Merge remote-tracking branch 'origin/main' into NOD-905-fdr-generazio…

…ne-op-ex-dashboard # Conflicts: # .identity/.terraform.lock.hcl # .identity/00_data.tf # .identity/02_application_action.tf # .identity/03_github_environment.tf
pagopa · May 31, 2024 · 17389c4 · 17389c4
2 parents f79908a + b8d9272
commit 17389c4
Show file tree

Hide file tree

Showing 25 changed files with 151 additions and 92 deletions.
diff --git a/.github/workflows/04h_deploy_with_github_runner.yml b/.github/workflows/04h_deploy_with_github_runner.yml
@@ -35,7 +35,7 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
@@ -53,7 +53,7 @@ jobs:
         uses: pagopa/github-actions-template/aks-deploy@main
         with:
           branch: ${{ github.ref_name }}
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           env: ${{ inputs.environment }}
@@ -75,7 +75,7 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }}
@@ -107,15 +107,15 @@ jobs:
         # from https://github.com/Azure/login/commits/master
         uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
         with:
-          client-id: ${{ secrets.CLIENT_ID }}
+          client-id: ${{ secrets.CD_CLIENT_ID }}
           tenant-id: ${{ secrets.TENANT_ID }}
           subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
 
       - name: Terraform Apply
         shell: bash
         run: |
           cd ./infra
-          export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}"
+          export ARM_CLIENT_ID="${{ secrets.CD_CLIENT_ID }}"
           export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
           export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
           export ARM_USE_OIDC=true

diff --git a/.github/workflows/06_integration_test.yml b/.github/workflows/06_integration_test.yml
@@ -65,7 +65,7 @@ jobs:
         # from https://github.com/Azure/login/commits/master
         uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
         with:
-          client-id: ${{ secrets.CLIENT_ID }}
+          client-id: ${{ secrets.CI_CLIENT_ID }}
           tenant-id: ${{ secrets.TENANT_ID }}
           subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
 

diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -31,6 +31,15 @@ data "azurerm_key_vault" "domain_key_vault" {
   resource_group_name = "pagopa-${var.env_short}-${local.domain}-sec-rg"
 }
 
+data "azurerm_key_vault" "nodo_key_vault" {
+  name                = "pagopa-${var.env_short}-nodo-kv"
+  resource_group_name = "pagopa-${var.env_short}-nodo-sec-rg"
+}
+
+data "azurerm_resource_group" "apim_resource_group" {
+  name = "${local.product}-api-rg"
+}
+
 data "azurerm_key_vault_secret" "key_vault_sonar" {
   name         = "sonar-token"
   key_vault_id = data.azurerm_key_vault.key_vault.id
@@ -87,7 +96,26 @@ data "azurerm_key_vault_secret" "opex_org_subscription_key" {
   key_vault_id = data.azurerm_key_vault.domain_key_vault.id
 }
 
+data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" {
+  name         = "slack-webhook-url"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
+#data "azurerm_resource_group" "app_rg" {
+#  name  = "${local.prefix}-${var.env_short}-${local.location_short}-${local.domain}-rg"
+#}
+#
+#data "azurerm_storage_account" "integration_test_storage_account" {
+#  name                = local.integration_test.storage_account_name
+#  resource_group_name = local.integration_test.storage_account_rg
+#}
+
 data "azurerm_user_assigned_identity" "identity_cd" {
   name                = "${local.product}-${local.domain}-01-github-cd-identity"
   resource_group_name = "${local.product}-identity-rg"
 }
+
+data "azurerm_user_assigned_identity" "identity_ci" {
+  name = "${local.product}-${local.domain}-01-github-ci-identity"
+  resource_group_name = "${local.product}-identity-rg"
+}
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
@@ -22,11 +22,12 @@ resource "github_repository_environment" "github_repository_environment" {
 locals {
   env_secrets = {
     "CD_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id,
+    "CI_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_ci.client_id,
     "TENANT_ID" : data.azurerm_client_config.current.tenant_id,
-    "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
     "INTERNAL_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_internal_subscription_key[0].value : data.azurerm_key_vault_secret.opex_internal_subscription_key[0].value,
-    "PSP_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_psp_subscription_key[0].value : data.azurerm_key_vault_secret.opex_psp_subscription_key[0].value,
-    "ORG_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_org_subscription_key[0].value : data.azurerm_key_vault_secret.opex_org_subscription_key[0].value,
+    "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
+    "PSP_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_psp_subscription_key[0].value : ""
+    "ORG_SUBSCRIPTION_KEY": var.env_short != "p" ? data.azurerm_key_vault_secret.integration_test_org_subscription_key[0].value : ""
   }
   env_variables = {
     "CONTAINER_APP_ENVIRONMENT_NAME" : local.container_app_environment.name,
@@ -38,12 +39,6 @@ locals {
     "INTEGRATION_TEST_STORAGE_ACCOUNT_NAME": local.integration_test.storage_account_name
     "INTEGRATION_TEST_REPORTS_FOLDER": local.integration_test.reports_folder
   }
-  repo_secrets = {
-    "SONAR_TOKEN" : data.azurerm_key_vault_secret.key_vault_sonar.value,
-    "BOT_TOKEN_GITHUB" : data.azurerm_key_vault_secret.key_vault_bot_token.value,
-    "CUCUMBER_PUBLISH_TOKEN" : data.azurerm_key_vault_secret.key_vault_cucumber_token.value,
-    "SLACK_WEBHOOK_URL": data.azurerm_key_vault_secret.key_vault_slack_webhook_url.value
-  }
 }
 
 ###############
@@ -62,7 +57,6 @@ resource "github_actions_environment_secret" "github_environment_runner_secrets"
 # ENV Variables #
 #################
 
-
 resource "github_actions_environment_variable" "github_environment_runner_variables" {
   for_each      = local.env_variables
   repository    = local.github.repository
@@ -75,12 +69,32 @@ resource "github_actions_environment_variable" "github_environment_runner_variab
 # Secrets of the Repository #
 #############################
 
+#tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret
+resource "github_actions_secret" "secret_sonar_token" {
+  repository       = local.github.repository
+  secret_name      = "SONAR_TOKEN"
+  plaintext_value  = data.azurerm_key_vault_secret.key_vault_sonar.value
+}
 
-resource "github_actions_secret" "repo_secrets" {
-  for_each        = local.repo_secrets
-  repository      = local.github.repository
-  secret_name     = each.key
-  plaintext_value = each.value
+#tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret
+resource "github_actions_secret" "secret_bot_token" {
+  repository       = local.github.repository
+  secret_name      = "BOT_TOKEN_GITHUB"
+  plaintext_value  = data.azurerm_key_vault_secret.key_vault_bot_token.value
+}
+
+#tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret
+resource "github_actions_secret" "secret_slack_webhook" {
+  repository       = local.github.repository
+  secret_name      = "SLACK_WEBHOOK_URL"
+  plaintext_value  = data.azurerm_key_vault_secret.key_vault_slack_webhook_url.value
+}
+
+#tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret
+resource "github_actions_secret" "secret_integrationtest_slack_webhook" {
+  repository       = local.github.repository
+  secret_name      = "INTEGRATION_TEST_SLACK_WEBHOOK_URL"
+  plaintext_value  = data.azurerm_key_vault_secret.key_vault_integration_test_slack_webhook_url.value
 }
 
 ############
@@ -96,4 +110,4 @@ resource "github_issue_label" "ignore_for_release" {
   repository = local.github.repository
   name       = "ignore-for-release"
   color      = "008000"
-}
+}
diff --git a/.identity/99_variables.tf b/.identity/99_variables.tf
@@ -60,3 +60,7 @@ variable "github_repository_environment" {
     reviewers_teams        = ["pagopa-team-core"]
   }
 }
+
+variable "tags" {
+  type = map(any)
+}
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: pagopa-fdr-chart
 description: Flussi di rendicontazioni
 type: application
-version: "1.18.0"
-appVersion: "1.0.15"
+version: "1.19.0"
+appVersion: "1.0.16"
 dependencies:
   - name: microservice-chart
     version: 3.0.0

diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml
@@ -4,7 +4,7 @@ microservice-chart:
   fullnameOverride: ""
   image:
     repository: ghcr.io/pagopa/pagopa-fdr
-    tag: 1.0.15
+    tag: 1.0.16
     pullPolicy: Always
   readinessProbe:
     httpGet:

diff --git a/helm/values-uat.yaml b/helm/values-uat.yaml
@@ -4,7 +4,7 @@ microservice-chart:
   fullnameOverride: ""
   image:
     repository: ghcr.io/pagopa/pagopa-fdr
-    tag: 1.0.15
+    tag: 1.0.16
     pullPolicy: Always
   readinessProbe:
     httpGet:

diff --git a/integration-test/config/config.json b/integration-test/config/config.json
@@ -13,12 +13,12 @@
     }
   },
   "global_configuration": {
-    "psp": "60000000001",
-    "channel": "15376371009_04",
+    "psp": "88888888888",
+    "channel": "88888888888_01",
     "channel_password": "PLACEHOLDER",
     "organization": "15376371009",
     "broker_org": "15376371009",
-    "broker_psp": "60000000001",
+    "broker_psp": "88888888888",
     "station": "15376371009_03",
     "station_password": "PLACEHOLDER"
   }

diff --git a/integration-test/steps/steps.py b/integration-test/steps/steps.py
@@ -9,6 +9,7 @@
 # Constants
 RESPONSE = "RES"
 REQUEST = "REQ"
+OCP_APIM_SUBSCRIPTION_KEY = "Ocp-Apim-Subscription-Key"
 
 
 @given('systems up')
@@ -28,7 +29,7 @@ def step_impl(context):
             subscription_key = row.get("subscription_key")
             headers = {'Content-Type': 'application/json'}
             if subscription_key is not None:
-                headers['Ocp-Apim-Subscription-Key'] = subscription_key
+                headers[OCP_APIM_SUBSCRIPTION_KEY] = subscription_key
             resp = requests.get(url, headers=headers, verify=False)
             logging.debug(f"response: {resp.status_code}")
             responses &= (resp.status_code == 200)
@@ -73,30 +74,17 @@ def step_impl(context, partner, request_type, payload):
     subscription_key = utils.get_subscription_key(context, partner)
     headers = {'Content-Type': 'application/json'}
     if subscription_key is not None:
-        headers['Ocp-Apim-Subscription-Key'] = subscription_key
+        headers[OCP_APIM_SUBSCRIPTION_KEY] = subscription_key
+    execute_request(context, partner, request_type, headers, payload)
 
-    endpoint_info = utils.get_fdr_url(request_type)
-    endpoint = utils.replace_local_variables(endpoint_info.get("endpoint"), context)
-    endpoint = utils.replace_global_variables(endpoint, context)
-    endpoint_info["endpoint"] = endpoint
-    url = utils.get_url(context, partner) + endpoint
-
-    if hasattr(context, "query_params"):
-        query_params = getattr(context, "query_params")
-        delattr(context, "query_params")
-        url += "?" + query_params
-
-    data = None
-    if payload != 'None':
-        data = getattr(context, payload)
-    response = utils.execute_request(url=url, method=endpoint_info.get("method"), headers=headers, payload=data)
-    setattr(context, request_type + RESPONSE, response)
 
 @when('{partner} with invalid subscription_key request {request_type} to fdr-microservice with {payload}')
 def step_impl(context, partner, request_type, payload):
-    headers = {'Content-Type': 'application/json'}
-    headers['Ocp-Apim-Subscription-Key'] = "00000000000000"
+    headers = {'Content-Type': 'application/json', OCP_APIM_SUBSCRIPTION_KEY: "00000000000000"}
+    execute_request(context, partner, request_type, headers, payload)
+
 
+def execute_request(context, partner, request_type, headers, payload):
     endpoint_info = utils.get_fdr_url(request_type)
     endpoint = utils.replace_local_variables(endpoint_info.get("endpoint"), context)
     endpoint = utils.replace_global_variables(endpoint, context)
@@ -141,6 +129,7 @@ def step_impl(context, number, amount, flow_name, payload):
     for i in range(0, int(number)):
         pay_date = today - datetime.timedelta(days=i)
         single_payment = {
+            "idTransfer": 1,
             "iuv": utils.generate_iuv(),
             "iur": utils.generate_iur(),
             "index": i+1,

diff --git a/openapi/openapi_internal.json b/openapi/openapi_internal.json
@@ -4,7 +4,7 @@
     "title": "FDR - Flussi di rendicontazione (local)",
     "description": "Manage FDR ( aka \"Flussi di Rendicontazione\" ) exchanged between PSP and EC",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "1.0.15"
+    "version": "1.0.16"
   },
   "servers": [
     {
@@ -1817,7 +1817,7 @@
             "example": 0.01
           },
           "payStatus": {
-            "description": "[XML FlussoRiversamento]=[datiSingoliPagamenti.codiceEsitoSingoloPagamento] \n0 -> EXECUTED\n3 -> REVOKED\n9 -> NO_RPT\n4 -> STAND_IN",
+            "description": "[XML FlussoRiversamento]=[datiSingoliPagamenti.codiceEsitoSingoloPagamento] \n0 -> EXECUTED\n3 -> REVOKED\n9 -> NO_RPT\n4 -> STAND_IN\n8 -> STAND_IN_NO_RPT",
             "type": "string",
             "allOf": [
               {
@@ -1843,7 +1843,8 @@
           "EXECUTED",
           "REVOKED",
           "NO_RPT",
-          "STAND_IN"
+          "STAND_IN",
+          "STAND_IN_NO_RPT"
         ],
         "type": "string"
       },

diff --git a/openapi/openapi_organization.json b/openapi/openapi_organization.json
@@ -4,7 +4,7 @@
     "title": "FDR - Flussi di rendicontazione (local)",
     "description": "Manage FDR ( aka \"Flussi di Rendicontazione\" ) exchanged between PSP and EC",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "1.0.15"
+    "version": "1.0.16"
   },
   "servers": [
     {
@@ -967,7 +967,7 @@
             "example": 0.01
           },
           "payStatus": {
-            "description": "[XML FlussoRiversamento]=[datiSingoliPagamenti.codiceEsitoSingoloPagamento] \n0 -> EXECUTED\n3 -> REVOKED\n9 -> NO_RPT\n4 -> STAND_IN",
+            "description": "[XML FlussoRiversamento]=[datiSingoliPagamenti.codiceEsitoSingoloPagamento] \n0 -> EXECUTED\n3 -> REVOKED\n9 -> NO_RPT\n4 -> STAND_IN\n8 -> STAND_IN_NO_RPT",
             "type": "string",
             "allOf": [
               {
@@ -993,7 +993,8 @@
           "EXECUTED",
           "REVOKED",
           "NO_RPT",
-          "STAND_IN"
+          "STAND_IN",
+          "STAND_IN_NO_RPT"
         ],
         "type": "string"
       },

diff --git a/openapi/openapi_psp.json b/openapi/openapi_psp.json
@@ -4,7 +4,7 @@
     "title": "FDR - Flussi di rendicontazione (local)",
     "description": "Manage FDR ( aka \"Flussi di Rendicontazione\" ) exchanged between PSP and EC",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "1.0.15"
+    "version": "1.0.16"
   },
   "servers": [
     {
@@ -1439,7 +1439,7 @@
             "example": 0.01
           },
           "payStatus": {
-            "description": "[XML FlussoRiversamento]=[datiSingoliPagamenti.codiceEsitoSingoloPagamento] \n0 -> EXECUTED\n3 -> REVOKED\n9 -> NO_RPT\n4 -> STAND_IN",
+            "description": "[XML FlussoRiversamento]=[datiSingoliPagamenti.codiceEsitoSingoloPagamento] \n0 -> EXECUTED\n3 -> REVOKED\n9 -> NO_RPT\n4 -> STAND_IN\n8 -> STAND_IN_NO_RPT",
             "type": "string",
             "allOf": [
               {
@@ -1465,7 +1465,8 @@
           "EXECUTED",
           "REVOKED",
           "NO_RPT",
-          "STAND_IN"
+          "STAND_IN",
+          "STAND_IN_NO_RPT"
         ],
         "type": "string"
       },

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>it.gov.pagopa</groupId>
   <artifactId>pagopa-fdr</artifactId>
-  <version>1.0.15</version>
+  <version>1.0.16</version>
   <properties>
     <compiler-plugin.version>3.11.0</compiler-plugin.version>
     <lombok.version>1.18.26</lombok.version>