-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CES-68] Added configuration for APIM migration to itn #246
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Jira Pull Request LinkThis Pull Request refers to the following Jira issue CES-68 |
Quality Gate passedIssues Measures |
📖 Terraform Plan ('infra/resources/prod') - successTerraform Plan + type = "string"
}
+ secondary_key = {
+ type = "string"
}
}
+ required = [
+ "primary_key",
+ "secondary_key",
]
+ type = "object"
}
+ SubscriptionState = {
+ type = "string"
+ x-extensible-enum = [
+ "active",
+ "cancelled",
+ "expired",
+ "rejected",
+ "submitted",
+ "suspended",
]
}
+ SubscriptionWithoutKeys = {
+ properties = {
+ id = {
+ type = "string"
}
+ owner_id = {
+ type = "string"
}
+ scope = {
+ type = "string"
}
}
+ required = [
+ "scope",
]
+ type = "object"
}
+ User = {
+ properties = {
+ email = {
+ "$ref" = "#/definitions/EmailAddress"
}
+ first_name = {
+ type = "string"
}
+ id = {
+ type = "string"
}
+ identities = {
+ items = {
+ "$ref" = "#/definitions/UserIdentityContract"
}
+ type = "array"
}
+ last_name = {
+ type = "string"
}
+ name = {
+ type = "string"
}
+ note = {
+ type = "string"
}
+ registration_date = {
+ format = "date-time"
+ type = "string"
}
+ state = {
+ "$ref" = "#/definitions/UserState"
}
+ type = {
+ type = "string"
}
}
+ type = "object"
}
+ UserCollection = {
+ properties = {
+ items = {
+ items = {
+ "$ref" = "#/definitions/User"
}
+ type = "array"
}
+ next = {
+ description = "The link to the next page of results"
+ format = "url"
+ type = "string"
}
}
+ required = [
+ "items",
]
+ type = "object"
}
+ UserCreated = {
+ allOf = [
+ {
+ "$ref" = "#/definitions/UserPayload"
},
+ {
+ properties = {
+ id = {
+ type = "string"
}
}
+ required = [
+ "id",
]
+ type = "object"
},
]
}
+ UserGroupsPayload = {
+ description = <<-EOT
All the groups with which the user must be associated.
The already existing associations with groups which are not included in this object will be deleted.
EOT
+ example = {
+ groups = [
+ "ApiLimitedMessageWrite",
]
}
+ properties = {
+ groups = {
+ items = {
+ description = "The value of `displayName` property of the group on the APIM"
+ minLength = 1
+ type = "string"
}
+ type = "array"
}
}
+ required = [
+ "groups",
]
+ type = "object"
}
+ UserIdentityContract = {
+ properties = {
+ id = {
+ type = "string"
}
+ provider = {
+ type = "string"
}
}
+ type = "object"
}
+ UserInfo = {
+ properties = {
+ groups = {
+ items = {
+ "$ref" = "#/definitions/Group"
}
+ type = "array"
}
+ subscriptions = {
+ items = {
+ "$ref" = "#/definitions/Subscription"
}
+ type = "array"
}
+ token_name = {
+ minLength = 1
+ type = "string"
}
}
+ type = "object"
}
+ UserPayload = {
+ properties = {
+ email = {
+ "$ref" = "#/definitions/EmailAddress"
}
+ first_name = {
+ minLength = 1
+ type = "string"
}
+ last_name = {
+ minLength = 1
+ type = "string"
}
+ token_name = {
+ minLength = 1
+ type = "string"
}
}
+ required = [
+ "email",
+ "first_name",
+ "last_name",
]
+ type = "object"
}
+ UserState = {
+ type = "string"
+ x-extensible-enum = [
+ "active",
+ "blocked",
+ "pending",
+ "deleted",
]
}
+ UserUpdatePayload = {
+ properties = {
+ first_name = {
+ minLength = 1
+ type = "string"
}
+ last_name = {
+ minLength = 1
+ type = "string"
}
+ token_name = {
+ minLength = 1
+ type = "string"
}
}
+ type = "object"
}
+ UserUpdated = {
+ allOf = [
+ {
+ "$ref" = "#/definitions/UserUpdatePayload"
},
+ {
+ properties = {
+ email = {
+ "$ref" = "#/definitions/EmailAddress"
}
+ id = {
+ type = "string"
}
}
+ required = [
+ "id",
+ "email",
]
+ type = "object"
},
]
}
+ VisibleServicePayload = {
+ "$ref" = "https://raw.githubusercontent.com/pagopa/io-functions-commons/v28.7.1/openapi/definitions.yaml#/VisibleServicePayload"
}
}
+ host = "api.io.pagopa.it"
+ info = {
+ contact = {
+ name = "Digital Transformation Team"
+ url = "https://forum.italia.it/c/progetto-io"
}
+ description = <<-EOT
# Warning
**This is an experimental API that is (most probably) going to change as we evolve the IO platform.**
# Introduction
This is the documentation of the IO API for administration purpose of the platform.
EOT
+ title = "IO API for administration purpose"
+ version = "1.1.0"
+ x-logo = {
+ url = "https://io.italia.it/assets/img/io-logo-blue.svg"
}
}
+ parameters = {
+ SandboxFiscalCode = {
+ description = "The user's sandbox fiscal code, all upper case."
+ in = "path"
+ maxLength = 16
+ minLength = 16
+ name = "fiscal_code"
+ pattern = "[A-Z]{6}[0-9]{2}A[0-9]{2}Y[0-9]{3}X"
+ required = true
+ type = "string"
+ x-example = "SPNDNL80A13Y555X"
}
}
+ paths = {
+ "/development-profiles/{fiscal_code}" = {
+ post = {
+ description = <<-EOT
Create a development profile for the user identified by the
provided fiscal code.
EOT
+ operationId = "createDevelopmentProfile"
+ parameters = [
+ {
+ "$ref" = "#/parameters/SandboxFiscalCode"
},
+ {
+ in = "body"
+ name = "body"
+ schema = {
+ "$ref" = "#/definitions/DevelopmentProfile"
}
+ x-examples = {
+ "application/json" = {
+ email = "foobar@example.com"
}
}
},
]
+ responses = {
+ "200" = {
+ description = "Profile updated."
+ examples = {
+ "application/json" = {
+ email = "foobar@example.com"
+ version = 0
}
}
+ schema = {
+ "$ref" = "#/definitions/ExtendedProfile"
}
}
+ "400" = {
+ description = "Invalid payload."
+ schema = {
+ "$ref" = "#/definitions/ProblemJson"
}
}
+ "401" = {
+ description = "Unauthorized"
}
+ "409" = {
+ description = "Conflict."
+ schema = {
+ "$ref" = "#/definitions/ProblemJson"
}
}
+ "429" = {
+ description = "Too many requests"
}
}
+ summary = "Create DevelopmentProfile"
+ tags = [
+ "restricted",
]
}
}
+ "/impersonate-service/{serviceId}" = {
+ get = {
+ operationId = "getImpersonatedService"
+ parameters = [
+ {
+ description = "the serviceId of the target service."
+ in = "path"
+ name = "serviceId"
+ required = true
+ type = "string"
},
]
+ responses = {
+ "200" = {
+ description = "data required to impersonte a service"
+ schema = {
+ "$ref" = "#/definitions/ImpersonatedService"
}
}
+ "404" = {
+ description = "service or service owner not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Gets the data to impersonate a service"
}
}
+ "/organizations/{organization_fiscal_code}/logo" = {
+ parameters = [
+ {
+ description = "The organization's fiscal code"
+ in = "path"
+ name = "organization_fiscal_code"
+ required = true
+ type = "string"
},
]
+ put = {
+ description = "Upload an organization logo for the given organization fiscal code."
+ operationId = "uploadOrganizationLogo"
+ parameters = [
+ {
+ description = "The logo payload"
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/Logo"
}
},
]
+ responses = {
+ "201" = {
+ description = "Logo uploaded."
+ headers = {
+ Location = {
+ description = "Link to the uploaded logo"
+ type = "string"
}
}
}
+ "400" = {
+ description = "Invalid payload."
+ schema = {
+ "$ref" = "#/definitions/ProblemJson"
}
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Upload Organization Logo"
}
}
+ "/services" = {
+ get = {
+ description = "Gets the list of all existing services."
+ operationId = "getServices"
+ responses = {
+ "200" = {
+ description = "The list of server."
+ schema = {
+ "$ref" = "#/definitions/ServiceCollection"
}
}
+ "500" = {
+ description = "Internal server error."
}
}
+ summary = "Get Services"
}
+ post = {
+ description = <<-EOT
Create a new Service with the attributes provided in the requst
payload.
EOT
+ operationId = "createService"
+ parameters = [
+ {
+ description = "The Service payload."
+ in = "body"
+ name = "body"
+ schema = {
+ "$ref" = "#/definitions/Service"
}
+ x-examples = {
+ "application/json" = {
+ authorized_cidrs = []
+ authorized_recipients = [
+ "XXXYYY79A95Y000X",
]
+ department_name = "dept"
+ organization_name = "org"
+ service_id = "2b3e728c1a5d1efa035c"
+ service_name = "service"
}
}
},
]
+ responses = {
+ "200" = {
+ description = "Service created."
+ examples = {
+ "application/json" = {
+ authorized_cidrs = []
+ authorized_recipients = [
+ "XXXYYY79A95Y000X",
]
+ department_name = "dept"
+ id = "2b3e728c1a5d1efa035c-0000000000000001"
+ organization_name = "org"
+ service_id = "2b3e728c1a5d1efa035c"
+ service_name = "service"
+ version = 1
}
}
+ schema = {
+ "$ref" = "#/definitions/Service"
}
}
+ "401" = {
+ description = "Unauthorized"
}
}
+ summary = "Create Service"
}
}
+ "/services/{service_id}" = {
+ get = {
+ description = "A previously created service with the provided service ID is returned."
+ operationId = "getService"
+ parameters = []
+ responses = {
+ "200" = {
+ description = "Service found."
+ examples = {
+ "application/json" = {
+ authorized_cidrs = []
+ authorized_recipients = [
+ "XXXYYY79A95Y000X",
]
+ department_name = "dept"
+ id = "2b3e728c1a5d1efa035c-0000000000000001"
+ organization_name = "org"
+ service_id = "2b3e728c1a5d1efa035c"
+ service_name = "service"
+ version = 1
}
}
+ schema = {
+ "$ref" = "#/definitions/Service"
}
}
+ "401" = {
+ description = "Unauthorized"
}
+ "404" = {
+ description = "No service found for the provided ID."
}
}
+ summary = "Get Service"
}
+ parameters = [
+ {
+ description = "The ID of an existing Service."
+ in = "path"
+ name = "service_id"
+ required = true
+ type = "string"
},
]
+ put = {
+ description = <<-EOT
Update an existing service with the attributes provided in the
request payload.
EOT
+ operationId = "updateService"
+ parameters = [
+ {
+ description = "The Service payload."
+ in = "body"
+ name = "body"
+ schema = {
+ "$ref" = "#/definitions/Service"
}
+ x-examples = {
+ "application/json" = {
+ authorized_cidrs = []
+ authorized_recipients = [
+ "XXXYYY79A95Y000X",
]
+ department_name = "dept"
+ organization_name = "org"
+ service_id = "2b3e728c1a5d1efa035c"
+ service_name = "service"
}
}
},
]
+ responses = {
+ "200" = {
+ description = "Service updated."
+ examples = {
+ "application/json" = {
+ authorized_cidrs = []
+ authorized_recipients = [
+ "XXXYYY79A95Y000X",
]
+ department_name = "dept"
+ id = "2b3e728c1a5d1efa035c-0000000000000001"
+ organization_name = "org"
+ service_id = "2b3e728c1a5d1efa035c"
+ service_name = "service"
+ version = 1
}
}
+ schema = {
+ "$ref" = "#/definitions/Service"
}
}
+ "401" = {
+ description = "Unauthorized"
}
+ "404" = {
+ description = "No service found for the provided ID."
}
}
+ summary = "Update Service"
}
}
+ "/services/{service_id}/keys" = {
+ get = {
+ operationId = "getSubscriptionKeys"
+ parameters = [
+ {
+ description = "The ID of an existing Service."
+ in = "path"
+ name = "service_id"
+ required = true
+ type = "string"
},
]
+ responses = {
+ "200" = {
+ description = "The subscription keys for the service"
+ schema = {
+ "$ref" = "#/definitions/SubscriptionKeys"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "Subscription not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Gets the subscription keys for the Service identified by the provided service_id"
}
+ put = {
+ operationId = "RegenerateSubscriptionKeys"
+ parameters = [
+ {
+ description = "The ID of an existing Service."
+ in = "path"
+ name = "service_id"
+ required = true
+ type = "string"
},
+ {
+ description = "The type of the key to be regenerated"
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/SubscriptionKeyTypePayload"
}
},
]
+ responses = {
+ "200" = {
+ description = "The subscription keys for the service"
+ schema = {
+ "$ref" = "#/definitions/SubscriptionKeys"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "Subscription not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Regenerate a subscription key for the Service identified by the provided service_id"
}
}
+ "/services/{service_id}/logo" = {
+ parameters = [
+ {
+ description = "The ID of a existing Service."
+ in = "path"
+ name = "service_id"
+ required = true
+ type = "string"
},
]
+ put = {
+ operationId = "uploadServiceLogo"
+ parameters = [
+ {
+ description = "The logo payload"
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/Logo"
}
},
]
+ responses = {
+ "201" = {
+ description = "Logo uploaded."
+ headers = {
+ Location = {
+ description = "Link to the uploaded logo"
+ type = "string"
}
}
}
+ "400" = {
+ description = "Invalid payload."
+ schema = {
+ "$ref" = "#/definitions/ProblemJson"
}
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "No service found for the provided ID."
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Upload service logo."
}
}
+ "/subscriptions/{subscription_id}" = {
+ get = {
+ description = "Get a specific subscription information, that belongs to a particular subscription Id"
+ operationId = "getSubscription"
+ parameters = [
+ {
+ description = "The ID of an existing Subscription."
+ in = "path"
+ name = "subscription_id"
+ required = true
+ type = "string"
},
]
+ responses = {
+ "200" = {
+ description = "Retrieved Subscription information."
+ schema = {
+ "$ref" = "#/definitions/SubscriptionWithoutKeys"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "Subscription not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Get Subscription"
}
}
+ "/subscriptions/{subscription_id}/cidrs" = {
+ get = {
+ description = "Get authorized cidrs for a Subscription"
+ operationId = "getSubscriptionCidrs"
+ parameters = [
+ {
+ description = "The id of the Subscription"
+ in = "path"
+ name = "subscription_id"
+ required = true
+ type = "string"
},
]
+ responses = {
+ "200" = {
+ description = "CIDRs"
+ schema = {
+ "$ref" = "#/definitions/SubscriptionCIDRs"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "Resource (User or Product) not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Get Subscription CIDRs"
}
+ put = {
+ description = "Update authorized cidrs for a Subscription"
+ operationId = "updateSubscriptionCidrs"
+ parameters = [
+ {
+ description = "The id of the Subscription"
+ in = "path"
+ name = "subscription_id"
+ required = true
+ type = "string"
},
+ {
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/CIDRsPayload"
}
},
]
+ responses = {
+ "200" = {
+ description = "The updated CIDRs"
+ schema = {
+ "$ref" = "#/definitions/SubscriptionCIDRs"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "Resource (User or Product) not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Update Subscription CIDRs"
}
}
+ "/users" = {
+ get = {
+ operationId = "getUsers"
+ parameters = [
+ {
+ description = "the number of items to skip."
+ in = "query"
+ minimum = 1
+ name = "cursor"
+ type = "integer"
},
]
+ responses = {
+ "200" = {
+ description = "List of users"
+ schema = {
+ "$ref" = "#/definitions/UserCollection"
}
}
}
+ summary = "Gets the list of users"
}
+ post = {
+ description = "Create a new user with a random password in the Active Directory Azure B2C, then create a corresponding user on the API management resource."
+ operationId = "createUser"
+ parameters = [
+ {
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/UserPayload"
}
},
]
+ responses = {
+ "200" = {
+ description = "The new User"
+ schema = {
+ "$ref" = "#/definitions/UserCreated"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "403" = {
+ description = "Forbidden"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Create user"
}
}
+ "/users/{email}" = {
+ get = {
+ description = "Gets the user information, that is the complete list of subscription and the complete list of groups for the User identified by the provided email"
+ operationId = "getUser"
+ parameters = [
+ {
+ description = "The email of the User"
+ format = "email"
+ in = "path"
+ name = "email"
+ required = true
+ type = "string"
},
]
+ responses = {
+ "200" = {
+ description = "User subscriptions and groups"
+ schema = {
+ "$ref" = "#/definitions/UserInfo"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "User not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Get user"
}
+ put = {
+ description = "Update an existing ADB2C User."
+ operationId = "updateUser"
+ parameters = [
+ {
+ description = "The email of the User"
+ format = "email"
+ in = "path"
+ name = "email"
+ required = true
+ type = "string"
},
+ {
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/UserUpdatePayload"
}
},
]
+ responses = {
+ "200" = {
+ description = "The updated User"
+ schema = {
+ "$ref" = "#/definitions/UserUpdated"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "403" = {
+ description = "Forbidden"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Update user"
}
}
+ "/users/{email}/groups" = {
+ put = {
+ description = "Update the list of groups (permissions) associated to the User identified by the provided email"
+ operationId = "updateGroups"
+ parameters = [
+ {
+ description = "The email of the User"
+ format = "email"
+ in = "path"
+ name = "email"
+ required = true
+ type = "string"
},
+ {
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/UserGroupsPayload"
}
},
]
+ responses = {
+ "200" = {
+ description = "The list of groups associated to the User"
+ schema = {
+ "$ref" = "#/definitions/GroupCollection"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "Resource (User or Product) not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Update user groups"
}
}
+ "/users/{email}/subscriptions/{subscription_id}" = {
+ put = {
+ description = "Create a Subscription identified by the provided subscription id for the User identified by the provided email"
+ operationId = "createSubscription"
+ parameters = [
+ {
+ description = "The email of the User"
+ format = "email"
+ in = "path"
+ name = "email"
+ required = true
+ type = "string"
},
+ {
+ description = "The id of the Subscription"
+ in = "path"
+ name = "subscription_id"
+ required = true
+ type = "string"
},
+ {
+ in = "body"
+ name = "body"
+ required = true
+ schema = {
+ "$ref" = "#/definitions/ProductNamePayload"
}
},
]
+ responses = {
+ "200" = {
+ description = "The subscription created"
+ schema = {
+ "$ref" = "#/definitions/Subscription"
}
}
+ "400" = {
+ description = "Bad request"
}
+ "401" = {
+ description = "Unauthorized"
}
+ "403" = {
+ description = "Forbidden"
}
+ "404" = {
+ description = "Resource (User or Product) not found"
}
+ "500" = {
+ description = "Internal server error"
}
}
+ summary = "Create subscription"
}
}
}
+ produces = [
+ "application/json",
]
+ responses = {}
+ schemes = [
+ "https",
]
+ security = [
+ {
+ SubscriptionKey = []
},
]
+ securityDefinitions = {
+ SubscriptionKey = {
+ description = "The API key obtained through the developer portal."
+ in = "header"
+ name = "Ocp-Apim-Subscription-Key"
+ type = "apiKey"
}
}
+ swagger = "2.0"
}
)
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now. |
Krusty93
approved these changes
Nov 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
List of Changes
Added new APIM configuration file with API and product pointing to itn APIM.
Motivation and Context
In view of the migration of the APIM in italynorth, this PR was created which contains the creation of all the resources that will point to the new APIM, it will be applied before making the backup and restore on the new APIM in ITN, so as to generate all the necessary APIs and products.
Subsequently, all the commented code will be uncommented in a specific PR and the imports of all those resources will be made.
Once the migration is finished, the files and resources relating to the weu APIM v2 will be deleted.
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: