Add api.io.wallet.pagopa.it to PSN AppGw (#615)

Author: Krusty93

infra/core/psn/hub/prod/appgw.tf

@@ -1,4 +1,5 @@
 locals {
+  api_prefix  = "api"
   apim_prefix = "apim"
   cdn_prefix  = "cdn"
 
@@ -19,12 +20,15 @@ locals {
     apim_backend_settings_name = "${local.apim_prefix}-backend-pool-settings"
     cdn_backend_settings_name  = "${local.cdn_prefix}-backend-pool-settings"
 
+    api_listener_name       = "${local.api_prefix}-listener"
     apim_http_listener_name = "${local.apim_prefix}-listener"
     cdn_listener_name       = "${local.cdn_prefix}-listener"
 
+    certificate_name_api      = "api-wallet-io-pagopa-it"
     certificate_name_internal = "api-internal-wallet-io-pagopa-it"
     certificate_name_cdn      = "wallet-io-pagopa-it"
 
+    api_routing_rule_name  = "${local.api_prefix}-routing-rule"
     apim_routing_rule_name = "${local.apim_prefix}-routing-rule"
     cdn_routing_rule_name  = "${local.cdn_prefix}-routing-rule"
 
@@ -112,7 +116,6 @@ resource "azurerm_application_gateway" "hub" {
     request_timeout                     = 20
   }
 
-
   http_listener {
     name                           = local.appgw.apim_http_listener_name
     frontend_ip_configuration_name = local.appgw.frontend_private_ip_configuration_name
@@ -131,6 +134,15 @@ resource "azurerm_application_gateway" "hub" {
     ssl_certificate_name           = local.appgw.certificate_name_cdn
   }
 
+  http_listener {
+    name                           = local.appgw.api_listener_name
+    frontend_ip_configuration_name = local.appgw.frontend_public_ip_configuration_name
+    frontend_port_name             = local.appgw.frontend_secure_port_name
+    protocol                       = "Https"
+    require_sni                    = false
+    ssl_certificate_name           = local.appgw.certificate_name_api
+  }
+
   request_routing_rule {
     name                       = local.appgw.apim_routing_rule_name
     priority                   = 10010
@@ -140,6 +152,15 @@ resource "azurerm_application_gateway" "hub" {
     backend_http_settings_name = local.appgw.apim_backend_settings_name
   }
 
+  request_routing_rule {
+    name                       = local.appgw.api_routing_rule_name
+    priority                   = 10012
+    http_listener_name         = local.appgw.api_http_listener_name
+    rule_type                  = "Basic"
+    backend_address_pool_name  = local.appgw.apim_backend_pool_name
+    backend_http_settings_name = local.appgw.apim_backend_settings_name
+  }
+
   request_routing_rule {
     name                       = local.appgw.cdn_routing_rule_name
     priority                   = 10020
@@ -152,14 +173,14 @@ resource "azurerm_application_gateway" "hub" {
   probe {
     name                                      = local.appgw.apim_probe_name
     protocol                                  = "Https"
-    path                                      = "/"
+    path                                      = "/echo/fake" # temporary path for health probe
     timeout                                   = 5
     interval                                  = 10
     unhealthy_threshold                       = 3
     pick_host_name_from_backend_http_settings = true
 
     match {
-      status_code = ["200"]
+      status_code = ["204"]
     }
   }
 
@@ -211,6 +232,11 @@ resource "azurerm_application_gateway" "hub" {
     key_vault_secret_id = "https://iw-p-itn-infra-kv-01.vault.azure.net:443/secrets/${local.appgw.certificate_name_cdn}/"
   }
 
+  ssl_certificate {
+    name                = local.appgw.certificate_name_api
+    key_vault_secret_id = "https://iw-p-itn-infra-kv-01.vault.azure.net:443/secrets/${local.appgw.certificate_name_api}/"
+  }
+
   ssl_policy {
     policy_type          = "Custom"
     min_protocol_version = "TLSv1_2"

infra/resources/prod/README.md

@@ -50,6 +50,7 @@
 | [azurerm_api_management_api_tag.wallet_support_legacy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_tag) | resource |
 | [azurerm_api_management_api_tag.wallet_user](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_tag) | resource |
 | [azurerm_api_management_api_tag.wallet_user_legacy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_tag) | resource |
+| [azurerm_api_management_api_tag.wallet_user_uat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_tag) | resource |
 | [azurerm_api_management_api_tag.wallet_user_uat_legacy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_tag) | resource |
 | [azurerm_api_management_api_version_set.wallet_support](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_api_version_set.wallet_user](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |

infra/resources/prod/apim_platform.tf

@@ -94,7 +94,7 @@ resource "azurerm_api_management_api" "wallet_user_legacy" {
   revision              = 1
 
   description  = "REST APIs consumed by IO App. This API group will be removed when app will switch the endpoints"
-  display_name = "IT-Wallet User"
+  display_name = "IT-Wallet User (Legacy)"
   path         = "api/v1/wallet"
   protocols    = ["https"]
 
@@ -112,7 +112,7 @@ resource "azurerm_api_management_api" "wallet_user_uat_legacy" {
   revision              = 1
 
   description  = "REST APIs (UAT) consumed by IO App. This API group will be removed when app will switch the endpoints"
-  display_name = "IT-Wallet User (UAT)"
+  display_name = "IT-Wallet User (UAT) (Legacy)"
   path         = "api/v1/wallet/uat"
   protocols    = ["https"]
 
@@ -131,7 +131,7 @@ resource "azurerm_api_management_api" "wallet_support_legacy" {
   revision = 1
 
   description  = "REST APIs consumed by Customer Service Support. This API group will be removed when app will switch the endpoints"
-  display_name = "IT-Wallet Customer Support"
+  display_name = "IT-Wallet Customer Support (Legacy)"
   path         = "api/v1/wallet/support"
   protocols    = ["https"]
 
@@ -182,6 +182,11 @@ resource "azurerm_api_management_api_tag" "wallet_user_uat_legacy" {
   name   = azurerm_api_management_tag.wallet.name
 }
 
+resource "azurerm_api_management_api_tag" "wallet_user_uat" {
+  api_id = azurerm_api_management_api.wallet_user_uat.id
+  name   = azurerm_api_management_tag.wallet.name
+}
+
 resource "azurerm_api_management_api_tag" "wallet_support" {
   api_id = azurerm_api_management_api.wallet_support_v1.id
   name   = azurerm_api_management_tag.wallet.name

infra/resources/prod/dns.tf

@@ -27,7 +27,7 @@ resource "azurerm_private_dns_zone" "internal_wallet_io_pagopa_it" {
 
 resource "azurerm_private_dns_zone_virtual_network_link" "vnet_common_internal_wallet_io_pagopa_it" {
   name                  = data.azurerm_virtual_network.vnet_common_itn.name
-  resource_group_name   = data.azurerm_virtual_network.vnet_common_itn.resource_group_name
+  resource_group_name   = azurerm_private_dns_zone.internal_wallet_io_pagopa_it.resource_group_name
   virtual_network_id    = data.azurerm_virtual_network.vnet_common_itn.id
   private_dns_zone_name = azurerm_private_dns_zone.internal_wallet_io_pagopa_it.name
 }