feat: Added spontaneus payments downstream secrets (#2663)

* added spontaneus payments downstream secrets

* minor fix

---------

Co-authored-by: pasqualespica <[email protected]>
Co-authored-by: Pasquale Spica <[email protected]>

src/domains/gps-app/00_data.tf

@@ -37,3 +37,15 @@ data "azurerm_postgresql_flexible_server" "postgres_flexible_server_private" {
 data "azurerm_resource_group" "identity_rg" {
   name = "${local.product}-identity-rg"
 }
+
+data "azurerm_api_management_product" "apim_iuv_generator_product" {
+  product_id          = "iuvgenerator"
+  api_management_name = local.pagopa_apim_name
+  resource_group_name = local.pagopa_apim_rg
+}
+
+data "azurerm_api_management_product" "apim_gps_spontaneous_payments_services_product" {
+  product_id          = "gps-spontaneous-payments-services"
+  api_management_name = local.pagopa_apim_name
+  resource_group_name = local.pagopa_apim_rg
+}

src/domains/gps-app/02_security.tf

@@ -65,4 +65,21 @@ resource "azurerm_key_vault_secret" "test_gpd_payments_pull_and_debt_positions_s
   content_type = "text/plain"
 
   key_vault_id = data.azurerm_key_vault.kv.id
-}
+}
+
+
+resource "azurerm_key_vault_secret" "iuv_generator_subscription_key" {
+  name         = "apikey-iuv-generator"
+  value        = azurerm_api_management_subscription.iuv_generator_subkey.primary_key
+  content_type = "text/plain"
+
+  key_vault_id = data.azurerm_key_vault.gps_kv.id
+}
+
+resource "azurerm_key_vault_secret" "gps_mbd_service_integration_test_subscription_key" {
+  name         = "apikey-spontaneous-payments-services"
+  value        = azurerm_api_management_subscription.gps_spontaneous_payments_services_subkey.primary_key
+  content_type = "text/plain"
+
+  key_vault_id = data.azurerm_key_vault.gps_kv.id
+}

src/domains/gps-app/05_subkey.tf

@@ -0,0 +1,17 @@
+resource "azurerm_api_management_subscription" "iuv_generator_subkey" {
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  product_id          = data.azurerm_api_management_product.apim_iuv_generator_product.id
+  display_name        = "Subscription Spontaneous Payments for IUV Generator"
+  allow_tracing       = false
+  state               = "active"
+}
+
+resource "azurerm_api_management_subscription" "gps_spontaneous_payments_services_subkey" {
+  api_management_name = data.azurerm_api_management.apim.name
+  resource_group_name = data.azurerm_api_management.apim.resource_group_name
+  product_id          = data.azurerm_api_management_product.apim_gps_spontaneous_payments_services_product.id
+  display_name        = "Subscription Spontaneous Payments for Services"
+  allow_tracing       = false
+  state               = "active"
+}

src/domains/gps-app/api/spontaneous-payments-service/v1/_base_policy.xml

@@ -6,13 +6,14 @@
 
       <!-- Calling Authorizer's fragment -->
       <set-variable name="application_domain" value="gpd" />
-      <choose>
+      <!-- <choose> -->
         <!-- Making sure that will excludes all APIs that does not includes CI fiscal code -->
-        <when condition="@(context.Request.MatchedParameters.ContainsKey("organizationFiscalCode"))">
-          <set-variable name="authorization_entity" value="@(context.Request.MatchedParameters["organizationFiscalCode"])" />
-          <include-fragment fragment-id="authorizer" />
-        </when>
-      </choose>
+        <!-- <when condition="@(context.Request.MatchedParameters.ContainsKey("organizationFiscalCode"))"> -->
+          <!-- <set-variable name="authorization_entity" value="@(context.Request.MatchedParameters["organizationFiscalCode"])" /> -->
+          <!-- <include-fragment fragment-id="authorizer" /> -->
+        <!-- </when> -->
+      <!-- </choose> -->
+
     </inbound>
     <outbound>
       <base />