feat: [CHK-2964] - family & friends proposal (#2168)

* family & friends proposal * feat: start session famly&friends * feat: add family&friends check for all policy * fix: policy syntax * fix: precommit * fix: minor policy fix * fix: policy condition * fix: add policy comment * fix: fragment policy b64 padding decode * [CHK-2970] feat: force payment method statuses when using wallet API via PM (#2174) Co-authored-by: Pietro Tota <[email protected]> * fix(wallet-app): wallet not found pm (#2184) * feat: force payment method statuses when using wallet API via PM * feat: force payment method statuses when using wallet API via PM * fix wallet not found * fix get wallet by id vs pm policy * fix: fix enum variant according to OpenAPI spec * refactor: use payment method ids to select PM methods instead of payment type codes --------- Co-authored-by: Giovanni Berti <[email protected]> Co-authored-by: Pietro Tota <[email protected]> Co-authored-by: Gianluca Ciuffa <[email protected]> * fix 401 for get wallet by id and get wallets by user * add 401 handling for get wallets * feat: force payment method statuses when using eCommerce API via PM (#2186) * fix: unauthorized http error code * duplicate pay-wallet-domain for apim v2 * fix: apim v2 refs * duplicate ecommerce for io v2 * fix: pdv nv for apim v2 * fix: pdv key fetch for named value * fix: onboarding pm redirect url * chore: biz for apim v2 * fix: disable api key for public api key for IO * fix: jwt body padding * fix(apim-v2): jwt body padding * fix static check --------- Co-authored-by: Pietro Tota <[email protected]> Co-authored-by: Pietro Tota <[email protected]> Co-authored-by: ciuffagianluca <[email protected]> Co-authored-by: Giovanni Berti <[email protected]> Co-authored-by: Gianluca Ciuffa <[email protected]> Co-authored-by: Gianluca Ciuffa <[email protected]>
pagopa · Jun 26, 2024 · d3ec508 · d3ec508
1 parent 73b4e5a
commit d3ec508
Show file tree

Hide file tree

Showing 63 changed files with 3,334 additions and 146 deletions.
diff --git a/src/domains/bizevents-app/04_apim_bizevents.tf b/src/domains/bizevents-app/04_apim_bizevents.tf
@@ -268,3 +268,45 @@ module "apim_api_bizevents_transactions_api_jwt_v1" {
     pdv_api_base_path = var.pdv_api_base_path
   })
 }
+
+
+resource "azurerm_api_management_api_version_set" "api_bizevents_transactions_api_apim_v2" {
+  count               = var.env_short == "p" ? 1 : 0
+  name                = format("%s-bizevents-transaction-service-api", var.env_short)
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = "${local.product}-weu-core-apim-v2"
+  display_name        = local.apim_transaction_service_api.display_name
+  versioning_scheme   = "Segment"
+}
+
+
+module "apim_api_bizevents_transactions_api_jwt_v1_apim_v2" {
+
+  count  = var.env_short == "p" ? 1 : 0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v6.4.1"
+
+  name                = format("%s-bizevents-transaction-service-api-jwt", local.project)
+  api_management_name = "${local.product}-weu-core-apim-v2"
+  resource_group_name = local.pagopa_apim_rg
+  product_ids         = [module.apim_transactions_product.product_id]
+  # subscription_required = local.apim_transaction_service_api.subscription_required
+  subscription_required = false # use jwt
+  version_set_id        = azurerm_api_management_api_version_set.api_bizevents_transactions_api_apim_v2[0].id
+  api_version           = "v1"
+
+  description  = "${local.apim_transaction_service_api.description} JWT"
+  display_name = "${local.apim_transaction_service_api.display_name} JWT"
+  path         = "${local.apim_transaction_service_api.path}-jwt"
+  protocols    = ["https"]
+  service_url  = local.apim_transaction_service_api.service_url
+
+  content_format = "openapi"
+  content_value = templatefile("./api/transaction-service/v1/_openapi-jwt.json.tpl", {
+    host = local.apim_hostname
+  })
+
+  xml_content = templatefile("./api/transaction-service/v1/_base_policy-jwt.xml", {
+    hostname          = local.bizevents_hostname
+    pdv_api_base_path = var.pdv_api_base_path
+  })
+}
diff --git a/src/domains/bizevents-app/README.md b/src/domains/bizevents-app/README.md
@@ -17,6 +17,7 @@
 | <a name="module_apim_api_bizevents_api_v1"></a> [apim\_api\_bizevents\_api\_v1](#module\_apim\_api\_bizevents\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.4.1 |
 | <a name="module_apim_api_bizevents_helpdesk_api_v1"></a> [apim\_api\_bizevents\_helpdesk\_api\_v1](#module\_apim\_api\_bizevents\_helpdesk\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.4.1 |
 | <a name="module_apim_api_bizevents_transactions_api_jwt_v1"></a> [apim\_api\_bizevents\_transactions\_api\_jwt\_v1](#module\_apim\_api\_bizevents\_transactions\_api\_jwt\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.4.1 |
+| <a name="module_apim_api_bizevents_transactions_api_jwt_v1_apim_v2"></a> [apim\_api\_bizevents\_transactions\_api\_jwt\_v1\_apim\_v2](#module\_apim\_api\_bizevents\_transactions\_api\_jwt\_v1\_apim\_v2) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.4.1 |
 | <a name="module_apim_api_bizevents_transactions_api_v1"></a> [apim\_api\_bizevents\_transactions\_api\_v1](#module\_apim\_api\_bizevents\_transactions\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.4.1 |
 | <a name="module_apim_bizevents_helpdesk_product"></a> [apim\_bizevents\_helpdesk\_product](#module\_apim\_bizevents\_helpdesk\_product) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.4.1 |
 | <a name="module_apim_bizevents_product"></a> [apim\_bizevents\_product](#module\_apim\_bizevents\_product) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.4.1 |
@@ -31,6 +32,7 @@
 | [azurerm_api_management_api_version_set.api_bizevents_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_api_version_set.api_bizevents_helpdesk_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_api_version_set.api_bizevents_transactions_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
+| [azurerm_api_management_api_version_set.api_bizevents_transactions_api_apim_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_api_version_set.api_bizevents_transactions_jwt_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_named_value.list_trx_for_io_api_key_secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.list_trx_for_io_api_key_secret_apim_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |

diff --git a/src/domains/bizevents-app/api/transaction-service/v1/_base_policy-jwt.xml b/src/domains/bizevents-app/api/transaction-service/v1/_base_policy-jwt.xml
@@ -1,7 +1,6 @@
 <policies>
     <inbound>
         <base />
-
             <!-- ForIO start =============== "x-continuation-token:undefined" -H "x-request-id:undefined" -->
             <choose>
                 <when condition="@( ((string)context.Request.Headers.GetValueOrDefault("x-continuation-token","")).Equals("") || ((string)context.Request.Headers.GetValueOrDefault("x-continuation-token","")).Equals("undefined") )">
@@ -14,10 +13,11 @@
                 </when>
             </choose>
             <!-- ForIO stop =============== "x-continuation-token:undefined" -H "x-request-id:undefined" -->
-
-
+            <!-- fragment to read user id from session token jwt claims. it return userId as sessionTokenUserId variable taken from jwt claims. if the session token
+             is an opaque token a "session-token-not-found" string is returned-->                
+            <include-fragment fragment-id="pay-wallet-user-id-from-session-token" />
             <choose>
-                <when condition="@("true".Equals("{{enable-pm-ecommerce-io}}"))"> 
+                <when condition="@("true".Equals("{{enable-pm-ecommerce-io}}") || !"{{pay-wallet-family-friends-user-ids}}".Contains(((string)context.Variables["sessionTokenUserId"])) )"> 
                     <include-fragment fragment-id="pm-chk-wallet-session" />
                 </when>
                 <otherwise>

diff --git a/src/domains/ecommerce-app/04_apim_ecommerce_io.tf b/src/domains/ecommerce-app/04_apim_ecommerce_io.tf
@@ -54,7 +54,7 @@ locals {
     display_name          = "eCommerce API for IO App"
     description           = "eCommerce pagoPA API dedicated to IO App for pagoPA payment"
     path                  = "ecommerce/io"
-    subscription_required = var.env_short == "p"
+    subscription_required = false
     service_url           = null
   }
 
@@ -243,7 +243,6 @@ resource "azurerm_api_management_api_operation_policy" "io_calculate_fee" {
       wallet-basepath              = local.wallet_hostname
     }
   )
-
 }
 
 resource "azurerm_api_management_api_operation_policy" "io_transaction_outcome" {
@@ -422,4 +421,13 @@ resource "azurerm_api_management_api_operation_policy" "io_wallets_by_user_v2" {
   })
 }
 
+resource "azurerm_api_management_api_operation_policy" "io_get_all_payment_methods" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_name
+  operation_id        = "getAllPaymentMethodsForIO"
 
+  xml_content = templatefile("./api/ecommerce-io/v2/_get_payment_methods.xml.tpl", {
+    enabled_payment_wallet_method_ids_pm = var.enabled_payment_wallet_method_ids_pm
+  })
+}
diff --git a/src/domains/ecommerce-app/04_apim_ecommerce_io_v2.tf b/src/domains/ecommerce-app/04_apim_ecommerce_io_v2.tf
@@ -0,0 +1,146 @@
+###########################
+###                     ###
+### ECOMMERCE IO V2     ###
+###                     ###
+###########################
+
+resource "azurerm_api_management_api_version_set" "apim_v2_ecommerce_io_api_v1" {
+  name                = "${local.project}-ecommerce-io-api"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  display_name        = local.apim_ecommerce_io_api.display_name
+  versioning_scheme   = "Segment"
+}
+
+resource "azurerm_api_management_named_value" "apim_v2_pay_wallet_family_friends_user_ids" {
+  name                = "pay-wallet-family-friends-user-ids"
+  api_management_name = local.pagopa_apim_v2
+  resource_group_name = local.pagopa_apim_rg
+  display_name        = "pay-wallet-family-friends-user-ids"
+  value               = "<TO_UPDATE_MANUALLY_BY_PORTAL>"
+  lifecycle {
+    ignore_changes = [
+      value,
+    ]
+  }
+}
+
+module "apim_v2_ecommerce_io_api_v2" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v6.6.0"
+
+  name                  = "${local.project}-ecommerce-io-api"
+  resource_group_name   = local.pagopa_apim_rg
+  api_management_name   = local.pagopa_apim_v2
+  product_ids           = [module.apim_ecommerce_io_product.product_id]
+  subscription_required = local.apim_ecommerce_io_api.subscription_required
+  version_set_id        = azurerm_api_management_api_version_set.apim_v2_ecommerce_io_api_v1.id
+  api_version           = "v2"
+  service_url           = local.apim_ecommerce_io_api.service_url
+
+  description  = local.apim_ecommerce_io_api.description
+  display_name = local.apim_ecommerce_io_api.display_name
+  path         = local.apim_ecommerce_io_api.path
+  protocols    = ["https"]
+
+  content_format = "openapi"
+  content_value = templatefile("./api/ecommerce-io/v2/_openapi.json.tpl", {
+    host = local.apim_hostname
+  })
+
+  xml_content = templatefile("./api/ecommerce-io/v2/_base_policy.xml.tpl", {
+    ecommerce_ingress_hostname = local.ecommerce_hostname
+    wallet_ingress_hostname    = local.wallet_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_io_post_wallet_transactions_v2" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "createWalletForTransactionsForIO"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/_wallet_transactions.xml.tpl", {
+    wallet-basepath = local.wallet_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_io_transaction_authorization_request_v2" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "requestTransactionAuthorizationForIO"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/_auth_request.xml.tpl", {
+    authurl-basepath = var.env_short == "d" ? local.apim_hostname : "{{wisp2-gov-it}}"
+    wallet-basepath  = local.wallet_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_io_calculate_fee_v2" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "calculateFeesForIO"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/_calculate_fees_policy.xml.tpl",
+    {
+      ecommerce-basepath = local.ecommerce_hostname
+      wallet-basepath    = local.wallet_hostname
+    }
+  )
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_delete_transactions_v2" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "requestTransactionUserCancellationForIO"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/_delete_transaction.xml.tpl", {
+    wallet-basepath = local.wallet_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_get_transactions_v2" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "getTransactionInfoForIO"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/get_transaction.xml.tpl", {
+    wallet-basepath = local.wallet_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_create_transactions_v2" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "newTransactionForIO"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/post_transactions.xml.tpl", {
+    ecommerce_ingress_hostname = local.ecommerce_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_io_wallets_by_user_v2" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "getWalletsByIdIOUser"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/_get_wallets_by_user_with_pm.xml.tpl", {
+    ecommerce-hostname = local.ecommerce_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "apim_v2_io_get_all_payment_methods" {
+  api_name            = "${local.project}-ecommerce-io-api-v2"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_v2
+  operation_id        = "getAllPaymentMethodsForIO"
+
+  xml_content = templatefile("./api/ecommerce-io/v2/_get_payment_methods.xml.tpl", {
+    enabled_payment_wallet_method_ids_pm = var.enabled_payment_wallet_method_ids_pm
+  })
+}
diff --git a/src/domains/ecommerce-app/99_locals.tf b/src/domains/ecommerce-app/99_locals.tf
@@ -30,6 +30,7 @@ locals {
   pagopa_apim_name = "${local.product}-apim"
   pagopa_apim_rg   = "${local.product}-api-rg"
   pagopa_apim_snet = "${local.product}-apim-snet"
+  pagopa_apim_v2   = "${local.product}-weu-core-apim-v2"
 
   pagopa_vnet_integration = "pagopa-${var.env_short}-vnet-integration"
   pagopa_vnet_rg          = "pagopa-${var.env_short}-vnet-rg"

diff --git a/src/domains/ecommerce-app/99_variables.tf b/src/domains/ecommerce-app/99_variables.tf
@@ -162,4 +162,10 @@ variable "pdv_api_base_path" {
   type        = string
   default     = null
   description = "Personal data vault api base path"
-}
+}
+
+variable "enabled_payment_wallet_method_ids_pm" {
+  type        = string
+  default     = ""
+  description = "Comma separated list of eCommerce payment method ids that are enabled with PM APIs"
+}