feat: ECommerce hang timeout [PAGOPA-2056] (#2397)

* ecommerce hang timeout * pre-commit * enabled partition a false * fix service bus queue --------- Co-authored-by: Francesco Cesareo <cesareo.francesco@gmail.com>
pagopa · Sep 6, 2024 · 7085520 · 7085520
1 parent fc0cd53
commit 7085520
Show file tree

Hide file tree

Showing 14 changed files with 90 additions and 28 deletions.
diff --git a/src/domains/afm-app/README.md b/src/domains/afm-app/README.md
@@ -40,6 +40,7 @@
 | [azurerm_api_management_api_version_set.api_afm_utils_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_version_set) | resource |
 | [azurerm_api_management_group.api_afm_calculator_node_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_group) | resource |
 | [azurerm_api_management_named_value.afm_marketplace_sub_key_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
+| [azurerm_api_management_named_value.afm_ndp_test_sub_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_named_value.afm_secondary_sub_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_named_value) | resource |
 | [azurerm_api_management_product_group.api_afm_calculator_node_product_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_product_group) | resource |
 | [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |

diff --git a/src/domains/ecommerce-app/README.md b/src/domains/ecommerce-app/README.md
@@ -19,7 +19,6 @@
 | <a name="module_apim_ecommerce_checkout_product"></a> [apim\_ecommerce\_checkout\_product](#module\_apim\_ecommerce\_checkout\_product) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.6.0 |
 | <a name="module_apim_ecommerce_helpdesk_commands_product"></a> [apim\_ecommerce\_helpdesk\_commands\_product](#module\_apim\_ecommerce\_helpdesk\_commands\_product) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.6.0 |
 | <a name="module_apim_ecommerce_helpdesk_product"></a> [apim\_ecommerce\_helpdesk\_product](#module\_apim\_ecommerce\_helpdesk\_product) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.6.0 |
-| <a name="module_apim_ecommerce_io_api_v1"></a> [apim\_ecommerce\_io\_api\_v1](#module\_apim\_ecommerce\_io\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.6.0 |
 | <a name="module_apim_ecommerce_io_api_v2"></a> [apim\_ecommerce\_io\_api\_v2](#module\_apim\_ecommerce\_io\_api\_v2) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.6.0 |
 | <a name="module_apim_ecommerce_io_outcomes_api_v1"></a> [apim\_ecommerce\_io\_outcomes\_api\_v1](#module\_apim\_ecommerce\_io\_outcomes\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.3.0 |
 | <a name="module_apim_ecommerce_io_product"></a> [apim\_ecommerce\_io\_product](#module\_apim\_ecommerce\_io\_product) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.6.0 |
@@ -76,19 +75,10 @@
 | [azurerm_api_management_api_operation_policy.get_transactions_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.helpdesk_pgs_vpos](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.helpdesk_pgs_xpay](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_calculate_fee](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.io_calculate_fee_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_create_session](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_create_transaction](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_delete_transaction](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.io_get_all_payment_methods](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_get_transaction_info](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_post_wallet_transactions](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.io_post_wallet_transactions_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_transaction_authorization_request](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.io_transaction_authorization_request_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_transaction_outcome](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
-| [azurerm_api_management_api_operation_policy.io_wallets_by_user](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.io_wallets_by_user_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.npg_notifications_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_api_operation_policy.post_orders_build](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |

diff --git a/src/domains/nodo-app/README.md b/src/domains/nodo-app/README.md
@@ -323,7 +323,7 @@
 | <a name="input_vmss_instance_number"></a> [vmss\_instance\_number](#input\_vmss\_instance\_number) | availability zones for vmss | `number` | n/a | yes |
 | <a name="input_vmss_zones"></a> [vmss\_zones](#input\_vmss\_zones) | availability zones for vmss | `list(string)` | n/a | yes |
 | <a name="input_wfesp_dismantling"></a> [wfesp\_dismantling](#input\_wfesp\_dismantling) | n/a | <pre>object({<br>    channel_list    = string<br>    wfesp_fixed_url = string<br>  })</pre> | n/a | yes |
-| <a name="input_wisp_converter"></a> [wisp\_converter](#input\_wisp\_converter) | n/a | <pre>object({<br>    enable_apim_switch                 = bool # enable WISP dismantling<br>    brokerPSP_whitelist                = string<br>    channel_whitelist                  = string<br>    station_whitelist                  = string<br>    ci_whitelist                       = string<br>    nodoinviarpt_paymenttype_whitelist = string<br>    dismantling_primitives             = string<br>    dismantling_rt_primitives          = string<br>  })</pre> | n/a | yes |
+| <a name="input_wisp_converter"></a> [wisp\_converter](#input\_wisp\_converter) | n/a | <pre>object({<br>    enable_apim_switch                 = bool # enable WISP dismantling<br>    brokerPSP_whitelist                = string<br>    channel_whitelist                  = string<br>    station_whitelist                  = string<br>    ci_whitelist                       = string<br>    nodoinviarpt_paymenttype_whitelist = string<br>    dismantling_primitives             = string<br>  })</pre> | n/a | yes |
 
 ## Outputs
 

diff --git a/src/domains/nodo-app/env/weu-dev/terraform.tfvars b/src/domains/nodo-app/env/weu-dev/terraform.tfvars
@@ -214,6 +214,6 @@ enable_sendPaymentResultV2_SWClient = true
 
 # WFESP-dismantling-cfg
 wfesp_dismantling = {
-  channel_list                       = "13212880150_90"
-  wfesp_fixed_url                    = "https://wfesp.pagopa.gov.it/redirect/wpl05/get?idSession="
+  channel_list    = "13212880150_90"
+  wfesp_fixed_url = "https://wfesp.pagopa.gov.it/redirect/wpl05/get?idSession="
 }
diff --git a/src/domains/nodo-app/env/weu-uat/terraform.tfvars b/src/domains/nodo-app/env/weu-uat/terraform.tfvars
@@ -223,9 +223,9 @@ storage_account_info = {
 create_wisp_converter = true
 wisp_converter = {
   enable_apim_switch                 = true
-  brokerPSP_whitelist                = "97735020584"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           # AGID
-  channel_whitelist                  = "97735020584_02"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        # https://pagopa.atlassian.net/wiki/spaces/PAG/pages/135924270/Canali+Particolari
-  station_whitelist                  = "*" # https://config.uat.platform.pagopa.it/stations/15376371009_09 in UAT x i test quella di MockEC
+  brokerPSP_whitelist                = "97735020584"    # AGID
+  channel_whitelist                  = "97735020584_02" # https://pagopa.atlassian.net/wiki/spaces/PAG/pages/135924270/Canali+Particolari
+  station_whitelist                  = "*"              # https://config.uat.platform.pagopa.it/stations/15376371009_09 in UAT x i test quella di MockEC
   ci_whitelist                       = "*"
   nodoinviarpt_paymenttype_whitelist = "BBT"
   dismantling_primitives             = "nodoInviaRPT,nodoInviaCarrelloRPT"

diff --git a/src/domains/nodo-common/02_security.tf b/src/domains/nodo-common/02_security.tf
@@ -28,6 +28,15 @@ data "azurerm_servicebus_queue_authorization_rule" "wisp_payment_timeout_authori
   depends_on = [azurerm_servicebus_queue.service_bus_wisp_queue]
 }
 
+data "azurerm_servicebus_queue_authorization_rule" "nodo_wisp_ecommerce_hang_timeout_queue" {
+  name                = "nodo_wisp_ecommerce_hang_timeout_queue"
+  resource_group_name = local.sb_resource_group_name
+  queue_name          = "nodo_wisp_ecommerce_hang_timeout_queue"
+  namespace_name      = "${local.project}-servicebus-wisp"
+
+  depends_on = [azurerm_servicebus_queue.service_bus_wisp_queue]
+}
+
 data "azurerm_servicebus_queue_authorization_rule" "wisp_paainviart_authorization" {
   name                = "wisp_converter_paainviart"
   resource_group_name = local.sb_resource_group_name
@@ -204,6 +213,16 @@ resource "azurerm_key_vault_secret" "wisp_payment_timeout_key" {
   key_vault_id = data.azurerm_key_vault.key_vault.id
 }
 
+resource "azurerm_key_vault_secret" "ecommerce_hang_timeout_key" {
+  count = var.create_wisp_converter ? 1 : 0
+
+  name         = "ecommerce-hang-timer-queue-connection-string"
+  value        = data.azurerm_servicebus_queue_authorization_rule.nodo_wisp_ecommerce_hang_timeout_queue.primary_connection_string
+  content_type = "text/plain"
+
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
 resource "azurerm_key_vault_secret" "wisp_paainviart_key" {
   count = var.create_wisp_converter ? 1 : 0
 

diff --git a/src/domains/nodo-common/06_service_bus_wisp_converter.tf b/src/domains/nodo-common/06_service_bus_wisp_converter.tf
@@ -3,9 +3,10 @@ locals {
   queues = { for q in var.service_bus_wisp_queues : q.name => q }
 
   # List of queue names
-  queue_names = keys(local.queues)
+  queue_names = [ for q in var.service_bus_wisp_queues: q.name]
+
   # List of queue values
-  queue_values = values(local.queues)
+  queue_values = [ for q in var.service_bus_wisp_queues: q ]
 
   # Map of <authorization_key, authorization(queue, properties)>
   key_queue_map = {
@@ -30,7 +31,10 @@ locals {
 
   # Local variable to store the map of queue names to related resource ids
   # queue_map enables access to queue_id by queue_name -> <queue_name, queue_id>
-  queue_map = { for idx, name in local.queue_names : name => azurerm_servicebus_queue.service_bus_wisp_queue[idx].id }
+  queue_map = {
+    for idx, name in local.queue_names : name =>
+    azurerm_servicebus_queue.service_bus_wisp_queue[idx].id
+  }
 }
 
 resource "azurerm_resource_group" "service_bus_rg" {
@@ -46,19 +50,24 @@ resource "azurerm_servicebus_namespace" "service_bus_wisp" {
   location            = var.location
   resource_group_name = local.sb_resource_group_name
   sku                 = var.service_bus_wisp.sku
-  zone_redundant      = var.service_bus_wisp.sku == "Premium" # https://learn.microsoft.com/en-us/azure/well-architected/service-guides/service-bus/reliability
+  zone_redundant      = var.service_bus_wisp.sku == "Premium"
+  # https://learn.microsoft.com/en-us/azure/well-architected/service-guides/service-bus/reliability
 
   capacity                     = try(var.service_bus_wisp.capacity, null)
   premium_messaging_partitions = var.service_bus_wisp.premium_messaging_partitions
 
-  network_rule_set {
-    trusted_services_allowed = true
+  dynamic "network_rule_set" {
+    for_each = var.env_short != "d" ? [1] : []
+    content {
+      trusted_services_allowed = true
+
+      default_action                = "Deny"
+      public_network_access_enabled = true
+      network_rules {
+        subnet_id                            = data.azurerm_subnet.aks_subnet.id
+        ignore_missing_vnet_service_endpoint = false
+      }
 
-    default_action                = "Deny"
-    public_network_access_enabled = true
-    network_rules {
-      subnet_id                            = data.azurerm_subnet.aks_subnet.id
-      ignore_missing_vnet_service_endpoint = false
     }
   }
 

diff --git a/src/domains/nodo-common/README.md b/src/domains/nodo-common/README.md
@@ -62,6 +62,7 @@
 | [azurerm_key_vault_secret.cosmos_biz_account_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.cosmos_neg_biz_account_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.cosmos_verifyko_account_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.ecommerce_hang_timeout_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.evthub_nodo_dei_pagamenti_cache_sync_rx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.evthub_nodo_dei_pagamenti_stand_in_sync_rx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.evthub_nodo_dei_pagamenti_stand_in_tx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
@@ -154,6 +155,7 @@
 | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_resource_group.nodo_re_to_datastore_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_servicebus_queue_authorization_rule.nodo_wisp_ecommerce_hang_timeout_queue](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/servicebus_queue_authorization_rule) | data source |
 | [azurerm_servicebus_queue_authorization_rule.wisp_paainviart_authorization](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/servicebus_queue_authorization_rule) | data source |
 | [azurerm_servicebus_queue_authorization_rule.wisp_payment_timeout_authorization](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/servicebus_queue_authorization_rule) | data source |
 | [azurerm_subnet.aks_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source |

diff --git a/src/domains/nodo-common/env/weu-dev/terraform.tfvars b/src/domains/nodo-common/env/weu-dev/terraform.tfvars
@@ -330,6 +330,18 @@ service_bus_wisp_queues = [
         manage = false
       }
     ]
+  },
+  {
+    name                = "nodo_wisp_ecommerce_hang_timeout_queue"
+    enable_partitioning = true
+    keys = [
+      {
+        name   = "nodo_wisp_ecommerce_hang_timeout_queue"
+        listen = true
+        send   = true
+        manage = false
+      }
+    ]
   }
 ]
 
diff --git a/src/domains/nodo-common/env/weu-prod/terraform.tfvars b/src/domains/nodo-common/env/weu-prod/terraform.tfvars
@@ -359,5 +359,17 @@ service_bus_wisp_queues = [
         manage = false
       }
     ]
+  },
+  {
+    name                = "nodo_wisp_ecommerce_hang_timeout_queue"
+    enable_partitioning = false
+    keys = [
+      {
+        name   = "nodo_wisp_ecommerce_hang_timeout_queue"
+        listen = true
+        send   = true
+        manage = false
+      }
+    ]
   }
 ]
diff --git a/src/domains/nodo-common/env/weu-uat/terraform.tfvars b/src/domains/nodo-common/env/weu-uat/terraform.tfvars
@@ -331,5 +331,17 @@ service_bus_wisp_queues = [
         manage = false
       }
     ]
+  },
+  {
+    name                = "nodo_wisp_ecommerce_hang_timeout_queue"
+    enable_partitioning = false
+    keys = [
+      {
+        name   = "nodo_wisp_ecommerce_hang_timeout_queue"
+        listen = true
+        send   = true
+        manage = false
+      }
+    ]
   }
 ]
diff --git a/src/domains/selfcare-app/README.md b/src/domains/selfcare-app/README.md
@@ -40,6 +40,7 @@
 | [azurerm_key_vault_secret.forwarder_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.jwt_pub_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.notices_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.pagopa_smo_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.selfcare_backoffice_static_app_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.selfcare_web_storage_access_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.selfcare_web_storage_blob_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |