diff --git a/src/domains/cgn/_modules/apim/data.tf b/src/domains/cgn/_modules/apim/data.tf
index 389155fd5..ad1bf1942 100644
--- a/src/domains/cgn/_modules/apim/data.tf
+++ b/src/domains/cgn/_modules/apim/data.tf
@@ -1,6 +1,6 @@
data "azurerm_api_management" "apim" {
- name = "${var.project}-apim-v2-api"
- resource_group_name = "${var.project}-rg-internal"
+ name = var.apim.name
+ resource_group_name = var.apim.resource_group_name
}
data "azurerm_key_vault" "key_vault_common" {
diff --git a/src/domains/cgn/_modules/apim/named_values_cgn.tf b/src/domains/cgn/_modules/apim/named_values_cgn.tf
index 20757434c..2b569b423 100644
--- a/src/domains/cgn/_modules/apim/named_values_cgn.tf
+++ b/src/domains/cgn/_modules/apim/named_values_cgn.tf
@@ -13,4 +13,4 @@ resource "azurerm_api_management_named_value" "io_fn_cgnmerchant_key_v2" {
display_name = "io-fn-cgnmerchant-key"
value = data.azurerm_key_vault_secret.io_fn_cgnmerchant_key_secret_v2.value
secret = "true"
-}
+}
\ No newline at end of file
diff --git a/src/domains/cgn/_modules/apim/named_values_cgn_os.tf b/src/domains/cgn/_modules/apim/named_values_cgn_os.tf
index 13416b0db..f24a7b41a 100644
--- a/src/domains/cgn/_modules/apim/named_values_cgn_os.tf
+++ b/src/domains/cgn/_modules/apim/named_values_cgn_os.tf
@@ -22,4 +22,4 @@ resource "azurerm_api_management_named_value" "cgnonboardingportal_os_header_nam
display_name = "cgnonboardingportal-os-header-name"
value = data.azurerm_key_vault_secret.cgnonboardingportal_os_header_name.value
secret = true
-}
+}
\ No newline at end of file
diff --git a/src/domains/cgn/_modules/apim/role_assignments.tf b/src/domains/cgn/_modules/apim/role_assignments.tf
index 69147034a..f73e1a5e9 100644
--- a/src/domains/cgn/_modules/apim/role_assignments.tf
+++ b/src/domains/cgn/_modules/apim/role_assignments.tf
@@ -5,13 +5,15 @@ resource "azurerm_role_assignment" "service_contributor_v2" {
}
resource "azurerm_role_assignment" "service_reader" {
+ count = strcontains(var.apim.name, "itn") ? 1 : 0
scope = data.azurerm_api_management.apim.id
role_definition_name = "Reader"
principal_id = data.azurerm_key_vault_secret.cgn_onboarding_backend_identity_v2.value
}
resource "azurerm_role_assignment" "service_reader_v2" {
+ count = strcontains(var.apim.name, "itn") ? 1 : 0
scope = data.azurerm_api_management.apim.id
role_definition_name = "API Management Service Reader Role"
principal_id = data.azurerm_key_vault_secret.cgn_onboarding_backend_identity_v2.value
-}
+}
\ No newline at end of file
diff --git a/src/domains/cgn/_modules/apim/variables.tf b/src/domains/cgn/_modules/apim/variables.tf
index 2a0d234d9..e9c850140 100644
--- a/src/domains/cgn/_modules/apim/variables.tf
+++ b/src/domains/cgn/_modules/apim/variables.tf
@@ -17,3 +17,11 @@ variable "function_cgn_merchant_hostname" {
type = string
description = "CGN Function App hostname to set in API groups"
}
+
+variable "apim" {
+ type = object({
+ name = string
+ resource_group_name = string
+ })
+ description = "API Management"
+}
\ No newline at end of file
diff --git a/src/domains/cgn/prod/README.md b/src/domains/cgn/prod/README.md
index b3c2bbe90..bcbd881dd 100644
--- a/src/domains/cgn/prod/README.md
+++ b/src/domains/cgn/prod/README.md
@@ -15,6 +15,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
| [apim](#module\_apim) | ../_modules/apim | n/a |
+| [apim\_itn](#module\_apim\_itn) | ../_modules/apim | n/a |
| [cosmos](#module\_cosmos) | ../_modules/cosmos | n/a |
| [functions](#module\_functions) | ../_modules/functions_apps | n/a |
| [networking](#module\_networking) | ../_modules/networking | n/a |
diff --git a/src/domains/cgn/prod/apim.tf b/src/domains/cgn/prod/apim.tf
index f01affedd..0afcb71b8 100644
--- a/src/domains/cgn/prod/apim.tf
+++ b/src/domains/cgn/prod/apim.tf
@@ -4,6 +4,24 @@ module "apim" {
project = local.project
env_short = local.env_short
function_cgn_merchant_hostname = module.functions.function_app_cgn_merchant.hostname
+ apim = {
+ name = local.apim_v2_name
+ resource_group_name = local.apim_resource_group_name
+ }
+
+ tags = local.tags
+}
+
+module "apim_itn" {
+ source = "../_modules/apim"
+
+ project = local.project
+ env_short = local.env_short
+ function_cgn_merchant_hostname = module.functions.function_app_cgn_merchant.hostname
+ apim = {
+ name = local.apim_itn_name
+ resource_group_name = local.apim_itn_resource_group_name
+ }
tags = local.tags
}
diff --git a/src/domains/cgn/prod/locals.tf b/src/domains/cgn/prod/locals.tf
index 15c04b7ec..d056ff3b7 100644
--- a/src/domains/cgn/prod/locals.tf
+++ b/src/domains/cgn/prod/locals.tf
@@ -6,6 +6,13 @@ locals {
location = "westeurope"
secondary_location = "italynorth"
+ # WEU
+ apim_v2_name = "${local.project}-apim-v2-api"
+ apim_resource_group_name = "${local.project}-rg-internal"
+ # ITN
+ apim_itn_name = "${local.project}-itn-apim-01"
+ apim_itn_resource_group_name = "${local.project}-itn-common-rg-01"
+
tags = {
CostCenter = "TS310 - PAGAMENTI & SERVIZI"
CreatedBy = "Terraform"
diff --git a/src/domains/citizen-auth-common/03_apim_itn.tf b/src/domains/citizen-auth-common/03_apim_itn.tf
new file mode 100644
index 000000000..a001d98a2
--- /dev/null
+++ b/src/domains/citizen-auth-common/03_apim_itn.tf
@@ -0,0 +1,263 @@
+####################################################################################
+# Lollipop APIM Product
+####################################################################################
+resource "azurerm_api_management_group" "api_lollipop_assertion_read_itn" {
+ name = "apilollipopassertionread"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiLollipopAssertionRead"
+ description = "A group that enables LC to retrieve user's assertion on a Lollipop flow"
+}
+
+module "apim_itn_product_lollipop" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.44.1"
+
+ product_id = "io-lollipop-api"
+ display_name = "IO LOLLIPOP API"
+ description = "Product for IO Lollipop"
+
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+
+ published = true
+ subscription_required = true
+ approval_required = false
+
+ policy_xml = file("./api_product/io_lollipop/_base_policy.xml")
+}
+
+module "apim_itn_lollipop_api_v1" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.44.1"
+
+ name = format("%s-lollipop-api", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_lollipop.product_id]
+ subscription_required = true
+ service_url = null
+
+ description = "IO LolliPOP API"
+ display_name = "IO LolliPOP API"
+ path = "lollipop/api/v1"
+ protocols = ["https"]
+
+ content_format = "openapi"
+
+ content_value = file("./api/io_lollipop/v1/_openapi.yaml")
+
+ xml_content = file("./api/io_lollipop/v1/policy.xml")
+}
+
+# Named Value fn-lollipop
+resource "azurerm_api_management_named_value" "io_fn_itn_lollipop_url_itn" {
+ name = "io-fn-itn-lollipop-url"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "io-fn-itn-lollipop-url"
+ value = "https://${data.azurerm_linux_function_app.lollipop_function.default_hostname}"
+}
+
+resource "azurerm_api_management_named_value" "io_fn_itn_lollipop_key_itn" {
+ name = "io-fn-itn-lollipop-key"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "io-fn-itn-lollipop-key"
+ value = data.azurerm_key_vault_secret.io_fn_itn_lollipop_key_secret_v2.value
+ secret = "true"
+}
+
+####################################################################################
+# PagoPA General Lollipop User
+####################################################################################
+resource "azurerm_api_management_user" "pagopa_user_itn" {
+ user_id = "iolollipoppagopauser"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ first_name = "PagoPA"
+ last_name = "PagoPA"
+ email = "io-lollipop-pagopa@pagopa.it"
+ state = "active"
+}
+
+resource "azurerm_api_management_group_user" "pagopa_group_itn" {
+ user_id = azurerm_api_management_user.pagopa_user_itn.user_id
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ group_name = azurerm_api_management_group.api_lollipop_assertion_read_itn.name
+}
+
+resource "azurerm_api_management_subscription" "pagopa_itn" {
+ user_id = azurerm_api_management_user.pagopa_user_itn.id
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_id = module.apim_itn_product_lollipop.id
+ display_name = "Lollipop API"
+ state = "active"
+ allow_tracing = false
+}
+
+resource "azurerm_api_management_subscription" "pagopa_fastlogin_itn" {
+ user_id = azurerm_api_management_user.pagopa_user_itn.id
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_id = module.apim_itn_product_lollipop.id
+ display_name = "Fast Login LC"
+ state = "active"
+ allow_tracing = false
+}
+
+####################################################################################
+# PagoPA General Lollipop Secret
+####################################################################################
+
+resource "azurerm_key_vault_secret" "first_lollipop_consumer_subscription_key_itn" {
+ name = "first-lollipop-consumer-pagopa-subscription-key-itn"
+ value = azurerm_api_management_subscription.pagopa_itn.primary_key
+ key_vault_id = module.key_vault.id
+}
+
+###################################################################################
+# PagoPA Functions-fast-login Secrets
+###################################################################################
+
+# subscription key used for assertion retrieval
+resource "azurerm_key_vault_secret" "fast_login_subscription_key_itn" {
+ name = "fast-login-subscription-key-itn"
+ value = azurerm_api_management_subscription.pagopa_fastlogin_itn.primary_key
+ key_vault_id = module.key_vault.id
+}
+
+###################################################################################
+# Fast-Login Operation's API
+###################################################################################
+resource "azurerm_api_management_group" "api_fast_login_operation_itn" {
+ name = "apifastloginoperationwrite"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiFastLoginOperationWrite"
+ description = "A group that enables PagoPa Operation to operate over session lock/unlock"
+}
+
+module "apim_itn_product_fast_login_operation" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.44.1"
+
+ product_id = "io-fast-login-operation-api"
+ display_name = "IO FAST-LOGIN OPERATION API"
+ description = "Product for IO Fast Login Operation"
+
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+
+ published = true
+ subscription_required = true
+ approval_required = false
+
+ policy_xml = file("./api_product/fast_login_operation/_base_policy.xml")
+}
+
+module "apim_itn_fast_login_operation_api_v1" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.44.1"
+
+ name = format("%s-fast-login-operation-api", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_fast_login_operation.product_id]
+ subscription_required = true
+ service_url = format(local.fast_login_backend_url, data.azurerm_linux_function_app.functions_fast_login.default_hostname)
+
+ description = "IO FAST-LOGIN OPERATION API"
+ display_name = "IO Fast-Login Operation API"
+ path = "fast-login/api/v1"
+ protocols = ["https"]
+
+ content_format = "openapi"
+
+ content_value = file("./api/fast_login/v1/_openapi.yaml")
+
+ xml_content = file("./api/fast_login/v1/policy.xml")
+}
+
+resource "azurerm_api_management_api_operation_policy" "lock_user_session_for_operation_itn" {
+ api_name = format("%s-fast-login-operation-api", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ operation_id = "lockUserSession"
+
+ xml_content = file("./api/fast_login/v1/post_lockusersession_policy/policy.xml")
+}
+
+resource "azurerm_api_management_user" "fast_login_operation_user_itn" {
+ user_id = "fastloginoperationuser"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ first_name = "PagoPA Operation"
+ last_name = "PagoPA Operation"
+ email = "area-assistenza-operations@pagopa.it"
+ state = "active"
+}
+
+resource "azurerm_api_management_group_user" "pagopa_operation_group_itn" {
+ user_id = azurerm_api_management_user.fast_login_operation_user_itn.user_id
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ group_name = azurerm_api_management_group.api_fast_login_operation_itn.name
+}
+
+resource "azurerm_api_management_subscription" "pagopa_operation_itn" {
+ user_id = azurerm_api_management_user.fast_login_operation_user_itn.id
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_id = module.apim_itn_product_fast_login_operation.id
+ display_name = "Fast Login Operation API"
+ state = "active"
+ allow_tracing = false
+}
+
+# Named Value fn-fast-login
+resource "azurerm_api_management_named_value" "io_fn_itn_fast_login_operation_key_itn" {
+ name = "io-fn-itn-fast-login-operation-key"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "io-fn-itn-fast-login-operation-key"
+ value = data.azurerm_key_vault_secret.functions_fast_login_api_key.value
+ secret = "true"
+}
+
+resource "azurerm_api_management_named_value" "api_fast_login_operation_group_name_itn" {
+ name = "api-fast-login-operation-group-name"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "api-fast-login-operation-group-name"
+ value = azurerm_api_management_group.api_fast_login_operation_itn.display_name
+ secret = "false"
+}
+
+####################################################################################
+# PagoPA General PN APIM User
+####################################################################################
+resource "azurerm_api_management_user" "pn_user_itn" {
+ user_id = "pnapimuser"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ first_name = "PNAPIMuser"
+ last_name = "PNAPIMuser"
+ email = "pn-apim-user@pagopa.it"
+ state = "active"
+}
+
+resource "azurerm_api_management_group_user" "pn_group_itn" {
+ user_id = azurerm_api_management_user.pn_user_itn.user_id
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ group_name = azurerm_api_management_group.api_lollipop_assertion_read_itn.name
+}
+
+resource "azurerm_api_management_subscription" "pn_lc_subscription_itn" {
+ user_id = azurerm_api_management_user.pn_user_itn.id
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_id = module.apim_itn_product_lollipop.id
+ display_name = "PN LC"
+ state = "active"
+ allow_tracing = false
+}
diff --git a/src/domains/citizen-auth-common/03_apim_v2.tf b/src/domains/citizen-auth-common/03_apim_v2.tf
index c18ab66ce..6232ecdee 100644
--- a/src/domains/citizen-auth-common/03_apim_v2.tf
+++ b/src/domains/citizen-auth-common/03_apim_v2.tf
@@ -1,8 +1,3 @@
-data "azurerm_api_management" "apim_v2_api" {
- name = local.apim_v2_name
- resource_group_name = local.apim_resource_group_name
-}
-
####################################################################################
# Lollipop APIM Product
####################################################################################
@@ -62,11 +57,6 @@ resource "azurerm_api_management_named_value" "io_fn_itn_lollipop_url_v2" {
value = "https://${data.azurerm_linux_function_app.lollipop_function.default_hostname}"
}
-data "azurerm_key_vault_secret" "io_fn_itn_lollipop_key_secret_v2" {
- name = "io-fn-itn-lollipop-KEY-APIM"
- key_vault_id = module.key_vault.id
-}
-
resource "azurerm_api_management_named_value" "io_fn_itn_lollipop_key_v2" {
name = "io-fn-itn-lollipop-key"
api_management_name = data.azurerm_api_management.apim_v2_api.name
@@ -165,11 +155,6 @@ module "apim_v2_product_fast_login_operation" {
policy_xml = file("./api_product/fast_login_operation/_base_policy.xml")
}
-data "azurerm_linux_function_app" "functions_fast_login" {
- name = local.fn_fast_login_name
- resource_group_name = local.fn_fast_login_resource_group_name
-}
-
module "apim_v2_fast_login_operation_api_v1" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.44.1"
@@ -231,11 +216,6 @@ resource "azurerm_api_management_subscription" "pagopa_operation_v2" {
# Named Value fn-fast-login
-data "azurerm_key_vault_secret" "functions_fast_login_api_key" {
- name = "io-fn-weu-fast-login-KEY-APIM"
- key_vault_id = module.key_vault.id
-}
-
resource "azurerm_api_management_named_value" "io_fn_itn_fast_login_operation_key_v2" {
name = "io-fn-itn-fast-login-operation-key"
api_management_name = data.azurerm_api_management.apim_v2_api.name
diff --git a/src/domains/citizen-auth-common/06_data.tf b/src/domains/citizen-auth-common/06_data.tf
index 5493b9c09..a796b5800 100644
--- a/src/domains/citizen-auth-common/06_data.tf
+++ b/src/domains/citizen-auth-common/06_data.tf
@@ -33,3 +33,37 @@ data "azurerm_linux_function_app" "lollipop_function" {
resource_group_name = data.azurerm_resource_group.lollipop_function_rg.name
}
#######################
+
+########
+# APIM #
+########
+
+# APIM in WEU
+data "azurerm_api_management" "apim_v2_api" {
+ name = local.apim_v2_name
+ resource_group_name = local.apim_resource_group_name
+}
+
+# APIM in ITN
+data "azurerm_api_management" "apim_itn_api" {
+ name = local.apim_itn_name
+ resource_group_name = local.apim_itn_resource_group_name
+}
+
+# For Named Value fn-lollipop
+data "azurerm_key_vault_secret" "io_fn_itn_lollipop_key_secret_v2" {
+ name = "io-fn-itn-lollipop-KEY-APIM"
+ key_vault_id = module.key_vault.id
+}
+
+# For APIM API module apim_v2_fast_login_operation_api_v1
+data "azurerm_linux_function_app" "functions_fast_login" {
+ name = local.fn_fast_login_name
+ resource_group_name = local.fn_fast_login_resource_group_name
+}
+
+# For Named Value fn-fast-login
+data "azurerm_key_vault_secret" "functions_fast_login_api_key" {
+ name = "io-fn-weu-fast-login-KEY-APIM"
+ key_vault_id = module.key_vault.id
+}
\ No newline at end of file
diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md
index 3b4df5901..ab3cd5e53 100644
--- a/src/domains/citizen-auth-common/README.md
+++ b/src/domains/citizen-auth-common/README.md
@@ -19,6 +19,10 @@
| Name | Source | Version |
|------|--------|---------|
+| [apim\_itn\_fast\_login\_operation\_api\_v1](#module\_apim\_itn\_fast\_login\_operation\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.44.1 |
+| [apim\_itn\_lollipop\_api\_v1](#module\_apim\_itn\_lollipop\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.44.1 |
+| [apim\_itn\_product\_fast\_login\_operation](#module\_apim\_itn\_product\_fast\_login\_operation) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.44.1 |
+| [apim\_itn\_product\_lollipop](#module\_apim\_itn\_product\_lollipop) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.44.1 |
| [apim\_v2\_fast\_login\_operation\_api\_v1](#module\_apim\_v2\_fast\_login\_operation\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.44.1 |
| [apim\_v2\_lollipop\_api\_v1](#module\_apim\_v2\_lollipop\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.44.1 |
| [apim\_v2\_product\_fast\_login\_operation](#module\_apim\_v2\_product\_fast\_login\_operation) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.44.1 |
@@ -39,21 +43,38 @@
| Name | Type |
|------|------|
| [azurerm_api_management_api_operation_policy.lock_user_session_for_operation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_api_operation_policy.lock_user_session_for_operation_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_group.api_fast_login_operation_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.api_fast_login_operation_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group.api_lollipop_assertion_read_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.api_lollipop_assertion_read_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group_user.pagopa_group_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
| [azurerm_api_management_group_user.pagopa_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
+| [azurerm_api_management_group_user.pagopa_operation_group_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
| [azurerm_api_management_group_user.pagopa_operation_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
+| [azurerm_api_management_group_user.pn_group_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
| [azurerm_api_management_group_user.pn_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
| [azurerm_api_management_named_value.api_fast_login_operation_group_name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.api_fast_login_operation_group_name_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_fn_itn_fast_login_operation_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn_itn_fast_login_operation_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_fn_itn_lollipop_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn_itn_lollipop_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_fn_itn_lollipop_url_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn_itn_lollipop_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_subscription.pagopa_fastlogin_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
| [azurerm_api_management_subscription.pagopa_fastlogin_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.pagopa_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.pagopa_operation_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
| [azurerm_api_management_subscription.pagopa_operation_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
| [azurerm_api_management_subscription.pagopa_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.pn_lc_subscription_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
| [azurerm_api_management_subscription.pn_lc_subscription_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_user.fast_login_operation_user_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
| [azurerm_api_management_user.fast_login_operation_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
+| [azurerm_api_management_user.pagopa_user_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
| [azurerm_api_management_user.pagopa_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
+| [azurerm_api_management_user.pn_user_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
| [azurerm_api_management_user.pn_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
| [azurerm_cosmosdb_sql_container.lollipop_pubkeys](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
| [azurerm_key_vault_access_policy.access_policy_auth_n_identity_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
@@ -66,7 +87,9 @@
| [azurerm_key_vault_certificate.lollipop_certificate_v1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_certificate) | resource |
| [azurerm_key_vault_secret.appinsights_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.appinsights_instrumentation_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.fast_login_subscription_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.fast_login_subscription_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.first_lollipop_consumer_subscription_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.first_lollipop_consumer_subscription_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_monitor_metric_alert.cosmosdb_account_normalized_RU_consumption_exceeded](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_private_endpoint.cosmos_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
@@ -90,6 +113,7 @@
| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_service_principal.platform_iac_sp](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
+| [azurerm_api_management.apim_itn_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_api_management.apim_v2_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
diff --git a/src/domains/ioweb-app/07_apim_itn.tf b/src/domains/ioweb-app/07_apim_itn.tf
new file mode 100644
index 000000000..e0c4365ab
--- /dev/null
+++ b/src/domains/ioweb-app/07_apim_itn.tf
@@ -0,0 +1,40 @@
+module "apim_itn_bff_api" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v4.1.5"
+
+ name = format("%s-ioweb-bff", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = ["io-web-api"]
+ subscription_required = false
+
+ service_url = format(local.bff_backend_url, module.function_ioweb_profile.default_hostname)
+
+ description = "Bff API for IO Web platform"
+ display_name = "IO Web - Bff"
+ path = local.bff_base_path
+ protocols = ["https"]
+
+ content_format = "openapi-link"
+
+ content_value = "https://raw.githubusercontent.com/pagopa/io-web-profile-backend/a2a6be1434e75089fb46e1aba50678cbbe32afd1/openapi/external.yaml"
+
+ xml_content = file("./api/bff/policy.xml")
+}
+
+resource "azurerm_api_management_api_operation_policy" "unlock_user_session_policy_itn" {
+ api_name = format("%s-ioweb-bff", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ operation_id = "unlockUserSession"
+
+ xml_content = file("./api/bff/post_unlockusersession_policy/policy.xml")
+}
+
+resource "azurerm_api_management_named_value" "io_fn3_services_key_itn" {
+ name = "ioweb-profile-api-key"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ioweb-profile-api-key"
+ value = data.azurerm_key_vault_secret.io_fn3_services_key_secret.value
+ secret = "true"
+}
diff --git a/src/domains/ioweb-app/07_apim_v2.tf b/src/domains/ioweb-app/07_apim_v2.tf
index 95a2cff4e..d445e9daa 100644
--- a/src/domains/ioweb-app/07_apim_v2.tf
+++ b/src/domains/ioweb-app/07_apim_v2.tf
@@ -1,8 +1,3 @@
-data "azurerm_api_management" "apim_v2_api" {
- name = local.apim_v2_name
- resource_group_name = local.apim_resource_group_name
-}
-
module "apim_v2_bff_api" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v4.1.5"
@@ -35,16 +30,6 @@ resource "azurerm_api_management_api_operation_policy" "unlock_user_session_poli
xml_content = file("./api/bff/post_unlockusersession_policy/policy.xml")
}
-data "azurerm_key_vault" "key_vault_common" {
- name = format("%s-ioweb-kv", local.product)
- resource_group_name = format("%s-ioweb-sec-rg", local.product)
-}
-
-data "azurerm_key_vault_secret" "io_fn3_services_key_secret" {
- name = "ioweb-profile-api-key-apim"
- key_vault_id = data.azurerm_key_vault.key_vault_common.id
-}
-
resource "azurerm_api_management_named_value" "io_fn3_services_key_v2" {
name = "ioweb-profile-api-key"
api_management_name = data.azurerm_api_management.apim_v2_api.name
diff --git a/src/domains/ioweb-app/99_data.tf b/src/domains/ioweb-app/99_data.tf
new file mode 100644
index 000000000..3a7fee6a8
--- /dev/null
+++ b/src/domains/ioweb-app/99_data.tf
@@ -0,0 +1,26 @@
+########
+# APIM #
+########
+
+# APIM in WEU
+data "azurerm_api_management" "apim_v2_api" {
+ name = local.apim_v2_name
+ resource_group_name = local.apim_resource_group_name
+}
+
+# APIM in ITN
+data "azurerm_api_management" "apim_itn_api" {
+ name = local.apim_itn_name
+ resource_group_name = local.apim_itn_resource_group_name
+}
+
+# For named value io_fn3_services_key_v2
+data "azurerm_key_vault" "key_vault_common" {
+ name = format("%s-ioweb-kv", local.product)
+ resource_group_name = format("%s-ioweb-sec-rg", local.product)
+}
+
+data "azurerm_key_vault_secret" "io_fn3_services_key_secret" {
+ name = "ioweb-profile-api-key-apim"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
\ No newline at end of file
diff --git a/src/domains/ioweb-app/99_locals.tf b/src/domains/ioweb-app/99_locals.tf
index e0afff170..e5c4e74ce 100644
--- a/src/domains/ioweb-app/99_locals.tf
+++ b/src/domains/ioweb-app/99_locals.tf
@@ -22,9 +22,11 @@ locals {
aks_name = "${local.product}-${var.location_short}-${var.instance}-aks"
aks_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
- apim_v2_name = "${local.product}-apim-v2-api"
- apim_resource_group_name = "${local.product}-rg-internal"
- appgw_resource_group_name = "${local.product}-rg-external"
- bff_base_path = "ioweb/backend/api/v1"
- bff_backend_url = "https://%s/api/v1"
+ apim_v2_name = "${local.product}-apim-v2-api"
+ apim_resource_group_name = "${local.product}-rg-internal"
+ apim_itn_name = "${local.product}-itn-apim-01"
+ apim_itn_resource_group_name = "${local.product}-itn-common-rg-01"
+ appgw_resource_group_name = "${local.product}-rg-external"
+ bff_base_path = "ioweb/backend/api/v1"
+ bff_backend_url = "https://%s/api/v1"
}
diff --git a/src/domains/ioweb-app/README.md b/src/domains/ioweb-app/README.md
index b0ba30b49..28fc994df 100644
--- a/src/domains/ioweb-app/README.md
+++ b/src/domains/ioweb-app/README.md
@@ -22,6 +22,7 @@
| Name | Source | Version |
|------|--------|---------|
+| [apim\_itn\_bff\_api](#module\_apim\_itn\_bff\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v4.1.5 |
| [apim\_v2\_bff\_api](#module\_apim\_v2\_bff\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v4.1.5 |
| [function\_ioweb\_profile](#module\_function\_ioweb\_profile) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app | v5.2.0 |
| [function\_ioweb\_profile\_staging\_slot](#module\_function\_ioweb\_profile\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v5.2.0 |
@@ -32,6 +33,8 @@
| Name | Type |
|------|------|
| [azurerm_api_management_api_operation_policy.unlock_user_session_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_api_operation_policy.unlock_user_session_policy_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_named_value.io_fn3_services_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn3_services_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_key_vault_secret.exchange_jwt_private_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.exchange_jwt_pub_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
@@ -49,6 +52,7 @@
| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
+| [azurerm_api_management.apim_itn_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_api_management.apim_v2_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_application_gateway.app_gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_gateway) | data source |
| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
diff --git a/src/domains/ioweb-common/05_apim_itn.tf b/src/domains/ioweb-common/05_apim_itn.tf
new file mode 100644
index 000000000..a12099262
--- /dev/null
+++ b/src/domains/ioweb-common/05_apim_itn.tf
@@ -0,0 +1,51 @@
+# API Product
+
+module "apim_itn_product_ioweb" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v4.1.5"
+
+ product_id = "io-web-api"
+ display_name = "IO WEB API"
+ description = "Product for IO WEB Api & Authentication"
+
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+
+ published = true
+ subscription_required = false
+ approval_required = false
+
+ policy_xml = file("./api_product/ioweb/_base_policy.xml")
+}
+
+module "apim_itn_spid_login_api" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v4.1.5"
+
+ name = format("%s-ioweb-auth", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_ioweb.product_id]
+ subscription_required = false
+
+ service_url = format("https://%s", module.spid_login.default_site_hostname)
+
+ description = "Login SPID Service Provider"
+ display_name = "IO Web - Authentication"
+ path = local.spid_login_base_path
+ protocols = ["https"]
+
+ content_format = "openapi"
+
+ # NOTE: This openapi does not contains `upgradeToken` endpoint, since it's not necessary
+ content_value = file("./api/ioweb/spid-login/_swagger.json")
+
+ xml_content = file("./api/ioweb/spid-login/_base_policy.xml")
+}
+
+resource "azurerm_api_management_api_operation_policy" "spid_acs_itn" {
+ api_name = format("%s-ioweb-auth", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ operation_id = "postACS"
+
+ xml_content = file("./api/ioweb/spid-login/_postacs_policy.xml")
+}
diff --git a/src/domains/ioweb-common/05_apim_v2.tf b/src/domains/ioweb-common/05_apim_v2.tf
index 3c06b46cf..5eb2c1cee 100644
--- a/src/domains/ioweb-common/05_apim_v2.tf
+++ b/src/domains/ioweb-common/05_apim_v2.tf
@@ -1,9 +1,3 @@
-data "azurerm_api_management" "apim_v2_api" {
- name = local.apim_v2_name
- resource_group_name = local.apim_resource_group_name
-}
-
-
# API Product
module "apim_v2_product_ioweb" {
diff --git a/src/domains/ioweb-common/07_data.tf b/src/domains/ioweb-common/07_data.tf
index b2fb3a94a..668aa9583 100644
--- a/src/domains/ioweb-common/07_data.tf
+++ b/src/domains/ioweb-common/07_data.tf
@@ -11,3 +11,19 @@ data "azurerm_user_assigned_identity" "managed_identity_io_infra_cd" {
name = "${local.product}-infra-github-cd-identity"
resource_group_name = "${local.product}-identity-rg"
}
+
+########
+# APIM #
+########
+
+# APIM in WEU
+data "azurerm_api_management" "apim_v2_api" {
+ name = local.apim_v2_name
+ resource_group_name = local.apim_resource_group_name
+}
+
+# APIM in ITN
+data "azurerm_api_management" "apim_itn_api" {
+ name = local.apim_itn_name
+ resource_group_name = local.apim_itn_resource_group_name
+}
\ No newline at end of file
diff --git a/src/domains/ioweb-common/99_locals.tf b/src/domains/ioweb-common/99_locals.tf
index dd80188ab..66a08b8c2 100644
--- a/src/domains/ioweb-common/99_locals.tf
+++ b/src/domains/ioweb-common/99_locals.tf
@@ -11,8 +11,12 @@ locals {
acr_name = replace("${local.product}commonacr", "-", "")
acr_resource_group_name = "${local.product}-container-registry-rg"
+ # WEU
apim_v2_name = "${local.product}-apim-v2-api"
apim_resource_group_name = "${local.product}-rg-internal"
+ # ITN
+ apim_itn_name = "${local.product}-itn-apim-01"
+ apim_itn_resource_group_name = "${local.product}-itn-common-rg-01"
spid_login_base_path = "ioweb/auth/v1"
}
diff --git a/src/domains/ioweb-common/README.md b/src/domains/ioweb-common/README.md
index 0900e5ff3..a9d36f203 100644
--- a/src/domains/ioweb-common/README.md
+++ b/src/domains/ioweb-common/README.md
@@ -20,6 +20,8 @@
| Name | Source | Version |
|------|--------|---------|
+| [apim\_itn\_product\_ioweb](#module\_apim\_itn\_product\_ioweb) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v4.1.5 |
+| [apim\_itn\_spid\_login\_api](#module\_apim\_itn\_spid\_login\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v4.1.5 |
| [apim\_v2\_product\_ioweb](#module\_apim\_v2\_product\_ioweb) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_product | v4.1.5 |
| [apim\_v2\_spid\_login\_api](#module\_apim\_v2\_spid\_login\_api) | git::https://github.com/pagopa/terraform-azurerm-v3//api_management_api | v4.1.5 |
| [immutable\_spid\_logs\_storage](#module\_immutable\_spid\_logs\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3//storage_account | v7.32.1 |
@@ -36,6 +38,7 @@
| Name | Type |
|------|------|
| [azurerm_api_management_api_operation_policy.spid_acs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_api_operation_policy.spid_acs_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
| [azurerm_key_vault_access_policy.access_policy_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
| [azurerm_key_vault_access_policy.access_policy_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
| [azurerm_key_vault_access_policy.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
@@ -59,6 +62,7 @@
| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_service_principal.platform_iac_sp](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
+| [azurerm_api_management.apim_itn_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_api_management.apim_v2_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
diff --git a/src/domains/messages-common/05_apim_itn.tf b/src/domains/messages-common/05_apim_itn.tf
new file mode 100644
index 000000000..2a19415f4
--- /dev/null
+++ b/src/domains/messages-common/05_apim_itn.tf
@@ -0,0 +1,344 @@
+resource "azurerm_api_management_group" "apiremotecontentconfigurationwrite_itn" {
+ name = "apiremotecontentconfigurationwrite"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiRemoteContentConfigurationWrite"
+ description = "A group that enables to write and manage Remote Content Configuration"
+}
+
+resource "azurerm_api_management_group" "apithirdpartymessagewrite_itn" {
+ name = "apithirdpartymessagewrite"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiThirdPartyMessageWrite"
+ description = "A group that enables to send Third Party Messages"
+}
+
+resource "azurerm_api_management_group" "apimessagewriteadvanced_itn" {
+ name = "apimessagewriteadvanced"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiMessageWriteAdvanced"
+ description = "A group that enables to send Advanced Write Messages"
+}
+
+resource "azurerm_api_management_group" "apimessagereadadvanced_itn" {
+ name = "apimessagereadadvanced"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiMessageReadAdvanced"
+ description = "A group that enables to send Advanced Read Messages"
+}
+
+resource "azurerm_api_management_group" "apinewmessagenotify_itn" {
+ name = "apinewmessagenotify"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiNewMessageNotify"
+ description = "A group that enables to send a Push notification for a new message"
+}
+
+resource "azurerm_api_management_group" "apiremindernotify_itn" {
+ name = "apiremindernotify"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiReminderNotify"
+ description = "A group that enables to send a Push notification for a reminder message"
+}
+
+resource "azurerm_api_management_group" "apipaymentupdater_itn" {
+ name = "apipaymentread"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "ApiPaymentRead"
+ description = "A group that enables to read payment status related to a message"
+}
+
+module "apim_itn_product_notifications" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.27.0"
+
+ product_id = "io-notifications-api"
+ display_name = "IO NOTIFICATIONS API"
+ description = "Product for IO notifications"
+
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+
+ published = true
+ subscription_required = true
+ approval_required = false
+
+ policy_xml = file("./api_product/messages/_base_policy.xml")
+}
+
+module "io-backend_notification_itn_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-notification-api", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_notifications.product_id]
+ subscription_required = false
+ service_url = null
+
+ description = "IO Backend - Notification API"
+ display_name = "IO Backend - Notification API"
+ path = "io-backend-notification/api/v1"
+ protocols = ["https"]
+
+ content_format = "openapi"
+
+ content_value = file("./api/io-backend-notification/v1/_openapi.yaml")
+
+ xml_content = file("./api/io-backend-notification/v1/_base_policy.xml")
+}
+
+resource "azurerm_api_management_user" "reminder_user_itn" {
+ user_id = "iopremiumreminderuser"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ first_name = "Reminder"
+ last_name = "Reminder"
+ email = "io-premium-reminder@pagopa.it"
+ state = "active"
+}
+
+resource "azurerm_api_management_group_user" "reminder_group_itn" {
+ user_id = azurerm_api_management_user.reminder_user_itn.user_id
+ group_name = azurerm_api_management_group.apiremindernotify_itn.name
+ resource_group_name = azurerm_api_management_user.reminder_user_itn.resource_group_name
+ api_management_name = azurerm_api_management_user.reminder_user_itn.api_management_name
+}
+
+resource "azurerm_api_management_subscription" "reminder_itn" {
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ user_id = azurerm_api_management_user.reminder_user_itn.id
+ product_id = module.apim_itn_product_notifications.id
+ display_name = "Reminder API"
+ state = "active"
+ allow_tracing = false
+}
+
+resource "azurerm_key_vault_secret" "reminder_subscription_primary_key_itn" {
+ name = "${format("%s-reminder", local.product)}-subscription-key-itn"
+ value = azurerm_api_management_subscription.reminder_itn.primary_key
+ content_type = "subscription key"
+ key_vault_id = module.key_vault.id
+}
+
+########################################
+resource "azurerm_api_management_group_user" "payment_group_itn" {
+ user_id = azurerm_api_management_user.reminder_user_itn.user_id
+ group_name = azurerm_api_management_group.apipaymentupdater_itn.name
+ resource_group_name = azurerm_api_management_user.reminder_user_itn.resource_group_name
+ api_management_name = azurerm_api_management_user.reminder_user_itn.api_management_name
+}
+
+resource "azurerm_api_management_subscription" "payment_updater_reminder_itn" {
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ user_id = azurerm_api_management_user.reminder_user_itn.id
+ product_id = data.azurerm_api_management_product.payment_updater_product_itn.id
+ display_name = "Payment Updater API"
+ state = "active"
+ allow_tracing = false
+}
+
+resource "azurerm_key_vault_secret" "reminder_paymentapi_subscription_primary_key_itn" {
+ name = "${format("%s-reminder-payment-api", local.product)}-subscription-key-itn"
+ value = azurerm_api_management_subscription.payment_updater_reminder_itn.primary_key
+ content_type = "subscription key"
+ key_vault_id = module.key_vault.id
+}
+
+###############################################
+################ API MANAGE ###################
+###############################################
+
+resource "azurerm_api_management_named_value" "io_p_messages_sending_func_key_itn" {
+ name = "io-p-messages-sending-func-key"
+ display_name = "io-p-messages-sending-func-key"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ value = data.azurerm_key_vault_secret.io_p_messages_sending_func_key.value
+ secret = "true"
+}
+
+# APIM APIs
+
+# MESSAGES SENDING FUNC EXTERNAL
+module "apim_itn_messages_sending_external_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.17.0"
+
+ name = format("%s-%s-messages-sending-external-api-01", local.product, var.location_short)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [data.azurerm_api_management_product.apim_v2_product_services.product_id]
+ subscription_required = true
+ service_url = null
+
+ description = "IO Messages Sending - External - API"
+ display_name = "IO Messages Sending - External - API"
+ path = "api/v1/messages-sending"
+ protocols = ["https"]
+
+ content_format = "openapi"
+ content_value = data.http.messages_sending_external_openapi.body
+
+ xml_content = file("./api/messages-sending/v1/_base_policy_external.xml")
+}
+
+# MESSAGES SENDING FUNC INTERNAL
+module "apim_itn_messages_sending_internal_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-%s-messages-sending-internal-api-01", local.product, var.location_short)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_notifications.product_id]
+ subscription_required = true
+ service_url = null
+
+ description = "IO Messages Sending - Internal - API"
+ display_name = "IO Messages Sending - Internal - API"
+ path = "api/v1/messages-sending/internal"
+ protocols = ["https"]
+
+ content_format = "openapi"
+ content_value = data.http.messages_sending_internal_openapi.body
+
+ xml_content = file("./api/messages-sending/v1/_base_policy_internal.xml")
+}
+
+# SERVICE MESSAGE MANAGE (TO REMOVE)
+module "apim_itn_service_messages_manage_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-service-messages-manage-api", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [data.azurerm_api_management_product.apim_itn_product_services.product_id]
+ subscription_required = true
+ service_url = null
+
+ description = "IO Service Messages - Manage - API"
+ display_name = "IO Service Messages - Manage - API"
+ path = "service-messages/manage/api/v1"
+ protocols = ["https"]
+
+ content_format = "openapi"
+ content_value = data.http.service_messages_manage_openapi.body
+
+ xml_content = file("./api/service-messages/v1/_base_policy.xml")
+}
+
+# SERVICE MESSAGE INTERNAL (TO REMOVE)
+module "apim_itn_service_messages_internal_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-service-messages-internal-api", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_notifications.product_id]
+ subscription_required = true
+ service_url = null
+
+ description = "IO Service Messages - Internal - API"
+ display_name = "IO Service Messages - Internal - API"
+ path = "service-messages/api/v1"
+ protocols = ["https"]
+
+ content_format = "openapi"
+ content_value = data.http.service_messages_internal_openapi.body
+
+ xml_content = file("./api/service-messages/v1/_base_policy.xml")
+}
+
+# MESSAGES CITIZEN FUNC
+module "apim_itn_product_messages_backend" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.27.0"
+
+ product_id = "io-messages-backend-api"
+ display_name = "IO MESSAGES BACKEND API"
+ description = "Product for IO MESSAGES BACKEND API"
+
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+
+ published = true
+ subscription_required = true
+ approval_required = false
+
+ policy_xml = file("./api_product/backend/_base_policy.xml")
+}
+
+resource "azurerm_api_management_subscription" "messages_backend_itn" {
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_id = module.apim_itn_product_messages_backend.id
+ display_name = "Messages Backend API"
+ state = "active"
+ allow_tracing = false
+}
+
+resource "azurerm_api_management_named_value" "io_messages_backend_key_itn" {
+ name = "io-messages-backend-key"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ display_name = "io-messages-backend-key"
+ value = data.azurerm_key_vault_secret.io_messages_backend_func_key.value
+ secret = "true"
+}
+
+module "apim_itn_messages_citizen_l1_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.40.0"
+
+ name = format("%s-%s-messages-citizen-api-01", local.product, var.location_short)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_messages_backend.product_id]
+ subscription_required = true
+ service_url = null
+
+ subscription_key_names = {
+ header = "x-functions-key"
+ query = "subscription-key"
+ }
+
+ description = "IO Messages Citizen - L1 - API"
+ display_name = "IO Messages Citizen - L1 - API"
+ path = "messages/l1/api/v1"
+ protocols = ["https"]
+
+ content_format = "openapi"
+ content_value = data.http.messages_citizen_openapi.body
+
+ xml_content = file("./api/messages-citizen/v1/_base_policy_l1.xml")
+}
+
+module "apim_itn_messages_citizen_l2_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.40.0"
+
+ name = format("%s-%s-messages-citizen-api-02", local.product, var.location_short)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_messages_backend.product_id]
+ subscription_required = true
+ service_url = null
+
+ description = "IO Messages Citizen - L2 - API"
+ display_name = "IO Messages Citizen - L2 - API"
+ path = "messages/l2/api/v1"
+ protocols = ["https"]
+
+ subscription_key_names = {
+ header = "x-functions-key"
+ query = "subscription-key"
+ }
+
+ content_format = "openapi"
+ content_value = data.http.messages_citizen_openapi.body
+
+ xml_content = file("./api/messages-citizen/v1/_base_policy_l2.xml")
+}
\ No newline at end of file
diff --git a/src/domains/messages-common/05_apim_v2.tf b/src/domains/messages-common/05_apim_v2.tf
index d356878b1..d8fc17e32 100644
--- a/src/domains/messages-common/05_apim_v2.tf
+++ b/src/domains/messages-common/05_apim_v2.tf
@@ -1,8 +1,3 @@
-data "azurerm_api_management" "apim_v2_api" {
- name = local.apim_v2_name
- resource_group_name = local.apim_resource_group_name
-}
-
resource "azurerm_api_management_group" "apiremotecontentconfigurationwrite" {
name = "apiremotecontentconfigurationwrite"
api_management_name = data.azurerm_api_management.apim_v2_api.name
@@ -133,13 +128,6 @@ resource "azurerm_key_vault_secret" "reminder_subscription_primary_key_v2" {
}
########################################
-
-data "azurerm_api_management_product" "payment_updater_product_v2" {
- product_id = "io-payments-api"
- api_management_name = data.azurerm_api_management.apim_v2_api.name
- resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
-}
-
resource "azurerm_api_management_group_user" "payment_group_v2" {
user_id = azurerm_api_management_user.reminder_user_v2.user_id
group_name = azurerm_api_management_group.apipaymentupdater_v2.name
@@ -168,11 +156,6 @@ resource "azurerm_key_vault_secret" "reminder_paymentapi_subscription_primary_ke
################ API MANAGE ###################
###############################################
-data "azurerm_key_vault_secret" "io_p_messages_sending_func_key" {
- name = "io-p-messages-sending-func-key"
- key_vault_id = module.key_vault.id
-}
-
resource "azurerm_api_management_named_value" "io_p_messages_sending_func_key" {
name = "io-p-messages-sending-func-key"
display_name = "io-p-messages-sending-func-key"
@@ -182,19 +165,9 @@ resource "azurerm_api_management_named_value" "io_p_messages_sending_func_key" {
secret = "true"
}
-data "azurerm_api_management_product" "apim_v2_product_services" {
- product_id = "io-services-api"
- api_management_name = data.azurerm_api_management.apim_v2_api.name
- resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
-}
-
# APIM APIs
# MESSAGES SENDING FUNC EXTERNAL
-data "http" "messages_sending_external_openapi" {
- url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/master/openapi/index_external.yaml"
-}
-
module "apim_v2_messages_sending_external_api_v1" {
source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.17.0"
@@ -217,10 +190,6 @@ module "apim_v2_messages_sending_external_api_v1" {
}
# MESSAGES SENDING FUNC INTERNAL
-data "http" "messages_sending_internal_openapi" {
- url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/master/openapi/index.yaml"
-}
-
module "apim_v2_messages_sending_internal_api_v1" {
source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
@@ -243,10 +212,6 @@ module "apim_v2_messages_sending_internal_api_v1" {
}
# SERVICE MESSAGE MANAGE (TO REMOVE)
-data "http" "service_messages_manage_openapi" {
- url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/833616dceab72bd65c4d3875c64eb75787b19258/openapi/index_external.yaml"
-}
-
module "apim_v2_service_messages_manage_api_v1" {
source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
@@ -269,10 +234,6 @@ module "apim_v2_service_messages_manage_api_v1" {
}
# SERVICE MESSAGE INTERNAL (TO REMOVE)
-data "http" "service_messages_internal_openapi" {
- url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/833616dceab72bd65c4d3875c64eb75787b19258/openapi/index.yaml"
-}
-
module "apim_v2_service_messages_internal_api_v1" {
source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
@@ -322,11 +283,6 @@ resource "azurerm_api_management_subscription" "messages_backend_v2" {
allow_tracing = false
}
-data "azurerm_key_vault_secret" "io_messages_backend_func_key" {
- name = "io-p-messages-backend-func-key"
- key_vault_id = module.key_vault.id
-}
-
resource "azurerm_api_management_named_value" "io_messages_backend_key" {
name = "io-messages-backend-key"
api_management_name = data.azurerm_api_management.apim_v2_api.name
@@ -336,10 +292,6 @@ resource "azurerm_api_management_named_value" "io_messages_backend_key" {
secret = "true"
}
-data "http" "messages_citizen_openapi" {
- url = "https://raw.githubusercontent.com/pagopa/io-messages/main/apps/citizen-func/openapi/index.yaml"
-}
-
module "apim_v2_messages_citizen_l1_api_v1" {
source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.40.0"
diff --git a/src/domains/messages-common/99_data.tf b/src/domains/messages-common/99_data.tf
new file mode 100644
index 000000000..ad28f53c3
--- /dev/null
+++ b/src/domains/messages-common/99_data.tf
@@ -0,0 +1,78 @@
+########
+# APIM #
+########
+
+# APIM in WEU
+data "azurerm_api_management" "apim_v2_api" {
+ name = local.apim_v2_name
+ resource_group_name = local.apim_resource_group_name
+}
+
+# APIM in ITN
+data "azurerm_api_management" "apim_itn_api" {
+ name = local.apim_itn_name
+ resource_group_name = local.apim_itn_resource_group_name
+}
+
+# For subscription payment_updater_reminder_v2
+
+data "azurerm_api_management_product" "payment_updater_product_v2" {
+ product_id = "io-payments-api"
+ api_management_name = data.azurerm_api_management.apim_v2_api.name
+ resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+}
+
+data "azurerm_api_management_product" "payment_updater_product_itn" {
+ product_id = "io-payments-api"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+}
+
+# For named value io_p_messages_sending_func_key
+data "azurerm_key_vault_secret" "io_p_messages_sending_func_key" {
+ name = "io-p-messages-sending-func-key"
+ key_vault_id = module.key_vault.id
+}
+
+# For APIM API module apim_v2_messages_sending_external_api_v1
+data "azurerm_api_management_product" "apim_v2_product_services" {
+ product_id = "io-services-api"
+ api_management_name = data.azurerm_api_management.apim_v2_api.name
+ resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+}
+
+data "azurerm_api_management_product" "apim_itn_product_services" {
+ product_id = "io-services-api"
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+}
+
+data "http" "messages_sending_external_openapi" {
+ url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/master/openapi/index_external.yaml"
+}
+
+# For APIM API module apim_v2_messages_sending_internal_api_v1
+data "http" "messages_sending_internal_openapi" {
+ url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/master/openapi/index.yaml"
+}
+
+# For APIM API module apim_v2_service_messages_manage_api_v1
+data "http" "service_messages_manage_openapi" {
+ url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/833616dceab72bd65c4d3875c64eb75787b19258/openapi/index_external.yaml"
+}
+
+# For APIM API module apim_v2_service_messages_internal_api_v1
+data "http" "service_messages_internal_openapi" {
+ url = "https://raw.githubusercontent.com/pagopa/io-functions-services-messages/833616dceab72bd65c4d3875c64eb75787b19258/openapi/index.yaml"
+}
+
+# For named value io_messages_backend_key
+data "azurerm_key_vault_secret" "io_messages_backend_func_key" {
+ name = "io-p-messages-backend-func-key"
+ key_vault_id = module.key_vault.id
+}
+
+# For APIM API module apim_v2_messages_citizen_l1_api_v1
+data "http" "messages_citizen_openapi" {
+ url = "https://raw.githubusercontent.com/pagopa/io-messages/main/apps/citizen-func/openapi/index.yaml"
+}
diff --git a/src/domains/messages-common/99_locals.tf b/src/domains/messages-common/99_locals.tf
index b03dedabd..1f1f6c4dc 100644
--- a/src/domains/messages-common/99_locals.tf
+++ b/src/domains/messages-common/99_locals.tf
@@ -15,6 +15,10 @@ locals {
acr_name = replace("${local.product}commonacr", "-", "")
acr_resource_group_name = "${local.product}-container-registry-rg"
+ # WEU
apim_v2_name = "${local.product}-apim-v2-api"
apim_resource_group_name = "${local.product}-rg-internal"
+ # ITN
+ apim_itn_name = "${local.product}-itn-apim-01"
+ apim_itn_resource_group_name = "${local.product}-itn-common-rg-01"
}
diff --git a/src/domains/messages-common/README.md b/src/domains/messages-common/README.md
index 99a773ccd..0e7d5d164 100644
--- a/src/domains/messages-common/README.md
+++ b/src/domains/messages-common/README.md
@@ -20,6 +20,14 @@
| Name | Source | Version |
|------|--------|---------|
+| [apim\_itn\_messages\_citizen\_l1\_api\_v1](#module\_apim\_itn\_messages\_citizen\_l1\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.40.0 |
+| [apim\_itn\_messages\_citizen\_l2\_api\_v1](#module\_apim\_itn\_messages\_citizen\_l2\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.40.0 |
+| [apim\_itn\_messages\_sending\_external\_api\_v1](#module\_apim\_itn\_messages\_sending\_external\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.17.0 |
+| [apim\_itn\_messages\_sending\_internal\_api\_v1](#module\_apim\_itn\_messages\_sending\_internal\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_product\_messages\_backend](#module\_apim\_itn\_product\_messages\_backend) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
+| [apim\_itn\_product\_notifications](#module\_apim\_itn\_product\_notifications) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
+| [apim\_itn\_service\_messages\_internal\_api\_v1](#module\_apim\_itn\_service\_messages\_internal\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_service\_messages\_manage\_api\_v1](#module\_apim\_itn\_service\_messages\_manage\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
| [apim\_v2\_messages\_citizen\_l1\_api\_v1](#module\_apim\_v2\_messages\_citizen\_l1\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.40.0 |
| [apim\_v2\_messages\_citizen\_l2\_api\_v1](#module\_apim\_v2\_messages\_citizen\_l2\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.40.0 |
| [apim\_v2\_messages\_sending\_external\_api\_v1](#module\_apim\_v2\_messages\_sending\_external\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.17.0 |
@@ -31,6 +39,7 @@
| [cosmosdb\_account\_mongodb\_reminder](#module\_cosmosdb\_account\_mongodb\_reminder) | github.com/pagopa/terraform-azurerm-v3//cosmosdb_account | v8.27.0 |
| [cosmosdb\_account\_remote\_content](#module\_cosmosdb\_account\_remote\_content) | github.com/pagopa/terraform-azurerm-v3//cosmosdb_account | v8.27.0 |
| [cosmosdb\_sql\_database\_remote\_content](#module\_cosmosdb\_sql\_database\_remote\_content) | github.com/pagopa/terraform-azurerm-v3//cosmosdb_sql_database | v8.27.0 |
+| [io-backend\_notification\_itn\_api\_v1](#module\_io-backend\_notification\_itn\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
| [io-backend\_notification\_v2\_api\_v1](#module\_io-backend\_notification\_v2\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
| [key\_vault](#module\_key\_vault) | github.com/pagopa/terraform-azurerm-v3//key_vault | v8.27.0 |
| [mongdb\_collection\_reminder](#module\_mongdb\_collection\_reminder) | github.com/pagopa/terraform-azurerm-v3//cosmosdb_mongodb_collection | v8.27.0 |
@@ -44,20 +53,35 @@
| Name | Type |
|------|------|
+| [azurerm_api_management_group.apimessagereadadvanced_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.apimessagereadadvanced_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group.apimessagewriteadvanced_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.apimessagewriteadvanced_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group.apinewmessagenotify_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.apinewmessagenotify_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group.apipaymentupdater_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.apipaymentupdater_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group.apiremindernotify_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.apiremindernotify_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.apiremotecontentconfigurationwrite](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group.apiremotecontentconfigurationwrite_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group.apithirdpartymessagewrite_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
| [azurerm_api_management_group.apithirdpartymessagewrite_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
+| [azurerm_api_management_group_user.payment_group_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
| [azurerm_api_management_group_user.payment_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
+| [azurerm_api_management_group_user.reminder_group_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
| [azurerm_api_management_group_user.reminder_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
| [azurerm_api_management_named_value.io_messages_backend_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_messages_backend_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_p_messages_sending_func_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_p_messages_sending_func_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_subscription.messages_backend_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
| [azurerm_api_management_subscription.messages_backend_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.payment_updater_reminder_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
| [azurerm_api_management_subscription.payment_updater_reminder_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.reminder_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
| [azurerm_api_management_subscription.reminder_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_user.reminder_user_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
| [azurerm_api_management_user.reminder_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
| [azurerm_cosmosdb_mongo_database.db_reminder](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_database) | resource |
| [azurerm_cosmosdb_sql_container.message_configuration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
@@ -79,7 +103,9 @@
| [azurerm_key_vault_secret.payments_io-p-payment-updates-weu-prod01-evh-reminder_jaas-connection-string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.push_notifications_storage_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.reminder_mysql_db_server_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.reminder_paymentapi_subscription_primary_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.reminder_paymentapi_subscription_primary_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.reminder_subscription_primary_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_key_vault_secret.reminder_subscription_primary_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
| [azurerm_mysql_flexible_database.reminder_mysql_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_flexible_database) | resource |
| [azurerm_mysql_flexible_server.reminder_mysql_server](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_flexible_server) | resource |
@@ -97,8 +123,11 @@
| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_service_principal.platform_iac_sp](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
+| [azurerm_api_management.apim_itn_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_api_management.apim_v2_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
+| [azurerm_api_management_product.apim_itn_product_services](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
| [azurerm_api_management_product.apim_v2_product_services](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
+| [azurerm_api_management_product.payment_updater_product_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
| [azurerm_api_management_product.payment_updater_product_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
diff --git a/src/domains/payments-common/05_api_itn.tf b/src/domains/payments-common/05_api_itn.tf
new file mode 100644
index 000000000..f60e2e34e
--- /dev/null
+++ b/src/domains/payments-common/05_api_itn.tf
@@ -0,0 +1,38 @@
+module "apim_itn_product_payments" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v4.1.8"
+
+ product_id = "io-payments-api"
+ display_name = "IO PAYMENTS API"
+ description = "Product for IO payments"
+
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+
+ published = true
+ subscription_required = true
+ approval_required = false
+
+ policy_xml = file("./api_product/payments/_base_policy.xml")
+}
+
+module "apim_itn_payments_updater_api_v1" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v4.1.8"
+
+ name = format("%s-payments-updater-api", local.product)
+ api_management_name = data.azurerm_api_management.apim_itn_api.name
+ resource_group_name = data.azurerm_api_management.apim_itn_api.resource_group_name
+ product_ids = [module.apim_itn_product_payments.product_id]
+ subscription_required = true
+ service_url = null
+
+ description = "IO Payments - Updater API"
+ display_name = "IO Payments - Updater API"
+ path = "api/v1/payment"
+ protocols = ["https"]
+
+ content_format = "openapi"
+
+ content_value = file("./api/payments_updater/v1/_openapi.yaml")
+
+ xml_content = file("./api/payments_updater/v1/_base_policy.xml")
+}
diff --git a/src/domains/payments-common/05_api_v2.tf b/src/domains/payments-common/05_api_v2.tf
index b7026d40a..74627e46e 100644
--- a/src/domains/payments-common/05_api_v2.tf
+++ b/src/domains/payments-common/05_api_v2.tf
@@ -1,8 +1,3 @@
-data "azurerm_api_management" "apim_v2_api" {
- name = local.apim_v2_name
- resource_group_name = local.apim_resource_group_name
-}
-
module "apim_v2_product_payments" {
source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v4.1.8"
diff --git a/src/domains/payments-common/99_data.tf b/src/domains/payments-common/99_data.tf
new file mode 100644
index 000000000..357728042
--- /dev/null
+++ b/src/domains/payments-common/99_data.tf
@@ -0,0 +1,16 @@
+########
+# APIM #
+########
+
+# APIM in WEU
+data "azurerm_api_management" "apim_v2_api" {
+ name = local.apim_v2_name
+ resource_group_name = local.apim_resource_group_name
+}
+
+# APIM in ITN
+data "azurerm_api_management" "apim_itn_api" {
+ name = local.apim_itn_name
+ resource_group_name = local.apim_itn_resource_group_name
+}
+
diff --git a/src/domains/payments-common/99_locals.tf b/src/domains/payments-common/99_locals.tf
index a2f48f137..1e905db15 100644
--- a/src/domains/payments-common/99_locals.tf
+++ b/src/domains/payments-common/99_locals.tf
@@ -24,6 +24,10 @@ locals {
acr_name = replace("${local.product}commonacr", "-", "")
acr_resource_group_name = "${local.product}-container-registry-rg"
+ # WEU
apim_v2_name = "${local.product}-apim-v2-api"
apim_resource_group_name = "${local.product}-rg-internal"
+ # ITN
+ apim_itn_name = "${local.product}-itn-apim-01"
+ apim_itn_resource_group_name = "${local.product}-itn-common-rg-01"
}
diff --git a/src/domains/payments-common/README.md b/src/domains/payments-common/README.md
index c1ccaa086..0714cc117 100644
--- a/src/domains/payments-common/README.md
+++ b/src/domains/payments-common/README.md
@@ -19,6 +19,8 @@
| Name | Source | Version |
|------|--------|---------|
+| [apim\_itn\_payments\_updater\_api\_v1](#module\_apim\_itn\_payments\_updater\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v4.1.8 |
+| [apim\_itn\_product\_payments](#module\_apim\_itn\_product\_payments) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v4.1.8 |
| [apim\_v2\_payments\_updater\_api\_v1](#module\_apim\_v2\_payments\_updater\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v4.1.8 |
| [apim\_v2\_product\_payments](#module\_apim\_v2\_product\_payments) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v4.1.8 |
| [cosmosdb\_account\_mongodb](#module\_cosmosdb\_account\_mongodb) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v4.1.8 |
@@ -47,6 +49,7 @@
| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_service_principal.platform_iac_sp](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
+| [azurerm_api_management.apim_itn_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_api_management.apim_v2_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
diff --git a/src/legacy-apim/prod/README.md b/src/legacy-apim/prod/README.md
index 51282c2b5..24e1e8f06 100644
--- a/src/legacy-apim/prod/README.md
+++ b/src/legacy-apim/prod/README.md
@@ -17,7 +17,21 @@
| Name | Source | Version |
|------|--------|---------|
+| [api\_itn\_services](#module\_api\_itn\_services) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
| [api\_v2\_services](#module\_api\_v2\_services) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_app\_api\_v1](#module\_apim\_itn\_io\_backend\_app\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_auth\_api\_v1](#module\_apim\_itn\_io\_backend\_auth\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_bpd\_api\_v1](#module\_apim\_itn\_io\_backend\_bpd\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_cgn\_api\_v1](#module\_apim\_itn\_io\_backend\_cgn\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_eucovidcert\_api\_v1](#module\_apim\_itn\_io\_backend\_eucovidcert\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_mitvoucher\_api\_v1](#module\_apim\_itn\_io\_backend\_mitvoucher\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_myportal\_api\_v1](#module\_apim\_itn\_io\_backend\_myportal\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_notifications\_api\_v1](#module\_apim\_itn\_io\_backend\_notifications\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_pagopa\_api\_v1](#module\_apim\_itn\_io\_backend\_pagopa\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_product](#module\_apim\_itn\_io\_backend\_product) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
+| [apim\_itn\_io\_backend\_public\_api\_v1](#module\_apim\_itn\_io\_backend\_public\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_io\_backend\_session\_api\_v1](#module\_apim\_itn\_io\_backend\_session\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
+| [apim\_itn\_product\_services](#module\_apim\_itn\_product\_services) | github.com/pagopa/terraform-azurerm-v3//api_management_product | v8.27.0 |
| [apim\_v2\_io\_backend\_app\_api\_v1](#module\_apim\_v2\_io\_backend\_app\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
| [apim\_v2\_io\_backend\_auth\_api\_v1](#module\_apim\_v2\_io\_backend\_auth\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
| [apim\_v2\_io\_backend\_bpd\_api\_v1](#module\_apim\_v2\_io\_backend\_bpd\_api\_v1) | github.com/pagopa/terraform-azurerm-v3//api_management_api | v8.27.0 |
@@ -37,28 +51,50 @@
| Name | Type |
|------|------|
+| [azurerm_api_management_api_operation_policy.submit_message_for_user_policy_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
| [azurerm_api_management_api_operation_policy.submit_message_for_user_policy_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_api_operation_policy.submit_message_for_user_with_fiscalcode_in_body_policy_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
| [azurerm_api_management_api_operation_policy.submit_message_for_user_with_fiscalcode_in_body_policy_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_api_version_set.io_backend_app_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_app_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_auth_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_auth_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_bpd_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_bpd_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_cgn_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_cgn_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_eucovidcert_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_eucovidcert_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_mitvoucher_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_mitvoucher_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_myportal_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_myportal_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_notifications_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_notifications_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_pagopa_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_pagopa_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_public_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_public_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.io_backend_session_api_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
| [azurerm_api_management_api_version_set.io_backend_session_api_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_named_value.api_gad_client_certificate_verified_header_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.api_gad_client_certificate_verified_header_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_fn3_eucovidcert_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn3_eucovidcert_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_fn3_eucovidcert_url_alt_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn3_eucovidcert_url_alt_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_fn3_services_key_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn3_services_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.io_fn3_services_url_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.io_fn3_services_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
+| [azurerm_api_management.apim_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
| [azurerm_key_vault.key_vault_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
+| [azurerm_key_vault_secret.api_gad_client_certificate_verified_header_secret_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.api_gad_client_certificate_verified_header_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
+| [azurerm_key_vault_secret.io_fn3_eucovidcert_key_secret_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.io_fn3_eucovidcert_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
+| [azurerm_key_vault_secret.io_fn3_services_key_secret_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.io_fn3_services_key_secret_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_resource_group.rg_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
diff --git a/src/legacy-apim/prod/apim_itn_io_backend_v1.tf b/src/legacy-apim/prod/apim_itn_io_backend_v1.tf
new file mode 100644
index 000000000..2cf82847b
--- /dev/null
+++ b/src/legacy-apim/prod/apim_itn_io_backend_v1.tf
@@ -0,0 +1,421 @@
+##############
+## Products ##
+##############
+
+module "apim_itn_io_backend_product" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.27.0"
+
+ product_id = "io-backend"
+ display_name = "IO BACKEND"
+ description = "Product for IO backend"
+
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+
+ published = true
+ subscription_required = true
+ approval_required = false
+
+ policy_xml = file("./api_product/io_backend/_base_policy.xml")
+}
+
+locals {
+ apim_itn_io_backend_api = {
+ # params for all api versions
+ display_name = "IO BACKEND API"
+ description = "IO backend APIs"
+ path = "api/io-backend"
+ subscription_required = false
+ service_url = null
+ }
+}
+
+## BPD
+resource "azurerm_api_management_api_version_set" "io_backend_bpd_api_itn" {
+ name = format("%s-io-backend-bpd-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - bpd"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_bpd_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-bpd-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_bpd_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - bpd"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - bpd"
+ path = "bpd/api"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/bpd/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/bpd/v1/_base_policy.xml")
+}
+##
+
+## MYPORTAL
+resource "azurerm_api_management_api_version_set" "io_backend_myportal_api_itn" {
+ name = format("%s-io-backend-myportal-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - myportal"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_myportal_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-myportal-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_myportal_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - myportal"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - myportal"
+ path = "myportal/api"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/myportal/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/myportal/v1/_base_policy.xml")
+}
+##
+
+## PAGOPA
+resource "azurerm_api_management_api_version_set" "io_backend_pagopa_api_itn" {
+ name = format("%s-io-backend-pagopa-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - pagopa"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_pagopa_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-pagopa-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_pagopa_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - pagopa"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - pagopa"
+ path = "pagopa/api"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/pagopa/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/pagopa/v1/_base_policy.xml")
+}
+##
+
+## APP
+resource "azurerm_api_management_api_version_set" "io_backend_app_api_itn" {
+ name = format("%s-io-backend-app-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - app"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_app_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-app-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_app_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - app"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - app"
+ path = "${local.apim_itn_io_backend_api.path}/app"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/app/v1/_swagger_v2.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/app/v1/_base_policy.xml")
+ api_operation_policies = [
+ {
+ operation_id = "getUserMessages"
+ xml_content = file("./api/io_backend/app/v1/operations/getUserMessages.xml")
+ }
+ ]
+}
+##
+
+## AUTH
+resource "azurerm_api_management_api_version_set" "io_backend_auth_api_itn" {
+ name = format("%s-io-backend-auth-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - auth"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_auth_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-auth-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_auth_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - auth"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - auth"
+ path = "${local.apim_itn_io_backend_api.path}/auth"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/auth/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/auth/v1/_base_policy.xml")
+}
+
+## CGN
+resource "azurerm_api_management_api_version_set" "io_backend_cgn_api_itn" {
+ name = format("%s-io-backend-cgn-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - cgn"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_cgn_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-cgn-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_cgn_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - cgn"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - cgn"
+ path = "${local.apim_itn_io_backend_api.path}/cgn"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/cgn/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/cgn/v1/_base_policy.xml")
+}
+##
+
+## EUCOVIDCERT
+resource "azurerm_api_management_api_version_set" "io_backend_eucovidcert_api_itn" {
+ name = format("%s-io-backend-eucovidcert-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - eucovidcert"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_eucovidcert_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-eucovidcert-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_eucovidcert_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - eucovidcert"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - eucovidcert"
+ path = "${local.apim_itn_io_backend_api.path}/eucovidcert"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/eucovidcert/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/eucovidcert/v1/_base_policy.xml")
+}
+##
+
+## MITVOUCHER
+resource "azurerm_api_management_api_version_set" "io_backend_mitvoucher_api_itn" {
+ name = format("%s-io-backend-mitvoucher-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - mitvoucher"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_mitvoucher_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-mitvoucher-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_mitvoucher_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - mitvoucher"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - mitvoucher"
+ path = "${local.apim_itn_io_backend_api.path}/mitvoucher"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/mitvoucher/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/mitvoucher/v1/_base_policy.xml")
+}
+##
+
+## NOTIFICATIONS
+resource "azurerm_api_management_api_version_set" "io_backend_notifications_api_itn" {
+ name = format("%s-io-backend-notifications-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - notifications"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_notifications_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-notifications-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_notifications_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - notifications"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - notifications"
+ path = "${local.apim_itn_io_backend_api.path}/notifications"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/notifications/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/notifications/v1/_base_policy.xml")
+}
+##
+
+## PUBLIC
+resource "azurerm_api_management_api_version_set" "io_backend_public_api_itn" {
+ name = format("%s-io-backend-public-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - public"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_public_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-public-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_public_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - public"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - public"
+ path = "${local.apim_itn_io_backend_api.path}/public"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/public/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/public/v1/_base_policy.xml")
+}
+##
+
+## SESSION
+resource "azurerm_api_management_api_version_set" "io_backend_session_api_itn" {
+ name = format("%s-io-backend-session-api", local.env_short)
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ display_name = "${local.apim_itn_io_backend_api.display_name} - session"
+ versioning_scheme = "Segment"
+}
+
+module "apim_itn_io_backend_session_api_v1" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = format("%s-io-backend-session-api", local.env_short)
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ product_ids = [module.apim_itn_io_backend_product.product_id]
+ subscription_required = local.apim_itn_io_backend_api.subscription_required
+ version_set_id = azurerm_api_management_api_version_set.io_backend_session_api_itn.id
+ api_version = "v1"
+ service_url = local.apim_itn_io_backend_api.service_url
+
+ description = "${local.apim_itn_io_backend_api.description} - session"
+ display_name = "${local.apim_itn_io_backend_api.display_name} - session"
+ path = "${local.apim_itn_io_backend_api.path}/session"
+ protocols = ["https"]
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_backend/session/v1/_swagger.json.tpl", {
+ host = local.apim_hostname_api_app_internal # api-app.internal.io.pagopa.it
+ })
+
+ xml_content = file("./api/io_backend/session/v1/_base_policy.xml")
+}
+##
diff --git a/src/legacy-apim/prod/apim_itn_io_services_api.tf b/src/legacy-apim/prod/apim_itn_io_services_api.tf
new file mode 100644
index 000000000..4c6aabb83
--- /dev/null
+++ b/src/legacy-apim/prod/apim_itn_io_services_api.tf
@@ -0,0 +1,123 @@
+module "apim_itn_product_services" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_product?ref=v8.27.0"
+
+ product_id = "io-services-api"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ display_name = "IO SERVICES API"
+ description = "SERVICES API for IO platform."
+ subscription_required = true
+ approval_required = false
+ published = true
+
+ policy_xml = file("./api_product/io_services/_base_policy.xml")
+}
+
+resource "azurerm_api_management_api_operation_policy" "submit_message_for_user_policy_itn" {
+ api_name = "io-services-api"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ operation_id = "submitMessageforUser"
+
+ xml_content = file("./api/io_services/v1/post_submitmessageforuser_policy/policy.xml")
+}
+
+resource "azurerm_api_management_api_operation_policy" "submit_message_for_user_with_fiscalcode_in_body_policy_itn" {
+ api_name = "io-services-api"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ operation_id = "submitMessageforUserWithFiscalCodeInBody"
+
+ xml_content = file("./api/io_services/v1/post_submitmessageforuserwithfiscalcodeinbody_policy/policy.xml")
+}
+
+# Named Value fn3-services
+resource "azurerm_api_management_named_value" "io_fn3_services_url_itn" {
+ name = "io-fn3-services-url"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ display_name = "io-fn3-services-url"
+ value = "https://io-p-fn3-services.azurewebsites.net"
+}
+
+data "azurerm_key_vault_secret" "io_fn3_services_key_secret_itn" {
+ name = "fn3services-KEY-APIM"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+resource "azurerm_api_management_named_value" "io_fn3_services_key_itn" {
+ name = "io-fn3-services-key"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ display_name = "io-fn3-services-key"
+ value = data.azurerm_key_vault_secret.io_fn3_services_key_secret_itn.value
+ secret = "true"
+}
+
+# Named value fn3-eucovidcert
+
+data "azurerm_key_vault_secret" "io_fn3_eucovidcert_key_secret_itn" {
+ name = "io-fn3-eucovidcert-KEY-APIM"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+resource "azurerm_api_management_named_value" "io_fn3_eucovidcert_key_itn" {
+ name = "io-fn3-eucovidcert-key"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ display_name = "io-fn3-eucovidcert-key"
+ value = data.azurerm_key_vault_secret.io_fn3_eucovidcert_key_secret_itn.value
+ secret = "true"
+}
+
+# alternative url, for differential routing (example: progressive rollout)
+resource "azurerm_api_management_named_value" "io_fn3_eucovidcert_url_alt_itn" {
+ name = "io-fn3-eucovidcert-url-alt"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ display_name = "io-fn3-eucovidcert-url-alt"
+ value = "https://io-p-eucovidcert-fn.azurewebsites.net"
+}
+
+# Named Value api gad certificate header
+data "azurerm_key_vault_secret" "api_gad_client_certificate_verified_header_secret_itn" {
+ name = "apigad-GAD-CLIENT-CERTIFICATE-VERIFIED-HEADER"
+ key_vault_id = data.azurerm_key_vault.key_vault_common.id
+}
+
+resource "azurerm_api_management_named_value" "api_gad_client_certificate_verified_header_itn" {
+ name = "apigad-gad-client-certificate-verified-header"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ display_name = "apigad-gad-client-certificate-verified-header"
+ value = data.azurerm_key_vault_secret.api_gad_client_certificate_verified_header_secret_itn.value
+ secret = "true"
+}
+
+module "api_itn_services" {
+ source = "github.com/pagopa/terraform-azurerm-v3//api_management_api?ref=v8.27.0"
+
+ name = "io-services-api"
+ api_management_name = data.azurerm_api_management.apim_itn.name
+ resource_group_name = data.azurerm_api_management.apim_itn.resource_group_name
+ revision = "1"
+ display_name = "IO SERVICES API"
+ description = "SERVICES API for IO platform."
+
+ path = "api/v1"
+ protocols = ["http", "https"]
+ product_ids = [module.apim_itn_product_services.product_id]
+
+ service_url = null
+
+ subscription_required = true
+
+ content_format = "swagger-json"
+ content_value = templatefile("./api/io_services/v1/_swagger.json.tpl",
+ {
+ host = "api.io.pagopa.it"
+ }
+ )
+
+ xml_content = file("./api/io_services/v1/policy.xml")
+}
diff --git a/src/legacy-apim/prod/data.tf b/src/legacy-apim/prod/data.tf
index dd7086276..5d5ebd663 100644
--- a/src/legacy-apim/prod/data.tf
+++ b/src/legacy-apim/prod/data.tf
@@ -1,6 +1,13 @@
+# APIM in WEU
data "azurerm_api_management" "apim" {
- name = "io-p-apim-v2-api"
- resource_group_name = "io-p-rg-internal"
+ name = local.apim_v2_name
+ resource_group_name = local.apim_resource_group_name
+}
+
+# APIM in ITN
+data "azurerm_api_management" "apim_itn" {
+ name = local.apim_itn_name
+ resource_group_name = local.apim_itn_resource_group_name
}
data "azurerm_key_vault" "key_vault_common" {
diff --git a/src/legacy-apim/prod/locals.tf b/src/legacy-apim/prod/locals.tf
index ee80ee9c4..c2cd3db1a 100644
--- a/src/legacy-apim/prod/locals.tf
+++ b/src/legacy-apim/prod/locals.tf
@@ -7,4 +7,11 @@ locals {
external_domain = "pagopa.it"
apim_hostname_api_app_internal = format("api-app.internal.%s.%s", local.dns_zone_io, local.external_domain)
+
+ # WEU
+ apim_v2_name = "${local.project}-apim-v2-api"
+ apim_resource_group_name = "${local.project}-rg-internal"
+ # ITN
+ apim_itn_name = "${local.project}-itn-apim-01"
+ apim_itn_resource_group_name = "${local.project}-itn-common-rg-01"
}