Merge branch 'main' into PAGOPA-2479-v3-gpd-api

src/aks-leonardo/env/itn-prod/terraform.tfvars

@@ -43,7 +43,7 @@ aks_private_cluster_enabled  = true
 aks_alerts_enabled           = false
 aks_kubernetes_version       = "1.29.4"
 aks_sku_tier                 = "Standard"
-aks_enable_workload_identity = false
+aks_enable_workload_identity = true
 
 aks_system_node_pool = {
   name            = "papaksleosys",

src/aks-platform/02_aks.tf

@@ -7,7 +7,7 @@ resource "azurerm_resource_group" "aks_rg" {
 
 
 module "aks" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.58.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.69.0"
 
   name                       = local.aks_name
   location                   = var.location
@@ -20,6 +20,9 @@ module "aks" {
   workload_identity_enabled = var.aks_enable_workload_identity
   oidc_issuer_enabled       = var.aks_enable_workload_identity
 
+  # ff: Enabled only in UAT ( Testing in progress... )
+  cost_analysis_enabled = var.env_short != "d" ? (var.env_short == "p" ? false : true) : false
+
   #
   # 🤖 System node pool
   #

src/aks-platform/05_monitoring.tf

@@ -63,3 +63,74 @@ resource "helm_release" "monitoring_reloader" {
     value = var.reloader_helm.image_tag
   }
 }
+
+# Kubernetes Event Exporter
+module "kubernetes_event_exporter" {
+  count     = var.env_short != "p" ? 0 : 1
+  source    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_event_exporter?ref=v8.70.0"
+  namespace = "monitoring"
+
+  # Slack integration
+  enable_slack  = false
+  slack_channel = "#pagopa_status"
+  slack_token   = ""
+
+  # OpsGenie integrations
+  enable_opsgenie  = true
+  opsgenie_api_key = data.azurerm_key_vault_secret.opsgenie_kubexporter_api_key.0.value
+}
+
+data "azurerm_key_vault_secret" "opsgenie_kubexporter_api_key" {
+  count        = var.env_short != "p" ? 0 : 1
+  key_vault_id = data.azurerm_key_vault.kv.id
+  name         = "opsgenie-infra-kubexporter-webhook-token"
+}
+
+module "opencosts" {
+  enable_opencost      = var.env_short == "d" ? true : false
+  source               = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_opencosts?ref=v8.69.0"
+  aks_name             = module.aks.name
+  aks_rg_name          = module.aks.aks_resource_group_name
+  env                  = var.env
+  kubernetes_namespace = "elastic-system"
+  prometheus_config = {
+    namespace    = "elastic-system"
+    service_name = "prometheus-kube-prometheus-prometheus"
+    service_port = "9090"
+    external_url = "https://api.${var.env}.platform.pagopa.it/prometheus"
+  }
+}
+
+resource "kubernetes_manifest" "service_monitor" {
+  count = var.env_short == "d" ? 1 : 0
+  manifest = {
+    "apiVersion" : "monitoring.coreos.com/v1"
+    "kind" : "ServiceMonitor"
+    "metadata" : {
+      "name" : "prometheus-opencosts"
+      "namespace" : "elastic-system"
+      "labels" : {
+        "app.kubernetes.io/instance" : "prometheus"
+        "app.kubernetes.io/part-of" : "kube-prometheus-stack"
+        "app" : "kube-prometheus-stack-operator"
+        "release" : helm_release.kube_prometheus_stack.name
+      }
+    }
+    "spec" : {
+      "selector" : {
+        "matchLabels" : {
+          "app.kubernetes.io/instance" : "prometheus-opencost-exporter"
+          "app.kubernetes.io/name" : "prometheus-opencost-exporter"
+        }
+      }
+      "endpoints" : [
+        {
+          "port" : "http"
+          "interval" : "30s"
+          "path" : "/metrics"
+        }
+      ]
+      jobLabel : "opencost"
+    }
+  }
+}

src/aks-platform/README.md

@@ -15,11 +15,13 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.58.0 |
+| <a name="module_aks"></a> [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.69.0 |
 | <a name="module_aks_snet"></a> [aks\_snet](#module\_aks\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.53.0 |
 | <a name="module_keda_pod_identity"></a> [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.53.0 |
+| <a name="module_kubernetes_event_exporter"></a> [kubernetes\_event\_exporter](#module\_kubernetes\_event\_exporter) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_event_exporter | v8.70.0 |
 | <a name="module_monitoring_pod_identity"></a> [monitoring\_pod\_identity](#module\_monitoring\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.53.0 |
 | <a name="module_nginx_ingress"></a> [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.8.0 |
+| <a name="module_opencosts"></a> [opencosts](#module\_opencosts) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_opencosts | v8.69.0 |
 | <a name="module_tls_checker"></a> [tls\_checker](#module\_tls\_checker) | git::https://github.com/pagopa/terraform-azurerm-v3.git//tls_checker | v8.54.0 |
 | <a name="module_tls_checker_workload_identity_configuration"></a> [tls\_checker\_workload\_identity\_configuration](#module\_tls\_checker\_workload\_identity\_configuration) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_configuration | v8.54.0 |
 | <a name="module_tls_checker_workload_identity_init"></a> [tls\_checker\_workload\_identity\_init](#module\_tls\_checker\_workload\_identity\_init) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_workload_identity_init | v8.54.0 |
@@ -44,6 +46,7 @@
 | [kubernetes_cluster_role_binding.edit_extra_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
 | [kubernetes_cluster_role_binding.view_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
 | [kubernetes_cluster_role_binding.view_extra_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) | resource |
+| [kubernetes_manifest.service_monitor](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace.ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.keda](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -58,6 +61,7 @@
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 | [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_registry) | data source |
 | [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
+| [azurerm_key_vault_secret.opsgenie_kubexporter_api_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
 | [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source |
 | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |
 | [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source |

src/aks-platform/env/weu-dev/kube-prometheus-stack-helm/values.yaml

@@ -58,7 +58,7 @@ prometheus:
       nginx.ingress.kubernetes.io/auth-type: basic
       nginx.ingress.kubernetes.io/auth-secret: prometheus-basic-auth
       nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
-    hosts: 
+    hosts:
       - weudev.kibana.internal.dev.platform.pagopa.it
     pathType: Prefix
     paths:

src/core/README.md

@@ -245,14 +245,9 @@
 | [azurerm_key_vault_certificate.buyerbanks_cert](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/key_vault_certificate) | resource |
 | [azurerm_monitor_autoscale_setting.buyerbanks_function](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/monitor_autoscale_setting) | resource |
 | [azurerm_monitor_scheduled_query_rules_alert.buyerbanks_update_alert](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/monitor_scheduled_query_rules_alert) | resource |
-| [azurerm_monitor_scheduled_query_rules_alert.pm_payment_gateway_availability](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/monitor_scheduled_query_rules_alert) | resource |
-| [azurerm_monitor_scheduled_query_rules_alert.pm_restapi_availability](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/monitor_scheduled_query_rules_alert) | resource |
-| [azurerm_monitor_scheduled_query_rules_alert.pm_restapi_cd_availability](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/monitor_scheduled_query_rules_alert) | resource |
-| [azurerm_monitor_scheduled_query_rules_alert.pm_wallet_availability](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/monitor_scheduled_query_rules_alert) | resource |
 | [azurerm_private_dns_zone.privatelink_postgres_database_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone) | resource |
 | [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/private_dns_zone_virtual_network_link) | resource |
 | [azurerm_resource_group.buyerbanks_rg](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/resource_group) | resource |
-| [azurerm_resource_group.payment_manager_monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/resource_group) | resource |
 | [azurerm_storage_container.banks](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/storage_container) | resource |
 | [azurerm_storage_management_policy.buyerbanks_storage_lifeclycle_policies](https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/storage_management_policy) | resource |
 | [null_resource.decoupler_configuration_from_json_2_xml](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

src/core/api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult-uat.xml.tpl

@@ -0,0 +1,64 @@
+<!--
+    IMPORTANT:
+    - Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
+    - To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
+    - To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
+    - To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
+    - To remove a policy, delete the corresponding policy statement from the policy document.
+    - Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
+    - Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
+    - Policies are applied in the order of their appearance, from the top down.
+    - Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope.
+-->
+
+<!-- policy closePaymentV2 & sendPaymentResultV2 :
+- On outbound call /receipt/KO wisp-conv
+- On inbound  call /receipt/timer wisp-conv
+-->
+
+<policies>
+  <inbound>
+    <base />
+    <set-variable name="clientId" value="@(context.Request.OriginalUrl.Query.GetValueOrDefault("clientId"))" />
+    <choose>
+        <when condition="@("ecomm".Equals(context.Variables["clientId"]))">
+          <set-backend-service base-url="@("https://${ecommerce_ingress_hostname}/pagopa-ecommerce-transactions-service/")" />
+        </when>
+        <otherwise>
+            <set-header name="Ocp-Apim-Subscription-Key" exists-action="override">
+                <value>{{ecommerce-dev-sendpaymentresult-subscription-key-value}}</value>
+            </set-header>
+            <set-backend-service base-url="https://api.dev.platform.pagopa.it/ecommerce/transaction-user-receipts-service/v1" />
+        </otherwise>
+    </choose>
+    <!-- policy for WISP Dismantling -->
+    <set-variable name="enable_wisp_dismantling_switch" value="{{enable-wisp-dismantling-switch}}" />
+    <choose>
+      <when condition="@(context.Variables.GetValueOrDefault<string>("enable_wisp_dismantling_switch", "").Equals("true"))">
+        <set-variable name="primitive-ko" value="sendPaymentResultV2" />
+        <set-variable name="request-body" value="@(context.Request.Body.As<JObject>(preserveContent: true))" />
+        <set-variable name="wisp-payment-tokens" value="@{
+                try {
+                              JObject request = (JObject) context.Variables["request-body"];
+                              JArray payments = (JArray) request.Property("payments").Value;
+                              return string.Join(",", payments.Select(payment => payment["paymentToken"].ToString()));
+        } catch (Exception e) {
+        return "";
+        }
+        }" />
+        <include-fragment fragment-id="wisp-disable-payment-token-timer" />
+      </when>
+    </choose>
+</inbound>
+<backend>
+<base />
+</backend>
+<outbound>
+<base />
+<!-- fragment necessary for WISP Dismantling -->
+<include-fragment fragment-id="wisp-receipt-ko" />
+</outbound>
+<on-error>
+<base />
+</on-error>
+  </policies>

src/core/api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult.xml.tpl

@@ -19,13 +19,7 @@
 <policies>
   <inbound>
     <base />
-
-    <set-variable name="transactionId" value="@(context.Request.MatchedParameters["transactionId"])" />
-    <set-variable name="backend-base-url" value="@($"{{pm-host}}/pp-restapi-CD/v2")" />
-    <set-variable name="ecommerce_url" value="${ecommerce_ingress_hostname}" />
-    <set-variable name="body_value" value="@(context.Request.Body.As<string>(preserveContent: true))" />
-    <set-backend-service base-url="@((string)context.Variables["backend-base-url"])" />
-
+    <set-backend-service base-url="@("https://${ecommerce_ingress_hostname}/pagopa-ecommerce-transactions-service/")" />
     <!-- policy for WISP Dismantling -->
     <set-variable name="enable_wisp_dismantling_switch" value="{{enable-wisp-dismantling-switch}}" />
     <choose>
@@ -52,26 +46,6 @@
 <base />
 <!-- fragment necessary for WISP Dismantling -->
 <include-fragment fragment-id="wisp-receipt-ko" />
-
-<choose>
-  <when condition="@(context.Response.StatusCode == 200)">
-    <set-variable name="outcome" value="@(((string)((JObject)context.Response.Body.As<JObject>(preserveContent: true))["outcome"]))" />
-  </when>
-</choose>
-<choose>
-  <when condition="@(context.Response.StatusCode != 200 || !((string)context.Variables.GetValueOrDefault("outcome","")).Equals("OK"))">
-  <!-- addUserReceipt for ecommerce -->
-  <send-request ignore-error="true" timeout="10" response-variable-name="test-transaction" mode="new">
-    <set-url>@($"https://{(string)context.Variables["ecommerce_url"]}/pagopa-ecommerce-transactions-service/transactions/{(string)context.Variables["transactionId"]}/user-receipts")</set-url>
-    <set-method>POST</set-method>
-    <set-header name="Content-Type" exists-action="override">
-      <value>application/json</value>
-    </set-header>
-    <set-body>@($"{(string)context.Variables["body_value"]}")</set-body>
-  </send-request>
-  <return-response response-variable-name="test-transaction" />
-</when>
-</choose>
 </outbound>
 <on-error>
 <base />

src/core/apim_payment_manager.tf

@@ -933,7 +933,7 @@ resource "azurerm_api_management_api_operation_policy" "send_payment_result_api_
   resource_group_name = data.azurerm_resource_group.rg_api.name
   api_management_name = data.azurerm_api_management.apim_migrated[0].name
   operation_id        = "addUserReceipt"
-  xml_content = templatefile("./api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult.xml.tpl", {
+  xml_content = templatefile(var.env_short == "u" ? "./api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult-uat.xml.tpl" : "./api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult.xml.tpl", {
     host                       = local.api_domain,
     ecommerce_ingress_hostname = var.ecommerce_ingress_hostname
   })