[SELC-5813] fix: added policy for onboardingImportUsingPOST (#471)

pagopa · Oct 30, 2024 · c45ad7d · c45ad7d
1 parent 2cb44f6
commit c45ad7d
Showing 1 changed file with 50 additions and 44 deletions.
diff --git a/infra/apim_v2/apim.tf b/infra/apim_v2/apim.tf
@@ -1,19 +1,19 @@
 # APIM subnet
 module "apim_snet" {
   source               = "github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.18.0"
-  name                 = format("%s-apim-v2-snet", local.project)
-  resource_group_name  = format("%s-vnet-rg", local.project)
+  name = format("%s-apim-v2-snet", local.project)
+  resource_group_name = format("%s-vnet-rg", local.project)
   virtual_network_name = data.azurerm_virtual_network.vnet.name
   address_prefixes     = var.cidr_subnet_apim
 
   private_endpoint_network_policies_enabled = true
-  service_endpoints                         = ["Microsoft.Web"]
+  service_endpoints = ["Microsoft.Web"]
 }
 
 resource "azurerm_network_security_group" "nsg_apim" {
-  name                = format("%s-apim-v2-nsg", local.project)
+  name = format("%s-apim-v2-nsg", local.project)
   resource_group_name = format("%s-vnet-rg", local.project)
-  location            = var.location
+  location = var.location
 
   security_rule {
     name                       = "managementapim"
@@ -36,39 +36,39 @@ resource "azurerm_subnet_network_security_group_association" "snet_nsg" {
 }
 
 resource "azurerm_resource_group" "rg_api" {
-  name     = format("%s-api-v2-rg", local.project)
+  name = format("%s-api-v2-rg", local.project)
   location = var.location
 
   tags = var.tags
 }
 
 locals {
   apim_cert_name_proxy_endpoint = format("%s-proxy-endpoint-cert", local.project)
-  api_domain                    = format("api.%s.%s", var.dns_zone_prefix, var.external_domain)
-  logo_api_domain               = format("%s.%s", var.dns_zone_prefix, var.external_domain)
-  apim_base_url                 = "${azurerm_api_management_custom_domain.api_custom_domain.gateway[0].host_name}/external"
+  api_domain = format("api.%s.%s", var.dns_zone_prefix, var.external_domain)
+  logo_api_domain = format("%s.%s", var.dns_zone_prefix, var.external_domain)
+  apim_base_url = "${azurerm_api_management_custom_domain.api_custom_domain.gateway[0].host_name}/external"
 }
 
 resource "azurerm_key_vault_access_policy" "api_management_policy" {
   key_vault_id = data.azurerm_key_vault.key_vault.id
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = module.apim.principal_id
 
-  key_permissions         = []
-  secret_permissions      = ["Get", "List"]
+  key_permissions = []
+  secret_permissions = ["Get", "List"]
   certificate_permissions = ["Get", "List"]
-  storage_permissions     = []
+  storage_permissions = []
 }
 
 resource "azurerm_key_vault_access_policy" "api_management_policy_pnpg" {
   key_vault_id = data.azurerm_key_vault.key_vault_pnpg.id
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = module.apim.principal_id
 
-  key_permissions         = []
-  secret_permissions      = ["Get", "List"]
+  key_permissions = []
+  secret_permissions = ["Get", "List"]
   certificate_permissions = ["Get", "List"]
-  storage_permissions     = []
+  storage_permissions = []
 }
 
 resource "azurerm_api_management_custom_domain" "api_custom_domain" {
@@ -92,15 +92,15 @@ module "apim" {
   source               = "github.com/pagopa/terraform-azurerm-v3.git//api_management?ref=v8.18.0"
   subnet_id            = module.apim_snet.id
   location             = azurerm_resource_group.rg_api.location
-  name                 = format("%s-apim-v2", local.project)
+  name = format("%s-apim-v2", local.project)
   resource_group_name  = azurerm_resource_group.rg_api.name
   publisher_name       = var.apim_publisher_name
   publisher_email      = data.azurerm_key_vault_secret.apim_publisher_email.value
   sku_name             = var.apim_sku
   virtual_network_type = "Internal"
 
   redis_connection_string = null
-  redis_cache_id          = null
+  redis_cache_id = null
 
   # This enables the Username and Password Identity Provider
   sign_up_enabled = false
@@ -123,14 +123,14 @@ module "apim" {
 ## monitor ##
 module "monitor" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-monitor", var.env_short)
+  name = format("%s-monitor", var.env_short)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
 
   description  = "Monitor"
   display_name = "Monitor"
   path         = "external/status"
-  protocols    = ["https"]
+  protocols = ["https"]
 
   service_url = null
 
@@ -146,21 +146,21 @@ module "monitor" {
   api_operation_policies = [
     {
       operation_id = "get"
-      xml_content  = file("./api/monitor/mock_policy.xml")
+      xml_content = file("./api/monitor/mock_policy.xml")
     }
   ]
 }
 
 resource "azurerm_api_management_api_version_set" "apim_external_api_onboarding_auto" {
-  name                = format("%s-external-api-onboarding-auto", var.env_short)
+  name = format("%s-external-api-onboarding-auto", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "SelfCare Onboarding"
   versioning_scheme   = "Segment"
 }
 
 resource "azurerm_api_management_api_version_set" "apim_external_api_onboarding_io" {
-  name                = format("%s-external-api-onboarding-io", var.env_short)
+  name = format("%s-external-api-onboarding-io", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "SelfCare Onboarding PA prod-io"
@@ -169,7 +169,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_onboarding_
 
 module "apim_external_api_onboarding_auto_v1" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-external-api-onboarding-auto", local.project)
+  name = format("%s-external-api-onboarding-auto", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_external_api_onboarding_auto.id
@@ -201,7 +201,7 @@ module "apim_external_api_onboarding_auto_v1" {
 
 module "apim_external_api_onboarding_io_v1" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-external-api-onboarding-io", local.project)
+  name = format("%s-external-api-onboarding-io", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_external_api_onboarding_io.id
@@ -232,7 +232,7 @@ module "apim_external_api_onboarding_io_v1" {
 }
 
 resource "azurerm_api_management_api_version_set" "apim_external_api_ms" {
-  name                = format("%s-ms-external-api", var.env_short)
+  name = format("%s-ms-external-api", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "External API Service"
@@ -241,7 +241,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_ms" {
 
 module "apim_external_api_ms_v2" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-ms-external-api", local.project)
+  name = format("%s-ms-external-api", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_external_api_ms.id
@@ -401,17 +401,17 @@ module "apim_external_api_ms_v2" {
     {
       operation_id = "messageAcknowledgmentUsingPOST"
       xml_content = templatefile("./api/api_key_fn_op_policy_message.xml.tpl", {
-        BACKEND_BASE_URL           = "https://selc-${var.env_short}-onboarding-fn.azurewebsites.net"
-        FN_KEY                     = data.azurerm_key_vault_secret.fn-onboarding-primary-key.value
-        EXTERNAL-OAUTH2-ISSUER     = data.azurerm_key_vault_secret.external-oauth2-issuer.value
-        TENANT_ID                  = data.azurerm_client_config.current.tenant_id
+        BACKEND_BASE_URL       = "https://selc-${var.env_short}-onboarding-fn.azurewebsites.net"
+        FN_KEY                 = data.azurerm_key_vault_secret.fn-onboarding-primary-key.value
+        EXTERNAL-OAUTH2-ISSUER = data.azurerm_key_vault_secret.external-oauth2-issuer.value
+        TENANT_ID              = data.azurerm_client_config.current.tenant_id
       })
     }
   ]
 }
 
 resource "azurerm_api_management_api_version_set" "apim_internal_api_ms" {
-  name                = format("%s-ms-internal-api", var.env_short)
+  name = format("%s-ms-internal-api", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "Internal API Service"
@@ -420,7 +420,7 @@ resource "azurerm_api_management_api_version_set" "apim_internal_api_ms" {
 
 module "apim_internal_api_ms_v1" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-ms-internal-api", local.project)
+  name = format("%s-ms-internal-api", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_internal_api_ms.id
@@ -503,12 +503,18 @@ module "apim_internal_api_ms_v1" {
       xml_content = templatefile("./api/base_ms_url_policy.xml", {
         MS_BACKEND_URL = "https://selc-${var.env_short}-ms-core-ca.${var.ca_suffix_dns_private_name}/"
       })
+    },
+    {
+      operation_id = "onboardingImportUsingPOST"
+      xml_content = templatefile("./api/base_ms_url_policy.xml", {
+        MS_BACKEND_URL = "https://selc-${var.env_short}-ext-api-backend-ca.${var.ca_suffix_dns_private_name}/v2/"
+      })
     }
   ]
 }
 
 resource "azurerm_api_management_api_version_set" "apim_selfcare_support_service" {
-  name                = format("%s-selfcare-support-api-service", var.env_short)
+  name = format("%s-selfcare-support-api-service", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "SelfCare Support API Service"
@@ -517,7 +523,7 @@ resource "azurerm_api_management_api_version_set" "apim_selfcare_support_service
 
 module "apim_selfcare_support_service_v1" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-selfcare-support-api-service", local.project)
+  name = format("%s-selfcare-support-api-service", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_selfcare_support_service.id
@@ -599,14 +605,14 @@ module "apim_selfcare_support_service_v1" {
       operation_id = "completeOnboardingTokenConsume"
       xml_content = templatefile("./api/base_ms_url_policy.xml", {
         MS_BACKEND_URL = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/"
-        }
+      }
       )
     },
     {
       operation_id = "onboardingInstitutionUsingGET"
       xml_content = templatefile("./api/base_ms_url_policy.xml", {
         MS_BACKEND_URL = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/"
-        }
+      }
       )
     },
     {
@@ -639,7 +645,7 @@ module "apim_selfcare_support_service_v1" {
 }
 
 resource "azurerm_api_management_api_version_set" "apim_notification_event_api" {
-  name                = format("%s-notification-event-api", var.env_short)
+  name = format("%s-notification-event-api", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "Notification Event API Service"
@@ -648,7 +654,7 @@ resource "azurerm_api_management_api_version_set" "apim_notification_event_api"
 
 module "apim_notification_event_api_v1" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-notification-event-api", local.project)
+  name = format("%s-notification-event-api", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_notification_event_api.id
@@ -705,7 +711,7 @@ module "apim_notification_event_api_v1" {
   ]
 }
 resource "azurerm_api_management_api_version_set" "apim_external_api_contract" {
-  name                = format("%s-external-api-contract", var.env_short)
+  name = format("%s-external-api-contract", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "External API Contract limited by IP source"
@@ -714,7 +720,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_contract" {
 
 module "apim_external_api_contract_v1" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-external-api-contract-service", local.project)
+  name = format("%s-external-api-contract-service", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_external_api_contract.id
@@ -756,7 +762,7 @@ module "apim_external_api_contract_v1" {
 }
 
 resource "azurerm_api_management_api_version_set" "apim_external_api_contracts_public" {
-  name                = format("%s-external-api-contracts-public", var.env_short)
+  name = format("%s-external-api-contracts-public", var.env_short)
   resource_group_name = azurerm_resource_group.rg_api.name
   api_management_name = module.apim.name
   display_name        = "External API Contracts Public"
@@ -765,7 +771,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_contracts_p
 
 module "apim_external_api_contract_public_v1" {
   source              = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
-  name                = format("%s-external-api-contracts-public", local.project)
+  name = format("%s-external-api-contracts-public", local.project)
   api_management_name = module.apim.name
   resource_group_name = azurerm_resource_group.rg_api.name
   version_set_id      = azurerm_api_management_api_version_set.apim_external_api_contracts_public.id
@@ -817,7 +823,7 @@ module "apim_billing_portal_v1" {
   protocols = [
     "https"
   ]
-  
+
   service_url = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/"
 
   content_format = "openapi+json"
@@ -845,7 +851,7 @@ module "apim_billing_portal_v1" {
       operation_id = "checkRecipientCodeUsingGET"
       xml_content = templatefile("./api/base_policy_config.xml.tpl", {
         MS_BACKEND_URL = "https://selc-${var.env_short}-onboardingbackend-ca.${var.ca_suffix_dns_private_name}/v2/"
-    })
+      })
     }
   ]
 }