only-fdr"
# rule_sequence = 4
# conditions = [
# {
# variable = "var_host"
# # pattern = join("|", var.app_gateway_deny_paths)
# pattern = "fdr.dev.platform.pagopa.it"
# ignore_case = true
# negate = false
# },
# {
# variable = "var_uri_path"
# # pattern = join("|", var.app_gateway_deny_paths)
# pattern = "/nodo/node-for-psp/*"
# ignore_case = true
# negate = false
# },
# ]
# request_header_configurations = []
# response_header_configurations = []
# url = {
# path = "notfound"
# query_string = null
# }
# },
# ]
# },

]
# TLS
identity_ids = [azurerm_user_assigned_identity.appgateway.id]
Expand Down
4 changes: 2 additions & 2 deletions src/core/env/prod/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ tags = {
# Feature flag
#
enabled_features = {
apim_v2 = true
apim_v2 = false
vnet_ita = false
node_forwarder_ha = true
apim_migrated = true
}

upload_endpoint_enabled = false
upload_endpoint_enabled = true
lock_enable = true

# monitoring
Expand Down
2 changes: 1 addition & 1 deletion src/next-core/env/prod/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ is_feature_enabled = {
dns_forwarder_lb = true,
postgres_private_dns = true,
apim_core_import = true
use_new_apim = true
use_new_apim = false
}

#
Expand Down

0 comments on commit 56ac93c

Please sign in to comment.