enabled workload_identity ita + apply payopt prod + apply mock payopt…

… dev and uat
pagopa · Dec 19, 2024 · 6f8209b · 6f8209b
1 parent 267cbe9
commit 6f8209b
Show file tree

Hide file tree

Showing 13 changed files with 219 additions and 232 deletions.
diff --git a/src/aks-leonardo/env/itn-prod/terraform.tfvars b/src/aks-leonardo/env/itn-prod/terraform.tfvars
@@ -43,7 +43,7 @@ aks_private_cluster_enabled  = true
 aks_alerts_enabled           = false
 aks_kubernetes_version       = "1.29.4"
 aks_sku_tier                 = "Standard"
-aks_enable_workload_identity = false
+aks_enable_workload_identity = true
 
 aks_system_node_pool = {
   name            = "papaksleosys",

diff --git a/src/domains/payopt-app/04_apim_payment_options.tf b/src/domains/payopt-app/04_apim_payment_options.tf
@@ -19,7 +19,7 @@ module "apim_payment_options_product" {
   published             = false
   subscription_required = true
   approval_required     = false
-  # subscriptions_limit   = 1000
+  subscriptions_limit   = 1000
 
   policy_xml = file("./api_product/_base_policy.xml")
 }
diff --git a/src/domains/payopt-app/04_apim_payment_options_mock.tf b/src/domains/payopt-app/04_apim_payment_options_mock.tf
@@ -25,7 +25,7 @@ module "apim_payment_options_mock_product" {
 }
 
 resource "azurerm_api_management_api_version_set" "payment_options_mock_api" {
-  count  = var.env_short != "p" ? 1 : 0
+  count = var.env_short != "p" ? 1 : 0
 
   name                = format("%s-payment-options-mock-api", var.env_short)
   resource_group_name = local.pagopa_apim_rg
@@ -34,48 +34,9 @@ resource "azurerm_api_management_api_version_set" "payment_options_mock_api" {
   versioning_scheme   = "Segment"
 }
 
-
-module "apim_api_pay_opt_dev_mock_api" {
-  source = "./.terraform/modules/__v3__/api_management_api"
-  count  = var.env_short == "d" ? 1 : 0
-
-  name                  = format("%s-pay-opt-mock-api", local.project)
-  api_management_name   = local.pagopa_apim_name
-  resource_group_name   = local.pagopa_apim_rg
-  product_ids           = [module.apim_payment_options_mock_product[0].product_id]
-  subscription_required = false
-  version_set_id        = azurerm_api_management_api_version_set.payment_options_mock_api[0].id
-  api_version           = "v1"
-
-  description  = local.apim_payment_options_mock_pagopa_api.description
-  display_name = local.apim_payment_options_mock_pagopa_api.display_name
-  path         = "payopt-mock"
-  protocols    = ["https"]
-  service_url  = null
-
-  content_format = "openapi"
-  content_value = templatefile("./api/payment-options-mock/_openapi.json.tpl", {
-    host = local.apim_hostname
-  })
-
-  xml_content = templatefile("./api/payment-options-mock/_base_policy.xml", {
-    hostname = local.hostname
-  })
-
-  api_operation_policies = [
-    {
-      operation_id = "get-payment-options",
-      xml_content = templatefile("_get_payment_options_dev_policy.xml", {
-        hostname = local.hostname
-      })
-    },
-  ]
-
-}
-
-module "apim_api_pay_opt_uat_mock_api" {
+module "apim_api_pay_opt_mock_api" {
   source = "./.terraform/modules/__v3__/api_management_api"
-  count  = var.env_short == "u" ? 1 : 0
+  count  = var.env_short != "p" ? 1 : 0
 
   name                  = format("%s-pay-opt-mock-api", local.project)
   api_management_name   = local.pagopa_apim_name
@@ -103,7 +64,7 @@ module "apim_api_pay_opt_uat_mock_api" {
   api_operation_policies = [
     {
       operation_id = "get-payment-options",
-      xml_content = templatefile("_get_payment_options_uat_policy.xml", {
+      xml_content = templatefile("./api/payment-options-mock/_get_payment_options_${var.env}_policy.xml", {
         hostname = local.hostname
       })
     },

diff --git a/src/domains/payopt-app/05_subkey.tf b/src/domains/payopt-app/05_subkey.tf
@@ -16,7 +16,18 @@ resource "azurerm_api_management_subscription" "forwarder_subkey" {
   state               = "active"
 }
 
+# use for testing ( perf )
+
+data "azurerm_api_management_user" "user_demo" {
+  count = var.env_short != "p" ? 1 : 0
+  # DEV -> 99999000001 PSP Signed Direct
+  # UAT -> 99999000011 PSP DEMO
+  user_id             = var.env_short == "u" ? "349fab55-1fe5-4b89-92ac-5bdeabe3010e"  : "2d6fe3c6-5656-43c8-afd4-ccf2bb352cec"
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+}
 resource "azurerm_api_management_subscription" "service_payment_options_subkey" {
+  depends_on = [ data.azurerm_api_management_user.user_demo ]
   count = var.env_short != "p" ? 1 : 0
 
   api_management_name = data.azurerm_api_management.apim.name
@@ -25,6 +36,7 @@ resource "azurerm_api_management_subscription" "service_payment_options_subkey"
   display_name        = "Subscription for Payments Options APIM"
   allow_tracing       = false
   state               = "active"
+  user_id             = data.azurerm_api_management_user.user_demo[0].id # https://github.com/pagopa/pagopa-payment-options-service/blob/9d2682c700f72cfe3693a8a8a902b72fc8433af5/infra/policy/_get_payment_options_policy.xml#L13
 }
 
 
diff --git a/src/domains/payopt-app/06_keyvault.tf b/src/domains/payopt-app/06_keyvault.tf
@@ -67,6 +67,7 @@ resource "azurerm_key_vault_secret" "forwarder_subscription_key" {
   key_vault_id = data.azurerm_key_vault.kv.id
 }
 
+# using for test
 resource "azurerm_key_vault_secret" "service_payment_options_subscription_key" {
   count = var.env_short != "p" ? 1 : 0
 

diff --git a/src/domains/payopt-common/.terraform.lock.hcl b/src/domains/payopt-common/.terraform.lock.hcl
diff --git a/src/domains/payopt-common/env/itn-dev/terraform.tfvars b/src/domains/payopt-common/env/itn-dev/terraform.tfvars
@@ -56,51 +56,51 @@ ehns_zone_redundant           = false
 ehns_public_network_access       = true
 ehns_private_endpoint_is_present = false
 
-ehns_metric_alerts = {
-  no_trx = {
-    aggregation = "Total"
-    metric_name = "IncomingMessages"
-    description = "No transactions received from acquirer in the last 24h"
-    operator    = "LessThanOrEqual"
-    threshold   = 1000
-    frequency   = "PT1H"
-    window_size = "P1D"
-    dimension = [
-      {
-        name     = "EntityName"
-        operator = "Include"
-        values   = ["rtd-trx"]
-      }
-    ],
-  },
-  active_connections = {
-    aggregation = "Average"
-    metric_name = "ActiveConnections"
-    description = null
-    operator    = "LessThanOrEqual"
-    threshold   = 0
-    frequency   = "PT5M"
-    window_size = "PT15M"
-    dimension   = [],
-  },
-  error_trx = {
-    aggregation = "Total"
-    metric_name = "IncomingMessages"
-    description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately"
-    operator    = "GreaterThan"
-    threshold   = 0
-    frequency   = "PT5M"
-    window_size = "PT30M"
-    dimension = [
-      {
-        name     = "EntityName"
-        operator = "Include"
-        values = [
-          "nodo-dei-pagamenti-log",
-          "nodo-dei-pagamenti-re"
-        ]
-      }
-    ],
-  },
-}
+# ehns_metric_alerts = {
+#   no_trx = {
+#     aggregation = "Total"
+#     metric_name = "IncomingMessages"
+#     description = "No transactions received from acquirer in the last 24h"
+#     operator    = "LessThanOrEqual"
+#     threshold   = 1000
+#     frequency   = "PT1H"
+#     window_size = "P1D"
+#     dimension = [
+#       {
+#         name     = "EntityName"
+#         operator = "Include"
+#         values   = ["rtd-trx"]
+#       }
+#     ],
+#   },
+#   active_connections = {
+#     aggregation = "Average"
+#     metric_name = "ActiveConnections"
+#     description = null
+#     operator    = "LessThanOrEqual"
+#     threshold   = 0
+#     frequency   = "PT5M"
+#     window_size = "PT15M"
+#     dimension   = [],
+#   },
+#   error_trx = {
+#     aggregation = "Total"
+#     metric_name = "IncomingMessages"
+#     description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately"
+#     operator    = "GreaterThan"
+#     threshold   = 0
+#     frequency   = "PT5M"
+#     window_size = "PT30M"
+#     dimension = [
+#       {
+#         name     = "EntityName"
+#         operator = "Include"
+#         values = [
+#           "nodo-dei-pagamenti-log",
+#           "nodo-dei-pagamenti-re"
+#         ]
+#       }
+#     ],
+#   },
+# }
 
diff --git a/src/domains/payopt-common/env/itn-prod/terraform.tfvars b/src/domains/payopt-common/env/itn-prod/terraform.tfvars
@@ -50,57 +50,57 @@ ehns_sku_name = "Standard"
 ehns_auto_inflate_enabled     = true
 ehns_maximum_throughput_units = 5
 ehns_capacity                 = 5
-ehns_alerts_enabled           = true
+ehns_alerts_enabled           = false
 ehns_zone_redundant           = true
 
 ehns_public_network_access       = false
 ehns_private_endpoint_is_present = true
 
-ehns_metric_alerts = {
-  no_trx = {
-    aggregation = "Total"
-    metric_name = "IncomingMessages"
-    description = "No transactions received from acquirer in the last 24h"
-    operator    = "LessThanOrEqual"
-    threshold   = 1000
-    frequency   = "PT1H"
-    window_size = "P1D"
-    dimension = [
-      {
-        name     = "EntityName"
-        operator = "Include"
-        values   = ["rtd-trx"]
-      }
-    ],
-  },
-  active_connections = {
-    aggregation = "Average"
-    metric_name = "ActiveConnections"
-    description = null
-    operator    = "LessThanOrEqual"
-    threshold   = 0
-    frequency   = "PT5M"
-    window_size = "PT15M"
-    dimension   = [],
-  },
-  error_trx = {
-    aggregation = "Total"
-    metric_name = "IncomingMessages"
-    description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately"
-    operator    = "GreaterThan"
-    threshold   = 0
-    frequency   = "PT5M"
-    window_size = "PT30M"
-    dimension = [
-      {
-        name     = "EntityName"
-        operator = "Include"
-        values = [
-          "nodo-dei-pagamenti-log",
-          "nodo-dei-pagamenti-re"
-        ]
-      }
-    ],
-  },
-}
+# ehns_metric_alerts = {
+#   no_trx = {
+#     aggregation = "Total"
+#     metric_name = "IncomingMessages"
+#     description = "No transactions received from acquirer in the last 24h"
+#     operator    = "LessThanOrEqual"
+#     threshold   = 1000
+#     frequency   = "PT1H"
+#     window_size = "P1D"
+#     dimension = [
+#       {
+#         name     = "EntityName"
+#         operator = "Include"
+#         values   = ["rtd-trx"]
+#       }
+#     ],
+#   },
+#   active_connections = {
+#     aggregation = "Average"
+#     metric_name = "ActiveConnections"
+#     description = null
+#     operator    = "LessThanOrEqual"
+#     threshold   = 0
+#     frequency   = "PT5M"
+#     window_size = "PT15M"
+#     dimension   = [],
+#   },
+#   error_trx = {
+#     aggregation = "Total"
+#     metric_name = "IncomingMessages"
+#     description = "Transactions rejected from one acquirer file received. trx write on eventhub. check immediately"
+#     operator    = "GreaterThan"
+#     threshold   = 0
+#     frequency   = "PT5M"
+#     window_size = "PT30M"
+#     dimension = [
+#       {
+#         name     = "EntityName"
+#         operator = "Include"
+#         values = [
+#           "nodo-dei-pagamenti-log",
+#           "nodo-dei-pagamenti-re"
+#         ]
+#       }
+#     ],
+#   },
+# }