diff --git a/src/core/alert_node_forwarder_apimv2.tf b/src/core/alert_node_forwarder_apimv2.tf new file mode 100644 index 0000000000..cc62c2e498 --- /dev/null +++ b/src/core/alert_node_forwarder_apimv2.tf @@ -0,0 +1,73 @@ + + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-node-forwarder-responsetime-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-node-forwarder-responsetime @ _forward2-v2" + location = var.location + + action { + action_group = [azurerm_monitor_action_group.email.id, azurerm_monitor_action_group.slack.id, azurerm_monitor_action_group.mo_email.id, azurerm_monitor_action_group.new_conn_srv_opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2[0].id + description = "Response time for /forward is less than or equal to 9s - https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/pagopa-p-opex_pagopa-node-forwarder" + enabled = true + query = (<<-QUERY +let threshold = 9000; +AzureDiagnostics +| where url_s matches regex "/forward" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } + +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-node-forwarder-availability-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-node-forwarder-availability @ _forward2-v2" + location = var.location + + action { + action_group = [azurerm_monitor_action_group.email.id, azurerm_monitor_action_group.slack.id, azurerm_monitor_action_group.mo_email.id, azurerm_monitor_action_group.new_conn_srv_opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2[0].id + description = "Availability for /forward is less than or equal to 99% - https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/pagopa-p-opex_pagopa-node-forwarder" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/forward" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } + +} + + diff --git a/src/core/appgateway.tf b/src/core/appgateway.tf index 1cd45dd410..5f994662c0 100644 --- a/src/core/appgateway.tf +++ b/src/core/appgateway.tf @@ -239,7 +239,7 @@ locals { fqdns = [azurerm_dns_a_record.dns_a_api.fqdn] probe = "/status-0123456789abcdef" probe_name = "probe-apim" - request_timeout = 30 + request_timeout = 120 pick_host_name_from_backend = false } @@ -463,60 +463,60 @@ module "app_gw" { response_header_configurations = [] url = null }, - { - name = "http-deny-path-only-to-upload-allowed-path" - rule_sequence = 4 - conditions = [ - { - variable = "var_host" - pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain) - ignore_case = true - negate = false - }, - { - variable = "var_uri_path" - pattern = join("|", var.app_gateway_allowed_paths_upload) - ignore_case = true - negate = true - }, - ] - request_header_configurations = [] - response_header_configurations = [] - url = { - path = "notfound" - query_string = null - } - }, - { - name = "http-deny-path-only-upload-soap-fdr" - rule_sequence = 4 - conditions = [ - { - variable = "var_host" - pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain) - ignore_case = true - negate = false - }, - { - variable = "http_req_Content-Type" - pattern = "application/xml" - ignore_case = true - negate = false - }, - { - variable = "http_req_SOAPAction" - pattern = join("|", var.app_gateway_allowed_fdr_soap_action) - ignore_case = true - negate = true - }, - ] - request_header_configurations = [] - response_header_configurations = [] - url = { - path = "notfound" - query_string = null - } - }, +# { +# name = "http-deny-path-only-to-upload-allowed-path" +# rule_sequence = 4 +# conditions = [ +# { +# variable = "var_host" +# pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain) +# ignore_case = true +# negate = false +# }, +# { +# variable = "var_uri_path" +# pattern = join("|", var.app_gateway_allowed_paths_upload) +# ignore_case = true +# negate = true +# }, +# ] +# request_header_configurations = [] +# response_header_configurations = [] +# url = { +# path = "notfound" +# query_string = null +# } +# }, +# { +# name = "http-deny-path-only-upload-soap-fdr" +# rule_sequence = 4 +# conditions = [ +# { +# variable = "var_host" +# pattern = format("upload.%s.%s", var.dns_zone_prefix, var.external_domain) +# ignore_case = true +# negate = false +# }, +# { +# variable = "http_req_Content-Type" +# pattern = "application/xml" +# ignore_case = true +# negate = false +# }, +# { +# variable = "http_req_SOAPAction" +# pattern = join("|", var.app_gateway_allowed_fdr_soap_action) +# ignore_case = true +# negate = true +# }, +# ] +# request_header_configurations = [] +# response_header_configurations = [] +# url = { +# path = "notfound" +# query_string = null +# } +# }, ] }, { diff --git a/src/core/env/prod/terraform.tfvars b/src/core/env/prod/terraform.tfvars index ab1f5f7e8e..24bf011c43 100644 --- a/src/core/env/prod/terraform.tfvars +++ b/src/core/env/prod/terraform.tfvars @@ -18,10 +18,12 @@ tags = { # Feature flag # enabled_features = { - apim_v2 = false + apim_v2 = true vnet_ita = false + apim_migrated = false } +upload_endpoint_enabled = false lock_enable = true # monitoring diff --git a/src/domains/afm-app/00_alert_afm_calculator_apimv2.tf b/src/domains/afm-app/00_alert_afm_calculator_apimv2.tf new file mode 100644 index 0000000000..604c57bbf5 --- /dev/null +++ b/src/domains/afm-app/00_alert_afm_calculator_apimv2.tf @@ -0,0 +1,281 @@ +data "azurerm_api_management" "apim_v2" { + name = "${local.product}-weu-core-apim-v2" + resource_group_name = data.azurerm_resource_group.rg_api.name +} + + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-responsetime-fees-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-v1-responsetime_fees-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for V1 version of /fees is less than or equal to 1.5s - ${local.afm-calculator-dash.calculator-v1}" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/v1/fees" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-availability-fees-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-v1-availability_fees-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for V1 version of /fees is less than or equal to 99% - ${local.afm-calculator-dash.calculator-v1}" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/v1/fees" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-responsetime-feesbypsp-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-v1-responsetime_psps_idPsp_fees-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for V1 version of /psps/[^/]+/fees is less than or equal to 1.5s - ${local.afm-calculator-dash.calculator-v1}" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/v1/psps/[^/]+/fees" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-availability-feesbypsp-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-v1-availability_psps_idPsp_fees-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for V1 version of /psps/[^/]+/fees is less than or equal to 99% - ${local.afm-calculator-dash.calculator-v1}" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/v1/psps/[^/]+/fees" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-v2-responsetime-fees-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-v2-responsetime_fees_multi-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for V2 version of /fees is less than or equal to 1.5s - ${local.afm-calculator-dash.calculator-v2}" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/v2/fees" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-v2-availability-fees-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-v2-availability_fees_multi-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for V2 version of /fees is less than or equal to 99% - ${local.afm-calculator-dash.calculator-v2}" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/v2/fees" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-v2-responsetime-feesbypsp-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-v2-responsetime_psps_idPsp_fees_multi-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for V2 version of /psps/[^/]+/fees is less than or equal to 1.5s - ${local.afm-calculator-dash.calculator-v2}" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/v2/psps/[^/]+/fees" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-afm-calculator-v2-availability-feesbypsp-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-afm-calculator-availability_psps_idPsp_fees_multi-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for V2 version of /psps/[^/]+/fees is less than or equal to 99% - ${local.afm-calculator-dash.calculator-v2}" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/v2/psps/[^/]+/fees" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} diff --git a/src/domains/ecommerce-common/00_alerts_apimv2.tf b/src/domains/ecommerce-common/00_alerts_apimv2.tf new file mode 100644 index 0000000000..70098fbeeb --- /dev/null +++ b/src/domains/ecommerce-common/00_alerts_apimv2.tf @@ -0,0 +1,178 @@ + + + +# Availability: ecommerce for checkout +data "azurerm_api_management" "apim_v2" { + name = "${local.product}-weu-core-apim-v2" + resource_group_name = local.pagopa_apim_rg +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "ecommerce_for_checkout_availability-v2" { + count = var.env_short == "p" ? 1 : 0 + + name = "ecommerce-for-checkout-availability-alert-v2" + resource_group_name = azurerm_resource_group.rg_ecommerce_alerts[0].name + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, azurerm_monitor_action_group.ecommerce_opsgenie[0].id] + email_subject = "[eCommerce] Availability Alert" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2.id + description = "eCommerce Availability less than or equal 99%" + enabled = true + query = (<<-QUERY +AzureDiagnostics +| where url_s startswith 'https://api.platform.pagopa.it/ecommerce/checkout/' +| summarize + Total=count(), + Success=countif(responseCode_d < 500 or url_s startswith "https://api.platform.pagopa.it/ecommerce/checkout/v1/payment-requests" and ( responseCode_d == 502 or responseCode_d == 504)) + by Time = bin(TimeGenerated, 15m) +| extend Availability=((Success * 1.0) / Total) * 100 +| where toint(Availability) < 90 + QUERY + ) + severity = 1 + frequency = 30 + time_window = 30 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + + + +# eCommerce transaction service: KO for PATCH auth requests +resource "azurerm_monitor_scheduled_query_rules_alert" "ecommerce_transactions_service_auth_request_ko-v2" { + count = var.env_short == "p" ? 1 : 0 + + name = "ecommerce-transactions-service-auth-request-ko-v2" + resource_group_name = azurerm_resource_group.rg_ecommerce_alerts[0].name + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, azurerm_monitor_action_group.ecommerce_opsgenie[0].id] + email_subject = "[eCommerce] Transactions service PATCH auth request KO" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2.id + description = "eCommerce Transactions service PATCH auth request KO detected, more than 10 KO in 30 minute time window" + enabled = true + query = (<<-QUERY +AzureDiagnostics +| where url_s startswith "https://api.platform.pagopa.it/ecommerce/transaction-auth-requests-service/v1/transactions/" +| where method_s == "PATCH" +| where responseCode_d >= 500 +| project TimeGenerated, responseCode_d + QUERY + ) + severity = 1 + frequency = 30 + time_window = 30 + trigger { + operator = "GreaterThanOrEqual" + threshold = 10 + } +} + +# eCommerce transaction service: KO for POST user-receipts (sendPaymentResultV2) +resource "azurerm_monitor_scheduled_query_rules_alert" "ecommerce_transactions_service_user_receipts_ko-v2" { + count = var.env_short == "p" ? 1 : 0 + + name = "ecommerce-transactions-service-user-receipts-ko-v2" + resource_group_name = azurerm_resource_group.rg_ecommerce_alerts[0].name + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, azurerm_monitor_action_group.ecommerce_opsgenie[0].id] + email_subject = "[eCommerce] Transactions service POST user receipts (sendPaymentResultV2) KO" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2.id + description = "eCommerce Transactions service POST user receipts KO detected, more than 10 KO in 30 minutes time window" + enabled = true + query = (<<-QUERY +AzureDiagnostics +| where url_s endswith "?clientId=ecomm" and (url_s startswith "https://api.platform.pagopa.it/payment-manager/pm-per-nodo/v2/transactions/" or url_s startswith "https://api.platform.pagopa.it/receipt-ndp/v1/transactions/") +| where method_s == "POST" +| where set_has_element(dynamic([400, 404, 408, 422]), responseCode_d) +| project TimeGenerated, responseCode_d + QUERY + ) + severity = 1 + frequency = 30 + time_window = 30 + trigger { + operator = "GreaterThanOrEqual" + threshold = 60 // NDP for each requests does 5 retries with a 2 minutes interval after a 10 minutes delay + } +} + + +# eCommerce NPG monitoring: KO or slow payment methods start session api call (order/build retrieve card form fields) +resource "azurerm_monitor_scheduled_query_rules_alert" "ecommerce_payment_methods_start_session_alert-v2" { + count = var.env_short == "p" ? 1 : 0 + + name = "ecommerce-payment-methods-start-session-alert-v2" + resource_group_name = azurerm_resource_group.rg_ecommerce_alerts[0].name + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "[eCommerce] NPG order/build KO/slow api detected" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2.id + description = "eCommerce Payment methods service POST session KO/slow api detected, more than 10 KO or above 2 seconds as response time in 30 minutes time window" + enabled = true + query = (<<-QUERY +AzureDiagnostics +| where url_s matches regex "https://api.platform.pagopa.it/ecommerce/checkout/v1/payment-methods/.*/sessions" +| where method_s == "POST" +| where responseCode_d != 200 or DurationMs > 2000 +| project TimeGenerated, responseCode_d, DurationMs + QUERY + ) + severity = 1 + frequency = 30 + time_window = 30 + trigger { + operator = "GreaterThanOrEqual" + threshold = 10 + } +} + +# eCommerce NPG monitoring: KO on POST notification (callback api to receive authorization outcome) +resource "azurerm_monitor_scheduled_query_rules_alert" "ecommerce_authorization_outcome_notification_alert-v2" { + count = var.env_short == "p" ? 1 : 0 + + name = "ecommerce-authorization-outcome-notification-alert-v2" + resource_group_name = azurerm_resource_group.rg_ecommerce_alerts[0].name + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "[eCommerce] NPG POST notification KO api detected" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2.id + description = "eCommerce POST notification KO detected, more than 10 KO in 30 minutes time window" + enabled = true + query = (<<-QUERY +AzureDiagnostics +| where url_s matches regex "https://api.platform.pagopa.it/ecommerce/npg/notifications/v1/sessions/.*/outcomes" +| where method_s == "POST" +| where responseCode_d != 200 +| project TimeGenerated, responseCode_d + QUERY + ) + severity = 1 + frequency = 30 + time_window = 30 + trigger { + operator = "GreaterThanOrEqual" + threshold = 10 + } +} diff --git a/src/domains/fdr-app/00_alert_fdr_fase3_apimv2.tf b/src/domains/fdr-app/00_alert_fdr_fase3_apimv2.tf new file mode 100644 index 0000000000..fe55dd3c0c --- /dev/null +++ b/src/domains/fdr-app/00_alert_fdr_fase3_apimv2.tf @@ -0,0 +1,116 @@ +data "azurerm_api_management" "apim_v2" { + name = "${local.product}-weu-core-apim-v2" + resource_group_name = data.azurerm_resource_group.rg_api.name +} + +# Exception FdR Fase3 - Internal APIs +resource "azurerm_monitor_scheduled_query_rules_alert" "alert_fdr_internal_availability-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "fdr-internal-app-exception-v2" + location = var.location + + action { + action_group = local.action_groups + email_subject = "FdR Internal - Error" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /fdr-internal/service is less than or equal to 99% - [DASHBOARD LINK]" + enabled = true + query = (<<-QUERY + let threshold = 0.99; + AzureDiagnostics + | where url_s matches regex "/fdr-internal/service/" + | summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) + | extend availability=toreal(Success) / Total + | where availability < threshold + QUERY + ) + severity = 3 + frequency = 15 + time_window = 15 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + +# Exception FdR Fase3 - PSP APIs +resource "azurerm_monitor_scheduled_query_rules_alert" "alert_fdr_psp_availability-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "fdr-psp-app-exception-v2" + location = var.location + + action { + action_group = local.action_groups + email_subject = "FdR PSP - Error" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /fdr-psp/service is less than or equal to 99% - [DASHBOARD LINK]" + enabled = true + query = (<<-QUERY + let threshold = 0.99; + AzureDiagnostics + | where url_s matches regex "/fdr-psp/service/" + | summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) + | extend availability=toreal(Success) / Total + | where availability < threshold + QUERY + ) + severity = 3 + frequency = 15 + time_window = 15 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + +# Exception FdR Fase3 - Organizations APIs +resource "azurerm_monitor_scheduled_query_rules_alert" "alert_fdr_org_availability-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "fdr-org-app-exception-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "FdR Orgs - Error" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /fdr-org/service is less than or equal to 99% - [DASHBOARD LINK]" + enabled = true + query = (<<-QUERY + let threshold = 0.99; + AzureDiagnostics + | where url_s matches regex "/fdr-org/service/" + | summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) + | extend availability=toreal(Success) / Total + | where availability < threshold + QUERY + ) + severity = 3 + frequency = 15 + time_window = 15 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + diff --git a/src/domains/gps-app/00_alert_gpd_core_apimv2.tf b/src/domains/gps-app/00_alert_gpd_core_apimv2.tf new file mode 100644 index 0000000000..d57edb3e6d --- /dev/null +++ b/src/domains/gps-app/00_alert_gpd_core_apimv2.tf @@ -0,0 +1,142 @@ +## called by internal pagoPA hosts Response Time ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-core-internal-responsetime-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-core-internal-responsetime @ _gpd-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for /gpd/api is less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-debt-position" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/gpd/api" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + +## called by internal pagoPA hosts Availability ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-core-internal-availability-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-core-internal-availability @ _gpd-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /gpd/api is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-debt-position" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/gpd/api" and not(url_s matches regex "/gpd/api/.*/report") +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + +## GPD-Core for organizations (alias external) Response Time ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-core-external-responsetime-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-core-external-responsetime @ _gpd-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for /gpd/debt-positions-service is less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-debt-position" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/gpd/debt-positions-service" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} +## GPD-Core for organizations (alias external) Availability ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-core-external-availability-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-core-external-availability @ _gpd-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /gpd/debt-positions-service is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-debt-position" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/gpd/debt-positions-service/" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} diff --git a/src/domains/gps-app/00_alert_gpd_payments_apimv2.tf b/src/domains/gps-app/00_alert_gpd_payments_apimv2.tf new file mode 100644 index 0000000000..a19303572e --- /dev/null +++ b/src/domains/gps-app/00_alert_gpd_payments_apimv2.tf @@ -0,0 +1,141 @@ +## GPD-Payments SOAP Response Time ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-payments-soap-responsetime-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-payments-soap-responsetime @ _gpd-payments-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for /gpd-payments/api is less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-gpd-payments" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/gpd-payments/api" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} +## GPD-Payments SOAP Availability ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-payments-soap-availability-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-payments-soap-availability @ _gpd-payments-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /gpd-payments/api is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-gpd-payments" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/gpd-payments/api" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + +## GPD-Payments REST Response Time ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-payments-rest-responsetime-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-payments-rest-responsetime @ _gpd-payments-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for /gpd/payments-receipts-service is less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-gpd-payments" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/gpd/payments-receipts-service" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} +## GPD-Payments REST Availability ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-payments-rest-availability-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-payments-rest-availability @ _gpd-payments-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /gpd/payments-receipts-service is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-gpd-payments" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/gpd/payments-receipts-service'" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} diff --git a/src/domains/gps-app/00_alert_gpd_upload_apimv2.tf b/src/domains/gps-app/00_alert_gpd_upload_apimv2.tf new file mode 100644 index 0000000000..01d1c524ad --- /dev/null +++ b/src/domains/gps-app/00_alert_gpd_upload_apimv2.tf @@ -0,0 +1,74 @@ + + + +## Response Time alert: GPD-Upload REST for organizations ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-upload-rest-responsetime-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-upload-rest-responsetime @ _gpd-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email GPD-upload-service-function Response Time" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for /upload/gpd/debt-positions-service is less than or equal to 2s - " + enabled = true + query = (<<-QUERY +let threshold = 2000; +AzureDiagnostics +| where url_s matches regex "/upload/gpd/debt-positions-service" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} +## Availability alert: GPD-Upload REST for organizations ## +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-gpd-upload-rest-availability-upd-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-gpd-upload-rest-availability @ _gpd-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email GPD-upload-rest Availability" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /upload/gpd/debt-positions-service/ is less than or equal to 99% - " + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/upload/gpd/debt-positions-service" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + diff --git a/src/domains/gps-app/00_data.tf b/src/domains/gps-app/00_data.tf index b92843b3f2..5ba417e0d6 100644 --- a/src/domains/gps-app/00_data.tf +++ b/src/domains/gps-app/00_data.tf @@ -33,3 +33,9 @@ data "azurerm_postgresql_flexible_server" "postgres_flexible_server_private" { name = format("%s-gpd-pgflex", local.product) resource_group_name = format("%s-pgres-flex-rg", local.product) } + + +data "azurerm_api_management" "apim_v2" { + name = "${local.product}-weu-core-apim-v2" + resource_group_name = data.azurerm_resource_group.rg_api.name +} diff --git a/src/domains/nodo-app/00_alert_apimv2.tf b/src/domains/nodo-app/00_alert_apimv2.tf new file mode 100644 index 0000000000..0d6f1313f6 --- /dev/null +++ b/src/domains/nodo-app/00_alert_apimv2.tf @@ -0,0 +1,168 @@ +data "azurerm_api_management" "apim_v2" { + name = local.pagopa_apim_v2_name + resource_group_name = local.pagopa_apim_v2_rg +} + +// PROD AzureDiagnostics url_s operationId_s +// UAT ApiManagementGatewayLogs Url OperationId +resource "azurerm_monitor_scheduled_query_rules_alert" "alert-nodo-responsetime-v2" { + for_each = { for c in local.api_nodo_alerts : c.operationId_s => c } + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-nodoapi-${each.value.primitiva}-responsetime-v2" + location = var.location + + action { + action_group = local.action_groups_default + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + # data_source_id = data.azurerm_application_insights.application_insights.id + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time ${each.value.primitiva} ${each.value.sub_service} nodoapi-responsetime https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/cbc97060-c05b-48b5-9962-2b229eaa53de and https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/2b9b319b-5e7d-4efe-aaba-613daef8e9fc" + enabled = true + query = format(<<-QUERY +let threshold = %d; +AzureDiagnostics +| where url_s matches regex "/nodo/${each.value.sub_service}/" +| where operationId_s matches regex "${each.value.operationId_s}" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) + by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold +QUERY + , lookup(each.value, "response_time", "") != "" ? each.value.response_time : 8000) + + # https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts#alert-severity + # Sev 2 Warning A problem that doesn't include any current loss in availability or performance, although it has the potential to lead to more severe problems if unaddressed. + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + + +resource "azurerm_monitor_scheduled_query_rules_alert" "alert-nodo-availability-v2" { + for_each = { for c in local.api_nodo_alerts : c.operationId_s => c } + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-nodoapi-${each.value.primitiva}-availability-v2" + location = var.location + + action { + action_group = local.action_groups + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + # data_source_id = data.azurerm_application_insights.application_insights.id + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability ${each.value.primitiva} ${each.value.sub_service} nodoapi-availability https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/cbc97060-c05b-48b5-9962-2b229eaa53de and https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/2b9b319b-5e7d-4efe-aaba-613daef8e9fc" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/nodo/${each.value.sub_service}/" +| where operationId_s matches regex "${each.value.operationId_s}" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + + # https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts#alert-severity + # Sev 1 Error Degradation of performance or loss of availability of some aspect of an application or service. Requires attention but not immediate + severity = 1 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } + +} + +// PROD AzureDiagnostics url_s operationId_s +// UAT ApiManagementGatewayLogs Url OperationId +resource "azurerm_monitor_scheduled_query_rules_alert" "alert-nodo-auth-responsetime-v2" { + for_each = { for c in local.api_nodo_auth_alerts : c.operationId_s => c } + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-nodo-auth-api-${each.value.primitiva}-${each.value.operationId_s}-responsetime-v2" + location = var.location + + action { + action_group = local.action_groups_default + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + # data_source_id = data.azurerm_application_insights.application_insights.id + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time ${each.value.primitiva} ${each.value.sub_service} nodo-auth-api-responsetime https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/cbc97060-c05b-48b5-9962-2b229eaa53de and https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/2b9b319b-5e7d-4efe-aaba-613daef8e9fc" + enabled = true + query = format(<<-QUERY +let threshold = %d; +AzureDiagnostics +| where url_s matches regex "/nodo-auth/${each.value.sub_service}/" +| where operationId_s matches regex "${each.value.operationId_s}" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) + by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold +QUERY + , lookup(each.value, "response_time", "") != "" ? each.value.response_time : 8000) + + # https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts#alert-severity + # Sev 2 Warning A problem that doesn't include any current loss in availability or performance, although it has the potential to lead to more severe problems if unaddressed. + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "alert-nodo-auth-availability-v2" { + for_each = { for c in local.api_nodo_auth_alerts : c.operationId_s => c } + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-nodo-auth-api-${each.value.primitiva}-${each.value.operationId_s}-availability-v2" + location = var.location + + action { + action_group = local.action_groups + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + # data_source_id = data.azurerm_application_insights.application_insights.id + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability ${each.value.primitiva} ${each.value.sub_service} nodo-auth-api-availability https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/cbc97060-c05b-48b5-9962-2b229eaa53de and https://portal.azure.com/#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/2b9b319b-5e7d-4efe-aaba-613daef8e9fc" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/nodo-auth/${each.value.sub_service}/" +| where operationId_s matches regex "${each.value.operationId_s}" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + + # https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-alerts#alert-severity + # Sev 1 Error Degradation of performance or loss of availability of some aspect of an application or service. Requires attention but not immediate + severity = 1 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} diff --git a/src/domains/nodo-app/00_apim_v2.tf b/src/domains/nodo-app/00_apim_v2.tf deleted file mode 100644 index e500e370a2..0000000000 --- a/src/domains/nodo-app/00_apim_v2.tf +++ /dev/null @@ -1,5 +0,0 @@ -data "azurerm_api_management" "apim_v2" { - count = var.enabled_features.apim_v2 ? 1 : 0 - name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_3p_services.tf b/src/domains/nodo-app/07_apim_v2_nodo_3p_services.tf deleted file mode 100644 index 498657fa08..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_3p_services.tf +++ /dev/null @@ -1,452 +0,0 @@ -############################ -## 2. Nodo SYNC ## -############################ - -module "apim_nodo_sync_product" { - count = var.env_short == "p" ? 0 : (var.enabled_features.apim_v2 ? 1 : 0) - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "product-nodo-sync" - display_name = "product-nodo-sync" - description = "product-nodo-sync" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -resource "azurerm_api_management_api_version_set" "nodo_sync_api" { - count = var.env_short == "p" ? 0 : (var.enabled_features.apim_v2 ? 1 : 0) - - name = format("%s-nodo-sync-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = "Nodo OnCloud SYNC" - versioning_scheme = "Segment" -} - -module "apim_nodo_sync_api" { - count = var.env_short == "p" ? 0 : (var.enabled_features.apim_v2 ? 1 : 0) - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-sync-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_sync_product[0].product_id] - subscription_required = false - - version_set_id = azurerm_api_management_api_version_set.nodo_sync_api[0].id - api_version = "v1" - - description = "NodeDeiPagamenti (sync)" - display_name = "NodeDeiPagamenti (sync)" - path = "sync/api" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/sync/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/sync/v1/_base_policy.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/sync/api/v1" - }) - -} - -############################ -## 3. Nodo WFESP ## -############################ - -module "apim_nodo_wfesp_product" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - count = var.enabled_features.apim_v2 ? 1 : 0 - - product_id = "product-nodo-wfesp" - display_name = "product-nodo-wfesp" - description = "product-nodo-wfesp" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - # address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - # address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - address-range-from = "0.0.0.0" - address-range-to = "0.0.0.0" - }) -} - -resource "azurerm_api_management_api_version_set" "nodo_wfesp_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-wfesp-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = "Nodo OnCloud WFESP" - versioning_scheme = "Segment" -} - - -# UAT https://wfesp.test.pagopa.gov.it/redirect (ex followed by /wpl02 ) -# PROD https://wfesp.pagopa.gov.it/redirect (ex followed by /wpl05 ) - -module "apim_nodo_wfesp_api" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-wfesp-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_wfesp_product[0].product_id] - subscription_required = false - - version_set_id = azurerm_api_management_api_version_set.nodo_wfesp_api[0].id - # api_version = "v1" - - description = "NodeDeiPagamenti (wfesp)" - display_name = "NodeDeiPagamenti (wfesp)" - path = "redirect" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/wfesp/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/wfesp/v1/_base_policy.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/redirect" - # TODO prod is a variant in this case! - base-url = var.env_short == "p" ? "http://10.79.20.23:81" : "{{schema-ip-nexi}}{{base-path-wfesp}}" - }) - -} - -############################ -## 4. Nodo Fatturazione ## -############################ - -module "apim_nodo_fatturazione_product" { - count = var.env_short == "p" ? 0 : (var.enabled_features.apim_v2 ? 1 : 0) - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "product-nodo-fatturazione" - display_name = "product-nodo-fatturazione" - description = "product-nodo-fatturazione" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -resource "azurerm_api_management_api_version_set" "nodo_fatturazione_api" { - count = var.env_short == "p" ? 0 : (var.enabled_features.apim_v2 ? 1 : 0) - - name = format("%s-nodo-fatturazione-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = "Nodo OnCloud FATTURAZIONE" - versioning_scheme = "Segment" -} - -module "apim_nodo_fatturazione_api" { - count = var.env_short == "p" ? 0 : (var.enabled_features.apim_v2 ? 1 : 0) - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-fatturazione-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_fatturazione_product[0].product_id] - subscription_required = false - - version_set_id = azurerm_api_management_api_version_set.nodo_fatturazione_api[0].id - api_version = "v1" - - description = "NodeDeiPagamenti (fatturazione)" - display_name = "NodeDeiPagamenti (fatturazione)" - path = "fatturazione/api" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/fatturazione/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/fatturazione/v1/_base_policy.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/fatturazione/api/v1" - }) - -} - -############################ -## 5. Nodo Web-BO ## -############################ - -module "apim_nodo_web_bo_product" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - count = var.enabled_features.apim_v2 ? 1 : 0 - - - product_id = "product-nodo-web-bo" - display_name = "product-nodo-web-bo" - description = "product-nodo-web-bo" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = "0.0.0.0" - address-range-to = "0.0.0.0" - }) -} - -# resource "azurerm_api_management_api_version_set" "nodo_web_bo_api" { -# count = var.env_short == "p" ? 0 : 1 - -# name = format("%s-nodo-web-bo-api", var.env_short) -# resource_group_name = local.pagopa_apim_v2_rg -# api_management_name = local.pagopa_apim_v2_name -# display_name = "Nodo OnCloud WEB-BO" -# versioning_scheme = "Segment" -# } - -module "apim_nodo_web_bo_api" { - count = var.env_short != "p" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-web-bo-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_web_bo_product[0].product_id] - subscription_required = false - - # version_set_id = azurerm_api_management_api_version_set.nodo_web_bo_api[0].id - # api_version = "v1" - - description = "Nodo OnCloud WEB-BO" # "NodeDeiPagamenti (web-bo)" - display_name = "Nodo OnCloud WEB-BO" # "NodeDeiPagamenti (web-bo)" - path = "bo-nodo" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo/v1/_base_policy.xml", { - # dns_pagopa_platform = format("api.%s.%s", var.dns_zone_prefix, var.external_domain), - dns_pagopa_platform = var.env_short != "u" ? "uat.wisp2.pagopa.gov.it" : format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/bo-nodo" - allowed_ip_1 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[0] # PagoPA on prem VPN - allowed_ip_2 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[1] # PagoPA on prem VPN DR - allowed_ip_3 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[3] # Softlab L1 Pagamenti VPN - allowed_ip_4 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[4] # Softlab L1 Pagamenti VPN - allowed_ip_5 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[5] # Softlab L1 Pagamenti VPN - allowed_ip_6 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[6] # Softlab L1 Pagamenti VPN - allowed_ip_7 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[7] # Softlab L1 Pagamenti VPN - allowed_ip_8 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[8] # NEXI VPN - allowed_ip_9 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[9] # NEXI VPN - }) -} - - -module "apim_nodo_web_bo_api_onprem" { - count = var.env_short == "p" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-web-bo-onprem-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_web_bo_product[0].product_id] - subscription_required = false - - # version_set_id = azurerm_api_management_api_version_set.nodo_web_bo_api[0].id - # api_version = "v1" - - description = "Nodo OnPrem WEB-BO" # "NodeDeiPagamenti (web-bo)" - display_name = "Nodo OnPrem WEB-BO" # "NodeDeiPagamenti (web-bo)" - path = "bo-nodo" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo-on-prem/v1/_base_policy.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/bo-nodo" - allowed_ip_1 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[0] # PagoPA on prem VPN - allowed_ip_2 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[1] # PagoPA on prem VPN DR - allowed_ip_3 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[3] # Softlab L1 Pagamenti VPN - allowed_ip_4 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[4] # Softlab L1 Pagamenti VPN - allowed_ip_5 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[5] # Softlab L1 Pagamenti VPN - allowed_ip_6 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[6] # Softlab L1 Pagamenti VPN - allowed_ip_7 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[7] # Softlab L1 Pagamenti VPN - allowed_ip_8 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[8] # NEXI VPN - allowed_ip_9 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[9] # NEXI VPN - }) - -} - -############################ -## 6. Nodo Web-BO History ## -############################ - -module "apim_nodo_web_bo_product_history" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - count = var.enabled_features.apim_v2 ? 1 : 0 - - - product_id = "product-nodo-web-bo-history" - display_name = "product-nodo-web-bo-history" - description = "product-nodo-web-bo-history" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = "0.0.0.0" - address-range-to = "0.0.0.0" - }) -} - -# resource "azurerm_api_management_api_version_set" "nodo_web_bo_api" { -# count = var.env_short == "p" ? 0 : 1 - -# name = format("%s-nodo-web-bo-api", var.env_short) -# resource_group_name = local.pagopa_apim_v2_rg -# api_management_name = local.pagopa_apim_v2_name -# display_name = "Nodo OnCloud WEB-BO" -# versioning_scheme = "Segment" -# } - -module "apim_nodo_web_bo_api_history" { - count = var.env_short != "p" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-web-bo-api-history", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_web_bo_product_history[0].product_id] - subscription_required = false - - # version_set_id = azurerm_api_management_api_version_set.nodo_web_bo_api[0].id - # api_version = "v1" - - description = "Nodo OnCloud WEB-BO history" # "NodeDeiPagamenti (web-bo)" - display_name = "Nodo OnCloud WEB-BO history" # "NodeDeiPagamenti (web-bo)" - path = "bo-nodo-history" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo-history/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo-history/v1/_base_policy.xml", { - # dns_pagopa_platform = format("api.%s.%s", var.dns_zone_prefix, var.external_domain), - dns_pagopa_platform = var.env_short != "u" ? "uat.wisp2.pagopa.gov.it" : format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/bo-nodo-history" - allowed_ip_1 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[0] # PagoPA on prem VPN - allowed_ip_2 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[1] # PagoPA on prem VPN DR - allowed_ip_3 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[3] # Softlab L1 Pagamenti VPN - allowed_ip_4 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[4] # Softlab L1 Pagamenti VPN - allowed_ip_5 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[5] # Softlab L1 Pagamenti VPN - allowed_ip_6 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[6] # Softlab L1 Pagamenti VPN - allowed_ip_7 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[7] # Softlab L1 Pagamenti VPN - allowed_ip_8 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[8] # NEXI VPN - allowed_ip_9 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[9] # NEXI VPN - }) - -} - -module "apim_nodo_web_bo_api_onprem_history" { - count = var.env_short == "p" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-web-bo-onprem-api-history", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_web_bo_product_history[0].product_id] - subscription_required = false - - # version_set_id = azurerm_api_management_api_version_set.nodo_web_bo_api[0].id - # api_version = "v1" - - description = "Nodo OnPrem WEB-BO history" # "NodeDeiPagamenti (web-bo)" - display_name = "Nodo OnPrem WEB-BO history" # "NodeDeiPagamenti (web-bo)" - path = "bo-nodo-history" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo-history/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo-history-on-prem/v1/_base_policy.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/bo-nodo-history" - allowed_ip_1 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[0] # PagoPA on prem VPN - allowed_ip_2 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[1] # PagoPA on prem VPN DR - allowed_ip_3 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[3] # Softlab L1 Pagamenti VPN - allowed_ip_4 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[4] # Softlab L1 Pagamenti VPN - allowed_ip_5 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[5] # Softlab L1 Pagamenti VPN - allowed_ip_6 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[6] # Softlab L1 Pagamenti VPN - allowed_ip_7 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[7] # Softlab L1 Pagamenti VPN - allowed_ip_8 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[8] # NEXI VPN - allowed_ip_9 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[9] # NEXI VPN - }) - -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_3p_services_dev.tf b/src/domains/nodo-app/07_apim_v2_nodo_3p_services_dev.tf deleted file mode 100644 index d48f33acbf..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_3p_services_dev.tf +++ /dev/null @@ -1,356 +0,0 @@ -############################ -## 2. Nodo SYNC DEV ## -############################ - -module "apim_nodo_sync_dev_product" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "product-nodo-sync-dev" - display_name = "product-nodo-sync-dev" - description = "product-nodo-sync-dev" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -resource "azurerm_api_management_api_version_set" "nodo_sync_dev_api" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-sync-dev-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = "Nodo OnCloud SYNC DEV" - versioning_scheme = "Segment" -} - -module "apim_nodo_sync_dev_api" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-sync-dev-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_sync_dev_product[0].product_id] - subscription_required = false - - version_set_id = azurerm_api_management_api_version_set.nodo_sync_dev_api[0].id - api_version = "v1" - - description = "NodeDeiPagamenti (sync) DEV" - display_name = "NodeDeiPagamenti (sync) DEV" - path = "sync-dev/api" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/sync/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/sync/v1/_base_policy_dev.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/sync-dev/api/v1" - }) - -} - -############################ -## 3. Nodo WFESP DEV ## -############################ - -module "apim_nodo_wfesp_dev_product" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "product-nodo-wfesp-dev" - display_name = "product-nodo-wfesp-dev" - description = "product-nodo-wfesp-dev" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -resource "azurerm_api_management_api_version_set" "nodo_wfesp_dev_api" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-wfesp-dev-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = "Nodo OnCloud WFESP DEV" - versioning_scheme = "Segment" -} - -module "apim_nodo_wfesp_dev_api" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-wfesp-dev-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_wfesp_dev_product[0].product_id] - subscription_required = false - - version_set_id = azurerm_api_management_api_version_set.nodo_wfesp_dev_api[0].id - api_version = "v1" - - description = "NodeDeiPagamenti (wfesp) DEV" - display_name = "NodeDeiPagamenti (wfesp) DEV" - path = "wfesp-dev/api" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/wfesp/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/wfesp/v1/_base_policy_dev.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/wfesp-dev/api/v1" - }) - -} - -############################ -## 4. Nodo Fatturazione DEV ## -############################ - -module "apim_nodo_fatturazione_dev_product" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "product-nodo-fatturazione-dev" - display_name = "product-nodo-fatturazione-dev" - description = "product-nodo-fatturazione-dev" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -resource "azurerm_api_management_api_version_set" "nodo_fatturazione_dev_api" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-fatturazione-dev-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = "Nodo OnCloud FATTURAZIONE DEV" - versioning_scheme = "Segment" -} - -module "apim_nodo_fatturazione_dev_api" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-fatturazione-dev-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_fatturazione_dev_product[0].product_id] - subscription_required = false - - version_set_id = azurerm_api_management_api_version_set.nodo_fatturazione_dev_api[0].id - api_version = "v1" - - description = "NodeDeiPagamenti (fatturazione) DEV" - display_name = "NodeDeiPagamenti (fatturazione) DEV" - path = "fatturazione-dev/api" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/fatturazione/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/fatturazione/v1/_base_policy_dev.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/fatturazione-dev/api/v1" - }) - -} - -############################ -## 5. Nodo Web-BO DEV ## -############################ - -module "apim_nodo_web_bo_dev_product" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "product-nodo-web-bo-dev" - display_name = "product-nodo-web-bo-dev" - description = "product-nodo-web-bo-dev" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -# resource "azurerm_api_management_api_version_set" "nodo_web_bo_api" { -# count = var.env_short == "p" ? 0 : 1 - -# name = format("%s-nodo-web-bo-api", var.env_short) -# resource_group_name = local.pagopa_apim_v2_rg -# api_management_name = local.pagopa_apim_v2_name -# display_name = "Nodo OnCloud WEB-BO" -# versioning_scheme = "Segment" -# } - -module "apim_nodo_web_bo_dev_api" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-web-bo-dev-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_web_bo_dev_product[0].product_id] - subscription_required = false - - # version_set_id = azurerm_api_management_api_version_set.nodo_web_bo_api[0].id - # api_version = "v1" - - description = "Nodo OnCloud WEB-BO DEV" # "NodeDeiPagamenti (web-bo)" - display_name = "Nodo OnCloud WEB-BO DEV" # "NodeDeiPagamenti (web-bo)" - path = "web-bo-dev" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo/v1/_base_policy_dev.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/web-bo-dev" - allowed_ip_1 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[0] # PagoPA on prem VPN - allowed_ip_2 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[1] # PagoPA on prem VPN DR - allowed_ip_3 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[3] # Softlab L1 Pagamenti VPN - allowed_ip_4 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[4] # Softlab L1 Pagamenti VPN - allowed_ip_5 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[5] # Softlab L1 Pagamenti VPN - allowed_ip_6 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[6] # Softlab L1 Pagamenti VPN - allowed_ip_7 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[7] # Softlab L1 Pagamenti VPN - allowed_ip_8 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[8] # NEXI VPN - allowed_ip_9 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[9] # NEXI VPN - }) - -} - -############################ -## 6. Nodo Web-BO History DEV ## -############################ - -module "apim_nodo_web_bo_dev_product_history" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "product-nodo-web-bo-history-dev" - display_name = "product-nodo-web-bo-history-dev" - description = "product-nodo-web-bo-history-dev" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -# resource "azurerm_api_management_api_version_set" "nodo_web_bo_api" { -# count = var.env_short == "p" ? 0 : 1 - -# name = format("%s-nodo-web-bo-api", var.env_short) -# resource_group_name = local.pagopa_apim_v2_rg -# api_management_name = local.pagopa_apim_v2_name -# display_name = "Nodo OnCloud WEB-BO" -# versioning_scheme = "Segment" -# } - -module "apim_nodo_web_bo_dev_api_history" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-web-bo-dev-api-history", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_web_bo_dev_product_history[0].product_id] - subscription_required = false - - # version_set_id = azurerm_api_management_api_version_set.nodo_web_bo_api[0].id - # api_version = "v1" - - description = "Nodo OnCloud WEB-BO history DEV" # "NodeDeiPagamenti (web-bo)" - display_name = "Nodo OnCloud WEB-BO history DEV" # "NodeDeiPagamenti (web-bo)" - path = "web-bo-history-dev" - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo-history/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoServices/web-bo-history/v1/_base_policy_dev.xml", { - dns_pagopa_platform = format("api.%s.%s", var.apim_dns_zone_prefix, var.external_domain), - apim_base_path = "/web-bo-history-dev" - allowed_ip_1 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[0] # PagoPA on prem VPN - allowed_ip_2 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[1] # PagoPA on prem VPN DR - allowed_ip_3 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[3] # Softlab L1 Pagamenti VPN - allowed_ip_4 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[4] # Softlab L1 Pagamenti VPN - allowed_ip_5 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[5] # Softlab L1 Pagamenti VPN - allowed_ip_6 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[6] # Softlab L1 Pagamenti VPN - allowed_ip_7 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[7] # Softlab L1 Pagamenti VPN - allowed_ip_8 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[8] # NEXI VPN - allowed_ip_9 = var.app_gateway_allowed_paths_pagopa_onprem_only.ips[9] # NEXI VPN - }) - -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_monitoring_services.tf b/src/domains/nodo-app/07_apim_v2_nodo_monitoring_services.tf deleted file mode 100644 index 0be7fb8d7c..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_monitoring_services.tf +++ /dev/null @@ -1,86 +0,0 @@ -############## -## Products ## -############## - -module "apim_nodo_dei_pagamenti_monitoring_product" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.72.1" - - count = var.enabled_features.apim_v2 ? 1 : 0 - - product_id = "nodo-monitoring" - display_name = "Nodo dei Pagamenti - Monitoring" - description = "Product for Nodo dei Pagamenti - Monitoring" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = false - approval_required = false - - policy_xml = var.apim_nodo_decoupler_enable ? templatefile("./apim_v2/api_product/nodo_pagamenti_api/decoupler/base_policy.xml.tpl", { # decoupler ON - address-range-from = var.env_short != "d" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short != "d" ? "10.1.128.255" : "0.0.0.0" - base-url = "{{default-nodo-backend}}" - base-node-id = "{{default-nodo-id}}" - is-nodo-auth-pwd-replace = false - }) : templatefile("./api_product/nodo_pagamenti_api/_base_policy.xml", { # decoupler OFF - address-range-from = var.env_short != "d" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short != "d" ? "10.1.128.255" : "0.0.0.0" - }) -} - -###################### -## NODO monitoring ## -###################### -locals { - apim_nodo_monitoring_api = { - display_name = "Nodo monitoring" - description = "Nodo monitoring" - path = "nodo-monitoring/monitoring" - subscription_required = false - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_monitoring_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-monitoring-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_monitoring_api.display_name - versioning_scheme = "Segment" -} - -module "apim_nodo_monitoring_api" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.72.1" - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-monitoring-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_dei_pagamenti_monitoring_product[0].product_id] - subscription_required = local.apim_nodo_monitoring_api.subscription_required - - version_set_id = azurerm_api_management_api_version_set.nodo_monitoring_api[0].id - api_version = "v1" - - description = local.apim_nodo_monitoring_api.description - display_name = local.apim_nodo_monitoring_api.display_name - path = local.apim_nodo_monitoring_api.path - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/monitoring/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - service = module.apim_nodo_dei_pagamenti_monitoring_product[0].product_id - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/monitoring/v1/_base_policy.xml.tpl", { - base-url = "{{default-nodo-backend}}" - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_01_decoupler.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_01_decoupler.tf deleted file mode 100644 index 542d30ef67..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_01_decoupler.tf +++ /dev/null @@ -1,114 +0,0 @@ -############### -## Decoupler ## -############### -# named value containing primitive names for routing algorithm -resource "azurerm_api_management_named_value" "node_decoupler_primitives" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = "node-decoupler-primitives" - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - display_name = "node-decoupler-primitives" - value = var.node_decoupler_primitives -} - -# convert configuration from JSON to XML -resource "null_resource" "decoupler_configuration_from_json_2_xml" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - triggers = { - "changes-in-config-decoupler" : sha1(file("./apim_v2/api_product/nodo_pagamenti_api/decoupler/cfg/${var.env}/decoupler_configuration.json")) - } - provisioner "local-exec" { - command = "sh ./apim_v2/api_product/nodo_pagamenti_api/decoupler/cfg/decoupler_configurator.sh ${var.env}" - } -} - - -# fragment for loading configuration inside policy -# https://github.com/hashicorp/terraform-provider-azurerm/issues/17016#issuecomment-1314991599 -# https://learn.microsoft.com/en-us/azure/templates/microsoft.apimanagement/2022-04-01-preview/service/policyfragments?pivots=deployment-language-terraform -resource "azapi_resource" "decoupler_configuration" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - depends_on = [null_resource.decoupler_configuration_from_json_2_xml] - - type = "Microsoft.ApiManagement/service/policyFragments@2022-04-01-preview" - name = "decoupler-configuration" - parent_id = data.azurerm_api_management.apim_v2[0].id - - body = jsonencode({ - properties = { - description = "Configuration of NDP decoupler" - format = "rawxml" - value = file("./apim_v2/api_product/nodo_pagamenti_api/decoupler/cfg/${var.env}/decoupler-configuration.xml") - } - }) - - lifecycle { - ignore_changes = [output] - } -} - -# decoupler algorithm fragment -resource "azapi_resource" "decoupler_algorithm" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - type = "Microsoft.ApiManagement/service/policyFragments@2022-04-01-preview" - name = "decoupler-algorithm" - parent_id = data.azurerm_api_management.apim_v2[0].id - - body = jsonencode({ - properties = { - description = "Logic about NPD decoupler" - format = "rawxml" - value = file("./apim_v2/api_product/nodo_pagamenti_api/decoupler/decoupler-algorithm.xml") - } - }) - - lifecycle { - ignore_changes = [output] - } -} - -# fragment for managing outbound policy if primitive is activatePayment or activateIO -resource "azapi_resource" "decoupler_activate_outbound" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - type = "Microsoft.ApiManagement/service/policyFragments@2022-04-01-preview" - name = "decoupler-activate-outbound" - parent_id = data.azurerm_api_management.apim_v2[0].id - - body = jsonencode({ - properties = { - description = "Outbound logic for Activate primitive of NDP decoupler" - format = "rawxml" - value = file("./apim_v2/api_product/nodo_pagamenti_api/decoupler/decoupler-activate-outbound.xml") - } - }) - - lifecycle { - ignore_changes = [output] - } -} - -resource "azapi_resource" "on_erro_soap_handler" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - type = "Microsoft.ApiManagement/service/policyFragments@2022-04-01-preview" - name = "onerror-soap-req" - parent_id = data.azurerm_api_management.apim_v2[0].id - - body = jsonencode({ - properties = { - description = "On error SOAP request" - format = "rawxml" - value = file("./apim_v2/api_product/nodo_pagamenti_api/on_error_soap_req.xml") - } - }) - - lifecycle { - ignore_changes = [output] - } -} - diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_02_product.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_02_product.tf deleted file mode 100644 index 8b315713aa..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_02_product.tf +++ /dev/null @@ -1,50 +0,0 @@ -############## -## Products ## -############## - -module "apim_nodo_dei_pagamenti_product" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.72.1" - count = var.enabled_features.apim_v2 ? 1 : 0 - - product_id = "nodo" - display_name = "Nodo dei Pagamenti" - description = "Product for Nodo dei Pagamenti" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = var.nodo_pagamenti_subkey_required - approval_required = false - - policy_xml = var.apim_nodo_decoupler_enable ? templatefile("./apim_v2/api_product/nodo_pagamenti_api/decoupler/base_policy.xml.tpl", { # decoupler ON - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - is-nodo-auth-pwd-replace = false - }) : templatefile("./apim_v2/api_product/nodo_pagamenti_api/_base_policy.xml", { # decoupler OFF - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -locals { - api_nodo_product = var.enabled_features.apim_v2 ? [ - azurerm_api_management_api.apim_node_for_psp_api_v1[0].name, - azurerm_api_management_api.apim_nodo_per_psp_api_v1[0].name, - azurerm_api_management_api.apim_node_for_io_api_v1[0].name, - azurerm_api_management_api.apim_nodo_per_pa_api_v1[0].name, - azurerm_api_management_api.apim_nodo_per_psp_richiesta_avvisi_api_v1[0].name, - module.apim_nodo_per_pm_api_v1[0].name, - module.apim_nodo_per_pm_api_v2[0].name, - ] : [] - -} -# associate API to product -resource "azurerm_api_management_product_api" "apim_nodo_dei_pagamenti_product_api" { - for_each = toset(local.api_nodo_product) - - api_name = each.key - product_id = module.apim_nodo_dei_pagamenti_product[0].product_id - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_03_node_for_psp.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_03_node_for_psp.tf deleted file mode 100644 index 96d1ed7761..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_03_node_for_psp.tf +++ /dev/null @@ -1,98 +0,0 @@ -############################ -## WS node for PSP (NM3) ## -############################ - -locals { - apim_node_for_psp_api = { - display_name = "Node for PSP WS (NM3)" - description = "Web services to support PSP in payment activations, defined in nodeForPsp.wsdl" - path = "nodo/node-for-psp" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "node_for_psp_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-psp-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_node_for_psp_api.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_node_for_psp_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-psp-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_node_for_psp_api.subscription_required - version_set_id = azurerm_api_management_api_version_set.node_for_psp_api[0].id - version = "v1" - service_url = local.apim_node_for_psp_api.service_url - revision = "1" - - description = local.apim_node_for_psp_api.description - display_name = local.apim_node_for_psp_api.display_name - path = local.apim_node_for_psp_api.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/nodeForPsp.wsdl") - wsdl_selector { - service_name = "nodeForPsp_Service" - endpoint_name = "nodeForPsp_Port" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_node_for_psp_policy" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_psp_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} - - -resource "azurerm_api_management_api_operation_policy" "nm3_activate_verify_policy" { # activatePaymentNoticeV1 verificatore - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_psp_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = var.env_short == "d" ? "637601f8c257810fc0ecfe01" : var.env_short == "u" ? "61dedb1872975e13800fd7ff" : "61dedafc2a92e81a0c7a58fc" - - #tfsec:ignore:GEN005 - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/activate_nm3.xml", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - urlenvpath = var.env_short - url_aks = var.env_short == "p" ? "weu${var.env}.apiconfig.internal.platform.pagopa.it" : "weu${var.env}.apiconfig.internal.${var.env}.platform.pagopa.it" - }) -} - -resource "azurerm_api_management_api_operation_policy" "nm3_activate_v2_verify_policy" { # activatePaymentNoticeV2 verificatore - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_psp_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = var.env_short == "d" ? "637601f8c257810fc0ecfe06" : var.env_short == "u" ? "636e6ca51a11929386f0b101" : "63c559672a92e811a8f33a00" - - #tfsec:ignore:GEN005 - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPsp/v2/activate_nm3.xml", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - urlenvpath = var.env_short - url_aks = var.env_short == "p" ? "weu${var.env}.apiconfig.internal.platform.pagopa.it" : "weu${var.env}.apiconfig.internal.${var.env}.platform.pagopa.it" - }) -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_04_nodo_per_psp.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_04_nodo_per_psp.tf deleted file mode 100644 index 4072e668e2..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_04_nodo_per_psp.tf +++ /dev/null @@ -1,132 +0,0 @@ -###################### -## WS nodo per psp ## -###################### -locals { - apim_nodo_per_psp_api = { - display_name = "Nodo per PSP WS" - description = "Web services to support PSP in payment activations, defined in nodoPerPsp.wsdl" - path = "nodo/nodo-per-psp" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_psp_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_psp_api.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_psp_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_psp_api.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_psp_api[0].id - version = "v1" - service_url = local.apim_nodo_per_psp_api.service_url - revision = "1" - - description = local.apim_nodo_per_psp_api.description - display_name = local.apim_nodo_per_psp_api.display_name - path = local.apim_nodo_per_psp_api.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPsp/v1/nodoPerPsp.wsdl") - wsdl_selector { - service_name = "PagamentiTelematiciPspNodoservice" - endpoint_name = "PPTPort" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_psp_policy" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_psp_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPsp/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} - - - -###################################### -## WS nodo per psp richiesta avvisi ## -###################################### -locals { - apim_nodo_per_psp_richiesta_avvisi_api = { - display_name = "Nodo per PSP Richiesta Avvisi WS" - description = "Web services to support check of pending payments to PSP, defined in nodoPerPspRichiestaAvvisi.wsdl" - path = "nodo/nodo-per-psp-richiesta-avvisi" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_psp_richiesta_avvisi_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-richiesta-avvisi-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_psp_richiesta_avvisi_api.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_psp_richiesta_avvisi_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-richiesta-avvisi-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_psp_richiesta_avvisi_api.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_psp_richiesta_avvisi_api[0].id - version = "v1" - service_url = local.apim_nodo_per_psp_richiesta_avvisi_api.service_url - revision = "1" - - description = local.apim_nodo_per_psp_richiesta_avvisi_api.description - display_name = local.apim_nodo_per_psp_richiesta_avvisi_api.display_name - path = local.apim_nodo_per_psp_richiesta_avvisi_api.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPspRichiestaAvvisi/v1/nodoPerPspRichiestaAvvisi.wsdl") - wsdl_selector { - service_name = "RichiestaAvvisiservice" - endpoint_name = "PPTPort" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_psp_richiesta_avvisi_policy" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_psp_richiesta_avvisi_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPspRichiestaAvvisi/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) - -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_05_node_for_IO.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_05_node_for_IO.tf deleted file mode 100644 index ca67098e3e..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_05_node_for_IO.tf +++ /dev/null @@ -1,77 +0,0 @@ -###################### -## WS nodo for IO ## -###################### -locals { - apim_node_for_io_api = { - display_name = "Node for IO WS" - description = "Web services to support activeIO, defined in nodeForIO.wsdl" - path = "nodo/node-for-io" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "node_for_io_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-for-io-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_node_for_io_api.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_node_for_io_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-io-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_node_for_io_api.subscription_required - version_set_id = azurerm_api_management_api_version_set.node_for_io_api[0].id - version = "v1" - service_url = local.apim_node_for_io_api.service_url - revision = "1" - - description = local.apim_node_for_io_api.description - display_name = local.apim_node_for_io_api.display_name - path = local.apim_node_for_io_api.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/nodeForIO.wsdl") - wsdl_selector { - service_name = "nodeForIO_Service" - endpoint_name = "nodeForIO_Port" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_node_for_io_policy" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_io_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) - -} - -resource "azurerm_api_management_api_operation_policy" "activateIO_reservation_policy" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_io_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = var.env_short == "d" ? "61dc5018b78e981290d7c176" : var.env_short == "u" ? "61dedb1e72975e13800fd80f" : "61dedb1eea7c4a07cc7d47b8" - - #tfsec:ignore:GEN005 - xml_content = file("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/activateIO_reservation_nm3.xml") -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_07_nodo_per_pa.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_07_nodo_per_pa.tf deleted file mode 100644 index 266e11e439..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_07_nodo_per_pa.tf +++ /dev/null @@ -1,67 +0,0 @@ -##################################### -## FdR moved in the related domain ## -##################################### - -#################### -## WS nodo per PA ## -#################### -locals { - apim_nodo_per_pa_api = { - display_name = "Nodo per PA WS" - description = "Web services to support PA in payment activations, defined in nodoPerPa.wsdl" - path = "nodo/nodo-per-pa" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_pa_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pa-api", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_pa_api.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_pa_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pa-api", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_pa_api.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_pa_api[0].id - version = "v1" - service_url = local.apim_nodo_per_pa_api.service_url - revision = "1" - - description = local.apim_nodo_per_pa_api.description - display_name = local.apim_nodo_per_pa_api.display_name - path = local.apim_nodo_per_pa_api.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPa/v1/NodoPerPa.wsdl") - wsdl_selector { - service_name = "PagamentiTelematiciRPTservice" - endpoint_name = "PagamentiTelematiciRPTPort" - } - } -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_pa_policy" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_pa_api_v1[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPa/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_09_nodo_per_pm.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_09_nodo_per_pm.tf deleted file mode 100644 index fc2aa78e4e..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_09_nodo_per_pm.tf +++ /dev/null @@ -1,102 +0,0 @@ -###################### -## Nodo per PM API ## -###################### -locals { - apim_nodo_per_pm_api = { - display_name = "Nodo per Payment Manager API" - description = "API to support Payment Manager" - path = "nodo/nodo-per-pm" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_pm_api" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pm-api", local.project) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_pm_api.display_name - versioning_scheme = "Segment" -} - -module "apim_nodo_per_pm_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-per-pm-api", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_pm_api.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_pm_api[0].id - api_version = "v1" - service_url = local.apim_nodo_per_pm_api.service_url - - description = local.apim_nodo_per_pm_api.description - display_name = local.apim_nodo_per_pm_api.display_name - path = local.apim_nodo_per_pm_api.path - protocols = ["https"] - - content_format = "swagger-json" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_swagger.json.tpl", { - host = local.apim_hostname - service = module.apim_nodo_dei_pagamenti_product[0].product_id - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} - -resource "azurerm_api_management_api_operation_policy" "close_payment_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = format("%s-nodo-per-pm-api-v1", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = "closePayment" - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_add_v1_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} - -resource "azurerm_api_management_api_operation_policy" "parked_list_api_v1" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = format("%s-nodo-per-pm-api-v1", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = "parkedList" - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_add_v1_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} - -module "apim_nodo_per_pm_api_v2" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pm-api", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_pm_api.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_pm_api[0].id - api_version = "v2" - service_url = local.apim_nodo_per_pm_api.service_url - - description = local.apim_nodo_per_pm_api.description - display_name = local.apim_nodo_per_pm_api.display_name - path = local.apim_nodo_per_pm_api.path - protocols = ["https"] - - content_format = "swagger-json" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v2/_swagger.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v2/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - }) -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_02_product.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_auth_02_product.tf deleted file mode 100644 index 2bc2ca18dc..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_02_product.tf +++ /dev/null @@ -1,83 +0,0 @@ -############## -## Products ## -############## - -module "apim_nodo_dei_pagamenti_product_auth" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - count = var.enabled_features.apim_v2 ? 1 : 0 - - product_id = "nodo-auth" - display_name = "Nodo dei Pagamenti (Nuova Connettività)" - description = "Product for Nodo dei Pagamenti (Nuova Connettività)" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = true - approval_required = false - subscriptions_limit = var.nodo_auth_subscription_limit - - - policy_xml = var.apim_nodo_auth_decoupler_enable ? templatefile("./api_product/nodo_pagamenti_api/decoupler/base_policy.xml.tpl", { # decoupler ON - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - is-nodo-auth-pwd-replace = true - }) : file("./apim_v2/api_product/nodo_pagamenti_api/auth/_base_policy.xml") # decoupler OFF -} - -data "azurerm_api_management_api" "apim_aca_api_v1_" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-weu-aca-api-v1", "${var.prefix}-${var.env_short}") // pagopa--weu-aca-api-v1 - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - revision = "1" -} - - -locals { - - api_nodo_product_auth = var.enabled_features.apim_v2 ? [ - azurerm_api_management_api.apim_node_for_psp_api_v1_auth[0].name, - azurerm_api_management_api.apim_nodo_per_psp_api_v1_auth[0].name, - azurerm_api_management_api.apim_node_for_io_api_v1_auth[0].name, - azurerm_api_management_api.apim_nodo_per_pa_api_v1_auth[0].name, - azurerm_api_management_api.apim_node_for_pa_api_v1_auth[0].name, - azurerm_api_management_api.apim_nodo_per_psp_richiesta_avvisi_api_v1_auth[0].name, - data.azurerm_api_management_api.apim_aca_api_v1_[0].name // add ACA to nuova conn, feature needs creare un 2 prodotti separati per nuova connettività x EC e x PSP con in + per gli EC ACA - ] : [] - - -} - -resource "azurerm_api_management_product_api" "apim_nodo_dei_pagamenti_product_api_auth" { - for_each = toset(local.api_nodo_product_auth) - - api_name = each.key - product_id = module.apim_nodo_dei_pagamenti_product_auth[0].product_id - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg -} - -## NAMED VALUE - -resource "azurerm_api_management_named_value" "nodo_auth_password_value" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = "nodoAuthPassword" - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - display_name = "nodoAuthPassword" - value = var.nodo_pagamenti_auth_password -} - -resource "azurerm_api_management_named_value" "x_forwarded_for_value" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = "xForwardedFor" - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - display_name = "xForwardedFor" - value = var.nodo_pagamenti_x_forwarded_for -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_03_node_for_psp.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_auth_03_node_for_psp.tf deleted file mode 100644 index 94b6247ef1..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_03_node_for_psp.tf +++ /dev/null @@ -1,98 +0,0 @@ -############################ -## WS node for psp (NM3) ## -############################ -locals { - apim_node_for_psp_api_auth = { - display_name = "Node for PSP WS (NM3) (AUTH)" - description = "Web services to support PSP in payment activations, defined in nodeForPsp.wsdl" - path = "nodo-auth/node-for-psp" - subscription_required = true - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "node_for_psp_api_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-psp-api-auth", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_node_for_psp_api_auth.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_node_for_psp_api_v1_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-psp-api-auth", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_node_for_psp_api_auth.subscription_required - version_set_id = azurerm_api_management_api_version_set.node_for_psp_api_auth[0].id - version = "v1" - service_url = local.apim_node_for_psp_api_auth.service_url - revision = "1" - - description = local.apim_node_for_psp_api_auth.description - display_name = local.apim_node_for_psp_api_auth.display_name - path = local.apim_node_for_psp_api_auth.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/auth/nodeForPsp.wsdl") - wsdl_selector { - service_name = "nodeForPsp_Service" - endpoint_name = "nodeForPsp_Port" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_node_for_psp_policy_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_psp_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_auth_decoupler_enable - }) -} - - -resource "azurerm_api_management_api_operation_policy" "nm3_activate_verify_policy_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_psp_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = var.env_short == "d" ? "637608a0c257810fc0ecfe1c" : var.env_short == "u" ? "636cb7e439519a17ec9bf98b" : "63b6e2daea7c4a25440fdaa0" - - #tfsec:ignore:GEN005 - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/activate_nm3.xml", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - urlenvpath = var.env_short - url_aks = var.env_short == "p" ? "weu${var.env}.apiconfig.internal.platform.pagopa.it" : "weu${var.env}.apiconfig.internal.${var.env}.platform.pagopa.it" - }) -} - -resource "azurerm_api_management_api_operation_policy" "nm3_activate_v2_verify_policy_auth" { # activatePaymentNoticeV2 verificatore - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_psp_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = var.env_short == "d" ? "637608a0c257810fc0ecfe21" : var.env_short == "u" ? "63756cf1451c1c01c4186baa" : "63b6e2daea7c4a25440fdaa5" - - #tfsec:ignore:GEN005 - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPsp/v2/activate_nm3.xml", { - is-nodo-decoupler-enabled = var.apim_nodo_decoupler_enable - urlenvpath = var.env_short - url_aks = var.env_short == "p" ? "weu${var.env}.apiconfig.internal.platform.pagopa.it" : "weu${var.env}.apiconfig.internal.${var.env}.platform.pagopa.it" - }) - -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_04_nodo_per_psp.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_auth_04_nodo_per_psp.tf deleted file mode 100644 index f517fe43fe..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_04_nodo_per_psp.tf +++ /dev/null @@ -1,130 +0,0 @@ -###################### -## WS nodo per psp ## -###################### -locals { - apim_nodo_per_psp_api_auth = { - display_name = "Nodo per PSP WS (AUTH)" - description = "Web services to support PSP in payment activations, defined in nodoPerPsp.wsdl" - path = "nodo-auth/nodo-per-psp" - subscription_required = true - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_psp_api_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-api-auth", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_psp_api_auth.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_psp_api_v1_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-api-auth", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_psp_api_auth.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_psp_api_auth[0].id - version = "v1" - service_url = local.apim_nodo_per_psp_api_auth.service_url - revision = "1" - - description = local.apim_nodo_per_psp_api_auth.description - display_name = local.apim_nodo_per_psp_api_auth.display_name - path = local.apim_nodo_per_psp_api_auth.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPsp/v1/auth/nodoPerPsp.wsdl") - wsdl_selector { - service_name = "PagamentiTelematiciPspNodoservice" - endpoint_name = "PPTPort" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_psp_policy_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_psp_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPsp/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_auth_decoupler_enable - }) -} - -###################################### -## WS nodo per psp richiesta avvisi ## -###################################### -locals { - apim_nodo_per_psp_richiesta_avvisi_api_auth = { - display_name = "Nodo per PSP Richiesta Avvisi WS (AUTH)" - description = "Web services to support check of pending payments to PSP, defined in nodoPerPspRichiestaAvvisi.wsdl" - path = "nodo-auth/nodo-per-psp-richiesta-avvisi" - subscription_required = true - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_psp_richiesta_avvisi_api_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-richiesta-avvisi-api-auth", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_psp_richiesta_avvisi_api_auth.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_psp_richiesta_avvisi_api_v1_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-richiesta-avvisi-api-auth", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_psp_richiesta_avvisi_api_auth.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_psp_richiesta_avvisi_api_auth[0].id - version = "v1" - service_url = local.apim_nodo_per_psp_richiesta_avvisi_api_auth.service_url - revision = "1" - - description = local.apim_nodo_per_psp_richiesta_avvisi_api_auth.description - display_name = local.apim_nodo_per_psp_richiesta_avvisi_api_auth.display_name - path = local.apim_nodo_per_psp_richiesta_avvisi_api_auth.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPspRichiestaAvvisi/v1/auth/nodoPerPspRichiestaAvvisi.wsdl") - wsdl_selector { - service_name = "RichiestaAvvisiservice" - endpoint_name = "PPTPort" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_psp_richiesta_avvisi_policy_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_psp_richiesta_avvisi_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPspRichiestaAvvisi/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_auth_decoupler_enable - }) - -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_05_node_for_IO.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_auth_05_node_for_IO.tf deleted file mode 100644 index c297ce93cc..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_05_node_for_IO.tf +++ /dev/null @@ -1,65 +0,0 @@ -###################### -## WS nodo for IO ## -###################### -locals { - apim_node_for_io_api_auth = { - display_name = "Node for IO WS (AUTH)" - description = "Web services to support activeIO, defined in nodeForIO.wsdl" - path = "nodo-auth/node-for-io" - subscription_required = true - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "node_for_io_api_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-for-io-api-auth", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_node_for_io_api_auth.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_node_for_io_api_v1_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-io-api-auth", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_node_for_io_api_auth.subscription_required - version_set_id = azurerm_api_management_api_version_set.node_for_io_api_auth[0].id - version = "v1" - service_url = local.apim_node_for_io_api_auth.service_url - revision = "1" - - description = local.apim_node_for_io_api_auth.description - display_name = local.apim_node_for_io_api_auth.display_name - path = local.apim_node_for_io_api_auth.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/auth/nodeForIO.wsdl") - wsdl_selector { - service_name = "nodeForIO_Service" - endpoint_name = "nodeForIO_Port" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_node_for_io_policy_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_io_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_auth_decoupler_enable - }) - -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_07_nodo_per_pa.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_auth_07_nodo_per_pa.tf deleted file mode 100644 index a7a9546930..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_07_nodo_per_pa.tf +++ /dev/null @@ -1,63 +0,0 @@ -###################### -## WS nodo per PA ## -###################### -locals { - apim_nodo_per_pa_api_auth = { - display_name = "Nodo per PA WS (AUTH)" - description = "Web services to support PA in payment activations, defined in nodoPerPa.wsdl" - path = "nodo-auth/nodo-per-pa" - subscription_required = true - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_pa_api_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pa-api-auth", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_pa_api_auth.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_pa_api_v1_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pa-api-auth", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_pa_api_auth.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_pa_api_auth[0].id - version = "v1" - service_url = local.apim_nodo_per_pa_api_auth.service_url - revision = "1" - - description = local.apim_nodo_per_pa_api_auth.description - display_name = local.apim_nodo_per_pa_api_auth.display_name - path = local.apim_nodo_per_pa_api_auth.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPa/v1/auth/NodoPerPa.wsdl") - wsdl_selector { - service_name = "PagamentiTelematiciRPTservice" - endpoint_name = "PagamentiTelematiciRPTPort" - } - } -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_pa_policy_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_pa_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPa/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_auth_decoupler_enable - }) -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_08_node_for_pa.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_auth_08_node_for_pa.tf deleted file mode 100644 index abd9bbe1ad..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_auth_08_node_for_pa.tf +++ /dev/null @@ -1,63 +0,0 @@ -###################### -## Node for PA API ## -###################### -locals { - apim_node_for_pa_api_auth = { - display_name = "Node for PA WS (AUTH)" - description = "Web services to support PA in payment activations, defined in nodeForPa.wsdl" - path = "nodo-auth/node-for-pa" - subscription_required = true - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "node_for_pa_api_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-pa-api-auth", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_node_for_pa_api_auth.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_node_for_pa_api_v1_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-pa-api-auth", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_node_for_pa_api_auth.subscription_required - version_set_id = azurerm_api_management_api_version_set.node_for_pa_api_auth[0].id - version = "v1" - service_url = local.apim_node_for_pa_api_auth.service_url - revision = "1" - - description = local.apim_node_for_pa_api_auth.description - display_name = local.apim_node_for_pa_api_auth.display_name - path = local.apim_node_for_pa_api_auth.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodeForPa/v1/auth/NodeForPa.wsdl") - wsdl_selector { - service_name = "nodeForPa_Service" - endpoint_name = "nodeForPa_Port" - } - } -} - -resource "azurerm_api_management_api_policy" "apim_node_for_pa_policy_auth" { - count = var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_pa_api_v1_auth[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPa/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = var.apim_nodo_auth_decoupler_enable - }) -} diff --git a/src/domains/nodo-app/07_apim_v2_nodo_services_dev.tf b/src/domains/nodo-app/07_apim_v2_nodo_services_dev.tf deleted file mode 100644 index 394f8ae0c6..0000000000 --- a/src/domains/nodo-app/07_apim_v2_nodo_services_dev.tf +++ /dev/null @@ -1,631 +0,0 @@ -############## -## Products ## -############## - -module "apim_nodo_dei_pagamenti_product_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v7.60.0" - - product_id = "nodo-dev" - display_name = "Nodo dei Pagamenti (DEV)" - description = "Product for Nodo dei Pagamenti" - - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - published = true - subscription_required = var.nodo_pagamenti_subkey_required - approval_required = false - - policy_xml = templatefile("./api_product/nodo_pagamenti_api/_base_policy.xml", { - address-range-from = var.env_short == "p" ? "10.1.128.0" : "0.0.0.0" - address-range-to = var.env_short == "p" ? "10.1.128.255" : "0.0.0.0" - }) -} - -locals { - - api_nodo_product_dev = var.env_short == "d" && var.enabled_features.apim_v2 ? [ - azurerm_api_management_api.apim_node_for_psp_api_v1_dev[0].name, - azurerm_api_management_api.apim_nodo_per_psp_api_v1_dev[0].name, - azurerm_api_management_api.apim_node_for_io_api_v1_dev[0].name, - azurerm_api_management_api.apim_nodo_per_pa_api_v1_dev[0].name, - ] : [] - -} - -resource "azurerm_api_management_product_api" "apim_nodo_dei_pagamenti_product_api_dev" { - for_each = toset(local.api_nodo_product_dev) - - api_name = each.key - product_id = module.apim_nodo_dei_pagamenti_product_dev[0].product_id - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg -} - -############################ -## WS node for psp (NM3) ## -############################ -locals { - apim_node_for_psp_api_dev = { - display_name = "Node for PSP WS (NM3) (DEV)" - description = "Web services to support PSP in payment activations, defined in nodeForPsp.wsdl" - path = "nodo-dev/node-for-psp" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "node_for_psp_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-psp-api-dev", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_node_for_psp_api_dev.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_node_for_psp_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-psp-api-dev", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_node_for_psp_api_dev.subscription_required - version_set_id = azurerm_api_management_api_version_set.node_for_psp_api_dev[0].id - version = "v1" - service_url = local.apim_node_for_psp_api_dev.service_url - revision = "1" - - description = local.apim_node_for_psp_api_dev.description - display_name = local.apim_node_for_psp_api_dev.display_name - path = local.apim_node_for_psp_api_dev.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/nodeForPsp.wsdl") - wsdl_selector { - service_name = "nodeForPsp_Service" - endpoint_name = "nodeForPsp_Port" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_node_for_psp_policy_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_psp_api_v1_dev[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/_base_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) -} - -################################ -# NOT USED in DEV NEXI only SIT -################################ - -# resource "azurerm_api_management_api_operation_policy" "nm3_activate_verify_policy_dev" { - -# api_name = resource.azurerm_api_management_api.apim_node_for_psp_api_v1_dev[0].name -# api_management_name = local.pagopa_apim_v2_name -# resource_group_name = local.pagopa_apim_v2_rg -# operation_id = var.env_short == "d" ? "61d70973b78e982064458676" : var.env_short == "u" ? "61dedb1872975e13800fd7ff" : "61dedafc2a92e81a0c7a58fc" - -# #tfsec:ignore:GEN005 -# xml_content = file("./apim_v2/api/nodopagamenti_api/nodeForPsp/v1/activate_nm3.xml") -# } - -# resource "azurerm_api_management_api_operation_policy" "nm3_activate_v2_verify_policy" { # activatePaymentNoticeV2 verificatore - -# api_name = resource.azurerm_api_management_api.apim_node_for_psp_api_v1.name -# api_management_name = local.pagopa_apim_v2_name -# resource_group_name = local.pagopa_apim_v2_rg -# operation_id = var.env_short == "d" ? "637601f8c257810fc0ecfe06" : var.env_short == "u" ? "636e6ca51a11929386f0b101" : "TODO" - -# #tfsec:ignore:GEN005 -# xml_content = file("./apim_v2/api/nodopagamenti_api/nodeForPsp/v2/activate_nm3.xml") -# } - -###################### -## WS nodo per psp ## -###################### -locals { - apim_nodo_per_psp_api_dev = { - display_name = "Nodo per PSP WS (DEV)" - description = "Web services to support PSP in payment activations, defined in nodoPerPsp.wsdl" - path = "nodo-dev/nodo-per-psp" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_psp_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-api-dev", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_psp_api_dev.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_psp_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-api-dev", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_psp_api_dev.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_psp_api_dev[0].id - version = "v1" - service_url = local.apim_nodo_per_psp_api_dev.service_url - revision = "1" - - description = local.apim_nodo_per_psp_api_dev.description - display_name = local.apim_nodo_per_psp_api_dev.display_name - path = local.apim_nodo_per_psp_api_dev.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPsp/v1/nodoPerPsp.wsdl") - wsdl_selector { - service_name = "PagamentiTelematiciPspNodoservice" - endpoint_name = "PPTPort" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_psp_policy_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_psp_api_v1_dev[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPsp/v1/_base_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) -} - - -###################################### -## WS nodo per psp richiesta avvisi ## -###################################### -locals { - apim_nodo_per_psp_richiesta_avvisi_api_dev = { - display_name = "Nodo per PSP Richiesta Avvisi WS (DEV)" - description = "Web services to support check of pending payments to PSP, defined in nodoPerPspRichiestaAvvisi.wsdl" - path = "nodo-dev/nodo-per-psp-richiesta-avvisi" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_psp_richiesta_avvisi_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-richiesta-avvisi-api-dev", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_psp_richiesta_avvisi_api_dev.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_psp_richiesta_avvisi_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-psp-richiesta-avvisi-api-dev", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_psp_richiesta_avvisi_api_dev.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_psp_richiesta_avvisi_api_dev[0].id - version = "v1" - service_url = local.apim_nodo_per_psp_richiesta_avvisi_api_dev.service_url - revision = "1" - - description = local.apim_nodo_per_psp_richiesta_avvisi_api_dev.description - display_name = local.apim_nodo_per_psp_richiesta_avvisi_api_dev.display_name - path = local.apim_nodo_per_psp_richiesta_avvisi_api_dev.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPspRichiestaAvvisi/v1/nodoPerPspRichiestaAvvisi.wsdl") - wsdl_selector { - service_name = "RichiestaAvvisiservice" - endpoint_name = "PPTPort" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_psp_richiesta_avvisi_policy_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_psp_richiesta_avvisi_api_v1_dev[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPspRichiestaAvvisi/v1/_base_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) - -} - - -###################### -## WS nodo for IO ## -###################### -locals { - apim_node_for_io_api_dev = { - display_name = "Node for IO WS (DEV)" - description = "Web services to support activeIO, defined in nodeForIO.wsdl" - path = "nodo-dev/node-for-io" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "node_for_io_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-for-io-api-dev", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_node_for_io_api_dev.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_node_for_io_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-node-for-io-api-dev", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_node_for_io_api_dev.subscription_required - version_set_id = azurerm_api_management_api_version_set.node_for_io_api_dev[0].id - version = "v1" - service_url = local.apim_node_for_io_api_dev.service_url - revision = "1" - - description = local.apim_node_for_io_api_dev.description - display_name = local.apim_node_for_io_api_dev.display_name - path = local.apim_node_for_io_api_dev.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/nodeForIO.wsdl") - wsdl_selector { - service_name = "nodeForIO_Service" - endpoint_name = "nodeForIO_Port" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_node_for_io_policy_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_node_for_io_api_v1_dev[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/_base_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) - -} - -# resource "azurerm_api_management_api_operation_policy" "activateIO_reservation_policy_dev" { - -# api_name = resource.azurerm_api_management_api.apim_node_for_io_api_v1_dev[0].name -# api_management_name = local.pagopa_apim_v2_name -# resource_group_name = local.pagopa_apim_v2_rg -# operation_id = var.env_short == "d" ? "61dc5018b78e981290d7c176" : var.env_short == "u" ? "61dedb1e72975e13800fd80f" : "61dedb1eea7c4a07cc7d47b8" - -# #tfsec:ignore:GEN005 -# xml_content = file("./apim_v2/api/nodopagamenti_api/nodeForIO/v1/activateIO_reservation_nm3.xml") -# } - -############################ -## WS psp for node (NM3) ## -############################ -#locals { -# apim_psp_for_node_api_dev = { -# display_name = "PSP for Node WS (NM3) (DEV)" -# description = "Web services to support payment transaction started on any PagoPA client, defined in pspForNode.wsdl" -# path = "nodo-dev/psp-for-node" -# subscription_required = var.nodo_pagamenti_subkey_required -# service_url = null -# } -#} -# -#resource "azurerm_api_management_api_version_set" "psp_for_node_api_dev" { -# count = var.env_short == "d" ? 1 : 0 -# -# name = format("%s-psp-for-node-api-dev", var.env_short) -# resource_group_name = local.pagopa_apim_v2_rg -# api_management_name = local.pagopa_apim_v2_name -# display_name = local.apim_psp_for_node_api_dev.display_name -# versioning_scheme = "Segment" -#} -# -#resource "azurerm_api_management_api" "apim_psp_for_node_api_v1_dev" { -# count = var.env_short == "d" ? 1 : 0 -# -# name = format("%s-psp-for-node-api-dev", var.env_short) -# api_management_name = local.pagopa_apim_v2_name -# resource_group_name = local.pagopa_apim_v2_rg -# subscription_required = local.apim_psp_for_node_api_dev.subscription_required -# version_set_id = azurerm_api_management_api_version_set.psp_for_node_api_dev[0].id -# version = "v1" -# service_url = local.apim_psp_for_node_api_dev.service_url -# revision = "1" -# -# description = local.apim_psp_for_node_api_dev.description -# display_name = local.apim_psp_for_node_api_dev.display_name -# path = local.apim_psp_for_node_api_dev.path -# protocols = ["https"] -# -# soap_pass_through = true -# -# import { -# content_format = "wsdl" -# content_value = file("./apim_v2/api/nodopagamenti_api/pspForNode/v1/pspForNode.wsdl") -# wsdl_selector { -# service_name = "pspForNode_Service" -# endpoint_name = "pspForNode_Port" -# } -# } -# -#} -# -#resource "azurerm_api_management_api_policy" "apim_psp_for_node_policy_dev" { -# count = var.env_short == "d" ? 1 : 0 -# -# api_name = azurerm_api_management_api.apim_psp_for_node_api_v1_dev[0].name -# api_management_name = local.pagopa_apim_v2_name -# resource_group_name = local.pagopa_apim_v2_rg -# -# xml_content = file("./api/nodopagamenti_api/pspForNode/v1/_base_policy.xml") -#} - - -###################### -## WS nodo per PA ## -###################### -locals { - apim_nodo_per_pa_api_dev = { - display_name = "Nodo per PA WS (DEV)" - description = "Web services to support PA in payment activations, defined in nodoPerPa.wsdl" - path = "nodo-dev/nodo-per-pa" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_pa_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pa-api-dev", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_pa_api_dev.display_name - versioning_scheme = "Segment" -} - -resource "azurerm_api_management_api" "apim_nodo_per_pa_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pa-api-dev", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_pa_api_dev.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_pa_api_dev[0].id - version = "v1" - service_url = local.apim_nodo_per_pa_api_dev.service_url - revision = "1" - - description = local.apim_nodo_per_pa_api_dev.description - display_name = local.apim_nodo_per_pa_api_dev.display_name - path = local.apim_nodo_per_pa_api_dev.path - protocols = ["https"] - - soap_pass_through = true - - import { - content_format = "wsdl" - content_value = file("./apim_v2/api/nodopagamenti_api/nodoPerPa/v1/NodoPerPa.wsdl") - wsdl_selector { - service_name = "PagamentiTelematiciRPTservice" - endpoint_name = "PagamentiTelematiciRPTPort" - } - } - -} - -resource "azurerm_api_management_api_policy" "apim_nodo_per_pa_policy_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - api_name = azurerm_api_management_api.apim_nodo_per_pa_api_v1_dev[0].name - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPa/v1/_base_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) -} - -###################### -## Nodo per PM API ## -###################### -locals { - apim_nodo_per_pm_api_dev = { - display_name = "Nodo per Payment Manager API (DEV)" - description = "API to support Payment Manager" - path = "nodo-dev/nodo-per-pm" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_per_pm_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-per-pm-api-dev", local.project) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_per_pm_api_dev.display_name - versioning_scheme = "Segment" -} - -module "apim_nodo_per_pm_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-per-pm-api-dev", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_pm_api_dev.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_pm_api_dev[0].id - api_version = "v1" - service_url = local.apim_nodo_per_pm_api_dev.service_url - - description = local.apim_nodo_per_pm_api_dev.description - display_name = local.apim_nodo_per_pm_api_dev.display_name - path = local.apim_nodo_per_pm_api_dev.path - protocols = ["https"] - - content_format = "swagger-json" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_swagger.json.tpl", { - host = local.apim_hostname - service = module.apim_nodo_dei_pagamenti_product_dev[0].product_id - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_base_policy.xml.tpl", { - is-nodo-decoupler-enabled = false - }) -} - -resource "azurerm_api_management_api_operation_policy" "close_payment_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - api_name = format("%s-nodo-per-pm-api-dev-v1", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = "closePayment" - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_add_v1_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) -} - -resource "azurerm_api_management_api_operation_policy" "parked_list_api_v1_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - api_name = format("%s-nodo-per-pm-api-dev-v1", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - operation_id = "parkedList" - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v1/_add_v1_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) -} - -module "apim_nodo_per_pm_api_v2_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-per-pm-api-dev", local.project) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - subscription_required = local.apim_nodo_per_pm_api_dev.subscription_required - version_set_id = azurerm_api_management_api_version_set.nodo_per_pm_api_dev[0].id - api_version = "v2" - service_url = local.apim_nodo_per_pm_api_dev.service_url - - description = local.apim_nodo_per_pm_api_dev.description - display_name = local.apim_nodo_per_pm_api_dev.display_name - path = local.apim_nodo_per_pm_api_dev.path - protocols = ["https"] - - content_format = "swagger-json" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v2/_swagger.json.tpl", { - host = local.apim_hostname - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/nodoPerPM/v2/_base_policy_dev.xml.tpl", { - is-nodo-decoupler-enabled = false - }) -} - -###################### -## NODO monitoring ## -###################### -locals { - apim_nodo_monitoring_api_dev = { - display_name = "Nodo monitoring (DEV)" - description = "Nodo monitoring" - path = "nodo-dev-monitoring/monitoring" - subscription_required = var.nodo_pagamenti_subkey_required - service_url = null - } -} - -resource "azurerm_api_management_api_version_set" "nodo_monitoring_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - - name = format("%s-nodo-monitoring-api-dev", var.env_short) - resource_group_name = local.pagopa_apim_v2_rg - api_management_name = local.pagopa_apim_v2_name - display_name = local.apim_nodo_monitoring_api_dev.display_name - versioning_scheme = "Segment" -} - -module "apim_nodo_monitoring_api_dev" { - count = var.env_short == "d" && var.enabled_features.apim_v2 ? 1 : 0 - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v7.60.0" - - name = format("%s-nodo-monitoring-api-dev", var.env_short) - api_management_name = local.pagopa_apim_v2_name - resource_group_name = local.pagopa_apim_v2_rg - product_ids = [module.apim_nodo_dei_pagamenti_product_dev[0].product_id] - subscription_required = local.apim_nodo_monitoring_api_dev.subscription_required - - version_set_id = azurerm_api_management_api_version_set.nodo_monitoring_api_dev[0].id - api_version = "v1" - - description = local.apim_nodo_monitoring_api_dev.description - display_name = local.apim_nodo_monitoring_api_dev.display_name - path = local.apim_nodo_monitoring_api_dev.path - protocols = ["https"] - - service_url = null - - content_format = "openapi" - content_value = templatefile("./apim_v2/api/nodopagamenti_api/monitoring/v1/_NodoDeiPagamenti.openapi.json.tpl", { - host = local.apim_hostname - service = module.apim_nodo_dei_pagamenti_product_dev[0].product_id - }) - - xml_content = templatefile("./apim_v2/api/nodopagamenti_api/monitoring/v1/_base_policy.xml.tpl", { - base-url = "{{default-nodo-backend-dev-nexi}}" - is-nodo-decoupler-enabled = false - }) -} diff --git a/src/domains/nodo-app/99_variables.tf b/src/domains/nodo-app/99_variables.tf index e63dcdef18..dcc0cc57e6 100644 --- a/src/domains/nodo-app/99_variables.tf +++ b/src/domains/nodo-app/99_variables.tf @@ -437,11 +437,9 @@ variable "storage_account_info" { variable "enabled_features" { type = object({ - apim_v2 = bool eventhub_ha_rx = bool }) default = { - apim_v2 = false eventhub_ha_rx = false } description = "Features enabled in this domain" diff --git a/src/domains/nodo-app/env/weu-dev/terraform.tfvars b/src/domains/nodo-app/env/weu-dev/terraform.tfvars index 3714e80e21..ff18ebc55f 100644 --- a/src/domains/nodo-app/env/weu-dev/terraform.tfvars +++ b/src/domains/nodo-app/env/weu-dev/terraform.tfvars @@ -199,6 +199,5 @@ storage_account_info = { enabled_features = { - apim_v2 = false eventhub_ha_rx = true } diff --git a/src/domains/nodo-app/env/weu-prod/terraform.tfvars b/src/domains/nodo-app/env/weu-prod/terraform.tfvars index 1cffe8d648..090d4c4528 100644 --- a/src/domains/nodo-app/env/weu-prod/terraform.tfvars +++ b/src/domains/nodo-app/env/weu-prod/terraform.tfvars @@ -264,7 +264,6 @@ nodo_pagamenti_x_forwarded_for = "10.230.10.5" enabled_features = { - apim_v2 = false eventhub_ha_rx = true } diff --git a/src/domains/nodo-app/env/weu-uat/terraform.tfvars b/src/domains/nodo-app/env/weu-uat/terraform.tfvars index 537f0a54b5..55cbf7cca5 100644 --- a/src/domains/nodo-app/env/weu-uat/terraform.tfvars +++ b/src/domains/nodo-app/env/weu-uat/terraform.tfvars @@ -221,7 +221,6 @@ storage_account_info = { } enabled_features = { - apim_v2 = false eventhub_ha_rx = true } diff --git a/src/domains/selfcare-app/00_alert_backoffice_apimv2.tf b/src/domains/selfcare-app/00_alert_backoffice_apimv2.tf new file mode 100644 index 0000000000..483487b55f --- /dev/null +++ b/src/domains/selfcare-app/00_alert_backoffice_apimv2.tf @@ -0,0 +1,56 @@ +data "azurerm_api_management" "apim_v2" { + name = "${local.product}-weu-core-apim-v2" + resource_group_name = data.azurerm_resource_group.rg_api.name +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "alert-pagopa-backoffice-availability-v2" { + for_each = { for c in local.selfcare_services : c.base_path => c } + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-alert_pagopa-backoffice-${each.value.name}-availability-v2" + location = var.location + + action { + action_group = var.env_short == "p" ? [ + data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, + data.azurerm_monitor_action_group.opsgenie[0].id + ] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Backoffice Availability" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for ${each.value.base_path} is less than or equal to 99%" + enabled = true + query = var.env_short == "p" ? (<<-QUERY +let threshold = 0.9; +AzureDiagnostics +| where url_s matches regex "${each.value.base_path}" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold +| where Total > 10 + QUERY + ) : (<<-QUERY +let threshold = 0.9; +ApiManagementGatewayLogs +| where Url matches regex "${each.value.base_path}" +| summarize + Total=count(), + Success=count(ResponseCode < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold +| where Total > 10 + QUERY + ) + severity = 1 + frequency = 10 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} diff --git a/src/domains/shared-app/00_alert_authorizer_apimv2.tf b/src/domains/shared-app/00_alert_authorizer_apimv2.tf new file mode 100644 index 0000000000..6c30e5f5c9 --- /dev/null +++ b/src/domains/shared-app/00_alert_authorizer_apimv2.tf @@ -0,0 +1,110 @@ +data "azurerm_api_management" "apim_v2" { + name = "${local.product}-weu-core-apim-v2" + resource_group_name = "${local.product}-api-rg" +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-platform-authorizer-config-availability-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-platform-authorizer-config-availability @ _platform-authorizer-config-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /shared/authorizer-config is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-platform-authorizer-config" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/shared/authorizer-config/" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 2 + frequency = 5 + time_window = 10 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-platform-authorizer-availability-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-platform-authorizer-availability @ _platform-authorizer-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /shared/authorizer is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-platform-authorizer" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/shared/authorizer/" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-platform-authorizer-responsetime-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-opex_pagopa-platform-authorizer-responsetime @ _platform-authorizer-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for /shared/authorizer is greater than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-platform-authorizer" + enabled = true + query = (<<-QUERY +let threshold = 1500; +AzureDiagnostics +| where url_s matches regex "/shared/authorizer/" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 2 + } +} diff --git a/src/domains/shared-app/00_apim_pdf_engine_alert_apimv2.tf b/src/domains/shared-app/00_apim_pdf_engine_alert_apimv2.tf new file mode 100644 index 0000000000..3a4be26a72 --- /dev/null +++ b/src/domains/shared-app/00_apim_pdf_engine_alert_apimv2.tf @@ -0,0 +1,74 @@ + + + + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_generate-pdf-engine-generate-responsetime-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-responsetime @ _generate-pdf-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Response time for /generate-pdf is less than or equal to 5s" + enabled = true + query = (<<-QUERY +let threshold = 5000; +AzureDiagnostics +| where url_s matches regex "/generate-pdf" +| summarize + watermark=threshold, + duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m) +| where duration_percentile_95 > threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } + +} + +resource "azurerm_monitor_scheduled_query_rules_alert" "opex_pagopa-pdf-engine-pdf-availability-v2" { + count = var.env_short == "p" ? 1 : 0 + resource_group_name = "dashboards" + name = "pagopa-${var.env_short}-availability @ _generate-pdf-v2" + location = var.location + + action { + action_group = [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id] + email_subject = "Email Header" + custom_webhook_payload = "{}" + } + data_source_id = data.azurerm_api_management.apim_v2.id + description = "Availability for /generate-pdf is less than or equal to 99%" + enabled = true + query = (<<-QUERY +let threshold = 0.99; +AzureDiagnostics +| where url_s matches regex "/generate-pdf" +| summarize + Total=count(), + Success=count(responseCode_d < 500) + by bin(TimeGenerated, 5m) +| extend availability=toreal(Success) / Total +| where availability < threshold + QUERY + ) + severity = 1 + frequency = 5 + time_window = 5 + trigger { + operator = "GreaterThanOrEqual" + threshold = 1 + } + +} + diff --git a/src/next-core/03_apim.tf b/src/next-core/03_apim.tf index 8a73c85c1a..54f0d2ad2c 100644 --- a/src/next-core/03_apim.tf +++ b/src/next-core/03_apim.tf @@ -65,7 +65,7 @@ locals { } module "apimv2" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management?ref=v7.67.1" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management?ref=v8.22.0" depends_on = [azurerm_subnet_network_security_group_association.apim_stv2_snet] subnet_id = module.apimv2_snet.id location = data.azurerm_resource_group.rg_api.location diff --git a/src/next-core/04_appgw_integration.tf b/src/next-core/04_appgw_integration.tf index e14295a67f..2a40af05e8 100644 --- a/src/next-core/04_appgw_integration.tf +++ b/src/next-core/04_appgw_integration.tf @@ -145,7 +145,7 @@ module "app_gw_integration" { fqdns = ["api.${var.dns_zone_prefix}.${var.external_domain}."] probe = "/status-0123456789abcdef" probe_name = "probe-apim" - request_timeout = 60 + request_timeout = 120 pick_host_name_from_backend = false } } diff --git a/src/next-core/env/prod/terraform.tfvars b/src/next-core/env/prod/terraform.tfvars index 426a09d6e5..ec39b6373e 100644 --- a/src/next-core/env/prod/terraform.tfvars +++ b/src/next-core/env/prod/terraform.tfvars @@ -26,7 +26,7 @@ is_feature_enabled = { dns_forwarder_lb = true, postgres_private_dns = true, apim_core_import = false - + use_new_apim = true } # @@ -155,6 +155,22 @@ apim_v2_zones = ["1", "2", "3"] create_redis_multiaz = true redis_zones = ["1", "2", "3"] redis_cache_enabled = true +apim_v2_autoscale = { + enabled = true + default_instances = 3 + minimum_instances = 3 + maximum_instances = 5 + scale_out_capacity_percentage = 45 + scale_out_time_window = "PT10M" + scale_out_value = "2" + scale_out_cooldown = "PT45M" + scale_in_capacity_percentage = 30 + scale_in_time_window = "PT30M" + scale_in_value = "1" + scale_in_cooldown = "PT4H" +} + + # redis apim redis_cache_params = { @@ -167,7 +183,7 @@ redis_cache_params = { app_gateway_sku_name = "Standard_v2" app_gateway_sku_tier = "Standard_v2" -cidr_subnet_appgateway_integration = ["10.230.10.192/27"] +cidr_subnet_appgateway_integration = ["10.230.10.192/26"] integration_appgateway_private_ip = "10.230.10.200" app_gateway_api_certificate_name = "api-platform-pagopa-it" app_gateway_portal_certificate_name = "portal-platform-pagopa-it" @@ -685,3 +701,5 @@ node_forwarder_sku = "P3v3" devops_agent_zones = [1, 2, 3] devops_agent_balance_zones = false azdo_agent_vm_image_name = "pagopa-p-azdo-agent-ubuntu2204-image-v4" +app_gateway_min_capacity = 2 +app_gateway_max_capacity = 50