From feabc7d1ab786c64dd213521ff2862ff5f0fe5fc Mon Sep 17 00:00:00 2001
From: Mario Mupo <43968294+mamu0@users.noreply.github.com>
Date: Thu, 31 Oct 2024 16:55:04 +0100
Subject: [PATCH] [CES-68] Moved PNAPIM user, group and subscription into
 citizen-auth-common (#1269)

---
 src/common/_modules/apim/data.tf              | 14 +--------
 src/common/_modules/apim/subscriptions.tf     | 10 -------
 src/common/_modules/apim/users.tf             | 17 -----------
 src/domains/citizen-auth-common/03_apim_v2.tf | 30 +++++++++++++++++++
 src/domains/citizen-auth-common/99_locals.tf  |  3 ++
 src/domains/citizen-auth-common/README.md     |  3 ++
 6 files changed, 37 insertions(+), 40 deletions(-)
 delete mode 100644 src/common/_modules/apim/subscriptions.tf
 delete mode 100644 src/common/_modules/apim/users.tf

diff --git a/src/common/_modules/apim/data.tf b/src/common/_modules/apim/data.tf
index fc8777142..4a7c1ca63 100644
--- a/src/common/_modules/apim/data.tf
+++ b/src/common/_modules/apim/data.tf
@@ -11,16 +11,4 @@ data "azurerm_key_vault_certificate" "api_internal_io_italia_it" {
 data "azurerm_key_vault_certificate" "api_app_internal_io_pagopa_it" {
   name         = replace(local.apim_hostname_api_app_internal, ".", "-")
   key_vault_id = var.key_vault.id
-}
-
-data "azurerm_api_management_group" "api_v2_lollipop_assertion_read" {
-  name                = "apilollipopassertionread"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
-
-data "azurerm_api_management_product" "apim_v2_product_lollipop" {
-  product_id          = "io-lollipop-api"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-}
+}
\ No newline at end of file
diff --git a/src/common/_modules/apim/subscriptions.tf b/src/common/_modules/apim/subscriptions.tf
deleted file mode 100644
index 5c88a8756..000000000
--- a/src/common/_modules/apim/subscriptions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-
-resource "azurerm_api_management_subscription" "pn_lc_subscription_v2" {
-  user_id             = azurerm_api_management_user.pn_user_v2.id
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  product_id          = data.azurerm_api_management_product.apim_v2_product_lollipop.id
-  display_name        = "PN LC"
-  state               = "active"
-  allow_tracing       = false
-}
diff --git a/src/common/_modules/apim/users.tf b/src/common/_modules/apim/users.tf
deleted file mode 100644
index e6077c59c..000000000
--- a/src/common/_modules/apim/users.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-
-resource "azurerm_api_management_user" "pn_user_v2" {
-  user_id             = "pnapimuser"
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  first_name          = "PNAPIMuser"
-  last_name           = "PNAPIMuser"
-  email               = "pn-apim-user@pagopa.it"
-  state               = "active"
-}
-
-resource "azurerm_api_management_group_user" "pn_user_group_v2" {
-  user_id             = azurerm_api_management_user.pn_user_v2.user_id
-  api_management_name = module.apim_v2.name
-  resource_group_name = module.apim_v2.resource_group_name
-  group_name          = data.azurerm_api_management_group.api_v2_lollipop_assertion_read.name
-}
diff --git a/src/domains/citizen-auth-common/03_apim_v2.tf b/src/domains/citizen-auth-common/03_apim_v2.tf
index 2dadd61ba..c18ab66ce 100644
--- a/src/domains/citizen-auth-common/03_apim_v2.tf
+++ b/src/domains/citizen-auth-common/03_apim_v2.tf
@@ -253,3 +253,33 @@ resource "azurerm_api_management_named_value" "api_fast_login_operation_group_na
   value               = azurerm_api_management_group.api_fast_login_operation_v2.display_name
   secret              = "false"
 }
+
+####################################################################################
+# PagoPA General PN APIM User
+####################################################################################
+resource "azurerm_api_management_user" "pn_user_v2" {
+  user_id             = "pnapimuser"
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  first_name          = "PNAPIMuser"
+  last_name           = "PNAPIMuser"
+  email               = "pn-apim-user@pagopa.it"
+  state               = "active"
+}
+
+resource "azurerm_api_management_group_user" "pn_group_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.user_id
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  group_name          = azurerm_api_management_group.api_lollipop_assertion_read_v2.name
+}
+
+resource "azurerm_api_management_subscription" "pn_lc_subscription_v2" {
+  user_id             = azurerm_api_management_user.pn_user_v2.id
+  api_management_name = data.azurerm_api_management.apim_v2_api.name
+  resource_group_name = data.azurerm_api_management.apim_v2_api.resource_group_name
+  product_id          = module.apim_v2_product_lollipop.id
+  display_name        = "PN LC"
+  state               = "active"
+  allow_tracing       = false
+}
diff --git a/src/domains/citizen-auth-common/99_locals.tf b/src/domains/citizen-auth-common/99_locals.tf
index e5d5cabc7..6cb38760d 100644
--- a/src/domains/citizen-auth-common/99_locals.tf
+++ b/src/domains/citizen-auth-common/99_locals.tf
@@ -33,4 +33,7 @@ locals {
 
   vnet_common_name_itn                = "${local.common_project_itn}-common-vnet-01"
   vnet_common_resource_group_name_itn = "${local.common_project_itn}-common-rg-01"
+
+  apim_itn_name                = "${local.product}-${local.itn_location_short}-apim-01"
+  apim_itn_resource_group_name = "${local.product}-${local.itn_location_short}-common-rg-01"
 }
diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md
index 3e18c5108..e6e397d8a 100644
--- a/src/domains/citizen-auth-common/README.md
+++ b/src/domains/citizen-auth-common/README.md
@@ -43,6 +43,7 @@
 | [azurerm_api_management_group.api_lollipop_assertion_read_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
 | [azurerm_api_management_group_user.pagopa_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
 | [azurerm_api_management_group_user.pagopa_operation_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
+| [azurerm_api_management_group_user.pn_group_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group_user) | resource |
 | [azurerm_api_management_named_value.api_fast_login_operation_group_name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_fast_login_operation_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.io_fn_itn_lollipop_key_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
@@ -50,8 +51,10 @@
 | [azurerm_api_management_subscription.pagopa_fastlogin_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_subscription.pagopa_operation_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_subscription.pagopa_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.pn_lc_subscription_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_api_management_user.fast_login_operation_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_api_management_user.pagopa_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
+| [azurerm_api_management_user.pn_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_user) | resource |
 | [azurerm_cosmosdb_sql_container.lollipop_pubkeys](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container) | resource |
 | [azurerm_key_vault_access_policy.access_policy_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.access_policy_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |