Skip to content

Commit

Permalink
feat: CHK-3572 optimize send payment result without passing by pm and…
Browse files Browse the repository at this point in the history 
… restore send payment result uat to dev (#2655)

* set ecommerce ingress hostname

* send payhment result update

* fix send payment result policy

* fix backend service url

* update core readme

* add uat to dev send payment result policy

* add uat policy

* fix apim resource deifnition

* add named value and secret for ecommerce subscription key

* add secret and named value for ecommerce dev send payment result subscription key

* add count to avoid dev and prod fetch not existing secret

* Update src/domains/ecommerce-app/04_apim_ecommerce.tf

Co-authored-by: Pietro Tota <[email protected]>

* remove unused named value

* run pre-commit for ecommerce-app and ecommerce-common

* remove unused variable

* remove transactionId unused variable

---------

Co-authored-by: Gianluca Ciuffa <[email protected]>
Co-authored-by: Gianluca Ciuffa <[email protected]>
Co-authored-by: Pietro Tota <[email protected]>
  • Loading branch information
@ciuffagianluca @pietro-tota
4 people authored Dec 20, 2024
1 parent 856d8f1 commit d17e145
Show file tree
Hide file tree
Showing 8 changed files with 117 additions and 44 deletions.
8 changes: 4 additions & 4 deletions src/core/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@
| <a name="input_apim_logger_resource_id"></a> [apim\_logger\_resource\_id](#input\_apim\_logger\_resource\_id) | Resource id for the APIM logger | `string` | `null` | no |
| <a name="input_apim_nodo_auth_decoupler_enable"></a> [apim\_nodo\_auth\_decoupler\_enable](#input\_apim\_nodo\_auth\_decoupler\_enable) | Apply decoupler to nodo-auth product apim policy | `bool` | `false` | no |
| <a name="input_apim_nodo_decoupler_enable"></a> [apim\_nodo\_decoupler\_enable](#input\_apim\_nodo\_decoupler\_enable) | Apply decoupler to nodo product apim policy | `bool` | `false` | no |
| <a name="input_app_gateway_allowed_paths_pagopa_onprem_only"></a> [app\_gateway\_allowed\_paths\_pagopa\_onprem\_only](#input\_app\_gateway\_allowed\_paths\_pagopa\_onprem\_only) | Allowed paths from pagopa onprem only | <pre>object({<br/> paths = list(string)<br/> ips = list(string)<br/> })</pre> | n/a | yes |
| <a name="input_app_gateway_allowed_paths_pagopa_onprem_only"></a> [app\_gateway\_allowed\_paths\_pagopa\_onprem\_only](#input\_app\_gateway\_allowed\_paths\_pagopa\_onprem\_only) | Allowed paths from pagopa onprem only | <pre>object({<br> paths = list(string)<br> ips = list(string)<br> })</pre> | n/a | yes |
| <a name="input_bpd_hostname"></a> [bpd\_hostname](#input\_bpd\_hostname) | BPD hostname | `string` | `""` | no |
| <a name="input_buyer_banks_storage_account_replication_type"></a> [buyer\_banks\_storage\_account\_replication\_type](#input\_buyer\_banks\_storage\_account\_replication\_type) | (Optional) Buyer banks storage account replication type | `string` | `"LRS"` | no |
| <a name="input_buyerbanks_advanced_threat_protection"></a> [buyerbanks\_advanced\_threat\_protection](#input\_buyerbanks\_advanced\_threat\_protection) | Enable contract threat advanced protection | `bool` | `false` | no |
Expand All @@ -345,12 +345,12 @@
| <a name="input_dns_zone_prefix"></a> [dns\_zone\_prefix](#input\_dns\_zone\_prefix) | The dns subdomain. | `string` | `null` | no |
| <a name="input_dns_zone_prefix_prf"></a> [dns\_zone\_prefix\_prf](#input\_dns\_zone\_prefix\_prf) | The dns subdomain. | `string` | `""` | no |
| <a name="input_ecommerce_ingress_hostname"></a> [ecommerce\_ingress\_hostname](#input\_ecommerce\_ingress\_hostname) | ecommerce ingress hostname | `string` | `null` | no |
| <a name="input_enabled_features"></a> [enabled\_features](#input\_enabled\_features) | Features enabled in this domain | <pre>object({<br/> vnet_ita = bool<br/> node_forwarder_ha = optional(bool, false)<br/> })</pre> | <pre>{<br/> "vnet_ita": false<br/>}</pre> | no |
| <a name="input_enabled_features"></a> [enabled\_features](#input\_enabled\_features) | Features enabled in this domain | <pre>object({<br> vnet_ita = bool<br> node_forwarder_ha = optional(bool, false)<br> })</pre> | <pre>{<br> "vnet_ita": false<br>}</pre> | no |
| <a name="input_env"></a> [env](#input\_env) | Contains env description in extend format (dev,uat,prod) | `string` | n/a | yes |
| <a name="input_env_short"></a> [env\_short](#input\_env\_short) | Environment shot version | `string` | n/a | yes |
| <a name="input_external_domain"></a> [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
| <a name="input_fesp_hostname"></a> [fesp\_hostname](#input\_fesp\_hostname) | Fesp hostname | `string` | `""` | no |
| <a name="input_function_app_storage_account_info"></a> [function\_app\_storage\_account\_info](#input\_function\_app\_storage\_account\_info) | n/a | <pre>object({<br/> account_kind = optional(string, "StorageV2")<br/> account_tier = optional(string, "Standard")<br/> account_replication_type = optional(string, "LRS")<br/> access_tier = optional(string, "Hot")<br/> advanced_threat_protection_enable = optional(bool, true)<br/> })</pre> | <pre>{<br/> "access_tier": "Hot",<br/> "account_kind": "StorageV2",<br/> "account_replication_type": "LRS",<br/> "account_tier": "Standard",<br/> "advanced_threat_protection_enable": true<br/>}</pre> | no |
| <a name="input_function_app_storage_account_info"></a> [function\_app\_storage\_account\_info](#input\_function\_app\_storage\_account\_info) | n/a | <pre>object({<br> account_kind = optional(string, "StorageV2")<br> account_tier = optional(string, "Standard")<br> account_replication_type = optional(string, "LRS")<br> access_tier = optional(string, "Hot")<br> advanced_threat_protection_enable = optional(bool, true)<br> })</pre> | <pre>{<br> "access_tier": "Hot",<br> "account_kind": "StorageV2",<br> "account_replication_type": "LRS",<br> "account_tier": "Standard",<br> "advanced_threat_protection_enable": true<br>}</pre> | no |
| <a name="input_io_bpd_hostname"></a> [io\_bpd\_hostname](#input\_io\_bpd\_hostname) | IO BPD hostname | `string` | `""` | no |
| <a name="input_location"></a> [location](#input\_location) | Main location | `string` | `"westeurope"` | no |
| <a name="input_location_ita"></a> [location\_ita](#input\_location\_ita) | Main location | `string` | `"italynorth"` | no |
Expand All @@ -364,7 +364,7 @@
| <a name="input_postgres_private_endpoint_enabled"></a> [postgres\_private\_endpoint\_enabled](#input\_postgres\_private\_endpoint\_enabled) | Private endpoint database enable? | `bool` | `false` | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | `"pagopa"` | no |
| <a name="input_satispay_hostname"></a> [satispay\_hostname](#input\_satispay\_hostname) | Satispay hostname | `string` | `""` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/> "CreatedBy": "Terraform"<br/>}</pre> | no |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br> "CreatedBy": "Terraform"<br>}</pre> | no |
| <a name="input_xpay_hostname"></a> [xpay\_hostname](#input\_xpay\_hostname) | Nexi xpay hostname | `string` | `""` | no |

## Outputs
Expand Down
64 changes: 64 additions & 0 deletions src/core/api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult-uat.xml.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
<!--
IMPORTANT:
- Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
- To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
- To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
- To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
- To remove a policy, delete the corresponding policy statement from the policy document.
- Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
- Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
- Policies are applied in the order of their appearance, from the top down.
- Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope.
-->

<!-- policy closePaymentV2 & sendPaymentResultV2 :
- On outbound call /receipt/KO wisp-conv
- On inbound call /receipt/timer wisp-conv
-->

<policies>
<inbound>
<base />
<set-variable name="clientId" value="@(context.Request.OriginalUrl.Query.GetValueOrDefault("clientId"))" />
<choose>
<when condition="@("ecomm".Equals(context.Variables["clientId"]))">
<set-backend-service base-url="@("https://${ecommerce_ingress_hostname}/pagopa-ecommerce-transactions-service/")" />
</when>
<otherwise>
<set-header name="Ocp-Apim-Subscription-Key" exists-action="override">
<value>{{ecommerce-dev-sendpaymentresult-subscription-key-value}}</value>
</set-header>
<set-backend-service base-url="https://api.dev.platform.pagopa.it/ecommerce/transaction-user-receipts-service/v1" />
</otherwise>
</choose>
<!-- policy for WISP Dismantling -->
<set-variable name="enable_wisp_dismantling_switch" value="{{enable-wisp-dismantling-switch}}" />
<choose>
<when condition="@(context.Variables.GetValueOrDefault<string>("enable_wisp_dismantling_switch", "").Equals("true"))">
<set-variable name="primitive-ko" value="sendPaymentResultV2" />
<set-variable name="request-body" value="@(context.Request.Body.As<JObject>(preserveContent: true))" />
<set-variable name="wisp-payment-tokens" value="@{
try {
JObject request = (JObject) context.Variables["request-body"];
JArray payments = (JArray) request.Property("payments").Value;
return string.Join(",", payments.Select(payment => payment["paymentToken"].ToString()));
} catch (Exception e) {
return "";
}
}" />
<include-fragment fragment-id="wisp-disable-payment-token-timer" />
</when>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
<!-- fragment necessary for WISP Dismantling -->
<include-fragment fragment-id="wisp-receipt-ko" />
</outbound>
<on-error>
<base />
</on-error>
</policies>
28 changes: 1 addition & 27 deletions src/core/api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult.xml.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,7 @@
<policies>
<inbound>
<base />

<set-variable name="transactionId" value="@(context.Request.MatchedParameters["transactionId"])" />
<set-variable name="backend-base-url" value="@($"{{pm-host}}/pp-restapi-CD/v2")" />
<set-variable name="ecommerce_url" value="${ecommerce_ingress_hostname}" />
<set-variable name="body_value" value="@(context.Request.Body.As<string>(preserveContent: true))" />
<set-backend-service base-url="@((string)context.Variables["backend-base-url"])" />

<set-backend-service base-url="@("https://${ecommerce_ingress_hostname}/pagopa-ecommerce-transactions-service/")" />
<!-- policy for WISP Dismantling -->
<set-variable name="enable_wisp_dismantling_switch" value="{{enable-wisp-dismantling-switch}}" />
<choose>
Expand All @@ -52,26 +46,6 @@
<base />
<!-- fragment necessary for WISP Dismantling -->
<include-fragment fragment-id="wisp-receipt-ko" />

<choose>
<when condition="@(context.Response.StatusCode == 200)">
<set-variable name="outcome" value="@(((string)((JObject)context.Response.Body.As<JObject>(preserveContent: true))["outcome"]))" />
</when>
</choose>
<choose>
<when condition="@(context.Response.StatusCode != 200 || !((string)context.Variables.GetValueOrDefault("outcome","")).Equals("OK"))">
<!-- addUserReceipt for ecommerce -->
<send-request ignore-error="true" timeout="10" response-variable-name="test-transaction" mode="new">
<set-url>@($"https://{(string)context.Variables["ecommerce_url"]}/pagopa-ecommerce-transactions-service/transactions/{(string)context.Variables["transactionId"]}/user-receipts")</set-url>
<set-method>POST</set-method>
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>@($"{(string)context.Variables["body_value"]}")</set-body>
</send-request>
<return-response response-variable-name="test-transaction" />
</when>
</choose>
</outbound>
<on-error>
<base />
Expand Down
2 changes: 1 addition & 1 deletion src/core/apim_payment_manager.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -933,7 +933,7 @@ resource "azurerm_api_management_api_operation_policy" "send_payment_result_api_
resource_group_name = data.azurerm_resource_group.rg_api.name
api_management_name = data.azurerm_api_management.apim_migrated[0].name
operation_id = "addUserReceipt"
xml_content = templatefile("./api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult.xml.tpl", {
xml_content = templatefile(var.env_short == "u" ? "./api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult-uat.xml.tpl" : "./api/payment_manager_api/pm-per-nodo/v2/wisp-sendpaymentresult.xml.tpl", {
host = local.api_domain,
ecommerce_ingress_hostname = var.ecommerce_ingress_hostname
})
Expand Down
19 changes: 19 additions & 0 deletions src/domains/ecommerce-app/04_apim_ecommerce.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -658,3 +658,22 @@ module "apim_ecommerce_user_stats_service_api_v1" {
hostname = local.ecommerce_hostname
})
}

#################
## NAMED VALUE ##
#################
data "azurerm_key_vault_secret" "ecommerce_dev_sendpaymentresult_subscription_key" {
count = var.env_short == "u" ? 1 : 0
name = "ecommerce-dev-sendpaymentresult-subscription-key"
key_vault_id = data.azurerm_key_vault.kv.id
}

resource "azurerm_api_management_named_value" "ecommerce_dev_sendpaymentresult_subscription_key_named_value" {
count = var.env_short == "u" ? 1 : 0
name = "ecommerce-dev-sendpaymentresult-subscription-key-value"
api_management_name = local.pagopa_apim_name
resource_group_name = local.pagopa_apim_rg
display_name = "ecommerce-dev-sendpaymentresult-subscription-key-value"
value = data.azurerm_key_vault_secret.ecommerce_dev_sendpaymentresult_subscription_key[0].value
secret = true
}
12 changes: 7 additions & 5 deletions src/domains/ecommerce-app/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@
| [azurerm_api_management_named_value.ecommerce-personal-data-vault-api-key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.ecommerce-webview-jwt-signing-key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.ecommerce_checkout_transaction_jwt_signing_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.ecommerce_dev_sendpaymentresult_subscription_key_named_value](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.ecommerce_for_checkout_google_recaptcha_secret_named_value](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.ecommerce_io_transaction_jwt_signing_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
| [azurerm_api_management_named_value.npg_notification_jwt_secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
Expand Down Expand Up @@ -159,6 +160,7 @@
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
| [azurerm_key_vault_secret.ecommerce_checkout_sessions_jwt_secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.ecommerce_dev_sendpaymentresult_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.ecommerce_for_checkout_google_recaptcha_secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.ecommerce_io_jwt_signing_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_key_vault_secret.ecommerce_io_sessions_jwt_secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
Expand Down Expand Up @@ -199,13 +201,13 @@
| <a name="input_log_analytics_workspace_name"></a> [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes |
| <a name="input_log_analytics_workspace_resource_group_name"></a> [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
| <a name="input_monitor_resource_group_name"></a> [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
| <a name="input_pagopa_vpn"></a> [pagopa\_vpn](#input\_pagopa\_vpn) | pagoPA on prem VPN | <pre>object({<br/> ips = list(string)<br/> })</pre> | n/a | yes |
| <a name="input_pagopa_vpn_dr"></a> [pagopa\_vpn\_dr](#input\_pagopa\_vpn\_dr) | pagoPA on prem VPN DR | <pre>object({<br/> ips = list(string)<br/> })</pre> | n/a | yes |
| <a name="input_pagopa_vpn"></a> [pagopa\_vpn](#input\_pagopa\_vpn) | pagoPA on prem VPN | <pre>object({<br> ips = list(string)<br> })</pre> | n/a | yes |
| <a name="input_pagopa_vpn_dr"></a> [pagopa\_vpn\_dr](#input\_pagopa\_vpn\_dr) | pagoPA on prem VPN DR | <pre>object({<br> ips = list(string)<br> })</pre> | n/a | yes |
| <a name="input_pdv_api_base_path"></a> [pdv\_api\_base\_path](#input\_pdv\_api\_base\_path) | Personal data vault api base path | `string` | `null` | no |
| <a name="input_pod_disruption_budgets"></a> [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | <pre>map(object({<br/> name = optional(string, null)<br/> minAvailable = optional(number, null)<br/> matchLabels = optional(map(any), {})<br/> }))</pre> | `{}` | no |
| <a name="input_pod_disruption_budgets"></a> [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | <pre>map(object({<br> name = optional(string, null)<br> minAvailable = optional(number, null)<br> matchLabels = optional(map(any), {})<br> }))</pre> | `{}` | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/> "CreatedBy": "Terraform"<br/>}</pre> | no |
| <a name="input_tls_cert_check_helm"></a> [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | <pre>object({<br/> chart_version = string,<br/> image_name = string,<br/> image_tag = string<br/> })</pre> | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br> "CreatedBy": "Terraform"<br>}</pre> | no |
| <a name="input_tls_cert_check_helm"></a> [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | <pre>object({<br> chart_version = string,<br> image_name = string,<br> image_tag = string<br> })</pre> | n/a | yes |

## Outputs

Expand Down
13 changes: 13 additions & 0 deletions src/domains/ecommerce-common/02_security.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -589,6 +589,19 @@ resource "azurerm_key_vault_secret" "ecommerce_for_checkout_google_recaptcha_sec
value = "<TO UPDATE MANUALLY ON PORTAL>"
key_vault_id = module.key_vault.id

lifecycle {
ignore_changes = [
value,
]
}
}

resource "azurerm_key_vault_secret" "ecommerce_dev_sendpaymentresult_subscription_key" {
count = var.env_short == "u" ? 1 : 0
name = "ecommerce-dev-sendpaymentresult-subscription-key"
value = "<TO UPDATE MANUALLY ON PORTAL>"
key_vault_id = module.key_vault.id

lifecycle {
ignore_changes = [
value,
Expand Down
Loading

0 comments on commit d17e145

Please sign in to comment.