feat: CHK-3744 expose checkout authenticated ecommerce endpoint

src/domains/ecommerce-app/04_apim_ecommerce_checkout.tf

@@ -253,3 +253,55 @@ resource "azurerm_api_management_api_operation_policy" "get_fees_v2" {
 
   xml_content = file("./api/ecommerce-checkout/v2/_validate_transactions_jwt_token.tpl")
 }
+
+# pagopa-ecommerce APIs for checkout V3 (authenticated)
+
+module "apim_ecommerce_checkout_api_v3" {
+  source = "./.terraform/modules/__v3__/api_management_api"
+
+  name                  = "${local.project}-checkout-api"
+  resource_group_name   = local.pagopa_apim_rg
+  api_management_name   = local.pagopa_apim_name
+  product_ids           = [module.apim_ecommerce_checkout_product.product_id]
+  subscription_required = local.apim_ecommerce_checkout_api.subscription_required
+  version_set_id        = azurerm_api_management_api_version_set.ecommerce_checkout_api_v1.id
+  api_version           = "v3"
+  service_url           = local.apim_ecommerce_checkout_api.service_url
+
+  description  = local.apim_ecommerce_checkout_api.description
+  display_name = local.apim_ecommerce_checkout_api.display_name
+  path         = local.apim_ecommerce_checkout_api.path
+  protocols    = ["https"]
+
+  content_format = "openapi"
+  content_value = templatefile("./api/ecommerce-checkout/v3/_openapi.json.tpl", {
+    host = local.apim_hostname
+  })
+
+  xml_content = templatefile("./api/ecommerce-checkout/v3/_base_policy.xml.tpl", {
+    ecommerce_ingress_hostname = local.ecommerce_hostname
+    checkout_origin            = var.env_short == "d" ? "*" : "https://${var.dns_zone_checkout}.${var.external_domain}"
+    checkout_ingress_hostname  = local.checkout_hostname
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "transaction_activation_request_v3" {
+  depends_on          = [module.apim_ecommerce_checkout_api_v3]
+  api_name            = "${local.project}-checkout-api-v3"
+  api_management_name = local.pagopa_apim_name
+  resource_group_name = local.pagopa_apim_rg
+  operation_id        = "newTransactionV3"
+
+  xml_content = templatefile("./api/ecommerce-checkout/v3/_transaction_policy.xml.tpl", {
+    pdv_api_base_path = var.pdv_api_base_path
+  })
+}
+
+resource "azurerm_api_management_api_operation_policy" "get_payment_request_info_api_policy_v3" {
+  api_name            = "${local.project}-checkout-api-v3"
+  resource_group_name = local.pagopa_apim_rg
+  api_management_name = local.pagopa_apim_name
+  operation_id        = "getPaymentRequestInfoV3"
+
+  xml_content = file("./api/ecommerce-checkout/v3/_payment_request_policy.xml.tpl")
+}

src/domains/ecommerce-app/99_locals.tf

@@ -37,5 +37,5 @@ locals {
   apim_hostname      = "api.${var.apim_dns_zone_prefix}.${var.external_domain}"
   ecommerce_hostname = "${var.location_short}${var.env}.ecommerce.internal.${var.apim_dns_zone_prefix}.${var.external_domain}"
   wallet_hostname    = "itn${var.env}.pay-wallet.internal.${var.apim_dns_zone_prefix}.${var.external_domain}"
-
+  checkout_hostname  = "${var.location_short}${var.env}.checkout.internal.${var.apim_dns_zone_prefix}.${var.external_domain}"
 }

src/domains/ecommerce-app/README.md

@@ -17,6 +17,7 @@
 | <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 63f6181a6f3a51707a2ab4795bdbed2d888c708b |
 | <a name="module_apim_ecommerce_checkout_api_v1"></a> [apim\_ecommerce\_checkout\_api\_v1](#module\_apim\_ecommerce\_checkout\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_ecommerce_checkout_api_v2"></a> [apim\_ecommerce\_checkout\_api\_v2](#module\_apim\_ecommerce\_checkout\_api\_v2) | ./.terraform/modules/__v3__/api_management_api | n/a |
+| <a name="module_apim_ecommerce_checkout_api_v3"></a> [apim\_ecommerce\_checkout\_api\_v3](#module\_apim\_ecommerce\_checkout\_api\_v3) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_ecommerce_checkout_product"></a> [apim\_ecommerce\_checkout\_product](#module\_apim\_ecommerce\_checkout\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
 | <a name="module_apim_ecommerce_healthcheck_api_v1"></a> [apim\_ecommerce\_healthcheck\_api\_v1](#module\_apim\_ecommerce\_healthcheck\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_ecommerce_helpdesk_commands_product"></a> [apim\_ecommerce\_helpdesk\_commands\_product](#module\_apim\_ecommerce\_helpdesk\_commands\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
@@ -76,6 +77,7 @@
 | [azurerm_api_management_api_operation_policy.get_fees_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.get_method_testing](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.get_payment_request_info_api_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_api_operation_policy.get_payment_request_info_api_policy_v3](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.get_state](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.get_transaction_info](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.get_transaction_info_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
@@ -93,6 +95,7 @@
 | [azurerm_api_management_api_operation_policy.refund_payment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.transaction_activation_request](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.transaction_activation_request_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
+| [azurerm_api_management_api_operation_policy.transaction_activation_request_v3](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.transaction_authorization_request](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_policy.apim_ecommerce_gec_mock_policy_v1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_policy) | resource |
 | [azurerm_api_management_api_policy.apim_ecommerce_gec_mock_policy_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_policy) | resource |

src/domains/ecommerce-app/api/ecommerce-checkout/v3/_base_policy.xml.tpl

@@ -0,0 +1,103 @@
+<policies>
+
+  <inbound>
+      <cors>
+        <allowed-origins>
+          <origin>${checkout_origin}</origin>
+        </allowed-origins>
+        <allowed-methods>
+          <method>POST</method>
+          <method>GET</method>
+          <method>OPTIONS</method>
+        </allowed-methods>
+        <allowed-headers>
+          <header>Content-Type</header>
+          <header>Authorization</header>
+          <header>x-transaction-id-from-client</header>
+          <header>lang</header>
+        </allowed-headers>
+      </cors>
+      <base />
+      <rate-limit-by-key calls="10" renewal-period="5" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization",""))" />
+      <set-variable name="blueDeploymentPrefix" value="@(context.Request.Headers.GetValueOrDefault("deployment","").Contains("blue")?"/beta":"")" />
+      <set-header name="X-Client-Id" exists-action="override" >
+        <value>CHECKOUT</value>
+      </set-header>
+      <rewrite-uri template="@((context.Request.Url.Path).Replace("auth/",""))" />
+      <set-variable name="transactionsOperationId" value="newTransactionV3" />
+      <set-variable name="paymentMethodsOperationId" value="getAllPaymentMethodsV3,createSessionV3" />
+      <set-variable name="paymentRequestsOperationId" value="getPaymentRequestInfoV3" />
+      <choose>
+        <when condition="@(Array.Exists(context.Variables.GetValueOrDefault("transactionsOperationId","").Split(','), operations => operations == context.Operation.Id))">
+          <set-backend-service base-url="@("https://${ecommerce_ingress_hostname}"+context.Variables["blueDeploymentPrefix"]+"/pagopa-ecommerce-transactions-service/v2.1")"/>
+        </when>
+        <when condition="@(Array.Exists(context.Variables.GetValueOrDefault("paymentMethodsOperationId","").Split(','), operations => operations == context.Operation.Id))">
+          <set-backend-service base-url="@("https://${ecommerce_ingress_hostname}"+context.Variables["blueDeploymentPrefix"]+"/pagopa-ecommerce-payment-methods-service")"/>
+        </when>
+        <when condition="@(Array.Exists(context.Variables.GetValueOrDefault("paymentRequestsOperationId","").Split(','), operations => operations == context.Operation.Id))">
+          <set-backend-service base-url="@("https://${ecommerce_ingress_hostname}"+context.Variables["blueDeploymentPrefix"]+"/pagopa-ecommerce-payment-requests-service")"/>
+        </when>
+      </choose>
+      <!-- Check authorization token START-->
+      <set-variable name="authToken" value="@(context.Request.Headers.GetValueOrDefault("Authorization", "").Replace("Bearer ",""))" />
+      <send-request ignore-error="true" timeout="10" response-variable-name="checkSessionResponse" mode="new">
+        <set-url>@($"https://${checkout_ingress_hostname}/pagopa-checkout-auth-service/auth/validate")</set-url>
+        <set-method>GET</set-method>
+        <set-header name="Authorization" exists-action="override">
+            <value>@("Bearer " + (string)context.Variables["authToken"])</value>
+        </set-header>
+      </send-request>
+      <choose>
+        <when condition="@(((int)((IResponse)context.Variables["checkSessionResponse"]).StatusCode) == 401)">
+          <return-response>
+            <set-status code="401" reason="Unauthorized" />
+            <set-body>
+              {
+                  "status": 401,
+                  "title": "Unauthorized",
+                  "detail": "Invalid token"
+              }
+            </set-body>
+          </return-response>
+        </when>
+        <when condition="@(((int)((IResponse)context.Variables["checkSessionResponse"]).StatusCode) == 500)">
+          <return-response>
+            <set-status code="502" reason="Internal server error" />
+            <set-body>
+              {
+                  "status": 502,
+                  "title": "Internal server error",
+                  "detail": "Error in token validation"
+              }
+            </set-body>
+          </return-response>
+        </when>
+        <when condition="@(((int)((IResponse)context.Variables["checkSessionResponse"]).StatusCode) != 200)">
+          <return-response>
+            <set-status code="502" reason="Internal server error" />
+            <set-body>
+              {
+                  "status": 502,
+                  "title": "Internal server error",
+                  "detail": "Unexpected error in token validation"
+              }
+            </set-body>
+          </return-response>
+        </when>
+      </choose>
+      <!-- Check authorization token END-->
+  </inbound>
+
+  <outbound>
+      <base />
+  </outbound>
+
+  <backend>
+      <base />
+  </backend>
+
+  <on-error>
+      <base />
+  </on-error>
+
+</policies>