feat: feature flag for authentication in checkout auth service apis (#…

…2823)

* added open api spec, policy, resources, product + bugfix on authservice path

* copy paste error

* switched to named vars instead

* switched to named vars instead

* added true name for feature flag

* updated feature flag name

* renamed module

* updated policy

* policy update

* fix

* fix

* fix

* git resetapim_carts_product

* Update .terraform.lock.hcl

* Update src/domains/checkout-app/04_apim_checkout_feature_flags.tf

Co-authored-by: Simone infante <[email protected]>

* renamed module

* Update _openapi.json.tpl

* Update _openapi.json.tpl

* fix var name

* added lifecyle

* Update 04_apim_checkout_feature_flags.tf

* removed beurl

* Update 04_apim_checkout_feature_flags.tf

* Update _openapi.json.tpl

* value is required

* added content type

* Update .terraform.lock.hcl

* Update .terraform.lock.hcl

* Update 04_apim_checkout_feature_flags.tf

* Update 04_apim_checkout_feature_flags.tf

* Update 04_apim_checkout_feature_flags.tf

* Update _base_policy.xml.tpl

* Update _openapi.json.tpl

* updated policy

* Update .terraform.lock.hcl

* updated fragment

* finalized

* updated policy

* Update .terraform.lock.hcl

* Update .terraform.lock.hcl

* Update _openapi.json.tpl

* Update _openapi.json.tpl

* Update _openapi.json.tpl

* Update _openapi.json.tpl

* chore(resource): use azurerm_api_management_policy_fragment

* fix: pre commit

* Update _openapi.json.tpl

* Update _openapi.json.tpl

* Update src/domains/checkout-app/api/fragments/_fragment_feature_flag_filter.tpl.xml

Co-authored-by: Simone infante <[email protected]>

* Update _openapi.json.tpl

* Update src/domains/checkout-app/api/fragments/_fragment_feature_flag_filter.tpl.xml

Co-authored-by: Simone infante <[email protected]>

* Update src/domains/checkout-app/api/checkout/checkout_feature_flags/v1/_base_policy.xml.tpl

Co-authored-by: Simone infante <[email protected]>

* added rate limit

* renamed variable

* Update _fragment_feature_flag_filter.tpl.xml

* Update src/domains/checkout-app/04_apim_checkout_feature_flags.tf

Co-authored-by: Simone infante <[email protected]>

* Update src/domains/checkout-app/04_apim_checkout_feature_flags.tf

Co-authored-by: Simone infante <[email protected]>

* Update _fragment_feature_flag_filter.tpl.xml

* feat: feature flag for authentication in checkout auth service apis

* fix: merge main with conflicts

* Update src/domains/checkout-app/api/checkout/checkout_auth_service/v1/_base_policy.xml.tpl

preferring simpler approach

Co-authored-by: EmanueleBVtech <[email protected]>

* fix: wrong commit after merging suggestion

---------

Co-authored-by: e.serrao <[email protected]>
Co-authored-by: Simone infante <[email protected]>
Co-authored-by: Pietro Tota <[email protected]>
Co-authored-by: Pietro Tota <[email protected]>
Co-authored-by: ciuffagianluca <[email protected]>

src/domains/checkout-app/api/checkout/checkout_auth_service/v1/_base_policy.xml.tpl

@@ -22,6 +22,23 @@
           <header>bearerAuth</header>
         </allowed-headers>
       </cors>
+      <!-- Feature flag check - is authentication enabled -->
+      <include-fragment fragment-id="fragment-checkout-feature-flag-filter" />
+      <choose>
+        <when condition="@{
+                  var result = JObject.Parse(context.Variables.GetValueOrDefault<string>("checkout-feature-flag"));
+                      return !(bool)result["isAuthenticationEnabled"];
+                  }">
+          <return-response>
+            <set-status code="403" reason="Forbidden" />
+            <set-header name="Content-Type" exists-action="override">
+              <value>application/json</value>
+            </set-header>
+            <set-body>{ "error" : "Forbidden" }</set-body>
+          </return-response>
+        </when>
+      </choose>
+      <!-- End feature flag -->
       <base />
       <set-backend-service base-url="@("https://${checkout_ingress_hostname}"+"/pagopa-checkout-auth-service")"/>
   </inbound>