feat: Add enabled workload_identity🇮🇹 + apply payopt prod + apply m…

…ock payopt dev and uat (#2682)

* defined OdP uat test mock

* enabled workload_identity ita + apply payopt prod + apply mock payopt dev and uat

---------

Co-authored-by: pasqualespica <[email protected]>
Co-authored-by: Pasquale Spica <[email protected]>

src/aks-leonardo/env/itn-prod/terraform.tfvars

@@ -43,7 +43,7 @@ aks_private_cluster_enabled  = true
 aks_alerts_enabled           = false
 aks_kubernetes_version       = "1.29.4"
 aks_sku_tier                 = "Standard"
-aks_enable_workload_identity = false
+aks_enable_workload_identity = true
 
 aks_system_node_pool = {
   name            = "papaksleosys",

src/domains/payopt-app/04_apim_payment_options.tf

@@ -19,7 +19,7 @@ module "apim_payment_options_product" {
   published             = false
   subscription_required = true
   approval_required     = false
-  # subscriptions_limit   = 1000
+  subscriptions_limit   = 1000
 
   policy_xml = file("./api_product/_base_policy.xml")
 }

src/domains/payopt-app/04_apim_payment_options_mock.tf

@@ -7,7 +7,7 @@ locals {
 
 module "apim_payment_options_mock_product" {
   source = "./.terraform/modules/__v3__/api_management_product"
-  count  = var.is_feature_enabled.paymentoptions_mock ? 1 : 0
+  count  = var.env_short != "p" ? 1 : 0
 
   product_id   = "pagopa-payment-options-mock"
   display_name = local.apim_payment_options_mock_pagopa_api.display_name
@@ -25,7 +25,7 @@ module "apim_payment_options_mock_product" {
 }
 
 resource "azurerm_api_management_api_version_set" "payment_options_mock_api" {
-  count = var.is_feature_enabled.paymentoptions_mock ? 1 : 0
+  count = var.env_short != "p" ? 1 : 0
 
   name                = format("%s-payment-options-mock-api", var.env_short)
   resource_group_name = local.pagopa_apim_rg
@@ -34,10 +34,9 @@ resource "azurerm_api_management_api_version_set" "payment_options_mock_api" {
   versioning_scheme   = "Segment"
 }
 
-
 module "apim_api_pay_opt_mock_api" {
   source = "./.terraform/modules/__v3__/api_management_api"
-  count  = var.is_feature_enabled.paymentoptions_mock ? 1 : 0
+  count  = var.env_short != "p" ? 1 : 0
 
   name                  = format("%s-pay-opt-mock-api", local.project)
   api_management_name   = local.pagopa_apim_name
@@ -65,7 +64,7 @@ module "apim_api_pay_opt_mock_api" {
   api_operation_policies = [
     {
       operation_id = "get-payment-options",
-      xml_content = templatefile("./api/payment-options-mock/_get_payment_options_policy.xml", {
+      xml_content = templatefile("./api/payment-options-mock/_get_payment_options_${var.env}_policy.xml", {
         hostname = local.hostname
       })
     },

src/domains/payopt-app/05_subkey.tf

@@ -16,7 +16,18 @@ resource "azurerm_api_management_subscription" "forwarder_subkey" {
   state               = "active"
 }
 
+# use for testing ( perf )
+
+data "azurerm_api_management_user" "user_demo" {
+  count = var.env_short != "p" ? 1 : 0
+  # DEV -> 99999000001 PSP Signed Direct
+  # UAT -> 99999000011 PSP DEMO
+  user_id             = var.env_short == "u" ? "349fab55-1fe5-4b89-92ac-5bdeabe3010e"  : "2d6fe3c6-5656-43c8-afd4-ccf2bb352cec"
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+}
 resource "azurerm_api_management_subscription" "service_payment_options_subkey" {
+  depends_on = [ data.azurerm_api_management_user.user_demo ]
   count = var.env_short != "p" ? 1 : 0
 
   api_management_name = data.azurerm_api_management.apim.name
@@ -25,6 +36,7 @@ resource "azurerm_api_management_subscription" "service_payment_options_subkey"
   display_name        = "Subscription for Payments Options APIM"
   allow_tracing       = false
   state               = "active"
+  user_id             = data.azurerm_api_management_user.user_demo[0].id # https://github.com/pagopa/pagopa-payment-options-service/blob/9d2682c700f72cfe3693a8a8a902b72fc8433af5/infra/policy/_get_payment_options_policy.xml#L13
 }
 
 

src/domains/payopt-app/06_keyvault.tf

@@ -67,6 +67,7 @@ resource "azurerm_key_vault_secret" "forwarder_subscription_key" {
   key_vault_id = data.azurerm_key_vault.kv.id
 }
 
+# using for test
 resource "azurerm_key_vault_secret" "service_payment_options_subscription_key" {
   count = var.env_short != "p" ? 1 : 0
 

src/domains/payopt-app/99_variables.tf

@@ -72,11 +72,9 @@ variable "tags" {
 variable "is_feature_enabled" {
   type = object({
     paymentoptions      = bool
-    paymentoptions_mock = bool
   })
   default = {
     paymentoptions      = false
-    paymentoptions_mock = false
   }
 }
 ### External resources