Merge branch 'PPANTT-190-feat-infra-ebollo' of https://github.com/pag…

…opa/pagopa-infra into PPANTT-190-feat-infra-ebollo

src/aks-leonardo/03_aks_0.tf

@@ -55,6 +55,9 @@ module "aks_leonardo" {
   addon_azure_policy_enabled                     = true
   addon_azure_key_vault_secrets_provider_enabled = true
   addon_azure_pod_identity_enabled               = true
+  workload_identity_enabled                      = var.aks_enable_workload_identity
+  oidc_issuer_enabled                            = var.aks_enable_workload_identity
+
 
   alerts_enabled = var.aks_alerts_enabled
   # custom_metric_alerts = local.aks_metrics_alerts

src/aks-leonardo/99_variables.tf

@@ -566,3 +566,8 @@ variable "monitor_appinsights_name" {
   type        = string
   description = "App insight in europe name"
 }
+
+variable "aks_enable_workload_identity" {
+  type    = bool
+  default = false
+}

src/aks-leonardo/env/itn-dev/terraform.tfvars

@@ -38,9 +38,11 @@ monitor_appinsights_name                    = "pagopa-d-appinsights"
 #
 # ⛴ AKS
 #
-aks_private_cluster_enabled = false
-aks_alerts_enabled          = false
-aks_kubernetes_version      = "1.29.4"
+aks_private_cluster_enabled  = false
+aks_alerts_enabled           = false
+aks_kubernetes_version       = "1.29.4"
+aks_enable_workload_identity = true
+
 aks_system_node_pool = {
   name            = "padaksleosys",
   vm_size         = "Standard_B2ms",

src/aks-leonardo/env/itn-prod/terraform.tfvars

@@ -39,10 +39,12 @@ monitor_appinsights_name                    = "pagopa-p-appinsights"
 #
 # ⛴ AKS
 #
-aks_private_cluster_enabled = true
-aks_alerts_enabled          = false
-aks_kubernetes_version      = "1.29.4"
-aks_sku_tier                = "Standard"
+aks_private_cluster_enabled  = true
+aks_alerts_enabled           = false
+aks_kubernetes_version       = "1.29.4"
+aks_sku_tier                 = "Standard"
+aks_enable_workload_identity = false
+
 aks_system_node_pool = {
   name            = "papaksleosys",
   vm_size         = "Standard_D2ds_v5",

src/aks-leonardo/env/itn-uat/terraform.tfvars

@@ -38,10 +38,12 @@ monitor_appinsights_name                    = "pagopa-u-appinsights"
 #
 # ⛴ AKS
 #
-aks_private_cluster_enabled = true
-aks_alerts_enabled          = false
-aks_kubernetes_version      = "1.29.4"
-aks_sku_tier                = "Standard"
+aks_private_cluster_enabled  = true
+aks_alerts_enabled           = false
+aks_kubernetes_version       = "1.29.4"
+aks_sku_tier                 = "Standard"
+aks_enable_workload_identity = true
+
 aks_system_node_pool = {
   name            = "pauaksleosys",
   vm_size         = "Standard_D2ds_v5",

src/domains/ecommerce-app/api/ecommerce-checkout/v1/_payment_request_policy.xml.tpl

@@ -1,7 +1,7 @@
 <policies>
   <inbound>
     <!-- Check google reCAPTCHA token validity START -->
-    <set-variable name="recaptchaSecret" value="{{google-recaptcha-secret}}" />
+    <set-variable name="recaptchaSecret" value="{{ecommerce-for-checkout-google-recaptcha-secret}}" />
     <set-variable name="recaptchaToken" value="@(context.Request.OriginalUrl.Query.GetValueOrDefault("recaptchaResponse"))" />
     <choose>
         <when condition="@(context.Variables["recaptchaToken"] == null || context.Variables["recaptchaToken"] == "")">

src/domains/ecommerce-app/api/ecommerce-checkout/v1/_transaction_policy.xml.tpl

@@ -1,7 +1,7 @@
 <policies>
     <inbound>
     <!-- Check google reCAPTCHA token validity START -->
-    <set-variable name="recaptchaSecret" value="{{google-recaptcha-secret}}" />
+    <set-variable name="recaptchaSecret" value="{{ecommerce-for-checkout-google-recaptcha-secret}}" />
     <set-variable name="recaptchaToken" value="@(context.Request.OriginalUrl.Query.GetValueOrDefault("recaptchaResponse"))" />
     <choose>
         <when condition="@(context.Variables["recaptchaToken"] == null || context.Variables["recaptchaToken"] == "")">

src/domains/ecommerce-app/api/ecommerce-checkout/v2/_transaction_policy.xml.tpl

@@ -2,7 +2,7 @@
     <inbound>
         <base />
         <!-- Check google reCAPTCHA token validity START -->
-        <set-variable name="recaptchaSecret" value="{{google-recaptcha-secret}}" />
+        <set-variable name="recaptchaSecret" value="{{ecommerce-for-checkout-google-recaptcha-secret}}" />
         <set-variable name="recaptchaToken" value="@(context.Request.OriginalUrl.Query.GetValueOrDefault("recaptchaResponse"))" />
         <choose>
             <when condition="@(context.Variables["recaptchaToken"] == null || context.Variables["recaptchaToken"] == "")">

src/domains/ecommerce-app/api/ecommerce-io-outcomes/v1/_openapi.json.tpl

@@ -3,7 +3,7 @@
   "info": {
     "version": "0.0.1",
     "title": "Pagopa eCommerce services for app IO outcomes",
-    "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)",
+    "description": "API's exposed from eCommerce services to app IO to handle pagoPA payment outcomes.\n\nThe payment workflow ends with a outcome returned as query params in a webview, for example \n \n - /outcomes?outcome=0. \n\nThe possible outcome are:\n- SUCCESS(0) → payment completed successfully\n- GENERIC_ERROR(1),\n- AUTH_ERROR(2) → authorization denied\n- INVALID_DATA(3) → incorrect data\n- TIMEOUT(4) → timeout \n- CIRCUIT_ERROR(5) → Unsupported circuit (should never happen)\n- MISSING_FIELDS(6) → missing data (should never happen) \n- INVALID_CARD(7) → expired card (or similar)\n- CANCELED_BY_USER(8) → canceled by the user\n- DUPLICATE_ORDER(9) → Double transaction (should never happen)\n- EXCESSIVE_AMOUNT(10) → Excess of availability \n- ORDER_NOT_PRESENT(11) → (should never happen)\n- INVALID_METHOD(12) → (should never happen)\n- KO_RETRIABLE(13) → transaction failed, but the transaction is theoretically recoverable. For the user it is a KO\n- INVALID_SESSION(14)\n- TAKEN_IN_CHARGE(17) → Waiting for outcome \n- PSP_ERROR(25) → Error from psp\n- BE_KO(99) → Backend Error\n- BALANCE_NOT_AVAILABLE(116) → Balance not available\n- CVV_ERROR(117) → Security code error\n- LIMIT_EXCEDEED(121) → Limit excedeed",
     "contact": {
       "name": "pagoPA - Touchpoints team"
     }
@@ -50,10 +50,16 @@
                 "11",
                 "12",
                 "13",
-                "14"
+                "14",
+                "17",
+                "25",
+                "99",
+                "116",
+                "117",
+                "121"
               ]
             },
-            "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session\n",
+            "description": "`0` - Success `1` - Generic error `2` - Authorization error `3` - Invalid data `4` - Timeout `5` - Unsupported circuit `6` - Missing data `7` - Invalid card: expired card etc `8` - Canceled by the user `9` - Double transaction `10` - Excessive amount `11` - Order not present `12` - Invalid method `13` - Retriable KO `14` - Invalid session `17` - Taken in charge `25` - PSP Error `99` - Backend Error `116` - Balance not available `117` - CVV Error `121` - Limit exceeded\n",
             "required": true
           }
         ],
@@ -75,4 +81,4 @@
       }
     }
   }
-}
+}