@pagopa/dx-cli 0.19.2 → 0.20.0

package/dist/adapters/plop/generators/environment/actions.js

@@ -2,14 +2,14 @@ import { getLogger } from "@logtape/logtape";
 import * as path from "node:path";
 import { formatTerraformCode } from "../../../terraform/fmt.js";
 import { payloadSchema } from "./prompts.js";
-const addModule = (env, templatesPath) => {
+const addModule = (env, templatesPath, init = false) => {
     const cloudAccountsByCsp = Object.groupBy(env.cloudAccounts, (account) => account.csp);
     const includesProdIO = env.cloudAccounts.some((account) => account.displayName === "PROD-IO");
     const cwd = process.cwd();
     return (name, terraformBackendKey) => [
         {
             base: templatesPath,
-            data: { cloudAccountsByCsp, includesProdIO },
+            data: { cloudAccountsByCsp, includesProdIO, init },
             destination: path.join(cwd, "infra"),
             force: true,
             templateFiles: path.join(templatesPath, name),
@@ -19,7 +19,7 @@ const addModule = (env, templatesPath) => {
         },
         {
             base: path.join(templatesPath, "shared"),
-            data: { cloudAccountsByCsp, terraformBackendKey },
+            data: { cloudAccountsByCsp, init, terraformBackendKey },
             destination: path.join(cwd, "infra", name, "{{env.name}}"),
             force: true,
             templateFiles: path.join(templatesPath, "shared"),
@@ -34,7 +34,7 @@ export default function getActions(templatesPath) {
         const logger = getLogger(["gen", "env"]);
         logger.debug("payload {payload}", { payload });
         const { env, github, init } = payloadSchema.parse(payload);
-        const addEnvironmentModule = addModule(env, templatesPath);
+        const addEnvironmentModule = addModule(env, templatesPath, !!init);
         const actions = [
             {
                 type: "getTerraformBackend",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/dx-cli",
-  "version": "0.19.2",
+  "version": "0.20.0",
   "type": "module",
   "description": "A CLI useful to manage DX tools.",
   "repository": {

package/templates/environment/bootstrapper/{{env.name}}/main.tf.hbs

@@ -120,6 +120,32 @@ module "azure-{{displayName}}_bootstrap" {
 
   tags = local.bootstrapper_tags
 }
+
+{{#if @root.init}}
+resource "azurerm_role_assignment" "infra_cd_user_access_admin_common_rg_{{displayName}}" {
+  provider = azurerm.{{displayName}}
+
+  scope                = module.azure-{{displayName}}_core_values.common_resource_group_id
+  role_definition_name = "User Access Administrator"
+  principal_id         = module.azure-{{displayName}}_bootstrap.identities.infra.cd.principal_id
+}
+
+resource "azurerm_role_assignment" "infra_cd_kv_secrets_officer_common_{{displayName}}" {
+  provider = azurerm.{{displayName}}
+
+  scope                = module.azure-{{displayName}}_core_values.common_key_vault.id
+  role_definition_name = "Key Vault Secrets Officer"
+  principal_id         = module.azure-{{displayName}}_bootstrap.identities.infra.cd.principal_id
+}
+
+resource "azurerm_role_assignment" "infra_ci_kv_secrets_user_common_{{displayName}}" {
+  provider = azurerm.{{displayName}}
+
+  scope                = module.azure-{{displayName}}_core_values.common_key_vault.id
+  role_definition_name = "Key Vault Secrets User"
+  principal_id         = module.azure-{{displayName}}_bootstrap.identities.infra.ci.principal_id
+}
+{{/if}}
 {{/if}}
 {{/each}}
 

package/templates/environment/core/{{env.name}}/main.tf.hbs

@@ -2,7 +2,7 @@
 {{#each this}}
 module "azure-{{displayName}}_core" {
   source  = "pagopa-dx/azure-core-infra/azurerm"
-  version = "~> 2.0"
+  version = "~> 3.0"
 
   providers = {
     azurerm = azurerm.{{displayName}}
@@ -12,6 +12,8 @@ module "azure-{{displayName}}_core" {
     app_name = "core"
   })
 
+  vpn_enabled = true
+
   tags = merge(local.tags, {
     Source = "https://github.com/{{@root.github.owner}}/{{@root.github.repo}}/blob/main/infra/core/{{@root.env.name}}"
   })