From 1b0c98c828c0b3f67d8a531f277bb13aeb939511 Mon Sep 17 00:00:00 2001 From: Manuel Rafeli Date: Wed, 3 Jul 2024 09:45:31 +0200 Subject: [PATCH] Update apim infra with SELC-5032, SELC-5033, SELC-5088 (#261) --- .../api/ms_external_api/v2/open-api.yml.tpl | 15 +- .../v1/open-api.yml.tpl | 674 ++++++++---------- infra/apim_v2/apim.tf | 38 +- infra/apim_v2/apim_pnpg.tf | 73 +- infra/apim_v2/data.tf | 5 + infra/apim_v2/env/dev/terraform.tfvars | 1 + infra/apim_v2/env/prod/terraform.tfvars | 1 + infra/apim_v2/env/uat/terraform.tfvars | 1 + infra/apim_v2/variables.tf | 5 + 9 files changed, 395 insertions(+), 418 deletions(-) diff --git a/infra/apim_v2/api/ms_external_api/v2/open-api.yml.tpl b/infra/apim_v2/api/ms_external_api/v2/open-api.yml.tpl index 957f6c1d..701ed9c4 100644 --- a/infra/apim_v2/api/ms_external_api/v2/open-api.yml.tpl +++ b/infra/apim_v2/api/ms_external_api/v2/open-api.yml.tpl @@ -16,7 +16,8 @@ paths: tags: - support summary: sendSupportRequest - description: Service to retrieve Support contact's form + deprecated: true + description: Service to retrieve Support contact's form. It is deprecated because is no longer used operationId: sendSupportRequestUsingPOST requestBody: content: @@ -110,7 +111,8 @@ paths: tags: - institutions summary: getInstitutionsByGeoTaxonomies - description: The service retrieves all the institutions based on given a list of geotax ids and a searchMode + deprecated: true + description: The service retrieves all the institutions based on given a list of geotax ids and a searchMode. It is deprecated because is no longer used operationId: getInstitutionsByGeoTaxonomiesUsingGET parameters: - name: geoTaxonomies @@ -230,7 +232,8 @@ paths: tags: - institutions summary: getInstitutionGeographicTaxonomies - description: The service retrieve the institution's geographic taxonomy + deprecated: true + description: The service retrieve the institution's geographic taxonomy. It is deprecated in favor of endpoint /institutions/{institutionId} operationId: getInstitutionGeographicTaxonomiesUsingGET parameters: - name: institutionId @@ -288,7 +291,8 @@ paths: tags: - institutions summary: getInstitutions - description: The service retrieves all the onboarded institutions related to the provided user and the product retrieved from Subscription Key + deprecated: true + description: The service retrieves all the onboarded institutions related to the provided user and the product retrieved from Subscription Key. It is deprecated in favor of endpoint /users?institutionId={institutionId} operationId: getInstitutionsUsingGET parameters: - name: userIdForAuth @@ -656,7 +660,8 @@ paths: tags: - product summary: getProduct - description: The service retrieves Product information related to Subscription Key + deprecated: true + description: The service retrieves Product information related to Subscription Key. It is deprecated because is no longer used operationId: getProductUsingGET parameters: - name: institutionType diff --git a/infra/apim_v2/api/selfcare_support_service/v1/open-api.yml.tpl b/infra/apim_v2/api/selfcare_support_service/v1/open-api.yml.tpl index 69ac0fe6..20ca3b5f 100644 --- a/infra/apim_v2/api/selfcare_support_service/v1/open-api.yml.tpl +++ b/infra/apim_v2/api/selfcare_support_service/v1/open-api.yml.tpl @@ -189,58 +189,6 @@ paths: security: - bearerAuth: - global - get: - tags: - - users - summary: getUsers - description: Retrieve all users for DL according to optional params in input - operationId: getUsersUsingGET - parameters: - - name: size - in: query - description: size - required: false - style: form - schema: - type: integer - format: int32 - - name: page - in: query - description: page - required: false - style: form - schema: - type: integer - format: int32 - - name: productId - in: query - description: productId - required: false - style: form - schema: - type: string - responses: - '200': - description: OK - content: - '*/*': - schema: - $ref: '#/components/schemas/UsersNotificationResponse' - '400': - description: Bad Request - content: - application/problem+json: - schema: - $ref: '#/components/schemas/Problem' - '404': - description: Not Found - content: - application/problem+json: - schema: - $ref: '#/components/schemas/Problem' - security: - - bearerAuth: - - global '/users/{id}': get: tags: @@ -509,6 +457,50 @@ paths: security: - bearerAuth: - global + '/onboarding/institutionOnboardings': + get: + tags: + - Onboarding Controller + summary: Returns onboardings record by institution taxCode/subunitCode/origin/originId + description: Returns onboardings record by institution taxCode/subunitCode/origin/originId + operationId: onboardingInstitutionUsingGET + parameters: + - name: origin + in: query + schema: + type: string + - name: originId + in: query + schema: + type: string + - name: status + in: query + schema: + $ref: '#/components/schemas/OnboardingStatus' + - name: subunitCode + in: query + schema: + type: string + - name: taxCode + in: query + schema: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/OnboardingResponse' + '401': + description: Not Authorized + '403': + description: Not Allowed + security: + - bearerAuth: + - global '/onboarding/{onboardingId}/consume': put: tags: @@ -549,32 +541,58 @@ paths: security: - bearerAuth: - global - '/tokens': + '/onboarding/{onboardingId}/update': + put: + tags: + - Onboarding + operationId: updateOnboardiUsingPUT + summary: 'Update onboarding request receiving onboarding id.Function can change + some values. ' + parameters: + - name: onboardingId + in: path + required: true + schema: + type: string + - name: status + in: query + schema: + $ref: '#/components/schemas/OnboardingStatus' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/OnboardingDefaultRequest' + responses: + "200": + description: OK + content: + application/json: {} + "403": + description: Not Allowed + "401": + description: Not Authorized + security: + - bearerAuth: + - global + '/tokens/products/{productId}': get: tags: - Token - summary: Retrieve all tokens filtered by status - description: Retrieve all tokens filtered by status - operationId: getAllTokensUsingGET + summary: Service to retrieve tokens from product's identifier + description: Service to retrieve tokens from product's identifier + operationId: getTokensFromProductUsingGET parameters: - - name: states - in: query - description: states - required: false - style: form - explode: true + - name: productId + in: path + description: Product's identifier + required: true + style: simple schema: type: string - enum: - - ACTIVE - - DELETED - - PENDING - - REJECTED - - SUSPENDED - - TOBEVALIDATED - name: page in: query - description: page + description: Number of page required: false style: form schema: @@ -582,15 +600,15 @@ paths: format: int32 - name: size in: query - description: size + description: Number of elements per page required: false style: form schema: type: integer format: int32 - - name: productId + - name: status in: query - description: productId + description: 'Token''s status. Available values: REQUEST, TOBEVALIDATED, PENDING, COMPLETED, FAILED, REJECTED, DELETED' required: false style: form schema: @@ -599,21 +617,33 @@ paths: '200': description: OK content: - '*/*': + application/json: schema: - $ref: '#/components/schemas/PaginatedTokenResponse' + $ref: '#/components/schemas/TokensResource' '400': description: Bad Request content: application/problem+json: schema: $ref: '#/components/schemas/Problem' + '401': + description: Unauthorized + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' '404': description: Not Found content: application/problem+json: schema: $ref: '#/components/schemas/Problem' + '500': + description: Internal Server Error + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Problem' security: - bearerAuth: - global @@ -812,6 +842,19 @@ components: zipCode: type: string description: Institution's zip code + InstitutionType: + enum: + - PA + - PG + - GSP + - SA + - PT + - SCP + - PSP + - AS + - REC + - CON + type: string ProductInfo: title: ProductInfo type: object @@ -965,6 +1008,17 @@ components: type: string desc: type: string + Origin: + enum: + - MOCK + - IPA + - SELC + - ANAC + - UNKNOWN + - ADE + - INFOCAMERE + - IVASS + type: string GeographicTaxonomies: title: GeographicTaxonomies type: object @@ -1001,46 +1055,6 @@ components: type: string vatNumberGroup: type: boolean - OnboardingsResponse: - title: OnboardingsResponse - type: object - properties: - onboardings: - type: array - items: - $ref: '#/components/schemas/OnboardingResponse' - OnboardingResponse: - title: OnboardingResponse - type: object - properties: - billing: - $ref: '#/components/schemas/BillingResponse' - closedAt: - type: string - format: date-time - contract: - type: string - createdAt: - type: string - format: date-time - pricingPlan: - type: string - productId: - type: string - status: - type: string - enum: - - ACTIVE - - DELETED - - PENDING - - REJECTED - - SUSPENDED - - TOBEVALIDATED - tokenId: - type: string - updatedAt: - type: string - format: date-time BillingResponse: title: BillingResponse type: object @@ -1093,71 +1107,6 @@ components: enum: - AOO - PT - InstitutionUserResource: - title: InstitutionUserResource - type: object - properties: - email: - type: string - description: User's personal email - id: - type: string - description: User's unique identifier - format: uuid - name: - type: string - description: User's name - products: - type: array - description: Authorized user products - items: - $ref: '#/components/schemas/ProductInfoResource' - role: - type: string - description: User's role - enum: - - ADMIN - - LIMITED - status: - type: string - description: User's status - surname: - type: string - description: User's surname - ProductInfoResource: - title: ProductInfoResource - type: object - properties: - id: - type: string - description: Product's unique identifier - roleInfos: - type: array - description: User's role infos in product - items: - $ref: '#/components/schemas/ProductRoleInfoResource' - title: - type: string - description: Product's title - ProductRoleInfoResource: - title: ProductRoleInfoResource - type: object - properties: - relationshipId: - type: string - description: Unique relationship identifier between User and Product - role: - type: string - description: User's role in product - selcRole: - type: string - description: User's role - enum: - - ADMIN - - LIMITED - status: - type: string - description: User's status UserInfoResponse: title: UserInfoResponse type: object @@ -1219,78 +1168,6 @@ components: updatedAt: type: string format: date-time - TokenListResponse: - title: TokenListResponse - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/TokenResponse' - TokenResponse: - title: TokenResponse - type: object - properties: - checksum: - type: string - closedAt: - type: string - format: date-time - contentType: - type: string - contractSigned: - type: string - contractTemplate: - type: string - contractVersion: - type: string - createdAt: - type: string - format: date-time - expiringDate: - type: string - format: date-time - id: - type: string - institutionId: - type: string - institutionUpdate: - $ref: '#/components/schemas/InstitutionUpdate' - legals: - type: array - items: - $ref: '#/components/schemas/LegalsResponse' - productId: - type: string - status: - type: string - enum: - - ACTIVE - - DELETED - - PENDING - - REJECTED - - SUSPENDED - - TOBEVALIDATED - updatedAt: - type: string - format: date-time - users: - type: array - items: - $ref: '#/components/schemas/TokenUser' - TokenUser: - title: TokenUser - type: object - properties: - role: - type: string - enum: - - DELEGATE - - MANAGER - - OPERATOR - - SUB_DELEGATE - userId: - type: string InstitutionUpdate: title: InstitutionUpdate type: object @@ -1384,14 +1261,6 @@ components: type: string vatNumberGroup: type: boolean - InstitutionGeographicTaxonomies: - title: InstitutionGeographicTaxonomies - type: object - properties: - code: - type: string - desc: - type: string OnboardingInstitutionUsersRequest: title: OnboardingInstitutionUsersRequest type: object @@ -1519,60 +1388,69 @@ components: type: string taxCode: type: string - UsersNotificationResponse: - title: UsersNotificationResponse + TokensResource: + title: TokensResource type: object properties: - users: + items: type: array items: - $ref: '#/components/schemas/UserNotificationResponse' - UserNotificationResponse: - title: UserNotificationResponse + $ref: '#/components/schemas/TokenResource' + TokenResource: + title: TokenResource type: object properties: + checksum: + type: string + closedAt: + type: string + format: date-time + contentType: + type: string + contractSigned: + type: string + contractTemplate: + type: string + contractVersion: + type: string createdAt: type: string format: date-time - eventType: + expiringDate: type: string - enum: - - ADD - - UPDATE + format: date-time id: type: string institutionId: type: string - onboardingTokenId: - type: string + institutionUpdate: + $ref: '#/components/schemas/InstitutionUpdate' + legals: + type: array + items: + $ref: '#/components/schemas/LegalsResource' productId: type: string + status: + type: string updatedAt: type: string format: date-time - user: - $ref: '#/components/schemas/UserToNotify' - UserToNotify: - title: UserToNotify + LegalsResource: + title: LegalsResource type: object properties: - email: - type: string - familyName: - type: string - name: + env: type: string - productRole: + enum: + - COLL + - DEV + - PROD + - ROOT + partyId: type: string - relationshipStatus: + relationshipId: type: string - enum: - - ACTIVE - - DELETED - - PENDING - - REJECTED - - SUSPENDED - - TOBEVALIDATED role: type: string enum: @@ -1580,66 +1458,70 @@ components: - MANAGER - OPERATOR - SUB_DELEGATE - userId: - type: string - PaginatedTokenResponse: - title: PaginatedTokenResponse + OnboardingDefaultRequest: + required: + - productId + - users + - institution type: object properties: - items: + productId: + minLength: 1 + type: string + users: + minItems: 1 type: array items: - $ref: '#/components/schemas/ScContractResponse' - totalNumber: - type: integer - format: int64 - ScContractResponse: - title: ScContractResponse - type: object - properties: - billing: - $ref: '#/components/schemas/BillingResponse' - closedAt: - type: string - format: date-time - contentType: - type: string - createdAt: - type: string - format: date-time - fileName: - type: string - filePath: - type: string - id: + $ref: '#/components/schemas/UserRequest' + pricingPlan: type: string + signContract: + type: boolean institution: - $ref: '#/components/schemas/InstitutionToNotifyResponse' - internalIstitutionID: - type: string - notificationType: + $ref: '#/components/schemas/InstitutionBaseRequest' + billing: + $ref: '#/components/schemas/BillingRequest' + additionalInformations: + $ref: '#/components/schemas/AdditionalInformationsDto' + BillingRequest: + type: object + properties: + vatNumber: type: string - enum: - - ADD - - UPDATE - onboardingTokenId: + recipientCode: type: string - pricingPlan: + publicServices: + type: boolean + UserRequest: + type: object + properties: + taxCode: type: string - product: + name: type: string - state: + surname: type: string - updatedAt: + email: type: string - format: date-time - InstitutionToNotifyResponse: - title: InstitutionToNotifyResponse + role: + $ref: '#/components/schemas/PartyRole' + InstitutionBaseRequest: + required: + - institutionType + - digitalAddress type: object properties: - address: + institutionType: + $ref: '#/components/schemas/InstitutionType' + taxCode: + type: string + subunitCode: type: string - category: + subunitType: + $ref: '#/components/schemas/InstitutionPaSubunitType' + origin: + $ref: '#/components/schemas/Origin' + originId: type: string city: type: string @@ -1650,48 +1532,114 @@ components: description: type: string digitalAddress: + minLength: 1 type: string - institutionType: + address: type: string - enum: - - AS - - GSP - - PA - - PG - - PSP - - PT - - SA - - SCP - - REC - - CON - istatCode: + zipCode: type: string - origin: + geographicTaxonomies: + type: array + items: + $ref: '#/components/schemas/GeographicTaxonomyDto' + rea: type: string - originId: + shareCapital: type: string - paymentServiceProvider: - $ref: '#/components/schemas/PaymentServiceProvider' - rootParent: - $ref: '#/components/schemas/RootParent' - subUnitCode: + businessRegisterPlace: + type: string + supportEmail: type: string - subUnitType: + supportPhone: type: string - taxCode: + imported: + type: boolean + GeographicTaxonomyDto: + type: object + properties: + code: type: string - zipCode: + desc: type: string - RootParent: - title: RootParent + OnboardingResponse: type: object properties: - description: + id: + type: string + productId: + type: string + workflowType: + type: string + institution: + $ref: '#/components/schemas/InstitutionResponse' + pricingPlan: + type: string + users: + type: array + items: + $ref: '#/components/schemas/UserOnboardingResponse' + billing: + $ref: '#/components/schemas/BillingResponse' + status: + type: string + additionalInformations: + $ref: '#/components/schemas/AdditionalInformationsDto' + userRequestUid: type: string + InstitutionPaSubunitType: + enum: + - AOO + - UO + type: string + UserOnboardingResponse: + type: object + properties: id: type: string - originId: + role: + $ref: '#/components/schemas/PartyRole' + productRole: + type: string + userMailUuid: + type: string + AdditionalInformationsDto: + type: object + properties: + belongRegulatedMarket: + type: boolean + regulatedMarketNote: + type: string + ipa: + type: boolean + ipaCode: type: string + establishedByRegulatoryProvision: + type: boolean + establishedByRegulatoryProvisionNote: + type: string + agentOfPublicService: + type: boolean + agentOfPublicServiceNote: + type: string + otherNote: + type: string + PartyRole: + enum: + - MANAGER + - DELEGATE + - SUB_DELEGATE + - OPERATOR + type: string + OnboardingStatus: + enum: + - REQUEST + - TOBEVALIDATED + - PENDING + - COMPLETED + - FAILED + - REJECTED + - DELETED + type: string securitySchemes: bearerAuth: type: http @@ -1700,4 +1648,4 @@ components: specifications included in [RFC8725](https://tools.ietf.org/html/RFC8725) scheme: bearer - bearerFormat: JWT + bearerFormat: JWT \ No newline at end of file diff --git a/infra/apim_v2/apim.tf b/infra/apim_v2/apim.tf index 69cba4e7..dfab8ce4 100644 --- a/infra/apim_v2/apim.tf +++ b/infra/apim_v2/apim.tf @@ -854,16 +854,26 @@ module "apim_selfcare_support_service_v1" { }) }, { - operation_id = "getUsersUsingGET" + operation_id = "completeOnboardingTokenConsume" xml_content = templatefile("./api/selfcare_support_service/v1/support_op_policy.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-ms-core-ca.${var.ca_suffix_dns_private_name}/" + BACKEND_BASE_URL = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/" + API_DOMAIN = local.api_domain + KID = data.azurerm_key_vault_secret.jwt_kid.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + } + ) + }, + { + operation_id = "getTokensFromProductUsingGET" + xml_content = templatefile("./api/selfcare_support_service/v1/support_op_policy.xml.tpl", { + BACKEND_BASE_URL = "https://selc-${var.env_short}-ext-api-backend-ca.${var.ca_suffix_dns_private_name}/v1/" API_DOMAIN = local.api_domain KID = data.azurerm_key_vault_secret.jwt_kid.value JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint }) }, { - operation_id = "completeOnboardingTokenConsume" + operation_id = "onboardingInstitutionUsingGET" xml_content = templatefile("./api/selfcare_support_service/v1/support_op_policy.xml.tpl", { BACKEND_BASE_URL = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/" API_DOMAIN = local.api_domain @@ -873,9 +883,9 @@ module "apim_selfcare_support_service_v1" { ) }, { - operation_id = "getAllTokensUsingGET" + operation_id = "updateOnboardiUsingPUT" xml_content = templatefile("./api/selfcare_support_service/v1/support_op_policy.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-ms-core-ca.${var.ca_suffix_dns_private_name}/" + BACKEND_BASE_URL = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/" API_DOMAIN = local.api_domain KID = data.azurerm_key_vault_secret.jwt_kid.value JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint @@ -939,15 +949,15 @@ module "apim_notification_event_api_v1" { KID = data.azurerm_key_vault_secret.jwt_kid.value JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint }) - }, - { - operation_id = "countUsersUsingGET" - xml_content = templatefile("./api/notification_event_api/v1/internal_jwt_base_policy.xml.tpl", { - API_DOMAIN = local.api_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint - }) - }, + } + #{ + # operation_id = "countUsersUsingGET" + # xml_content = templatefile("./api/notification_event_api/v1/internal_jwt_base_policy.xml.tpl", { + # API_DOMAIN = local.api_domain + # KID = data.azurerm_key_vault_secret.jwt_kid.value + # JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + # }) + #}, ] } resource "azurerm_api_management_api_version_set" "apim_external_api_contract" { diff --git a/infra/apim_v2/apim_pnpg.tf b/infra/apim_v2/apim_pnpg.tf index 51112c62..1834f7c6 100644 --- a/infra/apim_v2/apim_pnpg.tf +++ b/infra/apim_v2/apim_pnpg.tf @@ -28,6 +28,7 @@ locals { apim_rg = azurerm_resource_group.rg_api.name api_pnpg_domain = format("api-pnpg.%s.%s", var.dns_zone_prefix, var.external_domain) pnpg_hostname = var.env == "prod" ? "api-pnpg.selfcare.pagopa.it" : "api-pnpg.${var.env}.selfcare.pagopa.it" + project_pnpg = "${var.prefix}-${var.env_short}-${var.location_short}-pnpg" cdn_storage_hostname = "${var.prefix}${var.env_short}${var.location_short}${var.domain}checkoutsa" } @@ -45,7 +46,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_data_vault" module "apim_pnpg_external_api_data_vault_v1" { source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0" - name = format("%s-external-api-pnpg", local.project) + name = format("%s-external-api-pnpg", local.project_pnpg) api_management_name = local.apim_name resource_group_name = local.apim_rg version_set_id = azurerm_api_management_api_version_set.apim_external_api_data_vault.id @@ -58,7 +59,7 @@ module "apim_pnpg_external_api_data_vault_v1" { "https" ] - service_url = format("https://selc-%s-pnpg-ext-api-backend-ca.%s/v1/", var.env_short, var.ca_suffix_dns_private_name) + service_url = format("https://selc-%s-pnpg-ext-api-backend-ca.%s/v1/", var.env_short, var.ca_pnpg_suffix_dns_private_name) content_format = "openapi" @@ -85,20 +86,20 @@ module "apim_pnpg_external_api_data_vault_v1" { operation_id = "addInstitutionUsingPOST" xml_content = templatefile("./api_pnpg/external_api_data_vault/v1/getInstitution_op_policy.xml.tpl", { CDN_STORAGE_URL = "https://${local.cdn_storage_hostname}" - PARTY_PROCESS_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ext-api-backend-ca.${var.ca_suffix_dns_private_name}/v1/" + PARTY_PROCESS_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ext-api-backend-ca.${var.ca_pnpg_suffix_dns_private_name}/v1/" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, { operation_id = "getInstitution" xml_content = templatefile("./api_pnpg/external_api_data_vault/v1/getInstitution_op_policy.xml.tpl", { CDN_STORAGE_URL = "https://${local.cdn_storage_hostname}" - PARTY_PROCESS_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ms-core-ca.${var.ca_suffix_dns_private_name}/" + PARTY_PROCESS_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ms-core-ca.${var.ca_pnpg_suffix_dns_private_name}/" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) } ] @@ -114,7 +115,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_v2_for_pnpg module "apim_pnpg_external_api_ms_v2" { source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0" - name = format("%s-ms-external-api-pnpg", local.project) + name = format("%s-ms-external-api-pnpg", local.project_pnpg) api_management_name = local.apim_name resource_group_name = local.apim_rg version_set_id = azurerm_api_management_api_version_set.apim_external_api_v2_for_pnpg.id @@ -127,7 +128,7 @@ module "apim_pnpg_external_api_ms_v2" { "https" ] - service_url = format("https://selc-%s-pnpg-ext-api-backend-ca.%s/v1/", var.env_short, var.ca_suffix_dns_private_name) + service_url = format("https://selc-%s-pnpg-ext-api-backend-ca.%s/v1/", var.env_short, var.ca_pnpg_suffix_dns_private_name) content_format = "openapi" content_value = templatefile("./api_pnpg/external_api_for_pnpg/v2/open-api.yml.tpl", { @@ -153,30 +154,30 @@ module "apim_pnpg_external_api_ms_v2" { { operation_id = "getInstitutionsUsingGET" xml_content = templatefile("./api_pnpg/external_api_for_pnpg/v2/getInstitutions_op_policy.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-ext-api-backend-ca.${var.ca_suffix_dns_private_name}/v2/" + BACKEND_BASE_URL = "https://selc-${var.env_short}-ext-api-backend-ca.${var.ca_pnpg_suffix_dns_private_name}/v2/" CDN_STORAGE_URL = "https://${local.cdn_storage_hostname}" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, { operation_id = "getUserGroupsUsingGET" xml_content = templatefile("./api_pnpg/external_api_for_pnpg/v2/jwt_auth_op_policy_user_group.xml.tpl", { - USER_GROUP_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-user-group-ca.${var.ca_suffix_dns_private_name}/user-groups/v1/" + USER_GROUP_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-user-group-ca.${var.ca_pnpg_suffix_dns_private_name}/user-groups/v1/" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, { operation_id = "getInstitution" xml_content = templatefile("./api_pnpg/external_api_for_pnpg/v2/getInstitution_op_policy.xml.tpl", { CDN_STORAGE_URL = "https://${local.cdn_storage_hostname}" - PARTY_PROCESS_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ms-core-ca.${var.ca_suffix_dns_private_name}/" + PARTY_PROCESS_BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ms-core-ca.${var.ca_pnpg_suffix_dns_private_name}/" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) } ] @@ -192,7 +193,7 @@ resource "azurerm_api_management_api_version_set" "apim_pnpg_support_service" { module "apim_pnpg_support_service_v2" { source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0" - name = format("%s-support-service-pnpg", local.project) + name = format("%s-support-service-pnpg", local.project_pnpg) api_management_name = local.apim_name resource_group_name = local.apim_rg version_set_id = azurerm_api_management_api_version_set.apim_pnpg_support_service.id @@ -205,7 +206,7 @@ module "apim_pnpg_support_service_v2" { "https" ] - service_url = format("https://selc-%s-pnpg-ext-api-backend-ca.%s/v1/", var.env_short, var.ca_suffix_dns_private_name) + service_url = format("https://selc-%s-pnpg-ext-api-backend-ca.%s/v1/", var.env_short, var.ca_pnpg_suffix_dns_private_name) content_format = "openapi" content_value = templatefile("./api_pnpg/pnpg_support_service/v1/open-api.yml.tpl", { @@ -220,46 +221,46 @@ module "apim_pnpg_support_service_v2" { { operation_id = "getUsersByInstitution" xml_content = templatefile("./api_pnpg/pnpg_support_service/v1/support_op_policy.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-user-ms-ca.${var.ca_suffix_dns_private_name}/" + BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-user-ms-ca.${var.ca_pnpg_suffix_dns_private_name}/" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, { operation_id = "getUserGroupsUsingGET" xml_content = templatefile("./api_pnpg/pnpg_support_service/v1/jwt_auth_op_policy_user_group.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-user-group-ca.${var.ca_suffix_dns_private_name}/user-groups/v1" + BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-user-group-ca.${var.ca_pnpg_suffix_dns_private_name}/user-groups/v1" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, { operation_id = "getInstitutionByTaxCode" xml_content = templatefile("./api_pnpg/pnpg_support_service/v1/support_op_policy.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ms-core-ca.${var.ca_suffix_dns_private_name}/" + BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ms-core-ca.${var.ca_pnpg_suffix_dns_private_name}/" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, { operation_id = "verifyLegalByPOST" xml_content = templatefile("./api_pnpg/pnpg_support_service/v1/support_op_policy.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ext-api-backend-ca.${var.ca_suffix_dns_private_name}/v2" + BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ext-api-backend-ca.${var.ca_pnpg_suffix_dns_private_name}/v2" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, { operation_id = "getUserInfoUsingPOST" xml_content = templatefile("./api_pnpg/pnpg_support_service/v1/support_op_policy.xml.tpl", { - BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ext-api-backend-ca.${var.ca_suffix_dns_private_name}/v2" + BACKEND_BASE_URL = "https://selc-${var.env_short}-pnpg-ext-api-backend-ca.${var.ca_pnpg_suffix_dns_private_name}/v2" API_DOMAIN = local.api_pnpg_domain - KID = data.azurerm_key_vault_secret.jwt_kid.value - JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate.thumbprint + KID = data.azurerm_key_vault_secret.jwt_kid_pnpg.value + JWT_CERTIFICATE_THUMBPRINT = azurerm_api_management_certificate.jwt_certificate_pnpg.thumbprint }) }, ] diff --git a/infra/apim_v2/data.tf b/infra/apim_v2/data.tf index 3d3ee391..9c939522 100644 --- a/infra/apim_v2/data.tf +++ b/infra/apim_v2/data.tf @@ -59,4 +59,9 @@ data "azurerm_key_vault_secret" "jwt_private_key_pem_pnpg" { data "azurerm_key_vault_certificate" "app_gw_platform" { name = var.app_gateway_api_certificate_name key_vault_id = data.azurerm_key_vault.key_vault.id +} + +data "azurerm_key_vault_secret" "jwt_kid_pnpg" { + name = "jwt-kid" + key_vault_id = data.azurerm_key_vault.key_vault_pnpg.id } \ No newline at end of file diff --git a/infra/apim_v2/env/dev/terraform.tfvars b/infra/apim_v2/env/dev/terraform.tfvars index 5e764df2..b510d96f 100644 --- a/infra/apim_v2/env/dev/terraform.tfvars +++ b/infra/apim_v2/env/dev/terraform.tfvars @@ -30,6 +30,7 @@ apim_sku = "Developer_1" private_dns_name = "selc.internal.dev.selfcare.pagopa.it" private_onboarding_dns_name = "selc-d-onboarding-ms-ca.gentleflower-c63e62fe.westeurope.azurecontainerapps.io" ca_suffix_dns_private_name = "politewater-9af33050.westeurope.azurecontainerapps.io" +ca_pnpg_suffix_dns_private_name = "victoriousfield-e39534b8.westeurope.azurecontainerapps.io" # app_gateway app_gateway_api_certificate_name = "api-dev-selfcare-pagopa-it" diff --git a/infra/apim_v2/env/prod/terraform.tfvars b/infra/apim_v2/env/prod/terraform.tfvars index 1b657412..1a7098ef 100644 --- a/infra/apim_v2/env/prod/terraform.tfvars +++ b/infra/apim_v2/env/prod/terraform.tfvars @@ -30,6 +30,7 @@ apim_sku = "Premium_1" # TODO private_dns_name = "selc.internal.selfcare.pagopa.it" private_onboarding_dns_name = "selc-p-onboarding-ms-ca.greensand-62fc96da.westeurope.azurecontainerapps.io" ca_suffix_dns_private_name = "greensand-62fc96da.westeurope.azurecontainerapps.io" +ca_pnpg_suffix_dns_private_name = "calmmoss-0be48755.westeurope.azurecontainerapps.io" # app_gateway app_gateway_api_certificate_name = "api-selfcare-pagopa-it" diff --git a/infra/apim_v2/env/uat/terraform.tfvars b/infra/apim_v2/env/uat/terraform.tfvars index fce90bb7..53814f03 100644 --- a/infra/apim_v2/env/uat/terraform.tfvars +++ b/infra/apim_v2/env/uat/terraform.tfvars @@ -30,6 +30,7 @@ apim_sku = "Developer_1" private_dns_name = "selc.internal.uat.selfcare.pagopa.it" private_onboarding_dns_name = "selc-u-onboarding-ms-ca.calmsky-143987c1.westeurope.azurecontainerapps.io" ca_suffix_dns_private_name = "proudglacier-20652b81.westeurope.azurecontainerapps.io" +ca_pnpg_suffix_dns_private_name = "orangeground-0bd2d4dc.westeurope.azurecontainerapps.io" # app_gateway app_gateway_api_certificate_name = "api-uat-selfcare-pagopa-it" diff --git a/infra/apim_v2/variables.tf b/infra/apim_v2/variables.tf index d801bebc..655d55e7 100644 --- a/infra/apim_v2/variables.tf +++ b/infra/apim_v2/variables.tf @@ -88,6 +88,11 @@ variable "ca_suffix_dns_private_name" { description = "CA suffix private DNS record" } +variable "ca_pnpg_suffix_dns_private_name" { + type = string + description = "CA PNPG suffix private DNS record" +} + variable "location_short" { type = string default = "weu"