Skip to content

Commit c45ad7d

Browse files
gianmarcoplutinogianmarcoplutino
authored
[SELC-5813] fix: added policy for onboardingImportUsingPOST (#471)
1 parent 2cb44f6 commit c45ad7d

File tree

1 file changed

+50
-44
lines changed

1 file changed

+50
-44
lines changed

infra/apim_v2/apim.tf

+50-44
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,19 @@
11
# APIM subnet
22
module "apim_snet" {
33
source = "github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.18.0"
4-
name = format("%s-apim-v2-snet", local.project)
5-
resource_group_name = format("%s-vnet-rg", local.project)
4+
name = format("%s-apim-v2-snet", local.project)
5+
resource_group_name = format("%s-vnet-rg", local.project)
66
virtual_network_name = data.azurerm_virtual_network.vnet.name
77
address_prefixes = var.cidr_subnet_apim
88

99
private_endpoint_network_policies_enabled = true
10-
service_endpoints = ["Microsoft.Web"]
10+
service_endpoints = ["Microsoft.Web"]
1111
}
1212

1313
resource "azurerm_network_security_group" "nsg_apim" {
14-
name = format("%s-apim-v2-nsg", local.project)
14+
name = format("%s-apim-v2-nsg", local.project)
1515
resource_group_name = format("%s-vnet-rg", local.project)
16-
location = var.location
16+
location = var.location
1717

1818
security_rule {
1919
name = "managementapim"
@@ -36,39 +36,39 @@ resource "azurerm_subnet_network_security_group_association" "snet_nsg" {
3636
}
3737

3838
resource "azurerm_resource_group" "rg_api" {
39-
name = format("%s-api-v2-rg", local.project)
39+
name = format("%s-api-v2-rg", local.project)
4040
location = var.location
4141

4242
tags = var.tags
4343
}
4444

4545
locals {
4646
apim_cert_name_proxy_endpoint = format("%s-proxy-endpoint-cert", local.project)
47-
api_domain = format("api.%s.%s", var.dns_zone_prefix, var.external_domain)
48-
logo_api_domain = format("%s.%s", var.dns_zone_prefix, var.external_domain)
49-
apim_base_url = "${azurerm_api_management_custom_domain.api_custom_domain.gateway[0].host_name}/external"
47+
api_domain = format("api.%s.%s", var.dns_zone_prefix, var.external_domain)
48+
logo_api_domain = format("%s.%s", var.dns_zone_prefix, var.external_domain)
49+
apim_base_url = "${azurerm_api_management_custom_domain.api_custom_domain.gateway[0].host_name}/external"
5050
}
5151

5252
resource "azurerm_key_vault_access_policy" "api_management_policy" {
5353
key_vault_id = data.azurerm_key_vault.key_vault.id
5454
tenant_id = data.azurerm_client_config.current.tenant_id
5555
object_id = module.apim.principal_id
5656

57-
key_permissions = []
58-
secret_permissions = ["Get", "List"]
57+
key_permissions = []
58+
secret_permissions = ["Get", "List"]
5959
certificate_permissions = ["Get", "List"]
60-
storage_permissions = []
60+
storage_permissions = []
6161
}
6262

6363
resource "azurerm_key_vault_access_policy" "api_management_policy_pnpg" {
6464
key_vault_id = data.azurerm_key_vault.key_vault_pnpg.id
6565
tenant_id = data.azurerm_client_config.current.tenant_id
6666
object_id = module.apim.principal_id
6767

68-
key_permissions = []
69-
secret_permissions = ["Get", "List"]
68+
key_permissions = []
69+
secret_permissions = ["Get", "List"]
7070
certificate_permissions = ["Get", "List"]
71-
storage_permissions = []
71+
storage_permissions = []
7272
}
7373

7474
resource "azurerm_api_management_custom_domain" "api_custom_domain" {
@@ -92,15 +92,15 @@ module "apim" {
9292
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management?ref=v8.18.0"
9393
subnet_id = module.apim_snet.id
9494
location = azurerm_resource_group.rg_api.location
95-
name = format("%s-apim-v2", local.project)
95+
name = format("%s-apim-v2", local.project)
9696
resource_group_name = azurerm_resource_group.rg_api.name
9797
publisher_name = var.apim_publisher_name
9898
publisher_email = data.azurerm_key_vault_secret.apim_publisher_email.value
9999
sku_name = var.apim_sku
100100
virtual_network_type = "Internal"
101101

102102
redis_connection_string = null
103-
redis_cache_id = null
103+
redis_cache_id = null
104104

105105
# This enables the Username and Password Identity Provider
106106
sign_up_enabled = false
@@ -123,14 +123,14 @@ module "apim" {
123123
## monitor ##
124124
module "monitor" {
125125
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
126-
name = format("%s-monitor", var.env_short)
126+
name = format("%s-monitor", var.env_short)
127127
api_management_name = module.apim.name
128128
resource_group_name = azurerm_resource_group.rg_api.name
129129

130130
description = "Monitor"
131131
display_name = "Monitor"
132132
path = "external/status"
133-
protocols = ["https"]
133+
protocols = ["https"]
134134

135135
service_url = null
136136

@@ -146,21 +146,21 @@ module "monitor" {
146146
api_operation_policies = [
147147
{
148148
operation_id = "get"
149-
xml_content = file("./api/monitor/mock_policy.xml")
149+
xml_content = file("./api/monitor/mock_policy.xml")
150150
}
151151
]
152152
}
153153

154154
resource "azurerm_api_management_api_version_set" "apim_external_api_onboarding_auto" {
155-
name = format("%s-external-api-onboarding-auto", var.env_short)
155+
name = format("%s-external-api-onboarding-auto", var.env_short)
156156
resource_group_name = azurerm_resource_group.rg_api.name
157157
api_management_name = module.apim.name
158158
display_name = "SelfCare Onboarding"
159159
versioning_scheme = "Segment"
160160
}
161161

162162
resource "azurerm_api_management_api_version_set" "apim_external_api_onboarding_io" {
163-
name = format("%s-external-api-onboarding-io", var.env_short)
163+
name = format("%s-external-api-onboarding-io", var.env_short)
164164
resource_group_name = azurerm_resource_group.rg_api.name
165165
api_management_name = module.apim.name
166166
display_name = "SelfCare Onboarding PA prod-io"
@@ -169,7 +169,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_onboarding_
169169

170170
module "apim_external_api_onboarding_auto_v1" {
171171
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
172-
name = format("%s-external-api-onboarding-auto", local.project)
172+
name = format("%s-external-api-onboarding-auto", local.project)
173173
api_management_name = module.apim.name
174174
resource_group_name = azurerm_resource_group.rg_api.name
175175
version_set_id = azurerm_api_management_api_version_set.apim_external_api_onboarding_auto.id
@@ -201,7 +201,7 @@ module "apim_external_api_onboarding_auto_v1" {
201201

202202
module "apim_external_api_onboarding_io_v1" {
203203
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
204-
name = format("%s-external-api-onboarding-io", local.project)
204+
name = format("%s-external-api-onboarding-io", local.project)
205205
api_management_name = module.apim.name
206206
resource_group_name = azurerm_resource_group.rg_api.name
207207
version_set_id = azurerm_api_management_api_version_set.apim_external_api_onboarding_io.id
@@ -232,7 +232,7 @@ module "apim_external_api_onboarding_io_v1" {
232232
}
233233

234234
resource "azurerm_api_management_api_version_set" "apim_external_api_ms" {
235-
name = format("%s-ms-external-api", var.env_short)
235+
name = format("%s-ms-external-api", var.env_short)
236236
resource_group_name = azurerm_resource_group.rg_api.name
237237
api_management_name = module.apim.name
238238
display_name = "External API Service"
@@ -241,7 +241,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_ms" {
241241

242242
module "apim_external_api_ms_v2" {
243243
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
244-
name = format("%s-ms-external-api", local.project)
244+
name = format("%s-ms-external-api", local.project)
245245
api_management_name = module.apim.name
246246
resource_group_name = azurerm_resource_group.rg_api.name
247247
version_set_id = azurerm_api_management_api_version_set.apim_external_api_ms.id
@@ -401,17 +401,17 @@ module "apim_external_api_ms_v2" {
401401
{
402402
operation_id = "messageAcknowledgmentUsingPOST"
403403
xml_content = templatefile("./api/api_key_fn_op_policy_message.xml.tpl", {
404-
BACKEND_BASE_URL = "https://selc-${var.env_short}-onboarding-fn.azurewebsites.net"
405-
FN_KEY = data.azurerm_key_vault_secret.fn-onboarding-primary-key.value
406-
EXTERNAL-OAUTH2-ISSUER = data.azurerm_key_vault_secret.external-oauth2-issuer.value
407-
TENANT_ID = data.azurerm_client_config.current.tenant_id
404+
BACKEND_BASE_URL = "https://selc-${var.env_short}-onboarding-fn.azurewebsites.net"
405+
FN_KEY = data.azurerm_key_vault_secret.fn-onboarding-primary-key.value
406+
EXTERNAL-OAUTH2-ISSUER = data.azurerm_key_vault_secret.external-oauth2-issuer.value
407+
TENANT_ID = data.azurerm_client_config.current.tenant_id
408408
})
409409
}
410410
]
411411
}
412412

413413
resource "azurerm_api_management_api_version_set" "apim_internal_api_ms" {
414-
name = format("%s-ms-internal-api", var.env_short)
414+
name = format("%s-ms-internal-api", var.env_short)
415415
resource_group_name = azurerm_resource_group.rg_api.name
416416
api_management_name = module.apim.name
417417
display_name = "Internal API Service"
@@ -420,7 +420,7 @@ resource "azurerm_api_management_api_version_set" "apim_internal_api_ms" {
420420

421421
module "apim_internal_api_ms_v1" {
422422
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
423-
name = format("%s-ms-internal-api", local.project)
423+
name = format("%s-ms-internal-api", local.project)
424424
api_management_name = module.apim.name
425425
resource_group_name = azurerm_resource_group.rg_api.name
426426
version_set_id = azurerm_api_management_api_version_set.apim_internal_api_ms.id
@@ -503,12 +503,18 @@ module "apim_internal_api_ms_v1" {
503503
xml_content = templatefile("./api/base_ms_url_policy.xml", {
504504
MS_BACKEND_URL = "https://selc-${var.env_short}-ms-core-ca.${var.ca_suffix_dns_private_name}/"
505505
})
506+
},
507+
{
508+
operation_id = "onboardingImportUsingPOST"
509+
xml_content = templatefile("./api/base_ms_url_policy.xml", {
510+
MS_BACKEND_URL = "https://selc-${var.env_short}-ext-api-backend-ca.${var.ca_suffix_dns_private_name}/v2/"
511+
})
506512
}
507513
]
508514
}
509515

510516
resource "azurerm_api_management_api_version_set" "apim_selfcare_support_service" {
511-
name = format("%s-selfcare-support-api-service", var.env_short)
517+
name = format("%s-selfcare-support-api-service", var.env_short)
512518
resource_group_name = azurerm_resource_group.rg_api.name
513519
api_management_name = module.apim.name
514520
display_name = "SelfCare Support API Service"
@@ -517,7 +523,7 @@ resource "azurerm_api_management_api_version_set" "apim_selfcare_support_service
517523

518524
module "apim_selfcare_support_service_v1" {
519525
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
520-
name = format("%s-selfcare-support-api-service", local.project)
526+
name = format("%s-selfcare-support-api-service", local.project)
521527
api_management_name = module.apim.name
522528
resource_group_name = azurerm_resource_group.rg_api.name
523529
version_set_id = azurerm_api_management_api_version_set.apim_selfcare_support_service.id
@@ -599,14 +605,14 @@ module "apim_selfcare_support_service_v1" {
599605
operation_id = "completeOnboardingTokenConsume"
600606
xml_content = templatefile("./api/base_ms_url_policy.xml", {
601607
MS_BACKEND_URL = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/"
602-
}
608+
}
603609
)
604610
},
605611
{
606612
operation_id = "onboardingInstitutionUsingGET"
607613
xml_content = templatefile("./api/base_ms_url_policy.xml", {
608614
MS_BACKEND_URL = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/"
609-
}
615+
}
610616
)
611617
},
612618
{
@@ -639,7 +645,7 @@ module "apim_selfcare_support_service_v1" {
639645
}
640646

641647
resource "azurerm_api_management_api_version_set" "apim_notification_event_api" {
642-
name = format("%s-notification-event-api", var.env_short)
648+
name = format("%s-notification-event-api", var.env_short)
643649
resource_group_name = azurerm_resource_group.rg_api.name
644650
api_management_name = module.apim.name
645651
display_name = "Notification Event API Service"
@@ -648,7 +654,7 @@ resource "azurerm_api_management_api_version_set" "apim_notification_event_api"
648654

649655
module "apim_notification_event_api_v1" {
650656
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
651-
name = format("%s-notification-event-api", local.project)
657+
name = format("%s-notification-event-api", local.project)
652658
api_management_name = module.apim.name
653659
resource_group_name = azurerm_resource_group.rg_api.name
654660
version_set_id = azurerm_api_management_api_version_set.apim_notification_event_api.id
@@ -705,7 +711,7 @@ module "apim_notification_event_api_v1" {
705711
]
706712
}
707713
resource "azurerm_api_management_api_version_set" "apim_external_api_contract" {
708-
name = format("%s-external-api-contract", var.env_short)
714+
name = format("%s-external-api-contract", var.env_short)
709715
resource_group_name = azurerm_resource_group.rg_api.name
710716
api_management_name = module.apim.name
711717
display_name = "External API Contract limited by IP source"
@@ -714,7 +720,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_contract" {
714720

715721
module "apim_external_api_contract_v1" {
716722
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
717-
name = format("%s-external-api-contract-service", local.project)
723+
name = format("%s-external-api-contract-service", local.project)
718724
api_management_name = module.apim.name
719725
resource_group_name = azurerm_resource_group.rg_api.name
720726
version_set_id = azurerm_api_management_api_version_set.apim_external_api_contract.id
@@ -756,7 +762,7 @@ module "apim_external_api_contract_v1" {
756762
}
757763

758764
resource "azurerm_api_management_api_version_set" "apim_external_api_contracts_public" {
759-
name = format("%s-external-api-contracts-public", var.env_short)
765+
name = format("%s-external-api-contracts-public", var.env_short)
760766
resource_group_name = azurerm_resource_group.rg_api.name
761767
api_management_name = module.apim.name
762768
display_name = "External API Contracts Public"
@@ -765,7 +771,7 @@ resource "azurerm_api_management_api_version_set" "apim_external_api_contracts_p
765771

766772
module "apim_external_api_contract_public_v1" {
767773
source = "github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.18.0"
768-
name = format("%s-external-api-contracts-public", local.project)
774+
name = format("%s-external-api-contracts-public", local.project)
769775
api_management_name = module.apim.name
770776
resource_group_name = azurerm_resource_group.rg_api.name
771777
version_set_id = azurerm_api_management_api_version_set.apim_external_api_contracts_public.id
@@ -817,7 +823,7 @@ module "apim_billing_portal_v1" {
817823
protocols = [
818824
"https"
819825
]
820-
826+
821827
service_url = "https://selc-${var.env_short}-onboarding-ms-ca.${var.ca_suffix_dns_private_name}/v1/"
822828

823829
content_format = "openapi+json"
@@ -845,7 +851,7 @@ module "apim_billing_portal_v1" {
845851
operation_id = "checkRecipientCodeUsingGET"
846852
xml_content = templatefile("./api/base_policy_config.xml.tpl", {
847853
MS_BACKEND_URL = "https://selc-${var.env_short}-onboardingbackend-ca.${var.ca_suffix_dns_private_name}/v2/"
848-
})
854+
})
849855
}
850856
]
851857
}

0 commit comments

Comments
 (0)