[CES-68] Moved PNAPIM user, group and subscription into citizen-auth-…

…common (#1269)
pagopa · Oct 31, 2024 · feabc7d · feabc7d
1 parent ab420e2
commit feabc7d
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 40 deletions.
diff --git a/src/common/_modules/apim/data.tf b/src/common/_modules/apim/data.tf
@@ -11,16 +11,4 @@ data "azurerm_key_vault_certificate" "api_internal_io_italia_it" {
 data "azurerm_key_vault_certificate" "api_app_internal_io_pagopa_it" {
   name         = replace(local.apim_hostname_api_app_internal, ".", "-")
   key_vault_id = var.key_vault.id
-}
-
-data "azurerm_api_management_group" "api_v2_lollipop_assertion_read" {
-  name                = "apilollipopassertionread"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
-
-data "azurerm_api_management_product" "apim_v2_product_lollipop" {
-  product_id          = "io-lollipop-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
+}
diff --git a/src/common/_modules/apim/subscriptions.tf b/src/common/_modules/apim/subscriptions.tf
diff --git a/src/common/_modules/apim/users.tf b/src/common/_modules/apim/users.tf
diff --git a/src/domains/citizen-auth-common/03_apim_v2.tf b/src/domains/citizen-auth-common/03_apim_v2.tf
@@ -253,3 +253,33 @@ resource "azurerm_api_management_named_value" "api_fast_login_operation_group_na
   value               = azurerm_api_management_group.api_fast_login_operation_v2.display_name
   secret              = "false"
 }
+
+####################################################################################
+# PagoPA General PN APIM User
+####################################################################################
+resource "azurerm_api_management_user" "pn_user_v2" {
+  user_id             = "pnapimuser"
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  first_name          = "PNAPIMuser"
+  last_name           = "PNAPIMuser"
+  email               = "[email protected]"
+  state               = "active"
+}
+
+resource "azurerm_api_management_group_user" "pn_group_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.user_id
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  group_name          = azurerm_api_management_group.api_lollipop_assertion_read_v2.name
+}
+
+resource "azurerm_api_management_subscription" "pn_lc_subscription_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.id
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  product_id          = module.apim_v2_product_lollipop.id
+  display_name        = "PN LC"
+  state               = "active"
+  allow_tracing       = false
+}
diff --git a/src/domains/citizen-auth-common/99_locals.tf b/src/domains/citizen-auth-common/99_locals.tf
@@ -33,4 +33,7 @@ locals {
 
   vnet_common_name_itn                = "${local.common_project_itn}-common-vnet-01"
   vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01"
+
+  apim_itn_name                = "${local.product}-${local.itn_location_short}-apim-01"
+  apim_itn_resource_group_name = "${local.product}-${local.itn_location_short}-common-rg-01"
 }
diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md
@@ -43,15 +43,18 @@
 | [azurerm_api_management_group.api_lollipop_assertion_read_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
 | [azurerm_api_management_group_user.pagopa_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
 | [azurerm_api_management_group_user.pagopa_operation_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
+| [azurerm_api_management_group_user.pn_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
 | [azurerm_api_management_named_value.api_fast_login_operation_group_name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_fast_login_operation_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_lollipop_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_lollipop_url_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_subscription.pagopa_fastlogin_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_subscription.pagopa_operation_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_subscription.pagopa_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.pn_lc_subscription_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_user.fast_login_operation_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_api_management_user.pagopa_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
+| [azurerm_api_management_user.pn_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_cosmosdb_sql_container.lollipop_pubkeys](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
 | [azurerm_key_vault_access_policy.access_policy_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.access_policy_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |