Freg api

charts/fees-register-api/Chart.yaml

@@ -3,11 +3,11 @@ appVersion: "2.0"
 description: Helm chart for the HMCTS fees-register api
 name: fees-register-api
 home: https://github.com/hmcts/ccfr-fees-register-app
-version: 0.3.6
+version: 0.3.7
 maintainers:
   - name: HMCTS Fees & Payments Dev Team
     email: [email protected]
 dependencies:
   - name: java
     version: 3.7.2
-    repository: '@hmctspublic'
+    repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'

infrastructure/aat.tfvars

@@ -0,0 +1,3 @@
+sku_name                                    = "GP_Gen5_4"
+sku_capacity                                = "4"
+refunds_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"]

infrastructure/demo.tfvars

@@ -0,0 +1,4 @@
+sku_name                                    = "GP_Gen5_2"
+sku_capacity                                = "2"
+refunds_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE", "D36AC5686200258AE7C03CCCA70E14B69C17F94B"]
+

infrastructure/fee_reg.tf

@@ -0,0 +1,108 @@
+module "ccpay-feeregister-product" {
+  source                        = "[email protected]:hmcts/cnp-module-api-mgmt-product?ref=master"
+  api_mgmt_name                 = local.api_mgmt_name_cft
+  api_mgmt_rg                   = local.api_mgmt_rg_cft
+  name                          = "feeRegister"
+  product_access_control_groups = ["developers"]
+
+  providers = {
+    azurerm = azurerm.cftappsdemo
+  }
+}
+
+module "ccpay-feeregister-api" {
+  source = "[email protected]:hmcts/cnp-module-api-mgmt-api?ref=master"
+
+  api_mgmt_name = local.api_mgmt_name_cft
+  api_mgmt_rg   = local.api_mgmt_rg_cft
+  revision      = "1"
+  service_url   = local.feeregister_api_url
+  product_id    = module.ccpay-feeregister-product.product_id
+  name          = join("-", [var.product_name, "apiList"])
+  protocols     = ["https" , "http"]
+  display_name  = "Fee Register API"
+  path          = "feeRegister-api"
+  swagger_url   = "https://raw.githubusercontent.com/hmcts/reform-api-docs/master/docs/specs/ccpay-payment-app.freg_api.json"
+
+  providers = {
+    azurerm = azurerm.cftappsdemo
+  }
+}
+
+data "template_file" "feeregister_policy_template" {
+  template = file(join("", [path.module, "/template/api-policy.xml"]))
+  vars = {
+    allowed_certificate_thumbprints = local.feeregister_thumbprints_in_quotes_str
+    s2s_client_id                   = data.azurerm_key_vault_secret.s2s_client_id.value
+    s2s_client_secret               = data.azurerm_key_vault_secret.s2s_client_secret.value
+    s2s_base_url                    = local.s2sUrl
+  }
+}
+
+
+module "ccpay-feeregister-policy" {
+  source = "[email protected]:hmcts/cnp-module-api-mgmt-api-policy?ref=master"
+
+  api_mgmt_name = local.api_mgmt_name_cft
+  api_mgmt_rg   = local.api_mgmt_rg_cft
+
+  api_name               = module.ccpay-feeregister-api.name
+  api_policy_xml_content = data.template_file.feeregister_policy_template.rendered
+
+  providers = {
+    azurerm = azurerm.cftappsdemo
+  }
+}
+
+data "azurerm_api_management_product" "feeregister" {
+  product_id          = module.ccpay-feeregister-product.product_id
+  api_management_name = local.api_mgmt_name_cft
+  resource_group_name = local.api_mgmt_rg_cft
+  provider            = azurerm.cftappsdemo
+}
+
+
+
+data "azurerm_api_management_user" "fee_user" {
+  user_id             = "5931a75ae4bbd512288c680b"
+  api_management_name = local.api_mgmt_name_cft
+  resource_group_name = local.api_mgmt_rg_cft
+  provider            = azurerm.cftappsdemo
+}
+
+
+resource "azurerm_api_management_subscription" "fee_subs" {
+  api_management_name = local.api_mgmt_name_cft
+  resource_group_name = local.api_mgmt_rg_cft
+  user_id             = data.azurerm_api_management_user.fee_user.id
+  product_id          = data.azurerm_api_management_product.feeregister.id
+  display_name        = "FeeReg Subscription"
+  state               = "active"
+  provider            = azurerm.cftappsdemo
+}
+
+
+
+
+resource "azurerm_api_management_user" "feeReg_Liberata" {
+  api_management_name = local.api_mgmt_name_cft
+  resource_group_name = local.api_mgmt_rg_cft
+  user_id             = "5931a75ae4bbd512288c690c"
+  first_name          = "Liberata"
+  last_name           = "MOS"
+  email               = "[email protected]"
+  state               = "active"
+
+  provider = azurerm.cftappsdemo
+}
+
+resource "azurerm_api_management_subscription" "feeReg_subscription_Liberata" {
+  api_management_name = local.api_mgmt_name_cft
+  resource_group_name = local.api_mgmt_rg_cft
+  user_id             = azurerm_api_management_user.feeReg_Liberata.id
+  product_id          = data.azurerm_api_management_product.feeregister.id
+  display_name        = "FeeRegister Subscription Liberata"
+  state               = "active"
+
+  provider = azurerm.cftappsdemo
+}

infrastructure/ithc.tfvars

@@ -0,0 +1,3 @@
+sku_name                                    = "GP_Gen5_2"
+sku_capacity                                = "2"
+refunds_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"]

infrastructure/main.tf

@@ -7,109 +7,141 @@ locals {
 
   //ccpay key vault configuration
   core_product_vaultName = join("-", [var.core_product, var.env])
+  freg_key_vault         = join("-", ["ccpay", var.env])
+
+  api_mgmt_name_cft        = join("-", ["cft-api-mgmt", var.env])
+  api_mgmt_rg_cft          = join("-", ["cft", var.env, "network-rg"])
+  s2sUrl                   = "http://rpe-service-auth-provider-${var.env}.service.core-compute-${var.env}.internal"
+  feeregister_api_url      = join("", ["http://fees-register-api-", var.env, ".service.core-compute-", var.env, ".internal"])
+  s2s_rg_prefix            = "rpe-service-auth-provider"
+  s2s_key_vault_name       = var.env == "preview" || var.env == "spreview" ? join("-", ["s2s", "aat"]) : join("-", ["s2s", var.env])
+  s2s_vault_resource_group = var.env == "preview" || var.env == "spreview" ? join("-", [local.s2s_rg_prefix, "aat"]) : join("-", [local.s2s_rg_prefix, var.env])
+
+  feeregister_thumbprints_in_quotes     = formatlist(""%s"", var.feeregister_api_gateway_certificate_thumbprints)
+  feeregister_thumbprints_in_quotes_str = join(",", local.feeregister_thumbprints_in_quotes)
 }
 
 data "azurerm_key_vault" "fees_key_vault" {
-  name = local.vaultName
+  name                = local.vaultName
   resource_group_name = join("-", [var.core_product, var.env])
 }
 
+data "azurerm_key_vault" "freg_key_vault" {
+  name                = local.freg_key_vault
+  resource_group_name = local.freg_key_vault
+}
+
 data "azurerm_key_vault" "payment_key_vault" {
-  name = local.core_product_vaultName
+  name                = local.core_product_vaultName
   resource_group_name = join("-", ["ccpay", var.env])
 }
 
 data "azurerm_key_vault_secret" "appinsights_instrumentation_key" {
-  name = "AppInsightsInstrumentationKey"
+  name         = "AppInsightsInstrumentationKey"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
 //copy below secrets from payment app
 resource "azurerm_key_vault_secret" "appinsights_instrumentation_key" {
-  name  = "AppInsightsInstrumentationKey"
-  value = data.azurerm_key_vault_secret.appinsights_instrumentation_key.value
+  name         = "AppInsightsInstrumentationKey"
+  value        = data.azurerm_key_vault_secret.appinsights_instrumentation_key.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 
 //copy below secrets from payment app for functional tests
 data "azurerm_key_vault_secret" "freg-idam-test-user-password" {
-  name = "freg-idam-test-user-password"
+  name         = "freg-idam-test-user-password"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "freg-idam-test-user-password" {
-  name  = "freg-idam-test-user-password"
-  value = data.azurerm_key_vault_secret.freg-idam-test-user-password.value
+  name         = "freg-idam-test-user-password"
+  value        = data.azurerm_key_vault_secret.freg-idam-test-user-password.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 data "azurerm_key_vault_secret" "freg-idam-generated-user-email-pattern" {
-  name = "freg-idam-generated-user-email-pattern"
+  name         = "freg-idam-generated-user-email-pattern"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "freg-idam-generated-user-email-pattern" {
-  name  = "freg-idam-generated-user-email-pattern"
-  value = data.azurerm_key_vault_secret.freg-idam-generated-user-email-pattern.value
+  name         = "freg-idam-generated-user-email-pattern"
+  value        = data.azurerm_key_vault_secret.freg-idam-generated-user-email-pattern.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 data "azurerm_key_vault_secret" "freg-idam-client-secret" {
-  name = "freg-idam-client-secret"
+  name         = "freg-idam-client-secret"
   key_vault_id = data.azurerm_key_vault.payment_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "freg-idam-client-secret" {
-  name  = "freg-idam-client-secret"
-  value = data.azurerm_key_vault_secret.freg-idam-client-secret.value
+  name         = "freg-idam-client-secret"
+  value        = data.azurerm_key_vault_secret.freg-idam-client-secret.value
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 module "fees-register-database-v11" {
-  source = "[email protected]:hmcts/cnp-module-postgres?ref=master"
-  product = var.product
-  component = var.component
-  name = join("-", [var.product, "postgres-db-v11"])
-  location = var.location
-  env = var.env
-  postgresql_user = var.postgresql_user
-  database_name = var.database_name
-  sku_name = "GP_Gen5_2"
-  sku_tier = "GeneralPurpose"
-  common_tags     = var.common_tags
-  subscription = var.subscription
+  source             = "[email protected]:hmcts/cnp-module-postgres?ref=master"
+  product            = var.product
+  component          = var.component
+  name               = join("-", [var.product, "postgres-db-v11"])
+  location           = var.location
+  env                = var.env
+  postgresql_user    = var.postgresql_user
+  database_name      = var.database_name
+  sku_name           = "GP_Gen5_2"
+  sku_tier           = "GeneralPurpose"
+  common_tags        = var.common_tags
+  subscription       = var.subscription
   postgresql_version = var.postgresql_version
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES-PASS" {
-  name      = join("-", [var.component, "POSTGRES-PASS"])
-  value     = module.fees-register-database-v11.postgresql_password
+  name         = join("-", [var.component, "POSTGRES-PASS"])
+  value        = module.fees-register-database-v11.postgresql_password
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES-USER" {
-  name      = join("-", [var.component, "POSTGRES-USER"])
-  value     = module.fees-register-database-v11.user_name
+  name         = join("-", [var.component, "POSTGRES-USER"])
+  value        = module.fees-register-database-v11.user_name
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES_HOST" {
-  name      = join("-", [var.component, "POSTGRES-HOST"])
-  value     = module.fees-register-database-v11.host_name
+  name         = join("-", [var.component, "POSTGRES-HOST"])
+  value        = module.fees-register-database-v11.host_name
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES_PORT" {
-  name      = join("-", [var.component, "POSTGRES-PORT"])
-  value     = module.fees-register-database-v11.postgresql_listen_port
+  name         = join("-", [var.component, "POSTGRES-PORT"])
+  value        = module.fees-register-database-v11.postgresql_listen_port
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES_DATABASE" {
-  name      = join("-", [var.component, "POSTGRES-DATABASE"])
-  value     = module.fees-register-database-v11.postgresql_database
+  name         = join("-", [var.component, "POSTGRES-DATABASE"])
+  value        = module.fees-register-database-v11.postgresql_database
   key_vault_id = data.azurerm_key_vault.fees_key_vault.id
 }
 
+
+data "azurerm_key_vault" "s2s_key_vault" {
+  name                = local.s2s_key_vault_name
+  resource_group_name = local.s2s_vault_resource_group
+}
+
+data "azurerm_key_vault_secret" "s2s_client_secret" {
+  name         = "gateway-s2s-client-secret"
+  key_vault_id = data.azurerm_key_vault.freg_key_vault.id
+}
+
+data "azurerm_key_vault_secret" "s2s_client_id" {
+  name         = "gateway-s2s-client-id"
+  key_vault_id = data.azurerm_key_vault.freg_key_vault.id
+}
 # Populate Vault with DB info

infrastructure/perftest.tfvars

@@ -0,0 +1,3 @@
+sku_name                                    = "GP_Gen5_4"
+sku_capacity                                = "4"
+refunds_api_gateway_certificate_thumbprints = ["B1BF8007527F85085D7C4A3DC406A9A6D124D721", "E5F54E7BA2B780E2B1B1FFAC68F801251935BE80", "B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"]

infrastructure/prod.tfvars

@@ -0,0 +1,3 @@
+sku_name                                    = "GP_Gen5_4"
+sku_capacity                                = "4"
+refunds_api_gateway_certificate_thumbprints = ["B9D9E70AC23EAF8EA094F6B59EF77FF77D977CBE"]

infrastructure/state.tf

@@ -1,6 +1,5 @@
 terraform {
   backend "azurerm" {}
-
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
@@ -12,3 +11,9 @@ terraform {
     }
   }
 }
+
+provider "azurerm" {
+  alias = "cftappsdemo"
+  features {}
+  subscription_id = "d025fece-ce99-4df2-b7a9-b649d3ff2060"
+}