From 152048f02416462db3b752a1ffde95c13e6369c2 Mon Sep 17 00:00:00 2001 From: Francesco Cesareo Date: Thu, 13 Feb 2025 22:32:56 +0100 Subject: [PATCH] chore: [PAGOPA-2626] Decoupler: logic for FdR SOAP requests (#2766) * added check on fdr org soap request * added check on fdr psp soap request * precommit * fix * fix * fix * fix * added sha * added comment * conflict resolved * feat: [PAGOPA-2647] defining response caching for `nodoChiediElencoFlussiRendicontazione` primitive (#2781) * [PAGOPA-2647] feat: defining response caching for FdR-Fase1 'flow list' API * [PAGOPA-2647] fix: resolving bugs and refactoring code * [PAGOPA-2647] fix: excluding caching process if response returns a fault code * [PAGOPA-2647] fix: updating tracing text * [PAGOPA-2647] fix: resolving bugs and adding correct handling of BLOB headers * [PAGOPA-2647] fix: adding permission for read/write operations by APIM * [PAGOPA-2647] chore: commenting trace tag, avoiding unnecessary log * remove mongodb * fix * recovre after push error * fix dashboard * fix dashboard * fix secret prod * fix fdr common * fix --------- Co-authored-by: Andrea D. <117269497+andrea-deri@users.noreply.github.com> Co-authored-by: pasqualespica Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com> --- .gitignore | 3 +- src/domains/fdr-app/00_data.tf | 10 + src/domains/fdr-app/00_monitor.tf | 7 +- src/domains/fdr-app/00_network.tf | 45 ---- src/domains/fdr-app/04_apim_aux.tf | 81 ++++++++ src/domains/fdr-app/04_apim_fdr_fase1.tf | 32 ++- src/domains/fdr-app/04_apim_fdr_fase1_auth.tf | 2 +- src/domains/fdr-app/04_apim_fdr_fase3.tf | 19 -- src/domains/fdr-app/99_variables.tf | 117 +++-------- src/domains/fdr-app/README.md | 17 ++ .../fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl | 8 +- ...oChiediElencoFlussiRendicontazione.xml.tpl | 195 ++++++++++++++++++ ...r_nodoinvia_flussorendicontazione_flow.xml | 49 ++++- ...sh-fdr-soap.tpl => dashboard-apim-fdr.tpl} | 6 +- .../fdr-app/env/weu-dev/terraform.tfvars | 48 +---- .../fdr-app/env/weu-prod/terraform.tfvars | 67 ++---- .../fdr-app/env/weu-uat/terraform.tfvars | 47 +---- src/domains/fdr-common/.terraform.lock.hcl | 18 +- src/domains/fdr-common/02_security.tf | 10 - .../fdr-common/03_cosmos_mongodb_fdr.tf | 115 ----------- .../fdr-common/03_storage_account_fdr.tf | 72 +++++++ src/domains/fdr-common/99_variables.tf | 7 + src/domains/fdr-common/README.md | 5 + .../fdr-common/env/weu-uat/terraform.tfvars | 2 +- .../secret/weu-prod/noedit_secret_enc.json | 14 +- 25 files changed, 551 insertions(+), 445 deletions(-) create mode 100644 src/domains/fdr-app/04_apim_aux.tf create mode 100644 src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa_nodoChiediElencoFlussiRendicontazione.xml.tpl rename src/domains/fdr-app/dashboard/{dash-fdr-soap.tpl => dashboard-apim-fdr.tpl} (96%) delete mode 100644 src/domains/fdr-common/03_cosmos_mongodb_fdr.tf diff --git a/.gitignore b/.gitignore index 93fc05a512..2a7a4738f8 100644 --- a/.gitignore +++ b/.gitignore @@ -50,4 +50,5 @@ __import_apim /src/psql/nodo/liquibase/online.properties /src/psql/nodo/liquibase/re.properties /src/psql/nodo/liquibase/offline.properties -**/secret.json \ No newline at end of file +**/secret.json +*-BCK \ No newline at end of file diff --git a/src/domains/fdr-app/00_data.tf b/src/domains/fdr-app/00_data.tf index 8d5195f824..07968f956d 100644 --- a/src/domains/fdr-app/00_data.tf +++ b/src/domains/fdr-app/00_data.tf @@ -19,6 +19,11 @@ data "azurerm_storage_account" "fdr_flows_sa" { resource_group_name = data.azurerm_resource_group.data.name } +data "azurerm_storage_account" "fdr_conversion_sa" { + name = replace("${local.project}-sa", "-", "") + resource_group_name = data.azurerm_resource_group.fdr_rg.name +} + data "azurerm_resource_group" "data" { name = "${local.product}-data-rg" } @@ -28,6 +33,11 @@ data "azurerm_storage_container" "fdr_rend_flow" { storage_account_name = data.azurerm_storage_account.fdr_flows_sa.name } +data "azurerm_storage_container" "fdr1_cached_response" { + name = "fdr1-cached-response" + storage_account_name = data.azurerm_storage_account.fdr_conversion_sa.name +} + data "azurerm_container_registry" "common-acr" { name = replace("${local.product}-common-acr", "-", "") resource_group_name = data.azurerm_resource_group.container_registry_rg.name diff --git a/src/domains/fdr-app/00_monitor.tf b/src/domains/fdr-app/00_monitor.tf index e0a77366a1..62f0ac679b 100644 --- a/src/domains/fdr-app/00_monitor.tf +++ b/src/domains/fdr-app/00_monitor.tf @@ -28,14 +28,15 @@ data "azurerm_monitor_action_group" "opsgenie" { name = local.monitor_action_group_opsgenie_name } -resource "azurerm_portal_dashboard" "fdr-soap-dashboard" { - name = "FdR-SOAP" +resource "azurerm_portal_dashboard" "fdr-dashboard" { + count = var.env_short == "p" ? 1 : 0 + name = "FLussiDiRendicontazione-${var.env}-FdR" resource_group_name = var.monitor_resource_group_name location = var.location tags = { source = "terraform" } - dashboard_properties = templatefile("dashboard/dash-fdr-soap.tpl", { + dashboard_properties = templatefile("./dashboard/dashboard-apim-fdr.tpl", { subscription_id = data.azurerm_subscription.current.subscription_id, env_short = var.env_short }) diff --git a/src/domains/fdr-app/00_network.tf b/src/domains/fdr-app/00_network.tf index ded3f36644..df485e3f4e 100644 --- a/src/domains/fdr-app/00_network.tf +++ b/src/domains/fdr-app/00_network.tf @@ -13,29 +13,6 @@ data "azurerm_dns_zone" "public" { name = join(".", [var.apim_dns_zone_prefix, var.external_domain]) } - -module "fdr_re_function_snet" { - source = "./.terraform/modules/__v3__/subnet" - name = "${local.project}-re-fn-snet" - address_prefixes = var.fdr_re_function_subnet - resource_group_name = local.vnet_resource_group_name - virtual_network_name = data.azurerm_virtual_network.vnet.name - private_endpoint_network_policies_enabled = var.fdr_re_function_network_policies_enabled - - service_endpoints = [ - "Microsoft.Web", - "Microsoft.AzureCosmosDB", - ] - - delegation = { - name = "default" - service_delegation = { - name = "Microsoft.Web/serverFarms" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] - } - } -} - module "fdr_xml_to_json_function_snet" { source = "./.terraform/modules/__v3__/subnet" name = "${local.project}-xml-to-json-fn-snet" @@ -58,25 +35,3 @@ module "fdr_xml_to_json_function_snet" { } } -module "fdr_json_to_xml_function_snet" { - source = "./.terraform/modules/__v3__/subnet" - name = "${local.project}-json-to-xml-fn-snet" - address_prefixes = var.fdr_json_to_xml_function_subnet - resource_group_name = local.vnet_resource_group_name - virtual_network_name = data.azurerm_virtual_network.vnet.name - private_endpoint_network_policies_enabled = var.fdr_json_to_xml_function_network_policies_enabled - - service_endpoints = [ - "Microsoft.Web", - "Microsoft.AzureCosmosDB", - ] - - delegation = { - name = "default" - service_delegation = { - name = "Microsoft.Web/serverFarms" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] - } - } -} - diff --git a/src/domains/fdr-app/04_apim_aux.tf b/src/domains/fdr-app/04_apim_aux.tf new file mode 100644 index 0000000000..7d39767231 --- /dev/null +++ b/src/domains/fdr-app/04_apim_aux.tf @@ -0,0 +1,81 @@ +// Switch to pagoPA FdR SOAP request for Orgs (creditor institutions) +// https://pagopa.atlassian.net/wiki/spaces/IQCGJ/pages/1071153182/FdR-1+Flussi+di+Rendicontazione +resource "azurerm_api_management_named_value" "enable_fdr_ci_soap_request" { + name = "enable-fdr-ci-soap-request-switch" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_api_management.apim.resource_group_name + display_name = "enable-fdr-ci-soap-request-switch" + value = var.enable_fdr_ci_soap_request +} + +// Switch to pagoPA FdR SOAP request for PSP +// https://pagopa.atlassian.net/wiki/spaces/IQCGJ/pages/1071153182/FdR-1+Flussi+di+Rendicontazione +resource "azurerm_api_management_named_value" "enable_fdr_psp_soap_request" { + name = "enable-fdr-psp-soap-request-switch" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_api_management.apim.resource_group_name + display_name = "enable-fdr-psp-soap-request-switch" + value = var.enable_fdr_psp_soap_request +} + +// PSP list to switch traffic towards pagoPA FdR +resource "azurerm_api_management_named_value" "fdr_psp_soap_request_psp_list" { + name = "fdr-soap-request-psp-whitelist" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_api_management.apim.resource_group_name + display_name = "fdr-soap-request-psp-whitelist" + value = var.fdr_soap_request_psp_whitelist +} + +// CI list to switch traffic towards pagoPA FdR +resource "azurerm_api_management_named_value" "fdr_ci_soap_request_ci_list" { + name = "fdr-soap-request-ci-whitelist" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_api_management.apim.resource_group_name + display_name = "fdr-soap-request-ci-whitelist" + value = var.fdr_soap_request_ci_whitelist +} + +######################## +## Info for FdR Rend ## +######################## +resource "azurerm_api_management_named_value" "fdrcontainername" { + name = "fdrcontainername" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_resource_group.rg_api.name + display_name = "fdrcontainername" + value = data.azurerm_storage_container.fdr_rend_flow.name +} + +resource "azurerm_api_management_named_value" "fdrsaname" { + name = "fdrsaname" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_resource_group.rg_api.name + display_name = "fdrsaname" + value = data.azurerm_storage_account.fdr_flows_sa.name +} + + +resource "azurerm_api_management_named_value" "fdr_cachedresponse_saname" { + name = "fdr_cachedresponse_saname" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_resource_group.rg_api.name + display_name = "fdr_cachedresponse_saname" + value = data.azurerm_storage_account.fdr_conversion_sa.name +} + +resource "azurerm_api_management_named_value" "fdr_cachedresponse_containername" { + name = "fdr_cachedresponse_containername" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_resource_group.rg_api.name + display_name = "fdr_cachedresponse_containername" + value = data.azurerm_storage_container.fdr1_cached_response.name +} + +resource "azurerm_api_management_named_value" "fdr1_cache_duration" { + name = "fdr1_cache_duration" + api_management_name = data.azurerm_api_management.apim.name + resource_group_name = data.azurerm_resource_group.rg_api.name + display_name = "fdr1_cache_duration" + value = var.fdr1_cache_duration +} diff --git a/src/domains/fdr-app/04_apim_fdr_fase1.tf b/src/domains/fdr-app/04_apim_fdr_fase1.tf index b2b520538a..d5b000dbb9 100644 --- a/src/domains/fdr-app/04_apim_fdr_fase1.tf +++ b/src/domains/fdr-app/04_apim_fdr_fase1.tf @@ -29,6 +29,16 @@ resource "azurerm_api_management_api_operation_policy" "fdr_pagopa_policy_nodoIn }) } +# fragment sha +# https://github.com/hashicorp/terraform-provider-azurerm/issues/17016#issuecomment-1314991599 +# https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/2022-04-01-preview/service/policyfragments?pivots=deployment-language-terraform +resource "terraform_data" "sha256_fdr_pagopa_policy_nodoInviaFlussoRendicontazione" { + input = sha256(templatefile("./api/fdr-fase1/nodoPerPsp/v1/fdr_nodoinvia_flussorendicontazione_flow.xml", { + is-fdr-nodo-pagopa-enable = var.apim_fdr_nodo_pagopa_enable + base-url = "https://${local.fdr_hostname}/pagopa-fdr-nodo-service" + })) +} + ######### ## PA ## ######### @@ -51,6 +61,16 @@ resource "azurerm_api_management_api_operation_policy" "fdr_pagopa_policy_nodoCh }) } +# fragment sha +# https://github.com/hashicorp/terraform-provider-azurerm/issues/17016#issuecomment-1314991599 +# https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/2022-04-01-preview/service/policyfragments?pivots=deployment-language-terraform +resource "terraform_data" "sha256_fdr_pagopa_policy_nodoChiediFlussoRendicontazione" { + input = sha256(templatefile("./api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl", { + is-fdr-nodo-pagopa-enable = var.apim_fdr_nodo_pagopa_enable + base-url = "https://${local.fdr_hostname}/pagopa-fdr-nodo-service" + })) +} + # nodoChiediElencoFlussiRendicontazione DEV 6218976195aa0303ccfcf901 # nodoChiediElencoFlussiRendicontazione UAT 61e96321e0f4ba04a49d1285 # nodoChiediElencoFlussiRendicontazione PRD 61e9633dea7c4a07cc7d480d @@ -62,8 +82,18 @@ resource "azurerm_api_management_api_operation_policy" "fdr_pagopa_policy_nodoCh operation_id = var.env_short == "d" ? "6218976195aa0303ccfcf901" : var.env_short == "u" ? "61e96321e0f4ba04a49d1285" : "61e9633dea7c4a07cc7d480d" #tfsec:ignore:GEN005 - xml_content = templatefile("./api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl", { + xml_content = templatefile("./api/fdr-fase1/nodoPerPa/v1/fdr_pagopa_nodoChiediElencoFlussiRendicontazione.xml.tpl", { is-fdr-nodo-pagopa-enable = var.apim_fdr_nodo_pagopa_enable base-url = "https://${local.fdr_hostname}/pagopa-fdr-nodo-service" }) } + +# fragment sha +# https://github.com/hashicorp/terraform-provider-azurerm/issues/17016#issuecomment-1314991599 +# https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/2022-04-01-preview/service/policyfragments?pivots=deployment-language-terraform +resource "terraform_data" "sha256_fdr_pagopa_policy_nodoChiediElencoFlussiRendicontazione" { + input = sha256(templatefile("./api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl", { + is-fdr-nodo-pagopa-enable = var.apim_fdr_nodo_pagopa_enable + base-url = "https://${local.fdr_hostname}/pagopa-fdr-nodo-service" + })) +} diff --git a/src/domains/fdr-app/04_apim_fdr_fase1_auth.tf b/src/domains/fdr-app/04_apim_fdr_fase1_auth.tf index 501aa68169..e8d34b3df0 100644 --- a/src/domains/fdr-app/04_apim_fdr_fase1_auth.tf +++ b/src/domains/fdr-app/04_apim_fdr_fase1_auth.tf @@ -86,7 +86,7 @@ resource "azurerm_api_management_api_operation_policy" "fdr_pagopa_policy_nodoCh operation_id = var.env_short == "d" ? "6352c3bcc257810f183b398b" : var.env_short == "u" ? "636cb7e9451c1c01c4186998" : "63b6e2da2a92e811a8f338f8" #tfsec:ignore:GEN005 - xml_content = templatefile("./api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl", { + xml_content = templatefile("./api/fdr-fase1/nodoPerPa/v1/fdr_pagopa_nodoChiediElencoFlussiRendicontazione.xml.tpl", { is-fdr-nodo-pagopa-enable = var.apim_fdr_nodo_pagopa_enable base-url = "https://${local.fdr_hostname}/pagopa-fdr-nodo-service" }) diff --git a/src/domains/fdr-app/04_apim_fdr_fase3.tf b/src/domains/fdr-app/04_apim_fdr_fase3.tf index bc2a4d9130..f52e5ea00f 100644 --- a/src/domains/fdr-app/04_apim_fdr_fase3.tf +++ b/src/domains/fdr-app/04_apim_fdr_fase3.tf @@ -76,22 +76,3 @@ module "apim_fdr_product_internal" { policy_xml = file("./api_product/fdr-service-internal/_base_policy.xml") } - -######################## -## Info for FdR Rend ## -######################## -resource "azurerm_api_management_named_value" "fdrcontainername" { - name = "fdrcontainername" - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_resource_group.rg_api.name - display_name = "fdrcontainername" - value = data.azurerm_storage_container.fdr_rend_flow.name -} - -resource "azurerm_api_management_named_value" "fdrsaname" { - name = "fdrsaname" - api_management_name = data.azurerm_api_management.apim.name - resource_group_name = data.azurerm_resource_group.rg_api.name - display_name = "fdrsaname" - value = data.azurerm_storage_account.fdr_flows_sa.name -} diff --git a/src/domains/fdr-app/99_variables.tf b/src/domains/fdr-app/99_variables.tf index 6014cbecb3..1498468aa1 100644 --- a/src/domains/fdr-app/99_variables.tf +++ b/src/domains/fdr-app/99_variables.tf @@ -295,51 +295,6 @@ variable "nodo_pagamenti_subkey_required" { default = false } -# FdR RE -variable "fdr_re_function_subnet" { - type = list(string) - description = "Address prefixes subnet" - default = null -} - -variable "fdr_re_function_network_policies_enabled" { - type = bool - description = "Network policies enabled" - default = false -} - -variable "fdr_re_function" { - type = object({ - always_on = bool - kind = string - sku_size = string - # sku_tier = string - maximum_elastic_worker_count = number - }) - description = "FdR RE function" - default = { - always_on = true - kind = "Linux" - sku_size = "B1" - # sku_tier = "Basic" - maximum_elastic_worker_count = 1 - } -} - -variable "fdr_re_function_app_image_tag" { - type = string - default = "latest" - description = "FdR RE to Datastore function app docker image tag. Defaults to 'latest'" -} - -variable "fdr_re_function_autoscale" { - type = object({ - default = number - minimum = number - maximum = number - }) - description = "FdR function autoscaling parameters" -} # FdR xml to json variable "fdr_xml_to_json_function_subnet" { @@ -386,50 +341,6 @@ variable "fdr_xml_to_json_function_autoscale" { description = "FdR function autoscaling parameters" } -# FdR json to xml -variable "fdr_json_to_xml_function_subnet" { - type = list(string) - description = "Address prefixes subnet" - default = null -} - -variable "fdr_json_to_xml_function_network_policies_enabled" { - type = bool - description = "Network policies enabled" - default = false -} -variable "fdr_json_to_xml_function" { - type = object({ - always_on = bool - kind = string - sku_size = string - sku_tier = string - maximum_elastic_worker_count = number - }) - description = "FdR JSON to XML function" - default = { - always_on = true - kind = "Linux" - sku_size = "B1" - sku_tier = "Basic" - maximum_elastic_worker_count = 1 - } -} - -variable "fdr_json_to_xml_function_app_image_tag" { - type = string - default = "latest" - description = "FdR JSON to XML function app docker image tag. Defaults to 'latest'" -} - -variable "fdr_json_to_xml_function_autoscale" { - type = object({ - default = number - minimum = number - maximum = number - }) - description = "FdR JSON to XML function autoscaling parameters" -} variable "function_app_storage_account_replication_type" { type = string @@ -472,3 +383,31 @@ variable "enable_fdr3_features" { default = false description = "Feature flag that enabled FdR-Fase3 APIs" } + +variable "enable_fdr_ci_soap_request" { + type = bool + description = "Switch to pagoPA FdR SOAP request for Orgs" +} + +variable "enable_fdr_psp_soap_request" { + type = bool + description = "Switch to pagoPA FdR SOAP request for PSP" +} + +variable "fdr_soap_request_psp_whitelist" { + type = string + # default = "*" # No Default to explicits set into ENV settings + description = "String list comma separated" +} + +variable "fdr_soap_request_ci_whitelist" { + type = string + # default = "*" # No Default to explicits set into ENV settings + description = "String list comma separated" +} + +variable "fdr1_cache_duration" { + type = string + default = "1800" // 30 minutes + description = "The TTL of keys stored in internal cache for FdR1's cached responses" +} diff --git a/src/domains/fdr-app/README.md b/src/domains/fdr-app/README.md index 3a39237b3b..701c17b487 100644 --- a/src/domains/fdr-app/README.md +++ b/src/domains/fdr-app/README.md @@ -54,6 +54,13 @@ | [azurerm_api_management_api_version_set.api_fdr_legacy_api_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | | [azurerm_api_management_api_version_set.api_fdr_xml_to_json_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | | [azurerm_api_management_api_version_set.fdr_per_pa_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource | +| [azurerm_api_management_named_value.enable_fdr_ci_soap_request](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_named_value.enable_fdr_psp_soap_request](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_named_value.fdr1_cache_duration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_named_value.fdr_cachedresponse_containername](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_named_value.fdr_cachedresponse_saname](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_named_value.fdr_ci_soap_request_ci_list](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | +| [azurerm_api_management_named_value.fdr_psp_soap_request_psp_list](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | | [azurerm_api_management_named_value.fdrcontainername](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | | [azurerm_api_management_named_value.fdrsaname](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | | [azurerm_api_management_named_value.ftp_organization](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource | @@ -80,6 +87,9 @@ | [kubernetes_role_binding.deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/role_binding) | resource | | [kubernetes_role_binding.system_deployer_binding](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/role_binding) | resource | | [kubernetes_service_account.azure_devops](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/service_account) | resource | +| [terraform_data.sha256_fdr_pagopa_policy_nodoChiediElencoFlussiRendicontazione](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource | +| [terraform_data.sha256_fdr_pagopa_policy_nodoChiediFlussoRendicontazione](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource | +| [terraform_data.sha256_fdr_pagopa_policy_nodoInviaFlussoRendicontazione](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource | | [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/2.30.0/docs/data-sources/group) | data source | | [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/2.30.0/docs/data-sources/group) | data source | | [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/2.30.0/docs/data-sources/group) | data source | @@ -115,8 +125,10 @@ | [azurerm_resource_group.msg_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_storage_account.fdr_conversion_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.fdr_flows_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | | [azurerm_storage_account.fdr_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | +| [azurerm_storage_container.fdr1_cached_response](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_container) | data source | | [azurerm_storage_container.fdr_rend_flow](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_container) | data source | | [azurerm_storage_container.fdr_rend_flow_out](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_container) | data source | | [azurerm_subnet.apim_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | @@ -138,12 +150,15 @@ | [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no | | [domain](#input\_domain) | n/a | `string` | n/a | yes | | [enable\_fdr3\_features](#input\_enable\_fdr3\_features) | Feature flag that enabled FdR-Fase3 APIs | `bool` | `false` | no | +| [enable\_fdr\_ci\_soap\_request](#input\_enable\_fdr\_ci\_soap\_request) | Switch to pagoPA FdR SOAP request for Orgs | `bool` | n/a | yes | +| [enable\_fdr\_psp\_soap\_request](#input\_enable\_fdr\_psp\_soap\_request) | Switch to pagoPA FdR SOAP request for PSP | `bool` | n/a | yes | | [enabled\_features](#input\_enabled\_features) | Features enabled in this domain | 
object({
  })
| `{}` | no | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | | [event\_name](#input\_event\_name) | Event name related to an EventHub | `string` | `null` | no | | [eventhub\_name](#input\_eventhub\_name) | EventHub name | `string` | `null` | no | | [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | +| [fdr1\_cache\_duration](#input\_fdr1\_cache\_duration) | The TTL of keys stored in internal cache for FdR1's cached responses | `string` | `"1800"` | no | | [fdr\_json\_to\_xml\_function](#input\_fdr\_json\_to\_xml\_function) | FdR JSON to XML function | 
object({
    always_on                    = bool
    kind                         = string
    sku_size                     = string
    sku_tier                     = string
    maximum_elastic_worker_count = number
  })
| 
{
  "always_on": true,
  "kind": "Linux",
  "maximum_elastic_worker_count": 1,
  "sku_size": "B1",
  "sku_tier": "Basic"
}
| no | | [fdr\_json\_to\_xml\_function\_app\_image\_tag](#input\_fdr\_json\_to\_xml\_function\_app\_image\_tag) | FdR JSON to XML function app docker image tag. Defaults to 'latest' | `string` | `"latest"` | no | | [fdr\_json\_to\_xml\_function\_autoscale](#input\_fdr\_json\_to\_xml\_function\_autoscale) | FdR JSON to XML function autoscaling parameters | 
object({
    default = number
    minimum = number
    maximum = number
  })
| n/a | yes | @@ -154,6 +169,8 @@ | [fdr\_re\_function\_autoscale](#input\_fdr\_re\_function\_autoscale) | FdR function autoscaling parameters | 
object({
    default = number
    minimum = number
    maximum = number
  })
| n/a | yes | | [fdr\_re\_function\_network\_policies\_enabled](#input\_fdr\_re\_function\_network\_policies\_enabled) | Network policies enabled | `bool` | `false` | no | | [fdr\_re\_function\_subnet](#input\_fdr\_re\_function\_subnet) | Address prefixes subnet | `list(string)` | `null` | no | +| [fdr\_soap\_request\_ci\_whitelist](#input\_fdr\_soap\_request\_ci\_whitelist) | String list comma separated | `string` | `"*"` | no | +| [fdr\_soap\_request\_psp\_whitelist](#input\_fdr\_soap\_request\_psp\_whitelist) | String list comma separated | `string` | `"*"` | no | | [fdr\_xml\_to\_json\_function](#input\_fdr\_xml\_to\_json\_function) | FdR XML to JSON function | 
object({
    always_on                    = bool
    kind                         = string
    sku_size                     = string
    sku_tier                     = string
    maximum_elastic_worker_count = number
  })
| 
{
  "always_on": true,
  "kind": "Linux",
  "maximum_elastic_worker_count": 1,
  "sku_size": "B1",
  "sku_tier": "Basic"
}
| no | | [fdr\_xml\_to\_json\_function\_app\_image\_tag](#input\_fdr\_xml\_to\_json\_function\_app\_image\_tag) | FdR XML to JSON function app docker image tag. Defaults to 'latest' | `string` | `"latest"` | no | | [fdr\_xml\_to\_json\_function\_autoscale](#input\_fdr\_xml\_to\_json\_function\_autoscale) | FdR function autoscaling parameters | 
object({
    default = number
    minimum = number
    maximum = number
  })
| n/a | yes | diff --git a/src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl b/src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl index a5797685ff..b57ffa540c 100644 --- a/src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl +++ b/src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa.xml.tpl @@ -1,11 +1,13 @@ + + - + ("enable_fdr_ci_soap_request_switch", "").Equals("true") )"> - + @@ -16,4 +18,4 @@ - \ No newline at end of file + diff --git a/src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa_nodoChiediElencoFlussiRendicontazione.xml.tpl b/src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa_nodoChiediElencoFlussiRendicontazione.xml.tpl new file mode 100644 index 0000000000..81d80476b3 --- /dev/null +++ b/src/domains/fdr-app/api/fdr-fase1/nodoPerPa/v1/fdr_pagopa_nodoChiediElencoFlussiRendicontazione.xml.tpl @@ -0,0 +1,195 @@ + + + + + + + ("enable_fdr_ci_soap_request_switch", "").Equals("true") )"> + + + + + + + + 2 ? result[1].Substring(1,result[1].Length-3).Replace("xmlns=\"\">", "") : "ND"; + + String[] tagStationId = {"identificativoStazioneIntermediarioPA"}; + result = dom2parse.Split(tagStationId, StringSplitOptions.RemoveEmptyEntries); + String stationId = result.Length > 2 ? result[1].Substring(1,result[1].Length-3).Replace("xmlns=\"\">", "") : "ND"; + + String[] tagDomainId = {"identificativoDominio"}; + result = dom2parse.Split(tagDomainId, StringSplitOptions.RemoveEmptyEntries); + String domainId = result.Length > 2 ? result[1].Substring(1,result[1].Length-3).Replace("xmlns=\"\">", "") : "ND"; + + String[] tagPspId = {"identificativoPSP"}; + result = dom2parse.Split(tagPspId, StringSplitOptions.RemoveEmptyEntries); + String pspId = result.Length > 2 ? result[1].Substring(1,result[1].Length-3).Replace("xmlns=\"\">", "") : "ND"; + + return "fdr::fase1::cachereq::" + brokerId + "-" + stationId + "-" + domainId + "-" + pspId; + }" /> + + + + + + + + + + @{ return "https://{{fdr_cachedresponse_saname}}.blob.core.windows.net/" + "{{fdr_cachedresponse_containername}}" + "/" + ((string) context.Variables["fdr_cached_response_uuid"]) + ".xml"; } + GET + + {{fdr_cachedresponse_saname}}.blob.core.windows.net + + + BlockBlob + + + 2019-12-12 + + + */* + + + @("Bearer " + (string) context.Variables["msi-access-token"]) + + + + + + + + + + @{ return "BLOB content found for cached response with UUID [" + ((string) context.Variables["fdr_cached_response_uuid"]) + "]"; } + + ())" /> + + + + + + + @((string) context.Variables["cached_response_content_type"]) + + @((string) context.Variables["cached_response_blob"]) + + + + + + @{ return "No valid BLOB content found for cached response with UUID [" + ((string) context.Variables["fdr_cached_response_uuid"]) + "]"; } + + + + + + + + + + + + + + + + + + + + + + + 0 && result[1].Substring(1,result[1].Length-3) != null; + } catch (Exception e) { + return false; + } + }" /> + + + + + + + + + + + + + + + + + + + + @{ return "https://{{fdr_cachedresponse_saname}}.blob.core.windows.net/" + "{{fdr_cachedresponse_containername}}" + "/" + ((string) context.Variables["fdr_cached_response_uuid_value"]) + ".xml"; } + PUT + + {{fdr_cachedresponse_saname}}.blob.core.windows.net + + + BlockBlob + + + + + + + + + + + + + + + 2019-12-12 + + + text/xml + + + @("Bearer " + (string)context.Variables["msi-access-token"]) + + + + @(((int) context.Variables["response_status_code_to_cache"]).ToString()) + + + @((string) context.Variables["response_status_reason_to_cache"]) + + + @((string) context.Variables["response_content_type_to_cache"]) + + + @((string) context.Variables["response_body_to_cache"]) + + + + + + + + + + + + diff --git a/src/domains/fdr-app/api/fdr-fase1/nodoPerPsp/v1/fdr_nodoinvia_flussorendicontazione_flow.xml b/src/domains/fdr-app/api/fdr-fase1/nodoPerPsp/v1/fdr_nodoinvia_flussorendicontazione_flow.xml index 4bb3b9c4af..68f8f38b29 100644 --- a/src/domains/fdr-app/api/fdr-fase1/nodoPerPsp/v1/fdr_nodoinvia_flussorendicontazione_flow.xml +++ b/src/domains/fdr-app/api/fdr-fase1/nodoPerPsp/v1/fdr_nodoinvia_flussorendicontazione_flow.xml @@ -61,8 +61,8 @@ - - e == org_fiscal_code); @@ -70,6 +70,10 @@ }" /> + @("${base-url}/nodoInviaFlussoRendicontazioneFTP") POST @@ -80,7 +84,45 @@ - + + + + + + + + + + + + + @@ -145,7 +187,6 @@ @("Bearer " + (string)context.Variables["msi-access-token"]) - @((string)context.Variables["xmlRendicontazione"]) diff --git a/src/domains/fdr-app/dashboard/dash-fdr-soap.tpl b/src/domains/fdr-app/dashboard/dashboard-apim-fdr.tpl similarity index 96% rename from src/domains/fdr-app/dashboard/dash-fdr-soap.tpl rename to src/domains/fdr-app/dashboard/dashboard-apim-fdr.tpl index c921ee72b9..73bf937a66 100644 --- a/src/domains/fdr-app/dashboard/dash-fdr-soap.tpl +++ b/src/domains/fdr-app/dashboard/dashboard-apim-fdr.tpl @@ -56,7 +56,7 @@ }, { "name": "Query", - "value": "let threshold = 0.99;\nAzureDiagnostics\n| where TimeGenerated > ago(30m)\n| where url_s matches regex \"/nodo-auth/node-for-psp\" or url_s matches regex \"/nodo/nodo-per-psp\"\n| where operationId_s in ('63b6e2da2a92e811a8f33901', '63ff4f22aca2fd18dcc4a6f7', '61e9633eea7c4a07cc7d4811')\n| summarize\n Total=count(),\n Success=count(responseCode_d < 500)\n by bin(TimeGenerated, 5m)\n| extend availability=toreal(Success) / Total\n| project TimeGenerated, availability, watermark=threshold\n| render timechart with (xtitle = \"time\", ytitle= \"availability(%)\")\n", + "value": "let threshold = 0.99;\nAzureDiagnostics\n| where TimeGenerated > ago(30m)\n| where url_s matches regex \"/nodo-auth/node-for-psp\" or url_s matches regex \"/nodo-auth/nodo-per-psp\" or url_s matches regex \"/nodo/nodo-per-psp\"\n| where operationId_s in ('63b6e2da2a92e811a8f33901', '63ff4f22aca2fd18dcc4a6f7', '61e9633eea7c4a07cc7d4811')\n| summarize\n Total=count(),\n Success=count(responseCode_d < 500)\n by bin(TimeGenerated, 5m)\n| extend availability=toreal(Success) / Total\n| project TimeGenerated, availability, watermark=threshold\n| render timechart with (xtitle = \"time\", ytitle= \"availability(%)\")\n", "isOptional": true }, { @@ -176,7 +176,7 @@ }, { "name": "Query", - "value": "AzureDiagnostics\n| where TimeGenerated > ago(30m)\n| where url_s matches regex \"/nodo-auth/node-for-psp\" or url_s matches regex \"/nodo/nodo-per-psp\"\n| where operationId_s in ('63b6e2da2a92e811a8f33901', '63ff4f22aca2fd18dcc4a6f7', '61e9633eea7c4a07cc7d4811')\n| extend HTTPStatus = case(\n responseCode_d between (100 .. 199), \"1XX\",\n responseCode_d between (200 .. 299), \"2XX\",\n responseCode_d between (300 .. 399), \"3XX\",\n responseCode_d between (400 .. 499), \"4XX\",\n \"5XX\")\n| summarize count() by HTTPStatus, bin(TimeGenerated, 5m)\n| render areachart with (xtitle = \"time\", ytitle= \"count\")\n\n", + "value": "AzureDiagnostics\n| where TimeGenerated > ago(30m)\n| where url_s matches regex \"/nodo-auth/node-for-psp\" or url_s matches regex \"/nodo-auth/nodo-per-psp\" or url_s matches regex \"/nodo/nodo-per-psp\"\n| where operationId_s in ('63b6e2da2a92e811a8f33901', '63ff4f22aca2fd18dcc4a6f7', '61e9633eea7c4a07cc7d4811')\n| extend HTTPStatus = case(\n responseCode_d between (100 .. 199), \"1XX\",\n responseCode_d between (200 .. 299), \"2XX\",\n responseCode_d between (300 .. 399), \"3XX\",\n responseCode_d between (400 .. 499), \"4XX\",\n \"5XX\")\n| summarize count() by HTTPStatus, bin(TimeGenerated, 5m)\n| render areachart with (xtitle = \"time\", ytitle= \"count\")\n\n", "isOptional": true }, { @@ -297,7 +297,7 @@ }, { "name": "Query", - "value": "let threshold = 1;\nAzureDiagnostics\n| where TimeGenerated > ago(30m)\n| where url_s matches regex \"/nodo-auth/node-for-psp\" or url_s matches regex \"/nodo/nodo-per-psp\"\n| where operationId_s in ('63b6e2da2a92e811a8f33901', '63ff4f22aca2fd18dcc4a6f7', '61e9633eea7c4a07cc7d4811')\n| summarize\n watermark=threshold,\n duration_percentile_95=percentiles(DurationMs / 100.0, 95) by bin(TimeGenerated, 5m)\n| render timechart with (xtitle = \"time\", ytitle= \"response time(s)\")\n\n", + "value": "let threshold = 1;\nAzureDiagnostics\n| where TimeGenerated > ago(30m)\n| where url_s matches regex \"/nodo-auth/node-for-psp\" or url_s matches regex \"/nodo-auth/nodo-per-psp\" or url_s matches regex \"/nodo/nodo-per-psp\"\n| where operationId_s in ('63b6e2da2a92e811a8f33901', '63ff4f22aca2fd18dcc4a6f7', '61e9633eea7c4a07cc7d4811')\n| summarize\n watermark=threshold,\n duration_percentile_95=percentiles(DurationMs / 100.0, 95) by bin(TimeGenerated, 5m)\n| render timechart with (xtitle = \"time\", ytitle= \"response time(s)\")\n\n", "isOptional": true }, { diff --git a/src/domains/fdr-app/env/weu-dev/terraform.tfvars b/src/domains/fdr-app/env/weu-dev/terraform.tfvars index 47f347e1dd..b2f7d0af4f 100644 --- a/src/domains/fdr-app/env/weu-dev/terraform.tfvars +++ b/src/domains/fdr-app/env/weu-dev/terraform.tfvars @@ -48,7 +48,6 @@ reporting_fdr_storage_account_info = { } ### External resources - monitor_resource_group_name = "pagopa-d-monitor-rg" log_analytics_workspace_name = "pagopa-d-law" log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg" @@ -75,23 +74,16 @@ tls_cert_check_helm = { image_name = "reporting-fdr" image_tag = "latest" -apim_fdr_nodo_pagopa_enable = true # 👀 https://pagopa.atlassian.net/wiki/spaces/PN5/pages/647497554/Design+Review+Flussi+di+Rendicontazione +# FDR ( phase#1 and phase#3 cfg ) +enable_fdr3_features = true +enable_fdr_ci_soap_request = true +enable_fdr_psp_soap_request = true +fdr_soap_request_psp_whitelist = "*" +fdr_soap_request_ci_whitelist = "*" +fdr1_cache_duration = "1800" +apim_fdr_nodo_pagopa_enable = true # 👀 https://pagopa.atlassian.net/wiki/spaces/PN5/pages/647497554/Design+Review+Flussi+di+Rendicontazione -# fdr re -fdr_re_function = { - always_on = true - kind = "Linux" - sku_size = "B1" - sku_tier = "Basic" - maximum_elastic_worker_count = null -} -fdr_re_function_subnet = ["10.1.181.0/24"] -fdr_re_function_network_policies_enabled = false -fdr_re_function_autoscale = { - default = 1 - minimum = 1 - maximum = 3 -} +ftp_organization = "55555555555,90000000002,88888888888,11111111111,paStress4,44444444444,19721972197,11111122222,66666666666,55555666666,89898989898,20000000002,11111122223,11223344551,15376371009_FTP" # fdr xml to json fdr_xml_to_json_function_subnet = ["10.1.182.0/24"] @@ -107,26 +99,6 @@ fdr_xml_to_json_function = { fdr_xml_to_json_function_autoscale = { default = 1 minimum = 1 - maximum = 3 -} - -# fdr json to xml -fdr_json_to_xml_function_subnet = ["10.1.185.0/24"] -fdr_json_to_xml_function_network_policies_enabled = false -fdr_json_to_xml_function = { - always_on = true - kind = "Linux" - sku_size = "B1" - sku_tier = "Basic" - maximum_elastic_worker_count = null -} - -fdr_json_to_xml_function_autoscale = { - default = 1 - minimum = 1 - maximum = 3 + maximum = 1 } -ftp_organization = "55555555555,90000000002,88888888888,11111111111,paStress4,44444444444,19721972197,11111122222,66666666666,55555666666,89898989898,20000000002,11111122223,11223344551,15376371009_FTP" - -enable_fdr3_features = true diff --git a/src/domains/fdr-app/env/weu-prod/terraform.tfvars b/src/domains/fdr-app/env/weu-prod/terraform.tfvars index 67e94c90c2..7dfd389bfd 100644 --- a/src/domains/fdr-app/env/weu-prod/terraform.tfvars +++ b/src/domains/fdr-app/env/weu-prod/terraform.tfvars @@ -1,11 +1,12 @@ -prefix = "pagopa" -env_short = "p" -env = "prod" -domain = "fdr" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "prod" +prefix = "pagopa" +env_short = "p" +env = "prod" +domain = "fdr" +location = "westeurope" +location_short = "weu" +location_string = "West Europe" +instance = "prod" + gh_runner_job_location = "italynorth" tags = { @@ -16,7 +17,6 @@ tags = { CostCenter = "TS310 - PAGAMENTI & SERVIZI" } - # function app reporting_fdr_function_always_on = true @@ -50,7 +50,6 @@ reporting_fdr_storage_account_info = { } ### External resources - monitor_resource_group_name = "pagopa-p-monitor-rg" log_analytics_workspace_name = "pagopa-p-law" log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg" @@ -77,24 +76,16 @@ tls_cert_check_helm = { image_name = "reporting-fdr" image_tag = "latest" -apim_fdr_nodo_pagopa_enable = false # 👀 https://pagopa.atlassian.net/wiki/spaces/PN5/pages/647497554/Design+Review+Flussi+di+Rendicontazione +# FDR ( phase#1 and phase#3 cfg ) +enable_fdr3_features = false +enable_fdr_ci_soap_request = false +enable_fdr_psp_soap_request = false +fdr_soap_request_psp_whitelist = "NA" +fdr_soap_request_ci_whitelist = "NA" +fdr1_cache_duration = "1800" # sec +apim_fdr_nodo_pagopa_enable = false # 👀 https://pagopa.atlassian.net/wiki/spaces/PN5/pages/647497554/Design+Review+Flussi+di+Rendicontazione -# fdr re -fdr_re_function = { - always_on = true - kind = "Linux" - sku_size = "P1v3" - sku_tier = "Basic" - maximum_elastic_worker_count = 0 -} -fdr_re_function_always_on = true -fdr_re_function_subnet = ["10.1.181.0/24"] -fdr_re_function_network_policies_enabled = false -fdr_re_function_autoscale = { - default = 1 - minimum = 1 - maximum = 10 -} +ftp_organization = "80078750587,00488410010,97532760580,12300020158" # fdr xml to json fdr_xml_to_json_function_subnet = ["10.1.182.0/24"] @@ -113,25 +104,3 @@ fdr_xml_to_json_function_autoscale = { maximum = 10 } -# fdr json to xml -fdr_json_to_xml_function_subnet = ["10.1.185.0/24"] -fdr_json_to_xml_function_network_policies_enabled = true -fdr_json_to_xml_function = { - always_on = true - kind = "Linux" - sku_size = "B1" - sku_tier = "Basic" - maximum_elastic_worker_count = 0 -} - -fdr_json_to_xml_function_autoscale = { - default = 1 - minimum = 1 - maximum = 10 -} - - - -ftp_organization = "80078750587,00488410010,97532760580,12300020158" - -enable_fdr3_features = false diff --git a/src/domains/fdr-app/env/weu-uat/terraform.tfvars b/src/domains/fdr-app/env/weu-uat/terraform.tfvars index f952eb16f3..cd96724b18 100644 --- a/src/domains/fdr-app/env/weu-uat/terraform.tfvars +++ b/src/domains/fdr-app/env/weu-uat/terraform.tfvars @@ -74,23 +74,16 @@ tls_cert_check_helm = { image_name = "reporting-fdr" image_tag = "latest" -apim_fdr_nodo_pagopa_enable = true # 👀 https://pagopa.atlassian.net/wiki/spaces/PN5/pages/647497554/Design+Review+Flussi+di+Rendicontazione +# FDR ( phase#1 and phase#3 cfg ) +enable_fdr3_features = true +enable_fdr_ci_soap_request = true +enable_fdr_psp_soap_request = true +fdr_soap_request_psp_whitelist = "*" +fdr_soap_request_ci_whitelist = "*" +fdr1_cache_duration = "1800" # sec +apim_fdr_nodo_pagopa_enable = true # 👀 https://pagopa.atlassian.net/wiki/spaces/PN5/pages/647497554/Design+Review+Flussi+di+Rendicontazione -# fdr re -fdr_re_function = { - always_on = true - kind = "Linux" - sku_size = "P1v3" #"B1" - # sku_tier = "Basic" - maximum_elastic_worker_count = 0 -} -fdr_re_function_subnet = ["10.1.181.0/24"] -fdr_re_function_network_policies_enabled = true -fdr_re_function_autoscale = { - default = 1 - minimum = 1 - maximum = 10 -} +ftp_organization = "99999999999,80078750587,88888888888,97532760580,12300020158,00488410010" # fdr xml to json fdr_xml_to_json_function_subnet = ["10.1.182.0/24"] @@ -106,26 +99,6 @@ fdr_xml_to_json_function = { fdr_xml_to_json_function_autoscale = { default = 1 minimum = 1 - maximum = 10 + maximum = 1 } -# fdr json to xml -fdr_json_to_xml_function_subnet = ["10.1.185.0/24"] -fdr_json_to_xml_function_network_policies_enabled = true -fdr_json_to_xml_function = { - always_on = true - kind = "Linux" - sku_size = "B1" - sku_tier = "Basic" - maximum_elastic_worker_count = 0 -} - -fdr_json_to_xml_function_autoscale = { - default = 1 - minimum = 1 - maximum = 10 -} - -ftp_organization = "99999999999,80078750587,88888888888,97532760580,12300020158,00488410010" - -enable_fdr3_features = true \ No newline at end of file diff --git a/src/domains/fdr-common/.terraform.lock.hcl b/src/domains/fdr-common/.terraform.lock.hcl index 13cfcf858b..2be2a1c39c 100644 --- a/src/domains/fdr-common/.terraform.lock.hcl +++ b/src/domains/fdr-common/.terraform.lock.hcl @@ -6,10 +6,6 @@ provider "registry.terraform.io/azure/azapi" { constraints = "<= 1.13.1" hashes = [ "h1:2cnqo8u7YMuBexFZv8/lXGxIn1dXuEnC44LAL90GAa0=", - "h1:EHLgSlpuzCcWaDBCB3J1D5xkHKoEeX8TkeYNlnRA1qc=", - "h1:Q10vF78s0i71/CfRYbeoRLAWuJrat2kxIrHK9/yaEYk=", - "h1:l6sI11YTFkGxAB2HnLSi3u1TGscOO34BFuEg2TJUZHQ=", - "h1:xDZG4lbtQJeyJa3Gzo8qecYxyw+AIXYcdDRlkaSLNz8=", "zh:1f2aceddd67ceeb82a75c2f15dc01e54781e9aed5968507dbc29590c165b2e2b", "zh:397f0bfbac899d48e23cecf38d362c27562150aa20b19157b5bd370b8e6801ee", "zh:652263b7d00623684e29ef7b8ff285a17c5bd7cc8ba7d22967c66d0b3a3c568a", @@ -29,11 +25,7 @@ provider "registry.terraform.io/hashicorp/azuread" { version = "2.47.0" constraints = "<= 2.47.0" hashes = [ - "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=", - "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", - "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=", "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", @@ -51,12 +43,8 @@ provider "registry.terraform.io/hashicorp/azuread" { provider "registry.terraform.io/hashicorp/azurerm" { version = "3.117.0" - constraints = "~> 3.30, ~> 3.76, != 3.97.0, != 3.97.1, < 4.0.0" + constraints = "~> 3.30, ~> 3.76, != 3.97.0, != 3.97.1, ~> 3.110, >= 3.116.0, < 4.0.0" hashes = [ - "h1:4v/cLZEL5PpXn36bG1YjD9sraf1XZ5NX/yMItDa6f18=", - "h1:Ew2CcKxce0b1gv3KpztpPt54dw1y7qEnkda5n0fuoPg=", - "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", - "h1:h4lGsuXDO9QRtFWrJrCWU355FDnlzX8CqKdTtZsgoBI=", "h1:pAXy9cKU+bX1rvWog4YWeLbg7VFHqRTAFKbjayIXK1k=", "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", @@ -77,11 +65,7 @@ provider "registry.terraform.io/hashicorp/null" { version = "3.2.2" constraints = "~> 3.2, <= 3.2.2" hashes = [ - "h1:Gef5VGfobY5uokA5nV/zFvWeMNR2Pmq79DH94QnNZPM=", "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", - "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=", - "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=", - "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", diff --git a/src/domains/fdr-common/02_security.tf b/src/domains/fdr-common/02_security.tf index 60cf6187bb..320cc98e98 100644 --- a/src/domains/fdr-common/02_security.tf +++ b/src/domains/fdr-common/02_security.tf @@ -48,16 +48,6 @@ resource "azurerm_key_vault_secret" "evthub_fdr-qi-reported-iuv_rx" { ############ ## Cosmos ## ############ -resource "azurerm_key_vault_secret" "fdr_mongodb_connection_string" { - name = "mongodb-connection-string" - value = module.cosmosdb_account_mongodb.connection_strings[0] - key_vault_id = data.azurerm_key_vault.key_vault.id - - depends_on = [ - module.cosmosdb_account_mongodb - ] -} - resource "azurerm_key_vault_secret" "fdr_re_mongodb_connection_string" { name = "mongodb-re-connection-string" value = module.cosmosdb_account_mongodb_fdr_re.connection_strings[0] diff --git a/src/domains/fdr-common/03_cosmos_mongodb_fdr.tf b/src/domains/fdr-common/03_cosmos_mongodb_fdr.tf deleted file mode 100644 index b04cc3d949..0000000000 --- a/src/domains/fdr-common/03_cosmos_mongodb_fdr.tf +++ /dev/null @@ -1,115 +0,0 @@ -module "cosmosdb_account_mongodb" { - source = "./.terraform/modules/__v3__/cosmosdb_account" - domain = null - name = "${local.project}-cosmos-account" - location = var.location - resource_group_name = azurerm_resource_group.db_rg.name - - offer_type = var.cosmos_mongo_db_fdr_params.offer_type - kind = var.cosmos_mongo_db_fdr_params.kind - capabilities = var.cosmos_mongo_db_fdr_params.capabilities - mongo_server_version = var.cosmos_mongo_db_fdr_params.server_version - enable_free_tier = var.cosmos_mongo_db_fdr_params.enable_free_tier - - public_network_access_enabled = var.cosmos_mongo_db_fdr_params.public_network_access_enabled - private_endpoint_enabled = var.cosmos_mongo_db_fdr_params.private_endpoint_enabled - subnet_id = module.cosmosdb_fdr_snet.id - private_dns_zone_mongo_ids = [data.azurerm_private_dns_zone.cosmos.id] - is_virtual_network_filter_enabled = var.cosmos_mongo_db_fdr_params.is_virtual_network_filter_enabled - allowed_virtual_network_subnet_ids = var.cosmos_mongo_db_fdr_params.public_network_access_enabled ? [] : [data.azurerm_subnet.aks_subnet.id] - - consistency_policy = var.cosmos_mongo_db_fdr_params.consistency_policy - main_geo_location_location = var.location - main_geo_location_zone_redundant = var.cosmos_mongo_db_fdr_params.main_geo_location_zone_redundant - additional_geo_locations = var.cosmos_mongo_db_fdr_params.additional_geo_locations - - backup_continuous_enabled = var.cosmos_mongo_db_fdr_params.backup_continuous_enabled - - tags = var.tags -} - -resource "azurerm_cosmosdb_mongo_database" "fdr" { - name = "fdr" - resource_group_name = azurerm_resource_group.db_rg.name - account_name = module.cosmosdb_account_mongodb.name - - throughput = var.cosmos_mongo_db_fdr_params.enable_autoscaling || var.cosmos_mongo_db_fdr_params.enable_serverless ? null : var.cosmos_mongo_db_fdr_params.throughput - - dynamic "autoscale_settings" { - for_each = var.cosmos_mongo_db_fdr_params.enable_autoscaling && !var.cosmos_mongo_db_fdr_params.enable_serverless ? [""] : [] - content { - max_throughput = var.cosmos_mongo_db_fdr_params.max_throughput - } - } - -} - -# Collections -locals { - collections = [ - { - name = "fdr_flow" - indexes = [ - { - keys = ["_id"] # document UID - unique = true - }, - { - keys = ["sender.psp_id", "name", "revision"] # flow_revision_idx - unique = true - }, - { - keys = ["sender.psp_id", "receiver.organization_id", "published"] # published_flow_by_psp_idx - unique = false - }, - { - keys = ["receiver.organization_id", "sender.psp_id", "published"] # published_flow_by_organization_idx - unique = false - } - ] - shard_key = null, - ttl_seconds = var.cosmos_mongo_db_fdr_params.fdr_flow_container_ttl - }, - { - name = "fdr_payment" - indexes = [ - { - keys = ["_id"] # document UID - unique = true - }, - { - keys = ["ref_fdr.id", "index"] # payment_by_fdr_idx - unique = true - }, - #{ - # keys = ["ref_fdr.sender_psp_id", "iuv", "created"] # payment_by_iuv_idx - # unique = false - #} - ] - shard_key = null, - ttl_seconds = var.cosmos_mongo_db_fdr_params.fdr_payment_container_ttl - }, - ] -} - -module "cosmosdb_fdr_collections" { - source = "./.terraform/modules/__v3__/cosmosdb_mongodb_collection" - - for_each = { - for index, coll in local.collections : - coll.name => coll - } - - name = each.value.name - resource_group_name = azurerm_resource_group.db_rg.name - - cosmosdb_mongo_account_name = module.cosmosdb_account_mongodb.name - cosmosdb_mongo_database_name = azurerm_cosmosdb_mongo_database.fdr.name - - indexes = each.value.indexes - shard_key = each.value.shard_key - - default_ttl_seconds = var.cosmos_mongo_db_fdr_params.container_default_ttl - - lock_enable = var.env_short == "p" ? true : false -} diff --git a/src/domains/fdr-common/03_storage_account_fdr.tf b/src/domains/fdr-common/03_storage_account_fdr.tf index 0a9d55866c..6186764ccb 100644 --- a/src/domains/fdr-common/03_storage_account_fdr.tf +++ b/src/domains/fdr-common/03_storage_account_fdr.tf @@ -141,3 +141,75 @@ resource "azurerm_storage_table" "fdr1_conversion_error_table" { storage_account_name = module.fdr_conversion_sa.name } +## fdr 1 cached responses blob container +resource "azurerm_storage_container" "fdr1_cached_response_blob_file" { + name = "fdr1-cached-response" + storage_account_name = module.fdr_conversion_sa.name +} + + + + +## 🐞https://github.com/hashicorp/terraform-provider-azurerm/pull/15832 +## blob lifecycle policy +# https://azure.microsoft.com/it-it/blog/azure-blob-storage-lifecycle-management-now-generally-available/ +resource "azurerm_storage_management_policy" "fdr1_cached_response_blob_file_management_policy" { + storage_account_id = module.fdr_conversion_sa.id + + rule { + name = "deleteafterdays" + enabled = true + filters { + prefix_match = ["${azurerm_storage_container.fdr1_cached_response_blob_file.name}/"] + blob_types = ["blockBlob"] + } + + # https://docs.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview + actions { + # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy#delete_after_days_since_modification_greater_than + base_blob { + delete_after_days_since_modification_greater_than = var.fdr1_cached_response_blob_file_retention_days + } + snapshot { + delete_after_days_since_creation_greater_than = 30 + } + } + } + +} + + +# https://medium.com/marcus-tee-anytime/secure-azure-blob-storage-with-azure-api-management-managed-identities-b0b82b53533c + +# 1 - add Blob Data Contributor to apim for FDR1's Cached response blob storage +resource "azurerm_role_assignment" "fdrconversionsa_data_contributor_role" { + scope = module.fdr_conversion_sa.id + role_definition_name = "Storage Blob Data Contributor" + principal_id = data.azurerm_api_management.apim.identity[0].principal_id + + depends_on = [ + module.fdr_conversion_sa + ] +} + +# 2 - Change container Authentication method to Azure AD authentication +resource "null_resource" "change_auth_fdr1_cached_response_blob_file" { + + triggers = { + apim_principal_id = data.azurerm_api_management.apim.identity[0].principal_id + } + + provisioner "local-exec" { + command = < [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | | [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | +| [fdr1\_cached\_response\_blob\_file\_retention\_days](#input\_fdr1\_cached\_response\_blob\_file\_retention\_days) | The number of day for storage\_management\_policy | `number` | `30` | no | | [fdr\_convertion\_delete\_retention\_days](#input\_fdr\_convertion\_delete\_retention\_days) | Number of days to retain deleted. | `number` | `30` | no | | [fdr\_history\_storage\_account](#input\_fdr\_history\_storage\_account) | n/a | 
object({
    account_kind                       = string
    account_tier                       = string
    account_replication_type           = string
    advanced_threat_protection         = bool
    advanced_threat_protection_enabled = bool
    blob_versioning_enabled            = bool
    public_network_access_enabled      = bool
    blob_delete_retention_days         = number
    enable_low_availability_alert      = bool
    backup_enabled                     = optional(bool, false)
    backup_retention                   = optional(number, 0)
  })
| 
{
  "account_kind": "StorageV2",
  "account_replication_type": "LRS",
  "account_tier": "Standard",
  "advanced_threat_protection": true,
  "advanced_threat_protection_enabled": true,
  "backup_enabled": false,
  "backup_retention": 0,
  "blob_delete_retention_days": 30,
  "blob_versioning_enabled": false,
  "enable_low_availability_alert": false,
  "public_network_access_enabled": false
}
| no | | [fdr\_re\_advanced\_threat\_protection](#input\_fdr\_re\_advanced\_threat\_protection) | Enable contract threat advanced protection | `bool` | `false` | no | diff --git a/src/domains/fdr-common/env/weu-uat/terraform.tfvars b/src/domains/fdr-common/env/weu-uat/terraform.tfvars index 44adafe633..54fa25ca47 100644 --- a/src/domains/fdr-common/env/weu-uat/terraform.tfvars +++ b/src/domains/fdr-common/env/weu-uat/terraform.tfvars @@ -38,7 +38,7 @@ pgres_flex_params = { db_version = "15" # Possible values are 32768, 65536, 131072, 262144, 524288, 1048576, # 2097152, 4194304, 8388608, 16777216, and 33554432. - storage_mb = 32768 + storage_mb = 1048576 # 1Tib zone = 1 backup_retention_days = 7 geo_redundant_backup_enabled = false diff --git a/src/domains/fdr-secret/secret/weu-prod/noedit_secret_enc.json b/src/domains/fdr-secret/secret/weu-prod/noedit_secret_enc.json index e71a4969ab..7477278988 100644 --- a/src/domains/fdr-secret/secret/weu-prod/noedit_secret_enc.json +++ b/src/domains/fdr-secret/secret/weu-prod/noedit_secret_enc.json @@ -3,25 +3,21 @@ "db-administrator-login-password": "ENC[AES256_GCM,data:WOzUcM/N5jpERHGegYQvEujmwGgZ5w==,iv:b+x918B962jBrkpiHu4oxn8e+N0yNcMM7Lk8WwObdZ4=,tag:+AWf8te9eSUSmy9rJIDL6w==,type:str]", "ai-connection-string": "ENC[AES256_GCM,data:iz1wQ2v+CTmCotxpNefHfScBJkHFXh4eIxvwo+3VFoqqnGBcFdKaXGsFHyrY3Du/S8hLIFOeFw==,iv:3qOkc8S6s63F7AIdnA5XTkAa37r3iYDDo8Sle/UeHRs=,tag:e+PxaUD4E1Nl1ycNYCfZNQ==,type:str]", "api-config-cache-subscription-key-string": "ENC[AES256_GCM,data:YbulS7FStTls43qTnxShlrTp5yxwL7g+nU1tazBlOd0=,iv:mw9ULy/j1Dx22821L1VZNjuFfZeubT8IYmgPE5hjbhw=,tag:2lwRGQs1FJTQwKwv5ZJ6kg==,type:str]", - "azure-event-hub-re-connection-string": "ENC[AES256_GCM,data:Ht3kXEwCER0Ywcwj7C4YvM2AF5aXaJXjFsHJo6ih8FFJ6/LBqRosB/ssh803USHtK5iO/bYAOPTZEJoD9AwnBeMXV4k82nZEz3yvhT9NcFcXTM2OZuSaBMBcVdOdfylAFW5y83WHG7G/Ub9/i3t/JLhDxyLJsL1KbcWEqUXZbM5TE8ZoHqy0uf0mockV4HPafD/W33qARrDjEp29TTPkgz06nN1oXi/FNiTGSY8TkD2M6Fr2O4heu3YIurysr94T,iv:wxHPROi+P6hRSdFGJPghr1YwVrqpR4d5NvC7VE2zljQ=,tag:frl0ck+T1R5cpLXzFeFmjQ==,type:str]", - "azure-storage-blob-connection-string": "ENC[AES256_GCM,data:jpg8j2FYbHcuIeqN/25Q2ukgYuYGuTDK51HjfBmst9sJRUtv5VJ4pNWMjS8tcOAaMb/L/JnukvgUv7YqlzWO8lNLItmWzw5jZHuPyMGW2RYiL1cZcm2sVyp1q4m+uhAZqF5+EFRESJ2MnuxGc7tB5J3v8z2WZ9ulXofqRKmnpnfgtSHHaOFx0VVgWW2o0Kd/ecgnxtriHxUqMqLjqnkfIw8mqW553npLvttGOm+G6MDO+JEK3aWPENOe56H+mA==,iv:Qcf3Rs34pb4mvQl9hr5a1GHWozyPbDw/Np6ZSDuQqJw=,tag:87wal3s0DTwH/ipXmZD08g==,type:str]", "db-fdr-password": "ENC[AES256_GCM,data:qceDz2X48LN+3c+kZzlcuA==,iv:dCGPk3p36F/nnWFw11fOvV4hV0Oi6WychjacLyzdIJo=,tag:Nu24Z5gD/1boI+zOUIvOvQ==,type:str]", + "db-fdr3-password": "ENC[AES256_GCM,data:G6WXLOnNHxddFJcknmbrRA==,iv:lW2HGcYnonwU79CyQx/O2zg+/wYiST2o0Lk1HhMplsw=,tag:mkozdBNpl5A+Bk+O+rEZdA==,type:str]", "lightbend-key": "ENC[AES256_GCM,data:RA21DXT//gdFJKO/W+Y+Szt4/R+eIYRVox18CWE3qaKzBzYKG2h33nEoPhyVDQsl,iv:vvyMTR0d/nmIXyp6nTgsa1s6luwOLhBEclhIcg7QMfk=,tag:dM3Okg3nUjLTxuOXQSezEQ==,type:str]", - "mongodb-connection-string": "ENC[AES256_GCM,data:g/KHQmISski4kXtTvU92tzkBNzDrlsZeRpylRH33U+f53YSDTE/t3xwDsaZY+n2LStXxDMV6euPkW1gD4lSAL50T7cDu1wce1eHdveo7MW7IXie7hha574G1+xuJzqT/1GPBaVyURvAk20QcGIJOfl5Wn5KkEBaa52kCy6ZszPpPWfoVpSt2kjuwyGgSMD7jKI6Rf4gdn9QMwrJDmJ1OU4BtEffbTt004d3NaLyV66dlM1ACKUv1CSarcPy/Tp3VssPsyIbcf93w/A1hNbj78lc3tjK9oGyfhoaYaiZcVhXtD5Dkxi5dPysHHtHiQX28z7hGVLUIfXpQ337xwUACyR9BuxEQjQnbhq3gnwFEKEGoptEJY7JtmWZe/sBzs1h8LHs71niO1xP+7wO8eKk=,iv:q/Nxh7mrOuZ/Bk0XCMMBKA7B9Pluogp6WDf/a9ukzjI=,tag:csjWZidDj0u87rmVe/YUGQ==,type:str]", "otel-auth-bearer": "ENC[AES256_GCM,data:RhRPycaxl8o+dAii6iLjjX8NnuiOyifpEtCY1+/oDYSgt9bykgzfab41UtdcuZd59ZUvKF1DmAI2kVcBNyXq0hSxdHtcYeiPe5nqqfngkNG7ZfXH3rqEJOwzsl40jFHUMd2x8xMCWpeQL6XGSFnI,iv:1BlXtjfv8439QdNebmK2oOZKsRwO997XnNCHJ1G80Ls=,tag:Kh8ti3OyPPDAKnpxvRXRXQ==,type:str]", - "fdr-sa-connection-string": "ENC[AES256_GCM,data:k+B4p42GftYJVIUMcdxqLdMXY2A/x1sq0pS2kFxQMqqmmnV5SOaYoa8EtMUX0RwMSjEEjF2VQxCIUATmXd+kEQaD88/ZqgTNHqQ/vx+kce+n5ya72Fpq+5Aqwk3if9D2vDzM/+Rmi24EcJ+mY7Hegs05nIA2ytvDwz6eQ7jtb6vHIl80PMORPPv+bBxZ/F3Zw0nRJIPPQcztNpnOi/tAOn7dOBwO69j/BTlFPoQsPP6Bf3odUY3I/asE8NTSSg==,iv:ggb9uRvCLWQNcn1n/StPMguKxN+YDtKlXQtT7mzoE4A=,tag:m7B0uo6fUCSzWilq0rcq0w==,type:str]", "fdr-subscription-key-string": "ENC[AES256_GCM,data:0Q4UmlGH,iv:3ilSoget+UaHxivfa0T0D8VmZbwKqLdo+BbLKYRZao8=,tag:9MucJTUDfiuL3ewW8fDpuw==,type:str]", "fdr-internal-product-subscription-key": "ENC[AES256_GCM,data:mKumUOXz,iv:D9DI5SXgNvf2wTyXvSuiXXAasgM4uTNhnKd2GNeqsJ8=,tag:zy5qbTVPDYOzGknafpK3Kw==,type:str]", "pagopa-pagamenti-deploy-slack-webhook": "ENC[AES256_GCM,data:Odp3MkkTp/+G41qzIR5cc9DB+CaU8gmJxypDsFIUJdcgfVpUlx6WPfIM8XVxrbgbL2U8mG+T27qqcc26+jNnYQokapqA8WIx0/AZo+BFPg==,iv:N/A0pgePGAWHodfa+ZuzEA7VeV1faO1pf+b2mQwssSg=,tag:22rP+Z8jLgAKqI5B/cvl6g==,type:str]", "pagopa-pagamenti-integration-test-slack-webhook": "ENC[AES256_GCM,data:t3zb0kXeBZ5Xdq5GKh3Bm22krJtkR+p1UR5AYCD3DQOJOXq5BIE6Y70pBlLOJt+z8mgZXqmiaf8oQlGu1X7eQG/LMQCnDj6cJQ7JANYIvQ==,iv:/mCEP4HLVjIQej6BWM+kqzd92d9mAUygNM2+Iet8k5w=,tag:0Vg5UwpAIZflWl3Q2/dYUg==,type:str]", "pagopa-pagamenti-report-slack-webhook": "ENC[AES256_GCM,data:aLqHGlM6eQqFibVc6QTmZZMZzqfhDuNUjYmJfBBTOFLWfSjPHI2c3U16oNGXj18ov+D8q5kmRg0ZuXPF5HsXzoAbU7HylEaf08kCWRSmeA==,iv:vPKYCkOMyjWUIbGDCUoH/oNqbrkbKPMjuyn4WrVohQs=,tag:swSr1KxvJ2GqgWz/na9bXA==,type:str]", "fdr-legacy-subscription-key": "ENC[AES256_GCM,data:I0+ugnFQ97NaDnzY5rqPVOHb+tfsDc3PKNHnj2DIF4c=,iv:isjDzjCLv+PCJp7EHU6Et50k8ySE7LUSCnBHAWeUB3I=,tag:jyJIEelGtYBsfsCk+1yeYw==,type:str]", - "fdr-history-sa-connection-string": "ENC[AES256_GCM,data:AoNh7EKaqEGJVJjw1AVIQZ+M/Fb+Q6qz7ul02mc5e09YA9IPO6yg+5mxhsxE5g2vqlicBchC2vWGCLkGLSW4+mB0ov1ymQMNyGObMTrBZF66amHItCdlP0oQEt0oCcJcwYWhsoew1WC+xkSKZny9yPD6s/W2xg1rNCk3MIGiPtzEUInGuzosNIpl4lBRECLdU8LavsQHHoQ1HQ2vCJGpuxu2ztUQ3RocnTaqtm2/CkN772Cp3LdQOJzsG4ER5ZVgwEc2ZSQ=,iv:RBbcd2oC3Rg6pNxt6MUju0BF8IACTWYVgUM0C9Qfu5Q=,tag:yGgg/sZAkHLE1jLk89d3/w==,type:str]", "pagopa-platform-domain-github-bot-cd-pat": "ENC[AES256_GCM,data:zMvrqSZLjvXwYYEo0nRU2MNlF13HU/jmS+8YkyEI56tCUEcriJYhdw==,iv:ApQrK7vyLxnYz2aoC5QKX62hbSL21fEKq9AKPOHu8uI=,tag:30+MEcili2clPW4KxuRAvw==,type:str]", "pagopa-platform-domain-github-bot-pwd": "ENC[AES256_GCM,data:hp4xOsbkfNd9Urza,iv:GGPl7IE88W45/vhwI/elcmad+Nh/v5QSQ5Fi8BL6x/o=,tag:3M2eFwKERIPPFqad7533fw==,type:str]", "azure-devops-github-ro": "ENC[AES256_GCM,data:QyqFjvf9PjbLnO4h86BiXU9da04ZKeAUErWj2tsagbBDN5i5DXhCiA==,iv:HLShSL5LqXKTPKseGPJXGwhOgD9fIbEZ6wQqmfv+bCo=,tag:08arObaniWF1+S2i4nHUcg==,type:str]", "azure-devops-github-rw": "ENC[AES256_GCM,data:CRcoooLgzkUBXIvqZENGr84a7SRStFZbqNXraJJvfKUMQEn5xGe6Cg==,iv:juhU1Rp8IIBrXk1IvmelV0dnjbGnZTTzxpI7utsk5n8=,tag:l7FtQ47SWr6UHHB3g2ezEw==,type:str]", - "azure-devops-github-pr": "ENC[AES256_GCM,data:DByaFvIScG32VyG5/O6dgq3Xw9TP1MkZIhc5WZTUDAKuj1L1MOJXUQ==,iv:tEXYeZUmrju4+liMTsgMjGAY4hxfMsLaOYpmlh4OEYQ=,tag:YtY9xamqmwmCYN1r9I5rLA==,type:str]", + "azure-devops-github-pr": "ENC[AES256_GCM,data:69hNYu82jiCvS7i0+zh1gWNwtlXQxsLHFPBgKaaO+J4jFj5ZuTrYPA==,iv:/LpCBPT6O3CbPAMB/OV5XDcvm4NVYdayUuCd+5yttxQ=,tag:80CbIjGLt/PJyoEpb26CZw==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -36,10 +32,10 @@ ], "hc_vault": null, "age": null, - "lastmodified": "2025-01-30T13:59:32Z", - "mac": "ENC[AES256_GCM,data:G3YVSU2raxLq8X0yo79yRxKoC2h2ZkRATfA64dwiyeZwD6/Dfl5IlMaPyS2di91Iz1usSrVf9jaSwElq4HNoz4tDRiKUiBLWeqH4DqdsR9mkwNvcK+4YgWCXm+Zj6ZjMEZBCLQ96QSWm+/CuNnop4gA41w+01xHwWDkUZnPMBXs=,iv:0913R2DUkmOC6hBx62hk1gqJxIhxrbEtzlrLvgj60fg=,tag:wEpZ+kbLWVjIEHTvs4pUNw==,type:str]", + "lastmodified": "2025-02-13T16:03:50Z", + "mac": "ENC[AES256_GCM,data:8V/We1CMingvpR3GHO6oHYIXa3QM872p0y4DJFOMiU9BGhtdh2tkdnkB7tXCobQ6KQ0o98Lm2y+TFuGLGTGFVFRGVfMxD7aXNKfIUhM8zccnSIGazypv1SNp66nCz8Xn+pTYi3zAEt5bqvOG6dpVfT+3aqhxbcJ2Hmmp4rAkiss=,iv:BACfujNE7bontg6EsbyqxCO9Cc/4/aUmopozHHFMiv8=,tag:WG8zhOceIDf5/V7NFQIEGw==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.9.1" + "version": "3.9.3" } } \ No newline at end of file