Merge pull request #589 from hmcts/PAY-6706-New-CFT-APIM

PAY-6706: Migrate Fee Register API over to new CFT APIM
hmcts · Jul 23, 2024 · a5d8c83 · a5d8c83
2 parents ad2ca13 + d2a4f86
commit a5d8c83
Show file tree

Hide file tree

Showing 17 changed files with 223 additions and 84 deletions.
diff --git a/api/build.gradle b/api/build.gradle
@@ -71,9 +71,9 @@ def javaLoggingVersion = '6.0.1'
 dependencies {
     implementation project(':fees-register-model')
     implementation project(':fees-register-api-contract')
-    implementation (group: 'uk.gov.hmcts.reform.auth', name: 'auth-checker-lib', version: '2.1.2') {
-        exclude(module: 'java-logging-spring')
-    }
+
+    implementation group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.2.0'
+
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security'
@@ -95,7 +95,6 @@ dependencies {
     testImplementation group: 'io.rest-assured', name: 'rest-assured'
     testImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.28'
 
-
     annotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.28'
     functionalTestAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.28'
     smokeTestImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.28'

diff --git a/infrastructure/.terraform-version b/infrastructure/.terraform-version
@@ -1 +1 @@
-1.3.7
+1.8.5
diff --git a/infrastructure/aat.tfvars b/infrastructure/aat.tfvars
@@ -1,4 +1,6 @@
-sku_name                                    = "GP_Gen5_4"
-flexible_sku_name                           = "GP_Standard_D4s_v3"
-sku_capacity                                = "4"
-feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE","D36AC5686200258AE7C03CCCA70E14B69C17F94B"]
+sku_name                                        = "GP_Gen5_4"
+flexible_sku_name                               = "GP_Standard_D4s_v3"
+sku_capacity                                    = "4"
+aks_subscription_id                             = "96c274ce-846d-4e48-89a7-d528432298a7"
+apim_suffix                                     = "stg"
+feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B"]
diff --git a/infrastructure/cft-api-mgmt-subscriptions.tf b/infrastructure/cft-api-mgmt-subscriptions.tf
@@ -0,0 +1,37 @@
+# Subscription keys for the CFT APIM
+
+# Internal subscription - Fee and Payment DTS Team
+resource "azurerm_api_management_subscription" "fee_pay_team_fee_register_subscription" {
+  api_management_name = local.cft_api_mgmt_name
+  resource_group_name = local.cft_api_mgmt_rg
+  product_id          = module.cft_api_mgmt_product.id
+  display_name        = "Fee Register API - Fee and Pay DTS Team Subscription"
+  state               = "active"
+  provider            = azurerm.aks-cftapps
+}
+
+resource "azurerm_key_vault_secret" "fee_pay_team_fee_register_subscription_key" {
+  name         = "fee-pay-team-fee-register-cft-apim-subscription-key"
+  value        = azurerm_api_management_subscription.fee_pay_team_fee_register_subscription.primary_key
+  key_vault_id = data.azurerm_key_vault.payment_key_vault.id
+
+  depends_on = [azurerm_api_management_subscription.fee_pay_team_fee_register_subscription]
+}
+
+# Supplier subscription - Liberata
+resource "azurerm_api_management_subscription" "liberata_supplier_fee_register_subscription" {
+  api_management_name = local.cft_api_mgmt_name
+  resource_group_name = local.cft_api_mgmt_rg
+  product_id          = module.cft_api_mgmt_product.id
+  display_name        = "Fee Register API - Liberata Subscription"
+  state               = "active"
+  provider            = azurerm.aks-cftapps
+}
+
+resource "azurerm_key_vault_secret" "liberata_supplier_fee_register_subscription_key" {
+  name         = "liberata-cft-apim-fee-register-subscription-key"
+  value        = azurerm_api_management_subscription.liberata_supplier_fee_register_subscription.primary_key
+  key_vault_id = data.azurerm_key_vault.payment_key_vault.id
+
+  depends_on = [azurerm_api_management_subscription.liberata_supplier_fee_register_subscription]
+}
diff --git a/infrastructure/cft-api-mgmt.tf b/infrastructure/cft-api-mgmt.tf
@@ -0,0 +1,57 @@
+# Note for API docs see - https://github.com/hmcts/cnp-api-docs/tree/master/docs/specs
+
+locals {
+  cft_api_mgmt_suffix = var.apim_suffix == "" ? var.env : var.apim_suffix
+  cft_api_mgmt_name   = join("-", ["cft-api-mgmt", local.cft_api_mgmt_suffix])
+  cft_api_mgmt_rg     = join("-", ["cft", var.env, "network-rg"])
+  cft_api_base_path   = "feeRegister-api"
+}
+
+data "template_file" "cft_policy_template" {
+  template = file(join("", [path.module, "/template/cft-api-policy.xml"]))
+
+  vars = {
+    allowed_certificate_thumbprints = local.feeregister_thumbprints_in_quotes_str
+    s2s_client_id                   = data.azurerm_key_vault_secret.s2s_client_id.value
+    s2s_client_secret               = data.azurerm_key_vault_secret.s2s_client_secret.value
+    s2s_base_url                    = local.s2sUrl
+  }
+}
+
+module "cft_api_mgmt_product" {
+  source                        = "[email protected]:hmcts/cnp-module-api-mgmt-product?ref=master"
+  name                          = var.product_name
+  api_mgmt_name                 = local.cft_api_mgmt_name
+  api_mgmt_rg                   = local.cft_api_mgmt_rg
+  product_access_control_groups = ["developers"]
+  providers = {
+    azurerm = azurerm.aks-cftapps
+  }
+}
+
+module "cft_api_mgmt_api" {
+  source        = "[email protected]:hmcts/cnp-module-api-mgmt-api?ref=master"
+  name          = join("-", [var.product_name, "api"])
+  display_name  = "Fee Register API"
+  api_mgmt_name = local.cft_api_mgmt_name
+  api_mgmt_rg   = local.cft_api_mgmt_rg
+  product_id    = module.cft_api_mgmt_product.product_id
+  path          = local.cft_api_base_path
+  service_url   = local.feeregister_api_url
+  swagger_url   = "https://raw.githubusercontent.com/hmcts/cnp-api-docs/master/docs/specs/ccpay-payment-app.freg_api1.json"
+  revision      = "1"
+  providers = {
+    azurerm = azurerm.aks-cftapps
+  }
+}
+
+module "cft_api_mgmt_policy" {
+  source                 = "[email protected]:hmcts/cnp-module-api-mgmt-api-policy?ref=master"
+  api_mgmt_name          = local.cft_api_mgmt_name
+  api_mgmt_rg            = local.cft_api_mgmt_rg
+  api_name               = module.cft_api_mgmt_api.name
+  api_policy_xml_content = data.template_file.cft_policy_template.rendered
+  providers = {
+    azurerm = azurerm.aks-cftapps
+  }
+}
diff --git a/infrastructure/demo.tfvars b/infrastructure/demo.tfvars
@@ -1,8 +1,11 @@
-sku_name                                    = "GP_Gen5_2"
-flexible_sku_name                           = "GP_Standard_D2s_v3"
-sku_capacity                                = "2"
-feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B"]
-aks_subscription_id = "d025fece-ce99-4df2-b7a9-b649d3ff2060"
+# Test Certificate refunds_api_gateway_certificate_thumbprints
+# "7744A2F56BD3B73C0D7FED61309E1C65AF08538C" - Shravan test cert
+# "BFE89B4BA1F47E048CFDF125C2E1BB4E2CC26083" - Dave test cert
+sku_name                                        = "GP_Gen5_2"
+flexible_sku_name                               = "GP_Standard_D2s_v3"
+sku_capacity                                    = "2"
+feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B", "7744A2F56BD3B73C0D7FED61309E1C65AF08538C", "BFE89B4BA1F47E048CFDF125C2E1BB4E2CC26083"]
+aks_subscription_id                             = "d025fece-ce99-4df2-b7a9-b649d3ff2060"
 additional_databases = [
-    "postgresql-db2"
+  "postgresql-db2"
 ]
diff --git a/infrastructure/fee_reg_core.tf b/infrastructure/fee_reg_core.tf
@@ -16,11 +16,11 @@ module "ccpay-feeregister-api-core" {
   service_url   = local.feeregister_api_url
   product_id    = module.ccpay-feeregister-product-core.product_id
   name          = join("-", [var.product_name, "apiList"])
-  protocols             = ["http", "https"]
+  protocols     = ["http", "https"]
 
-  display_name  = "Fee Register API"
-  path          = "feeRegister-api"
-  swagger_url   = "https://raw.githubusercontent.com/hmcts/reform-api-docs/master/docs/specs/ccpay-payment-app.freg_api1.json"
+  display_name = "Fee Register API"
+  path         = "feeRegister-api"
+  swagger_url  = "https://raw.githubusercontent.com/hmcts/reform-api-docs/master/docs/specs/ccpay-payment-app.freg_api1.json"
 
 }
 

diff --git a/infrastructure/ithc.tfvars b/infrastructure/ithc.tfvars
@@ -1,4 +1,5 @@
-sku_name                                    = "GP_Gen5_2"
-flexible_sku_name                           = "GP_Standard_D2s_v3"
-sku_capacity                                = "2"
+sku_name                                        = "GP_Gen5_2"
+flexible_sku_name                               = "GP_Standard_D2s_v3"
+sku_capacity                                    = "2"
+aks_subscription_id                             = "62864d44-5da9-4ae9-89e7-0cf33942fa09"
 feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"]
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
@@ -1,18 +1,18 @@
 provider "azurerm" {
   features {
-      resource_group {
-         prevent_deletion_if_contains_resources = false
-      }
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
   }
 }
 
 locals {
   vaultName = join("-", [var.product, var.env])
 
   //ccpay key vault configuration
-  core_product_vaultName = join("-", [var.core_product, var.env])
-  freg_key_vault         = join("-", ["ccpay", var.env])
-  api_mgmt_name           = join("-", ["core-api-mgmt", var.env])
+  core_product_vaultName   = join("-", [var.core_product, var.env])
+  freg_key_vault           = join("-", ["ccpay", var.env])
+  api_mgmt_name            = join("-", ["core-api-mgmt", var.env])
   api_mgmt_rg              = join("-", ["core-infra", var.env])
   api_mgmt_name_cft        = join("-", ["cft-api-mgmt", var.env])
   api_mgmt_rg_cft          = join("-", ["cft", var.env, "network-rg"])
@@ -37,53 +37,53 @@ data "azurerm_key_vault" "freg_key_vault" {
 }
 
 resource "azurerm_key_vault_secret" "freg-idam-client-secret" {
-  name  = "freg-idam-client-secret"
-  value = data.azurerm_key_vault_secret.freg-idam-client-secret.value
+  name         = "freg-idam-client-secret"
+  value        = data.azurerm_key_vault_secret.freg-idam-client-secret.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 data "azurerm_key_vault_secret" "appinsights_instrumentation_key" {
-  name = "AppInsightsInstrumentationKey"
+  name         = "AppInsightsInstrumentationKey"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
 data "azurerm_key_vault" "payment_key_vault" {
-  name = local.core_product_vaultName
+  name                = local.core_product_vaultName
   resource_group_name = join("-", ["ccpay", var.env])
 }
 
 //copy below secrets from payment app
 resource "azurerm_key_vault_secret" "appinsights_instrumentation_key" {
-  name  = "AppInsightsInstrumentationKey"
-  value = data.azurerm_key_vault_secret.appinsights_instrumentation_key.value
+  name         = "AppInsightsInstrumentationKey"
+  value        = data.azurerm_key_vault_secret.appinsights_instrumentation_key.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 
 //copy below secrets from payment app for functional tests
 data "azurerm_key_vault_secret" "freg-idam-test-user-password" {
-  name = "freg-idam-test-user-password"
+  name         = "freg-idam-test-user-password"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "freg-idam-test-user-password" {
-  name  = "freg-idam-test-user-password"
-  value = data.azurerm_key_vault_secret.freg-idam-test-user-password.value
+  name         = "freg-idam-test-user-password"
+  value        = data.azurerm_key_vault_secret.freg-idam-test-user-password.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 data "azurerm_key_vault_secret" "freg-idam-generated-user-email-pattern" {
-  name = "freg-idam-generated-user-email-pattern"
+  name         = "freg-idam-generated-user-email-pattern"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "freg-idam-generated-user-email-pattern" {
-  name  = "freg-idam-generated-user-email-pattern"
-  value = data.azurerm_key_vault_secret.freg-idam-generated-user-email-pattern.value
+  name         = "freg-idam-generated-user-email-pattern"
+  value        = data.azurerm_key_vault_secret.freg-idam-generated-user-email-pattern.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 data "azurerm_key_vault_secret" "freg-idam-client-secret" {
-  name = "freg-idam-client-secret"
+  name         = "freg-idam-client-secret"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
@@ -92,33 +92,33 @@ module "fees-register-database-v15" {
   providers = {
     azurerm.postgres_network = azurerm.postgres_network
   }
-  source = "[email protected]:hmcts/terraform-module-postgresql-flexible?ref=master"
-  product = var.product
-  component = var.component
-  business_area = "cft"
-  name = join("-", [var.product, "postgres-db-v15"])
-  location = var.location
-  env = var.env
+  source               = "[email protected]:hmcts/terraform-module-postgresql-flexible?ref=master"
+  product              = var.product
+  component            = var.component
+  business_area        = "cft"
+  name                 = join("-", [var.product, "postgres-db-v15"])
+  location             = var.location
+  env                  = var.env
   pgsql_admin_username = var.postgresql_user
 
   # Setup Access Reader db user
   force_user_permissions_trigger = "0"
 
   pgsql_databases = [
-      {
-        name : var.database_name
-      }
-    ]
-    pgsql_server_configuration = [
-        {
-          name  = "azure.extensions"
-          value = "plpgsql,pg_stat_statements,pg_buffercache"
-        }
-      ]
-  pgsql_sku = var.flexible_sku_name
+    {
+      name : var.database_name
+    }
+  ]
+  pgsql_server_configuration = [
+    {
+      name  = "azure.extensions"
+      value = "plpgsql,pg_stat_statements,pg_buffercache"
+    }
+  ]
+  pgsql_sku            = var.flexible_sku_name
   admin_user_object_id = var.jenkins_AAD_objectId
-  common_tags = var.common_tags
-  pgsql_version = var.postgresql_flexible_sql_version
+  common_tags          = var.common_tags
+  pgsql_version        = var.postgresql_flexible_sql_version
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES-PASS" {

diff --git a/infrastructure/perftest.tfvars b/infrastructure/perftest.tfvars
@@ -1,4 +1,6 @@
-sku_name                                    = "GP_Gen5_4"
-flexible_sku_name                           = "GP_Standard_D4s_v3"
-sku_capacity                                = "4"
+sku_name                                        = "GP_Gen5_4"
+flexible_sku_name                               = "GP_Standard_D4s_v3"
+sku_capacity                                    = "4"
+aks_subscription_id                             = "8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c"
+apim_suffix                                     = "test"
 feeregister_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"]
diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars
@@ -1,4 +1,5 @@
-sku_name                                    = "GP_Gen5_4"
-flexible_sku_name                           = "GP_Standard_D4s_v3"
-sku_capacity                                = "4"
-feeregister_api_gateway_certificate_thumbprints = ["B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE","68EDF481C5394D65962E9810913455D3EC635FA5","B1BF8007527F85085D7C4A3DC406A9A6D124D721","B49BDDE7818B78058AC7401BE0284A40845031E3","C6E2FBAB5FED58FD86C10A3BD212CF44668FD1A3","7744A2F56BD3B73C0D7FED61309E1C65AF08538C"]
+sku_name                                        = "GP_Gen5_4"
+flexible_sku_name                               = "GP_Standard_D4s_v3"
+sku_capacity                                    = "4"
+aks_subscription_id                             = "8cbc6f36-7c56-4963-9d36-739db5d00b27"
+feeregister_api_gateway_certificate_thumbprints = ["B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "68EDF481C5394D65962E9810913455D3EC635FA5", "B1BF8007527F85085D7C4A3DC406A9A6D124D721", "B49BDDE7818B78058AC7401BE0284A40845031E3", "C6E2FBAB5FED58FD86C10A3BD212CF44668FD1A3", "7744A2F56BD3B73C0D7FED61309E1C65AF08538C"]
diff --git a/infrastructure/provider.tf b/infrastructure/provider.tf
@@ -4,3 +4,9 @@ provider "azurerm" {
   alias                      = "postgres_network"
   subscription_id            = var.aks_subscription_id
 }
+
+provider "azurerm" {
+  features {}
+  alias           = "aks-cftapps"
+  subscription_id = var.aks_subscription_id
+}
diff --git a/infrastructure/sdp.tf b/infrastructure/sdp.tf
@@ -19,13 +19,13 @@ locals {
       subscription = "867a878b-cb68-4de5-9741-361ac9e178b6"
     }
     test = {
-          subscription = "3eec5bde-7feb-4566-bfb6-805df6e10b90"
+      subscription = "3eec5bde-7feb-4566-bfb6-805df6e10b90"
     }
     ithc = {
-          subscription = "ba71a911-e0d6-4776-a1a6-079af1df7139"
+      subscription = "ba71a911-e0d6-4776-a1a6-079af1df7139"
     }
     prod = {
-          subscription = "5ca62022-6aa2-4cee-aaa7-e7536c8d566c"
+      subscription = "5ca62022-6aa2-4cee-aaa7-e7536c8d566c"
     }
   }
 }

diff --git a/infrastructure/state.tf b/infrastructure/state.tf
@@ -4,17 +4,11 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.40"
+      version = "~> 3.107.0"
     }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "1.6.0"
+      version = "2.51.0"
     }
   }
 }
-
-provider "azurerm" {
-  alias = "cftappsdemo"
-  features {}
-  subscription_id = var.aks_subscription_id
-}