[NOD-905] feat: add OpEx dashboards for internal, psp and organizatio…

…n APIs (#64)

* [NOD-905] feat: add OpEx dashboards for internal, psp and organization APIs
* [NOD-905] fix: updated secrets
* [NOD-905] fix: removed storage account
* [NOD-905] fix: updated identity folder

---------

Co-authored-by: Francesco Cesareo <[email protected]>

.github/workflows/08_create_dashboard.yml

@@ -0,0 +1,111 @@
+name: Create Dashboard
+
+# Controls when the workflow will run
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'openapi/**'
+      - '.github/workflows/08_create_dashboard.yaml'
+      - '.opex/**'
+
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+  deployments: write
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  dashboard:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-22.04
+
+    strategy:
+      matrix:
+        environment: [prod]
+    environment:
+      name: ${{ matrix.environment }}
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Checkout
+        id: checkout
+        # from https://github.com/actions/checkout/commits/main
+        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+        with:
+          persist-credentials: false
+
+      # from https://github.com/pagopa/opex-dashboard-azure-action/
+      # Internal APIs
+      - uses: pagopa/[email protected]
+        with:
+          environment: ${{ matrix.environment }}
+          api-name:
+          config: .opex/env/${{ matrix.environment }}/internal/config.yaml
+          client-id: ${{ secrets.CLIENT_ID }}
+          tenant-id: ${{ secrets.TENANT_ID }}
+          subscription-id: ${{ secrets.INTERNAL_SUBSCRIPTION_ID }}
+          # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action
+          docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d
+
+      # from https://github.com/pagopa/opex-dashboard-azure-action/
+      # Organizations APIs
+      - uses: pagopa/[email protected]
+        with:
+          environment: ${{ matrix.environment }}
+          api-name:
+          config: .opex/env/${{ matrix.environment }}/organization/config.yaml
+          client-id: ${{ secrets.CLIENT_ID }}
+          tenant-id: ${{ secrets.TENANT_ID }}
+          subscription-id: ${{ secrets.ORG_SUBSCRIPTION_ID }}
+          # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action
+          docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d
+
+      # from https://github.com/pagopa/opex-dashboard-azure-action/
+      # PSPs APIs
+      - uses: pagopa/[email protected]
+        with:
+          environment: ${{ matrix.environment }}
+          api-name:
+          config: .opex/env/${{ matrix.environment }}/psp/config.yaml
+          client-id: ${{ secrets.CLIENT_ID }}
+          tenant-id: ${{ secrets.TENANT_ID }}
+          subscription-id: ${{ secrets.PSP_SUBSCRIPTION_ID }}
+          # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action
+          docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d
+
+  delete_github_deployments:
+    runs-on: ubuntu-latest
+    needs: dashboard
+    if: ${{ always() }}
+    steps:
+      - name: Delete Previous deployments
+        uses: actions/github-script@v6
+        env:
+          SHA_HEAD: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.sha) || github.sha}}
+        with:
+          script: |
+            const { SHA_HEAD } = process.env
+
+            const deployments = await github.rest.repos.listDeployments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              sha: SHA_HEAD
+            });
+            await Promise.all(
+              deployments.data.map(async (deployment) => {
+                await github.rest.repos.createDeploymentStatus({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  deployment_id: deployment.id,
+                  state: 'inactive'
+                });
+                return github.rest.repos.deleteDeployment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  deployment_id: deployment.id
+                });
+              })
+            );

.identity/00_data.tf

@@ -1,7 +1,16 @@
+data "azurerm_storage_account" "tf_storage_account" {
+  name                = "pagopainfraterraform${var.env}"
+  resource_group_name = "io-infra-rg"
+}
+
 data "azurerm_resource_group" "dashboards" {
   name = "dashboards"
 }
 
+data "azurerm_resource_group" "apim_resource_group" {
+  name = "${local.product}-api-rg"
+}
+
 data "azurerm_kubernetes_cluster" "aks" {
   name                = local.aks_cluster.name
   resource_group_name = local.aks_cluster.resource_group_name
@@ -41,6 +50,22 @@ data "azurerm_key_vault_secret" "key_vault_bot_token" {
   key_vault_id = data.azurerm_key_vault.key_vault.id
 }
 
+data "azurerm_key_vault_secret" "key_vault_cucumber_token" {
+  name         = "cucumber-token"
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" {
+  name         = "slack-webhook-url"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
+data "azurerm_key_vault_secret" "integration_test_internal_subscription_key" {
+  count        = var.env_short == "p" ? 0 : 1
+  name         = "integration-test-internal-subscription-key"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
 data "azurerm_key_vault_secret" "integration_test_psp_subscription_key" {
   count        = var.env_short == "p" ? 0 : 1
   name         = "integration-test-psp-subscription-key"
@@ -53,26 +78,43 @@ data "azurerm_key_vault_secret" "integration_test_org_subscription_key" {
   key_vault_id = data.azurerm_key_vault.domain_key_vault.id
 }
 
+data "azurerm_key_vault_secret" "opex_internal_subscription_key" {
+  count        = var.env_short == "p" ? 1 : 0
+  name         = "opex-internal-subscription-key"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
+data "azurerm_key_vault_secret" "opex_psp_subscription_key" {
+  count        = var.env_short == "p" ? 1 : 0
+  name         = "opex-psp-subscription-key"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
+data "azurerm_key_vault_secret" "opex_org_subscription_key" {
+  count        = var.env_short == "p" ? 1 : 0
+  name         = "opex-org-subscription-key"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
 data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" {
   name         = "slack-webhook-url"
   key_vault_id = data.azurerm_key_vault.domain_key_vault.id
 }
 
-data "azurerm_key_vault_secret" "key_vault_integration_test_slack_webhook_url" {
-  name         = "integrationtest-slack-webhook-url"
-  key_vault_id = data.azurerm_key_vault.nodo_key_vault.id
-}
+#data "azurerm_resource_group" "app_rg" {
+#  name  = "${local.prefix}-${var.env_short}-${local.location_short}-${local.domain}-rg"
+#}
+#
+#data "azurerm_storage_account" "integration_test_storage_account" {
+#  name                = local.integration_test.storage_account_name
+#  resource_group_name = local.integration_test.storage_account_rg
+#}
 
 data "azurerm_user_assigned_identity" "identity_cd" {
-  name = "${local.product}-${local.domain}-01-github-cd-identity"
+  name                = "${local.product}-${local.domain}-01-github-cd-identity"
   resource_group_name = "${local.product}-identity-rg"
 }
 
-data "azurerm_storage_account" "integration_test_storage_account" {
-  name                = local.integration_test.storage_account_name
-  resource_group_name = local.integration_test.storage_account_rg
-}
-
 data "azurerm_user_assigned_identity" "identity_ci" {
   name = "${local.product}-${local.domain}-01-github-ci-identity"
   resource_group_name = "${local.product}-identity-rg"

.identity/03_github_environment.tf

@@ -24,6 +24,7 @@ locals {
     "CD_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id,
     "CI_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_ci.client_id,
     "TENANT_ID" : data.azurerm_client_config.current.tenant_id,
+    "INTERNAL_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_internal_subscription_key[0].value : data.azurerm_key_vault_secret.opex_internal_subscription_key[0].value,
     "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
     "PSP_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_psp_subscription_key[0].value : ""
     "ORG_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_org_subscription_key[0].value : ""

.identity/99_variables.tf

@@ -13,8 +13,8 @@ locals {
 
   integration_test = {
     storage_account_name = "${local.prefix}${var.env_short}${local.location_short}sharedtstdtsa"
-    storage_account_rg = "${local.prefix}-${var.env_short}-${local.location_short}-shared-tst-dt-rg"
-    reports_folder = local.github.repository
+    storage_account_rg   = "${local.prefix}-${var.env_short}-${local.location_short}-shared-tst-dt-rg"
+    reports_folder       = local.github.repository
   }
 
   aks_cluster = {

.opex/env/prod/internal/backend.ini

@@ -0,0 +1 @@
+subscription=PROD-pagoPA

.opex/env/prod/internal/backend.tfvars

@@ -0,0 +1,4 @@
+resource_group_name  = "io-infra-rg"
+storage_account_name = "pagopainfraterraformprod"
+container_name       = "azurermstate"
+key                  = "opex.pagopa-fdr.terraform.tfstate"

.opex/env/prod/internal/config.yaml

@@ -0,0 +1,12 @@
+oa3_spec: ./openapi/openapi_internal.json # If start with http the file would be downloaded from the internet
+name: opex_pagopa-fdr-internal
+location: West Europe
+timespan: 5m # Default, a number or a timespan https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/timespan
+data_source: /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-api-rg/providers/Microsoft.ApiManagement/service/pagopa-p-apim
+resource_type: api-management
+action_groups:
+  - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/PagoPA
+  - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/SlackPagoPA
+overrides:
+  hosts: # Use these hosts instead of those inside the OpenApi spec
+    - api.platform.pagopa.it

.opex/env/prod/internal/terraform.tfvars

@@ -0,0 +1,11 @@
+prefix    = "pagopa"
+env_short = "p"
+
+
+tags = {
+  CreatedBy   = "Terraform"
+  Environment = "Prod"
+  Owner       = "pagoPA"
+  Source      = "https://github.com/pagopa/pagopa-fdr"
+  CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+}

.opex/env/prod/organization/backend.ini

@@ -0,0 +1 @@
+subscription=PROD-pagoPA

.opex/env/prod/organization/backend.tfvars

@@ -0,0 +1,4 @@
+resource_group_name  = "io-infra-rg"
+storage_account_name = "pagopainfraterraformprod"
+container_name       = "azurermstate"
+key                  = "opex.pagopa-fdr.terraform.tfstate"

.opex/env/prod/organization/config.yaml

@@ -0,0 +1,12 @@
+oa3_spec: ./openapi/openapi_organization.json # If start with http the file would be downloaded from the internet
+name: opex_pagopa-fdr-organization
+location: West Europe
+timespan: 5m # Default, a number or a timespan https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/timespan
+data_source: /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-api-rg/providers/Microsoft.ApiManagement/service/pagopa-p-apim
+resource_type: api-management
+action_groups:
+  - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/PagoPA
+  - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/SlackPagoPA
+overrides:
+  hosts: # Use these hosts instead of those inside the OpenApi spec
+    - api.platform.pagopa.it

.opex/env/prod/organization/terraform.tfvars

@@ -0,0 +1,11 @@
+prefix    = "pagopa"
+env_short = "p"
+
+
+tags = {
+  CreatedBy   = "Terraform"
+  Environment = "Prod"
+  Owner       = "pagoPA"
+  Source      = "https://github.com/pagopa/pagopa-fdr"
+  CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+}

.opex/env/prod/psp/backend.ini

@@ -0,0 +1 @@
+subscription=PROD-pagoPA

.opex/env/prod/psp/backend.tfvars

@@ -0,0 +1,4 @@
+resource_group_name  = "io-infra-rg"
+storage_account_name = "pagopainfraterraformprod"
+container_name       = "azurermstate"
+key                  = "opex.pagopa-fdr.terraform.tfstate"

.opex/env/prod/psp/config.yaml

@@ -0,0 +1,12 @@
+oa3_spec: ./openapi/openapi_psp.json # If start with http the file would be downloaded from the internet
+name: opex_pagopa-fdr-psp
+location: West Europe
+timespan: 5m # Default, a number or a timespan https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/timespan
+data_source: /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-api-rg/providers/Microsoft.ApiManagement/service/pagopa-p-apim
+resource_type: api-management
+action_groups:
+  - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/PagoPA
+  - /subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourceGroups/pagopa-p-monitor-rg/providers/microsoft.insights/actionGroups/SlackPagoPA
+overrides:
+  hosts: # Use these hosts instead of those inside the OpenApi spec
+    - api.platform.pagopa.it

.opex/env/prod/psp/terraform.tfvars

@@ -0,0 +1,11 @@
+prefix    = "pagopa"
+env_short = "p"
+
+
+tags = {
+  CreatedBy   = "Terraform"
+  Environment = "Prod"
+  Owner       = "pagoPA"
+  Source      = "https://github.com/pagopa/pagopa-fdr"
+  CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+}

helm/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: microservice-chart
+  repository: https://pagopa.github.io/aks-microservice-chart-blueprint
+  version: 3.0.0
+digest: sha256:fbefefd4270c2f7fdaf9bc98b73465b58db72bdfeafcbb607c2736ba5fe67a5e
+generated: "2023-07-11T17:02:31.30818+02:00"