From 56f626c61574588e4c467dfafe3dfb4d84a13f78 Mon Sep 17 00:00:00 2001
From: Jacopo Carlini <jacopo.carlini@pagopa.it>
Date: Fri, 7 Feb 2025 11:45:49 +0100
Subject: [PATCH 1/2] chore(selfcare): new alerts moderate

---
 .../selfcare-app/00_alert_backoffice.tf       | 75 ++++++++++---------
 src/domains/selfcare-app/00_monitor.tf        |  5 ++
 src/domains/selfcare-app/99_locals.tf         |  9 ++-
 src/domains/selfcare-app/README.md            | 10 ++-
 src/next-core-secrets/README.md               | 10 +--
 .../secret/dev/noedit_secret_enc.json         |  5 +-
 src/next-core/00_key_vault.tf                 |  5 ++
 src/next-core/02_monitor.tf                   | 14 ++++
 src/next-core/README.md                       | 44 +++++------
 9 files changed, 104 insertions(+), 73 deletions(-)

diff --git a/src/domains/selfcare-app/00_alert_backoffice.tf b/src/domains/selfcare-app/00_alert_backoffice.tf
index 87efeb089e..fcf7b68ac9 100644
--- a/src/domains/selfcare-app/00_alert_backoffice.tf
+++ b/src/domains/selfcare-app/00_alert_backoffice.tf
@@ -18,43 +18,45 @@ locals {
   ]
 }
 
-#resource "azurerm_monitor_scheduled_query_rules_alert" "alert_pagopa-backoffice-responsetime" {
-#  for_each            = { for c in local.selfcare_services : c.base_path => c }
-#  resource_group_name = "dashboards"
-#  name                = "pagopa-${var.env_short}-alert_pagopa-backoffice-${each.value.name}-responsetime @ _backoffice"
-#  location            = var.location
-#
-#  action {
-#    action_group           = var.env_short == "p" ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
-#    email_subject          = "Backoffice Response Time"
-#    custom_webhook_payload = "{}"
-#  }
-#
-#  data_source_id = data.azurerm_api_management.apim.id
-#  description    = "Response time for ${each.value.base_path} is less than or equal to 2s"
-#  enabled        = true
-#  query = (<<-QUERY
-#let threshold = 2000;
-#AzureDiagnostics
-#| where url_s matches regex "${each.value.base_path}"
-#| summarize
-#    watermark=threshold,
-#    duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m)
-#| where duration_percentile_95 > threshold
-#  QUERY
-#  )
-#  severity    = 2
-#  frequency   = 5
-#  time_window = 10
-#  trigger {
-#    operator  = "GreaterThanOrEqual"
-#    threshold = 2
-#  }
-#}
+resource "azurerm_monitor_scheduled_query_rules_alert" "alert_pagopa-backoffice-responsetime" {
+  for_each = var.env_short == "p" ? { for c in local.selfcare_services : c.base_path => c } : {}
+
+  resource_group_name = "dashboards"
+  name                = "pagopa-${var.env_short}-alert_pagopa-backoffice-${each.value.name}-responsetime @ _backoffice"
+  location            = var.location
+
+  action {
+    action_group           = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack_pagamenti.id]
+    email_subject          = "Backoffice Response Time"
+    custom_webhook_payload = "{}"
+  }
+
+  data_source_id = data.azurerm_api_management.apim.id
+  description    = "Response time for ${each.value.base_path} is less than or equal to 2s"
+  enabled        = true
+  query = (<<-QUERY
+let threshold = 2000;
+AzureDiagnostics
+| where url_s matches regex "${each.value.base_path}"
+| summarize
+   watermark=threshold,
+   duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m)
+| where duration_percentile_95 > threshold
+ QUERY
+  )
+  severity    = 2
+  frequency   = 5
+  time_window = 10
+  trigger {
+    operator  = "GreaterThanOrEqual"
+    threshold = 2
+  }
+}
 
 
 resource "azurerm_monitor_scheduled_query_rules_alert" "alert-pagopa-backoffice-availability" {
-  for_each            = { for c in local.selfcare_services : c.base_path => c }
+  for_each = var.env_short == "p" ? { for c in local.selfcare_services : c.base_path => c } : {}
+
   resource_group_name = "dashboards"
   name                = "pagopa-${var.env_short}-alert_pagopa-backoffice-${each.value.name}-availability"
   location            = var.location
@@ -63,7 +65,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "alert-pagopa-backoffice-
     action_group = var.env_short == "p" ? [
       data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id,
       data.azurerm_monitor_action_group.opsgenie[0].id
-    ] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
+    ] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.slack_pagamenti.id]
     email_subject          = "Backoffice Availability"
     custom_webhook_payload = "{}"
   }
@@ -112,8 +114,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "alert-pagopa-backoffice-
   location            = var.location
 
   action {
-    # action_group           = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
-    action_group           = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
+    action_group           = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack_pagamenti.id]
     email_subject          = "Backoffice error while running brokerCiExport cron"
     custom_webhook_payload = "{}"
   }
diff --git a/src/domains/selfcare-app/00_monitor.tf b/src/domains/selfcare-app/00_monitor.tf
index 3290e3ae68..5174081519 100644
--- a/src/domains/selfcare-app/00_monitor.tf
+++ b/src/domains/selfcare-app/00_monitor.tf
@@ -17,6 +17,11 @@ data "azurerm_monitor_action_group" "slack" {
   name                = local.monitor_action_group_slack_name
 }
 
+data "azurerm_monitor_action_group" "slack_pagamenti" {
+  resource_group_name = var.monitor_resource_group_name
+  name                = local.monitor_action_group_slack_pagamenti_name
+}
+
 data "azurerm_monitor_action_group" "email" {
   resource_group_name = var.monitor_resource_group_name
   name                = local.monitor_action_group_email_name
diff --git a/src/domains/selfcare-app/99_locals.tf b/src/domains/selfcare-app/99_locals.tf
index a438230d9d..16eaaf391d 100644
--- a/src/domains/selfcare-app/99_locals.tf
+++ b/src/domains/selfcare-app/99_locals.tf
@@ -2,10 +2,11 @@ locals {
   product = "${var.prefix}-${var.env_short}"
   project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}"
 
-  monitor_action_group_slack_name    = "SlackPagoPA"
-  monitor_action_group_email_name    = "PagoPA"
-  monitor_action_group_opsgenie_name = "Opsgenie"
-  monitor_appinsights_name           = "${local.product}-appinsights"
+  monitor_action_group_slack_name           = "SlackPagoPA"
+  monitor_action_group_slack_pagamenti_name = "SlackPagamenti"
+  monitor_action_group_email_name           = "PagoPA"
+  monitor_action_group_opsgenie_name        = "Opsgenie"
+  monitor_appinsights_name                  = "${local.product}-appinsights"
 
   vnet_name                = "${local.product}-vnet"
   vnet_resource_group_name = "${local.product}-vnet-rg"
diff --git a/src/domains/selfcare-app/README.md b/src/domains/selfcare-app/README.md
index 8cb1504c4d..3866a2a3b6 100644
--- a/src/domains/selfcare-app/README.md
+++ b/src/domains/selfcare-app/README.md
@@ -53,6 +53,7 @@
 | [azurerm_monitor_scheduled_query_rules_alert.alert-pagopa-backoffice-brokerCiExport-cron-setup-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
 | [azurerm_monitor_scheduled_query_rules_alert.alert-pagopa-backoffice-brokerIbansExport-cron-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
 | [azurerm_monitor_scheduled_query_rules_alert.alert-pagopa-backoffice-brokerIbansExport-cron-setup-error](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
+| [azurerm_monitor_scheduled_query_rules_alert.alert_pagopa-backoffice-responsetime](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
 | [azurerm_resource_group.selfcare_fe_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_static_web_app.selfcare_backoffice_static_web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/static_web_app) | resource |
 | [azurerm_storage_container.pagopa_oidc_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
@@ -83,6 +84,7 @@
 | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
+| [azurerm_monitor_action_group.slack_pagamenti](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_resource_group.identity_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
@@ -110,14 +112,14 @@
 | <a name="input_log_analytics_workspace_name"></a> [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes |
 | <a name="input_log_analytics_workspace_resource_group_name"></a> [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
 | <a name="input_monitor_resource_group_name"></a> [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
-| <a name="input_pod_disruption_budgets"></a> [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | <pre>map(object({<br/>    name         = optional(string, null)<br/>    minAvailable = optional(number, null)<br/>    matchLabels  = optional(map(any), {})<br/>  }))</pre> | `{}` | no |
+| <a name="input_pod_disruption_budgets"></a> [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | <pre>map(object({<br>    name         = optional(string, null)<br>    minAvailable = optional(number, null)<br>    matchLabels  = optional(map(any), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
 | <a name="input_robots_indexed_paths"></a> [robots\_indexed\_paths](#input\_robots\_indexed\_paths) | List of cdn paths to allow robots index | `list(string)` | n/a | yes |
 | <a name="input_selfcare_fe_enabled"></a> [selfcare\_fe\_enabled](#input\_selfcare\_fe\_enabled) | selfcare FE enabled | `bool` | `false` | no |
 | <a name="input_selfcare_storage_replication_type"></a> [selfcare\_storage\_replication\_type](#input\_selfcare\_storage\_replication\_type) | (Optional) Selfcare cdn storage account replication type | `string` | `"GRS"` | no |
-| <a name="input_spa"></a> [spa](#input\_spa) | spa root dirs | `list(string)` | <pre>[<br/>  "ui"<br/>]</pre> | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/>  "CreatedBy": "Terraform"<br/>}</pre> | no |
-| <a name="input_tls_cert_check_helm"></a> [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | <pre>object({<br/>    chart_version = string,<br/>    image_name    = string,<br/>    image_tag     = string<br/>  })</pre> | n/a | yes |
+| <a name="input_spa"></a> [spa](#input\_spa) | spa root dirs | `list(string)` | <pre>[<br>  "ui"<br>]</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br>  "CreatedBy": "Terraform"<br>}</pre> | no |
+| <a name="input_tls_cert_check_helm"></a> [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | <pre>object({<br>    chart_version = string,<br>    image_name    = string,<br>    image_tag     = string<br>  })</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/src/next-core-secrets/README.md b/src/next-core-secrets/README.md
index d98162a340..4e0ec63c8e 100644
--- a/src/next-core-secrets/README.md
+++ b/src/next-core-secrets/README.md
@@ -39,14 +39,14 @@ No modules.
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
 | <a name="input_input_file"></a> [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes |
 | <a name="input_instance"></a> [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
-| <a name="input_kv-certificate-permissions-read"></a> [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "GetIssuers",<br/>  "List",<br/>  "ListIssuers"<br/>]</pre> | no |
-| <a name="input_kv-key-permissions-read"></a> [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
-| <a name="input_kv-secret-permissions-read"></a> [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
-| <a name="input_kv-storage-permissions-read"></a> [kv-storage-permissions-read](#input\_kv-storage-permissions-read) | List of read storage permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "GetSAS",<br/>  "List",<br/>  "ListSAS"<br/>]</pre> | no |
+| <a name="input_kv-certificate-permissions-read"></a> [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | <pre>[<br>  "Get",<br>  "GetIssuers",<br>  "List",<br>  "ListIssuers"<br>]</pre> | no |
+| <a name="input_kv-key-permissions-read"></a> [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | <pre>[<br>  "Get",<br>  "List"<br>]</pre> | no |
+| <a name="input_kv-secret-permissions-read"></a> [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | <pre>[<br>  "Get",<br>  "List"<br>]</pre> | no |
+| <a name="input_kv-storage-permissions-read"></a> [kv-storage-permissions-read](#input\_kv-storage-permissions-read) | List of read storage permissions | `list(string)` | <pre>[<br>  "Get",<br>  "GetSAS",<br>  "List",<br>  "ListSAS"<br>]</pre> | no |
 | <a name="input_location"></a> [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
 | <a name="input_location_short"></a> [location\_short](#input\_location\_short) | Default weu | `string` | `"weu"` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/>  "CreatedBy": "Terraform"<br/>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br>  "CreatedBy": "Terraform"<br>}</pre> | no |
 
 ## Outputs
 
diff --git a/src/next-core-secrets/secret/dev/noedit_secret_enc.json b/src/next-core-secrets/secret/dev/noedit_secret_enc.json
index 43ddc5dfe3..a4c70e24eb 100644
--- a/src/next-core-secrets/secret/dev/noedit_secret_enc.json
+++ b/src/next-core-secrets/secret/dev/noedit_secret_enc.json
@@ -1,6 +1,7 @@
 {
 	"gh-runner-job-pat": "ENC[AES256_GCM,data:QKm6Fp7PbJe2eMhbeAF+AxDI2bksEB34smWmJGxbdst3lP61EBsUQw==,iv:2hLQkmvSATpBE37LyGkN1l6rr3XpbKb7MbpVYlUbeMg=,tag:aMihkm8AzqIqkJvMgKqSfA==,type:str]",
 	"synthetic-monitoring-nodo-subscription-key": "ENC[AES256_GCM,data:Bo28SEKBYhshLs2s3EsQhF5hBoieyevQA8lmYqBUgL8=,iv:fDU9nwUcOybHPbxHRWWxr6bjJK8KHecq1AyxMATqSn0=,tag:xNUV5mw3sAL0QlshNAcWeg==,type:str]",
+	"monitor-notification-slack-pagamenti-alert-email": "ENC[AES256_GCM,data:+0nUK37xx5fJdM1hhLkpvnhOPFJ1qocdfrrazaFi0L8UAU3DH61JeWskg/1vm7jZQBEW3X/NmqEUkPHwAqnkn1CO1Wo=,iv:KHjEx1ie15KlJFkPfEkXCGAqd3VrLteGNqaOEQKq0pQ=,tag:6/kIHDisKqFc2irdkco19g==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -15,8 +16,8 @@
 		],
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-12-05T09:05:04Z",
-		"mac": "ENC[AES256_GCM,data:4nGIVYu5dIkN1qss9WQ+yJ52iyYyuxSrWWTuuHytjUs/xzFz8eY7WB3yxSrHsL/f3E58kG3dsbwm7CH33Z6T0KF1dwDe8zhxHSS+HBNlVQku8qHuFoZ/5PqrK+7yUWTXELug0wa1O3PIFXLc8In753YgheKdVXuiMtg0utl8IXk=,iv:NUOmsKc9CY2WcKCGVoh/V2go+fzq5upEyuvQ0zEPfnE=,tag:wBR+93fOPUXpf0zmFr7LLw==,type:str]",
+		"lastmodified": "2025-02-07T09:44:13Z",
+		"mac": "ENC[AES256_GCM,data:c8dCjBX7FF1ZTqxeZymHcILirwtNNaUeYgAv9EOZhguu51XAPLR18h7lOKsJhIwIkZMQGmQMJtm76FvdbsqxyN6RqvOTdPQiYP5JT9NS7DcF2ELgXDMl5E1ca0XqB/ZXHvaCZrmL2KHpDA4WfilGn/A92NdE7udtuM8QtzwxFz4=,iv:SzXvKvmYigyTA3ob1vtflaXysCu2XFgrcY50buYsEOk=,tag:/yjH13Y9SYu6H7O96bF3Jw==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"
diff --git a/src/next-core/00_key_vault.tf b/src/next-core/00_key_vault.tf
index 5a3fa062d3..cb3a60f81a 100644
--- a/src/next-core/00_key_vault.tf
+++ b/src/next-core/00_key_vault.tf
@@ -121,6 +121,11 @@ data "azurerm_key_vault_secret" "monitor_notification_slack_email" {
   key_vault_id = module.key_vault.id
 }
 
+data "azurerm_key_vault_secret" "monitor_notification_slack_pagamenti_alert_email" {
+  name         = "monitor-notification-slack-pagamenti-alert-email"
+  key_vault_id = module.key_vault.id
+}
+
 data "azurerm_key_vault_secret" "monitor_mo_notification_email" {
   name         = "monitor-mo-notification-email"
   key_vault_id = module.key_vault.id
diff --git a/src/next-core/02_monitor.tf b/src/next-core/02_monitor.tf
index dd0d2985f2..5290cacb24 100644
--- a/src/next-core/02_monitor.tf
+++ b/src/next-core/02_monitor.tf
@@ -65,6 +65,20 @@ resource "azurerm_monitor_action_group" "slack" {
   tags = var.tags
 }
 
+resource "azurerm_monitor_action_group" "slack_pagamenti_alert" {
+  name                = "SlackPagamenti"
+  resource_group_name = azurerm_resource_group.monitor_rg.name
+  short_name          = "SlackPay"
+
+  email_receiver {
+    name                    = "sendtoslackpagamentialert"
+    email_address           = data.azurerm_key_vault_secret.monitor_notification_slack_pagamenti_alert_email.value
+    use_common_alert_schema = true
+  }
+
+  tags = var.tags
+}
+
 resource "azurerm_monitor_action_group" "mo_email" {
   name                = "MoManagement"
   resource_group_name = azurerm_resource_group.monitor_rg.name
diff --git a/src/next-core/README.md b/src/next-core/README.md
index 422772a830..699f9c4adb 100644
--- a/src/next-core/README.md
+++ b/src/next-core/README.md
@@ -170,6 +170,7 @@
 | [azurerm_monitor_action_group.new_conn_srv_opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
 | [azurerm_monitor_action_group.pm_opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
+| [azurerm_monitor_action_group.slack_pagamenti_alert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
 | [azurerm_monitor_autoscale_setting.node_forwarder_app_service_autoscale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
 | [azurerm_monitor_autoscale_setting.node_forwarder_dbg_app_service_autoscale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
 | [azurerm_monitor_diagnostic_setting.activity_log](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
@@ -312,6 +313,7 @@
 | [azurerm_key_vault_secret.monitor_new_conn_srv_webhook_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.monitor_notification_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.monitor_notification_slack_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
+| [azurerm_key_vault_secret.monitor_notification_slack_pagamenti_alert_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.monitor_pm_opsgenie_webhook_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.opsgenie_infra_webhook_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_key_vault_secret.password_pm_test_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
@@ -339,15 +341,15 @@
 | <a name="input_apim_enable_nm3_decoupler_switch"></a> [apim\_enable\_nm3\_decoupler\_switch](#input\_apim\_enable\_nm3\_decoupler\_switch) | Enable switch backend address in NM3 algorithm logic | `bool` | `false` | no |
 | <a name="input_apim_enable_routing_decoupler_switch"></a> [apim\_enable\_routing\_decoupler\_switch](#input\_apim\_enable\_routing\_decoupler\_switch) | Enable switch backend address in Routing algorithm logic | `bool` | `false` | no |
 | <a name="input_apim_v2_alerts_enabled"></a> [apim\_v2\_alerts\_enabled](#input\_apim\_v2\_alerts\_enabled) | Enable alerts | `bool` | `true` | no |
-| <a name="input_apim_v2_autoscale"></a> [apim\_v2\_autoscale](#input\_apim\_v2\_autoscale) | Configure Apim autoscale on capacity metric | <pre>object(<br/>    {<br/>      enabled                       = bool<br/>      default_instances             = number<br/>      minimum_instances             = number<br/>      maximum_instances             = number<br/>      scale_out_capacity_percentage = number<br/>      scale_out_time_window         = string<br/>      scale_out_value               = string<br/>      scale_out_cooldown            = string<br/>      scale_in_capacity_percentage  = number<br/>      scale_in_time_window          = string<br/>      scale_in_value                = string<br/>      scale_in_cooldown             = string<br/>    }<br/>  )</pre> | <pre>{<br/>  "default_instances": 1,<br/>  "enabled": false,<br/>  "maximum_instances": 5,<br/>  "minimum_instances": 1,<br/>  "scale_in_capacity_percentage": 30,<br/>  "scale_in_cooldown": "PT30M",<br/>  "scale_in_time_window": "PT30M",<br/>  "scale_in_value": "1",<br/>  "scale_out_capacity_percentage": 60,<br/>  "scale_out_cooldown": "PT45M",<br/>  "scale_out_time_window": "PT10M",<br/>  "scale_out_value": "2"<br/>}</pre> | no |
+| <a name="input_apim_v2_autoscale"></a> [apim\_v2\_autoscale](#input\_apim\_v2\_autoscale) | Configure Apim autoscale on capacity metric | <pre>object(<br>    {<br>      enabled                       = bool<br>      default_instances             = number<br>      minimum_instances             = number<br>      maximum_instances             = number<br>      scale_out_capacity_percentage = number<br>      scale_out_time_window         = string<br>      scale_out_value               = string<br>      scale_out_cooldown            = string<br>      scale_in_capacity_percentage  = number<br>      scale_in_time_window          = string<br>      scale_in_value                = string<br>      scale_in_cooldown             = string<br>    }<br>  )</pre> | <pre>{<br>  "default_instances": 1,<br>  "enabled": false,<br>  "maximum_instances": 5,<br>  "minimum_instances": 1,<br>  "scale_in_capacity_percentage": 30,<br>  "scale_in_cooldown": "PT30M",<br>  "scale_in_time_window": "PT30M",<br>  "scale_in_value": "1",<br>  "scale_out_capacity_percentage": 60,<br>  "scale_out_cooldown": "PT45M",<br>  "scale_out_time_window": "PT10M",<br>  "scale_out_value": "2"<br>}</pre> | no |
 | <a name="input_apim_v2_publisher_name"></a> [apim\_v2\_publisher\_name](#input\_apim\_v2\_publisher\_name) | n/a | `string` | n/a | yes |
 | <a name="input_apim_v2_sku"></a> [apim\_v2\_sku](#input\_apim\_v2\_sku) | n/a | `string` | n/a | yes |
 | <a name="input_apim_v2_subnet_nsg_security_rules"></a> [apim\_v2\_subnet\_nsg\_security\_rules](#input\_apim\_v2\_subnet\_nsg\_security\_rules) | Network security rules for APIM subnet | `list(any)` | n/a | yes |
-| <a name="input_apim_v2_zones"></a> [apim\_v2\_zones](#input\_apim\_v2\_zones) | (Optional) Zones in which the apim will be deployed | `list(string)` | <pre>[<br/>  "1"<br/>]</pre> | no |
+| <a name="input_apim_v2_zones"></a> [apim\_v2\_zones](#input\_apim\_v2\_zones) | (Optional) Zones in which the apim will be deployed | `list(string)` | <pre>[<br>  "1"<br>]</pre> | no |
 | <a name="input_app_gateway_alerts_enabled"></a> [app\_gateway\_alerts\_enabled](#input\_app\_gateway\_alerts\_enabled) | Enable alerts | `bool` | `true` | no |
-| <a name="input_app_gateway_allowed_fdr_soap_action"></a> [app\_gateway\_allowed\_fdr\_soap\_action](#input\_app\_gateway\_allowed\_fdr\_soap\_action) | Allowed SOAPAction header for upload platform fqdn | `list(string)` | <pre>[<br/>  "nodoInviaFlussoRendicontazione",<br/>  "nodoChiediFlussoRendicontazione",<br/>  "nodoChiediElencoFlussiRendicontazione"<br/>]</pre> | no |
-| <a name="input_app_gateway_allowed_paths_pagopa_onprem_only"></a> [app\_gateway\_allowed\_paths\_pagopa\_onprem\_only](#input\_app\_gateway\_allowed\_paths\_pagopa\_onprem\_only) | Allowed paths from pagopa onprem only | <pre>object({<br/>    paths = list(string)<br/>    ips   = list(string)<br/>  })</pre> | n/a | yes |
-| <a name="input_app_gateway_allowed_paths_upload"></a> [app\_gateway\_allowed\_paths\_upload](#input\_app\_gateway\_allowed\_paths\_upload) | Allowed paths from pagopa for upload platform fqdn | `list(string)` | <pre>[<br/>  "/upload/gpd/.*",<br/>  "/nodo-auth/node-for-psp/.*",<br/>  "/nodo-auth/nodo-per-psp/.*",<br/>  "/nodo/nodo-per-psp/.*",<br/>  "/fdr-legacy/nodo-per-pa/.*",<br/>  "/nodo/nodo-per-pa/.*",<br/>  "/nodo-auth/nodo-per-pa/.*",<br/>  "/nodo-auth/node-for-pa/.*",<br/>  "/nodo/node-for-psp/.*"<br/>]</pre> | no |
+| <a name="input_app_gateway_allowed_fdr_soap_action"></a> [app\_gateway\_allowed\_fdr\_soap\_action](#input\_app\_gateway\_allowed\_fdr\_soap\_action) | Allowed SOAPAction header for upload platform fqdn | `list(string)` | <pre>[<br>  "nodoInviaFlussoRendicontazione",<br>  "nodoChiediFlussoRendicontazione",<br>  "nodoChiediElencoFlussiRendicontazione"<br>]</pre> | no |
+| <a name="input_app_gateway_allowed_paths_pagopa_onprem_only"></a> [app\_gateway\_allowed\_paths\_pagopa\_onprem\_only](#input\_app\_gateway\_allowed\_paths\_pagopa\_onprem\_only) | Allowed paths from pagopa onprem only | <pre>object({<br>    paths = list(string)<br>    ips   = list(string)<br>  })</pre> | n/a | yes |
+| <a name="input_app_gateway_allowed_paths_upload"></a> [app\_gateway\_allowed\_paths\_upload](#input\_app\_gateway\_allowed\_paths\_upload) | Allowed paths from pagopa for upload platform fqdn | `list(string)` | <pre>[<br>  "/upload/gpd/.*",<br>  "/nodo-auth/node-for-psp/.*",<br>  "/nodo-auth/nodo-per-psp/.*",<br>  "/nodo/nodo-per-psp/.*",<br>  "/fdr-legacy/nodo-per-pa/.*",<br>  "/nodo/nodo-per-pa/.*",<br>  "/nodo-auth/nodo-per-pa/.*",<br>  "/nodo-auth/node-for-pa/.*",<br>  "/nodo/node-for-psp/.*"<br>]</pre> | no |
 | <a name="input_app_gateway_api_certificate_name"></a> [app\_gateway\_api\_certificate\_name](#input\_app\_gateway\_api\_certificate\_name) | Application gateway api certificate name on Key Vault | `string` | n/a | yes |
 | <a name="input_app_gateway_deny_paths"></a> [app\_gateway\_deny\_paths](#input\_app\_gateway\_deny\_paths) | Deny paths on app gateway | `list(string)` | `[]` | no |
 | <a name="input_app_gateway_deny_paths_2"></a> [app\_gateway\_deny\_paths\_2](#input\_app\_gateway\_deny\_paths\_2) | Deny paths on app gateway | `list(string)` | `[]` | no |
@@ -393,14 +395,14 @@
 | <a name="input_cidr_subnet_eventhub"></a> [cidr\_subnet\_eventhub](#input\_cidr\_subnet\_eventhub) | Address prefixes subnet eventhub | `list(string)` | `null` | no |
 | <a name="input_cidr_subnet_loadtest_agent"></a> [cidr\_subnet\_loadtest\_agent](#input\_cidr\_subnet\_loadtest\_agent) | LoadTest Agent Pool address space | `list(string)` | `null` | no |
 | <a name="input_cidr_subnet_node_forwarder"></a> [cidr\_subnet\_node\_forwarder](#input\_cidr\_subnet\_node\_forwarder) | Address prefixes subnet node forwarder | `list(string)` | `null` | no |
-| <a name="input_cidr_subnet_redis"></a> [cidr\_subnet\_redis](#input\_cidr\_subnet\_redis) | Redis network address space. | `list(string)` | <pre>[<br/>  "10.1.163.0/24"<br/>]</pre> | no |
+| <a name="input_cidr_subnet_redis"></a> [cidr\_subnet\_redis](#input\_cidr\_subnet\_redis) | Redis network address space. | `list(string)` | <pre>[<br>  "10.1.163.0/24"<br>]</pre> | no |
 | <a name="input_cidr_subnet_tools_cae"></a> [cidr\_subnet\_tools\_cae](#input\_cidr\_subnet\_tools\_cae) | Tool container app env, network address space. | `list(string)` | n/a | yes |
-| <a name="input_cidr_subnet_vpn"></a> [cidr\_subnet\_vpn](#input\_cidr\_subnet\_vpn) | VPN network address space. | `list(string)` | <pre>[<br/>  ""<br/>]</pre> | no |
+| <a name="input_cidr_subnet_vpn"></a> [cidr\_subnet\_vpn](#input\_cidr\_subnet\_vpn) | VPN network address space. | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 | <a name="input_cidr_vnet"></a> [cidr\_vnet](#input\_cidr\_vnet) | Virtual network address space. | `list(string)` | n/a | yes |
 | <a name="input_cidr_vnet_integration"></a> [cidr\_vnet\_integration](#input\_cidr\_vnet\_integration) | Virtual network to peer with sia subscription. It should host apim | `list(string)` | n/a | yes |
 | <a name="input_cidr_vnet_italy"></a> [cidr\_vnet\_italy](#input\_cidr\_vnet\_italy) | Address prefixes for vnet in italy. | `list(string)` | n/a | yes |
 | <a name="input_create_redis_multiaz"></a> [create\_redis\_multiaz](#input\_create\_redis\_multiaz) | (Optional) true if a multi az premium instance of redis is required | `bool` | `false` | no |
-| <a name="input_ddos_protection_plan"></a> [ddos\_protection\_plan](#input\_ddos\_protection\_plan) | Network | <pre>object({<br/>    id     = string<br/>    enable = bool<br/>  })</pre> | `null` | no |
+| <a name="input_ddos_protection_plan"></a> [ddos\_protection\_plan](#input\_ddos\_protection\_plan) | Network | <pre>object({<br>    id     = string<br>    enable = bool<br>  })</pre> | `null` | no |
 | <a name="input_default_node_id"></a> [default\_node\_id](#input\_default\_node\_id) | Default NodeId according to default base url | `string` | n/a | yes |
 | <a name="input_devops_agent_balance_zones"></a> [devops\_agent\_balance\_zones](#input\_devops\_agent\_balance\_zones) | (Optional) True if the devops agent instances must be evenly balanced between the configured zones | `bool` | `false` | no |
 | <a name="input_devops_agent_zones"></a> [devops\_agent\_zones](#input\_devops\_agent\_zones) | (Optional) List of zones in which the scale set for azdo agent will be deployed | `list(number)` | `null` | no |
@@ -425,7 +427,7 @@
 | <a name="input_ehns_auto_inflate_enabled"></a> [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | `false` | no |
 | <a name="input_ehns_capacity"></a> [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | `null` | no |
 | <a name="input_ehns_maximum_throughput_units"></a> [ehns\_maximum\_throughput\_units](#input\_ehns\_maximum\_throughput\_units) | Specifies the maximum number of throughput units when Auto Inflate is Enabled | `number` | `null` | no |
-| <a name="input_ehns_metric_alerts"></a> [ehns\_metric\_alerts](#input\_ehns\_metric\_alerts) | Map of name = criteria objects | <pre>map(object({<br/>    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]<br/>    aggregation = string<br/>    metric_name = string<br/>    description = string<br/>    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]<br/>    operator  = string<br/>    threshold = number<br/>    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H<br/>    frequency = string<br/>    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.<br/>    window_size = string<br/><br/>    dimension = list(object(<br/>      {<br/>        name     = string<br/>        operator = string<br/>        values   = list(string)<br/>      }<br/>    ))<br/>  }))</pre> | `{}` | no |
+| <a name="input_ehns_metric_alerts"></a> [ehns\_metric\_alerts](#input\_ehns\_metric\_alerts) | Map of name = criteria objects | <pre>map(object({<br>    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]<br>    aggregation = string<br>    metric_name = string<br>    description = string<br>    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]<br>    operator  = string<br>    threshold = number<br>    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H<br>    frequency = string<br>    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.<br>    window_size = string<br><br>    dimension = list(object(<br>      {<br>        name     = string<br>        operator = string<br>        values   = list(string)<br>      }<br>    ))<br>  }))</pre> | `{}` | no |
 | <a name="input_ehns_public_network_access"></a> [ehns\_public\_network\_access](#input\_ehns\_public\_network\_access) | (Required) enables public network access to the event hubs | `bool` | n/a | yes |
 | <a name="input_ehns_sku_name"></a> [ehns\_sku\_name](#input\_ehns\_sku\_name) | Defines which tier to use. | `string` | `"Standard"` | no |
 | <a name="input_ehns_zone_redundant"></a> [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | `false` | no |
@@ -433,11 +435,11 @@
 | <a name="input_enable_node_forwarder_debug_instance"></a> [enable\_node\_forwarder\_debug\_instance](#input\_enable\_node\_forwarder\_debug\_instance) | Enable the creation of a separate 'debug' instance of node forwarder | `bool` | `false` | no |
 | <a name="input_env"></a> [env](#input\_env) | n/a | `string` | n/a | yes |
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
-| <a name="input_eventhubs_03"></a> [eventhubs\_03](#input\_eventhubs\_03) | A list of event hubs to add to namespace. | <pre>list(object({<br/>    name              = string<br/>    partitions        = number<br/>    message_retention = number<br/>    consumers         = list(string)<br/>    keys = list(object({<br/>      name   = string<br/>      listen = bool<br/>      send   = bool<br/>      manage = bool<br/>    }))<br/>  }))</pre> | `[]` | no |
-| <a name="input_eventhubs_04"></a> [eventhubs\_04](#input\_eventhubs\_04) | A list of event hubs to add to namespace. | <pre>list(object({<br/>    name              = string<br/>    partitions        = number<br/>    message_retention = number<br/>    consumers         = list(string)<br/>    keys = list(object({<br/>      name   = string<br/>      listen = bool<br/>      send   = bool<br/>      manage = bool<br/>    }))<br/>  }))</pre> | `[]` | no |
+| <a name="input_eventhubs_03"></a> [eventhubs\_03](#input\_eventhubs\_03) | A list of event hubs to add to namespace. | <pre>list(object({<br>    name              = string<br>    partitions        = number<br>    message_retention = number<br>    consumers         = list(string)<br>    keys = list(object({<br>      name   = string<br>      listen = bool<br>      send   = bool<br>      manage = bool<br>    }))<br>  }))</pre> | `[]` | no |
+| <a name="input_eventhubs_04"></a> [eventhubs\_04](#input\_eventhubs\_04) | A list of event hubs to add to namespace. | <pre>list(object({<br>    name              = string<br>    partitions        = number<br>    message_retention = number<br>    consumers         = list(string)<br>    keys = list(object({<br>      name   = string<br>      listen = bool<br>      send   = bool<br>      manage = bool<br>    }))<br>  }))</pre> | `[]` | no |
 | <a name="input_external_domain"></a> [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `"pagopa.it"` | no |
 | <a name="input_geo_replica_cidr_vnet"></a> [geo\_replica\_cidr\_vnet](#input\_geo\_replica\_cidr\_vnet) | (Required) Cidr block for replica vnet address space | `list(string)` | `null` | no |
-| <a name="input_geo_replica_ddos_protection_plan"></a> [geo\_replica\_ddos\_protection\_plan](#input\_geo\_replica\_ddos\_protection\_plan) | n/a | <pre>object({<br/>    id     = string<br/>    enable = bool<br/>  })</pre> | `null` | no |
+| <a name="input_geo_replica_ddos_protection_plan"></a> [geo\_replica\_ddos\_protection\_plan](#input\_geo\_replica\_ddos\_protection\_plan) | n/a | <pre>object({<br>    id     = string<br>    enable = bool<br>  })</pre> | `null` | no |
 | <a name="input_geo_replica_enabled"></a> [geo\_replica\_enabled](#input\_geo\_replica\_enabled) | (Optional) True if geo replica should be active for key data components i.e. PostgreSQL Flexible servers | `bool` | `false` | no |
 | <a name="input_geo_replica_location"></a> [geo\_replica\_location](#input\_geo\_replica\_location) | (Optional) Location of the geo replica | `string` | `"northeurope"` | no |
 | <a name="input_geo_replica_location_short"></a> [geo\_replica\_location\_short](#input\_geo\_replica\_location\_short) | (Optional) Short Location of the geo replica | `string` | `"neu"` | no |
@@ -455,7 +457,7 @@
 | <a name="input_integration_app_gateway_waf_enabled"></a> [integration\_app\_gateway\_waf\_enabled](#input\_integration\_app\_gateway\_waf\_enabled) | Enable waf | `bool` | `false` | no |
 | <a name="input_integration_appgateway_private_ip"></a> [integration\_appgateway\_private\_ip](#input\_integration\_appgateway\_private\_ip) | Integration app gateway private ip | `string` | n/a | yes |
 | <a name="input_integration_appgateway_zones"></a> [integration\_appgateway\_zones](#input\_integration\_appgateway\_zones) | Integration app gateway private ip | `list(number)` | n/a | yes |
-| <a name="input_is_feature_enabled"></a> [is\_feature\_enabled](#input\_is\_feature\_enabled) | Features enabled in this domain | <pre>object({<br/>    vnet_ita                  = bool,<br/>    container_app_tools_cae   = optional(bool, false),<br/>    node_forwarder_ha_enabled = bool<br/>    vpn                       = optional(bool, false)<br/>    dns_forwarder_lb          = optional(bool, false)<br/>    postgres_private_dns      = bool<br/>    azdoa                     = optional(bool, true)<br/>    apim_core_import          = optional(bool, false)<br/>    use_new_apim              = optional(bool, false)<br/>    azdoa_extension           = optional(bool, false)<br/>  })</pre> | n/a | yes |
+| <a name="input_is_feature_enabled"></a> [is\_feature\_enabled](#input\_is\_feature\_enabled) | Features enabled in this domain | <pre>object({<br>    vnet_ita                  = bool,<br>    container_app_tools_cae   = optional(bool, false),<br>    node_forwarder_ha_enabled = bool<br>    vpn                       = optional(bool, false)<br>    dns_forwarder_lb          = optional(bool, false)<br>    postgres_private_dns      = bool<br>    azdoa                     = optional(bool, true)<br>    apim_core_import          = optional(bool, false)<br>    use_new_apim              = optional(bool, false)<br>    azdoa_extension           = optional(bool, false)<br>  })</pre> | n/a | yes |
 | <a name="input_law_daily_quota_gb"></a> [law\_daily\_quota\_gb](#input\_law\_daily\_quota\_gb) | The workspace daily quota for ingestion in GB. | `number` | `-1` | no |
 | <a name="input_law_retention_in_days"></a> [law\_retention\_in\_days](#input\_law\_retention\_in\_days) | The workspace data retention in days | `number` | `30` | no |
 | <a name="input_law_sku"></a> [law\_sku](#input\_law\_sku) | Sku of the Log Analytics Workspace | `string` | `"PerGB2018"` | no |
@@ -469,7 +471,7 @@
 | <a name="input_log_analytics_workspace_resource_group_name"></a> [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
 | <a name="input_logos_backup_retention"></a> [logos\_backup\_retention](#input\_logos\_backup\_retention) | (Optional) Blob backup retention | `number` | `7` | no |
 | <a name="input_logos_donations_storage_account_replication_type"></a> [logos\_donations\_storage\_account\_replication\_type](#input\_logos\_donations\_storage\_account\_replication\_type) | (Optional) Logos donations storage account replication type | `string` | `"LRS"` | no |
-| <a name="input_monitor_env_test_urls"></a> [monitor\_env\_test\_urls](#input\_monitor\_env\_test\_urls) | (Optional) Environment specific standard web tests urls to be created in addition to locals.test\_urls | <pre>list(object({<br/>    host          = string<br/>    path          = string<br/>    alert_enabled = optional(bool, true)<br/>  }))</pre> | `[]` | no |
+| <a name="input_monitor_env_test_urls"></a> [monitor\_env\_test\_urls](#input\_monitor\_env\_test\_urls) | (Optional) Environment specific standard web tests urls to be created in addition to locals.test\_urls | <pre>list(object({<br>    host          = string<br>    path          = string<br>    alert_enabled = optional(bool, true)<br>  }))</pre> | `[]` | no |
 | <a name="input_monitor_resource_group_name"></a> [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
 | <a name="input_nat_gateway_enabled"></a> [nat\_gateway\_enabled](#input\_nat\_gateway\_enabled) | Nat Gateway enabled | `bool` | `true` | no |
 | <a name="input_nat_gateway_public_ips"></a> [nat\_gateway\_public\_ips](#input\_nat\_gateway\_public\_ips) | Number of public outbound ips | `number` | `1` | no |
@@ -482,21 +484,21 @@
 | <a name="input_node_fw_ha_snet_cidr"></a> [node\_fw\_ha\_snet\_cidr](#input\_node\_fw\_ha\_snet\_cidr) | (Required) node forwarder ha subnet cidr block | `list(string)` | `null` | no |
 | <a name="input_nodo_pagamenti_ec"></a> [nodo\_pagamenti\_ec](#input\_nodo\_pagamenti\_ec) | EC' black list nodo pagamenti (separate comma list). | `string` | `","` | no |
 | <a name="input_nodo_pagamenti_psp"></a> [nodo\_pagamenti\_psp](#input\_nodo\_pagamenti\_psp) | PSP' white list nodo pagamenti (separate comma list) . | `string` | `","` | no |
-| <a name="input_platform_private_dns_zone_records"></a> [platform\_private\_dns\_zone\_records](#input\_platform\_private\_dns\_zone\_records) | List of records to add into the platform.pagopa.it dns private | `list(string)` | <pre>[<br/>  "api",<br/>  "portal",<br/>  "management"<br/>]</pre> | no |
+| <a name="input_platform_private_dns_zone_records"></a> [platform\_private\_dns\_zone\_records](#input\_platform\_private\_dns\_zone\_records) | List of records to add into the platform.pagopa.it dns private | `list(string)` | <pre>[<br>  "api",<br>  "portal",<br>  "management"<br>]</pre> | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
 | <a name="input_private_dns_zone_db_nodo_pagamenti"></a> [private\_dns\_zone\_db\_nodo\_pagamenti](#input\_private\_dns\_zone\_db\_nodo\_pagamenti) | n/a | `string` | `"dev.db-nodo-pagamenti.com"` | no |
 | <a name="input_redis_cache_enabled"></a> [redis\_cache\_enabled](#input\_redis\_cache\_enabled) | redis cache enabled | `bool` | `false` | no |
-| <a name="input_redis_cache_params"></a> [redis\_cache\_params](#input\_redis\_cache\_params) | # Redis cache | <pre>object({<br/>    public_access = bool<br/>    capacity      = number<br/>    sku_name      = string<br/>    family        = string<br/>  })</pre> | <pre>{<br/>  "capacity": 1,<br/>  "family": "C",<br/>  "public_access": false,<br/>  "sku_name": "Basic"<br/>}</pre> | no |
+| <a name="input_redis_cache_params"></a> [redis\_cache\_params](#input\_redis\_cache\_params) | # Redis cache | <pre>object({<br>    public_access = bool<br>    capacity      = number<br>    sku_name      = string<br>    family        = string<br>  })</pre> | <pre>{<br>  "capacity": 1,<br>  "family": "C",<br>  "public_access": false,<br>  "sku_name": "Basic"<br>}</pre> | no |
 | <a name="input_redis_private_endpoint_enabled"></a> [redis\_private\_endpoint\_enabled](#input\_redis\_private\_endpoint\_enabled) | Enable private endpoints for redis instances? | `bool` | `true` | no |
 | <a name="input_redis_version"></a> [redis\_version](#input\_redis\_version) | The version of Redis to use: 4 (deprecated) or 6 | `string` | `"6"` | no |
-| <a name="input_redis_zones"></a> [redis\_zones](#input\_redis\_zones) | (Optional) Zone list where redis will be deployed | `list(string)` | <pre>[<br/>  "1"<br/>]</pre> | no |
-| <a name="input_route_table_peering_sia_additional_routes"></a> [route\_table\_peering\_sia\_additional\_routes](#input\_route\_table\_peering\_sia\_additional\_routes) | (Optional) additional routes for route table peering sia | <pre>list(object({<br/>    address_prefix         = string<br/>    name                   = string<br/>    next_hop_in_ip_address = string<br/>    next_hop_type          = string<br/>    }<br/>  ))</pre> | `[]` | no |
-| <a name="input_route_tools"></a> [route\_tools](#input\_route\_tools) | AKS routing table | <pre>list(object({<br/>    name                   = string<br/>    address_prefix         = string<br/>    next_hop_type          = string<br/>    next_hop_in_ip_address = string<br/>  }))</pre> | n/a | yes |
+| <a name="input_redis_zones"></a> [redis\_zones](#input\_redis\_zones) | (Optional) Zone list where redis will be deployed | `list(string)` | <pre>[<br>  "1"<br>]</pre> | no |
+| <a name="input_route_table_peering_sia_additional_routes"></a> [route\_table\_peering\_sia\_additional\_routes](#input\_route\_table\_peering\_sia\_additional\_routes) | (Optional) additional routes for route table peering sia | <pre>list(object({<br>    address_prefix         = string<br>    name                   = string<br>    next_hop_in_ip_address = string<br>    next_hop_type          = string<br>    }<br>  ))</pre> | `[]` | no |
+| <a name="input_route_tools"></a> [route\_tools](#input\_route\_tools) | AKS routing table | <pre>list(object({<br>    name                   = string<br>    address_prefix         = string<br>    next_hop_type          = string<br>    next_hop_in_ip_address = string<br>  }))</pre> | n/a | yes |
 | <a name="input_schema_ip_nexi"></a> [schema\_ip\_nexi](#input\_schema\_ip\_nexi) | Nodo Pagamenti Nexi schema://ip | `string` | n/a | yes |
 | <a name="input_storage_queue_private_endpoint_enabled"></a> [storage\_queue\_private\_endpoint\_enabled](#input\_storage\_queue\_private\_endpoint\_enabled) | Whether private endpoint for Azure Storage Queues is enabled | `bool` | `true` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/>  "CreatedBy": "Terraform"<br/>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br>  "CreatedBy": "Terraform"<br>}</pre> | no |
 | <a name="input_upload_endpoint_enabled"></a> [upload\_endpoint\_enabled](#input\_upload\_endpoint\_enabled) | Enable upload for heavy payload size on appgw | `bool` | `true` | no |
-| <a name="input_vnet_ita_ddos_protection_plan"></a> [vnet\_ita\_ddos\_protection\_plan](#input\_vnet\_ita\_ddos\_protection\_plan) | n/a | <pre>object({<br/>    id     = string<br/>    enable = bool<br/>  })</pre> | `null` | no |
+| <a name="input_vnet_ita_ddos_protection_plan"></a> [vnet\_ita\_ddos\_protection\_plan](#input\_vnet\_ita\_ddos\_protection\_plan) | n/a | <pre>object({<br>    id     = string<br>    enable = bool<br>  })</pre> | `null` | no |
 | <a name="input_vpn_gw_pip_allocation_method"></a> [vpn\_gw\_pip\_allocation\_method](#input\_vpn\_gw\_pip\_allocation\_method) | VPN GW PIP ALLOCATION METHOD | `string` | `"Dynamic"` | no |
 | <a name="input_vpn_gw_pip_sku"></a> [vpn\_gw\_pip\_sku](#input\_vpn\_gw\_pip\_sku) | VPN GW PIP SKU | `string` | `"Basic"` | no |
 | <a name="input_vpn_random_specials_char"></a> [vpn\_random\_specials\_char](#input\_vpn\_random\_specials\_char) | Enable random special characters in VPN gateway's pip name | `bool` | `true` | no |

From 586ea193fe1bb0d68f6db9303123aca4a87eb348 Mon Sep 17 00:00:00 2001
From: Jacopo Carlini <jacopo.carlini@pagopa.it>
Date: Tue, 11 Feb 2025 17:11:12 +0100
Subject: [PATCH 2/2] chore

---
 src/next-core-secrets/secret/uat/noedit_secret_enc.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/next-core-secrets/secret/uat/noedit_secret_enc.json b/src/next-core-secrets/secret/uat/noedit_secret_enc.json
index d2acc50e9f..d51971c224 100644
--- a/src/next-core-secrets/secret/uat/noedit_secret_enc.json
+++ b/src/next-core-secrets/secret/uat/noedit_secret_enc.json
@@ -1,6 +1,7 @@
 {
 	"gh-runner-job-pat": "ENC[AES256_GCM,data:1P7dbdO3QqbvEEA4yWAcnqWfhmwiqxsIA1ylgEsO0H7k9RL2CsN68Q==,iv:HJMWABY268DcsHB8tn12FLjEBKo2EVpKLjvRgSpd0kw=,tag:kWvSRvqs2gzToP0nvrLgEw==,type:str]",
 	"synthetic-monitoring-nodo-subscription-key": "ENC[AES256_GCM,data:soaLyhz/Cl8oBTHeHuIM4AHtT9odPgvcyZBScBLpL7Q=,iv:Fed8gkKEEdY7Eb6KuSsWLFf/ZYRD5fjO6YSbUmAPiq8=,tag:g6jpnZM93yps9Tp+Hxv+uA==,type:str]",
+	"monitor-notification-slack-pagamenti-alert-email": "ENC[AES256_GCM,data:PhfvZ44BntGDp8yLzzuybEBEf0DtQIl4xQjHi9plaSGf90nvtvD0urPQb8vvQW1otH2OjTyGc473XYsQR22FLSC0KWY=,iv:iDho9yOk35yLvzV0eMHUwFxIwylSRhXuJ3+G3WHBUYk=,tag:jHTaiF+9lTg3/Wth8/cKZQ==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -15,8 +16,8 @@
 		],
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-12-05T09:04:39Z",
-		"mac": "ENC[AES256_GCM,data:QEmR9qrUX4+h++b7l8D7U5YYo/TeJP0sSiztS9UqSqBpaHK2sssYYZcJdw4eguzc6VANRcIYSP349WvE1ryJey/Y/uTU31ami7Ru2UOS2Ngp/CDdbFncNy93JrZGrwlI5x/2NShIDrpo0h+4JlhDcnPHroRBZf4OW0j4a/qCZ8A=,iv:38+oAeZIjgx7fIFcFYTqqs+Tm+qgwrwT5gPuiopVoFQ=,tag:Iw53bzWX3KvgRfJmwBUrvw==,type:str]",
+		"lastmodified": "2025-02-07T10:48:07Z",
+		"mac": "ENC[AES256_GCM,data:sIixtX0yG/9ofo01QyeCjVG2UqRqaDHinf2RSYP1TpOkO/Tk2BglCRGZ7UhgkHgnR708FxQb30D6bqeMmyhE/Aj8YBVOSFFQfGweqM8XBvIrGaTD+Vj7S8W57AKVSflor1REc2nilbP8Vx1+k2a6nN7b0ep/qpIeqkS2l45vV4U=,iv:OLwo1T0mBR3KpMHvlNGAzADbt2bTfvPgPXqI/Rmrvc8=,tag:enXZ/C3S0uJ2w6kG6W2Eog==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"