Merge pull request #26 from soat-fiap/config_noauth_webhook

feat: add payment webhook integration

.github/workflows/terraform.yml

@@ -38,6 +38,7 @@ jobs:
       uses: hashicorp/setup-terraform@v3
       with:
         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+        terraform_version: 1.9.4
 
     - name: Terraform Init
       run: terraform init -upgrade

data.tf

@@ -27,17 +27,17 @@
 #   }
 # }
 
-data "aws_lb" "eks_payment_elb" {
-  tags = {
-    "kubernetes.io/service-name" = "fiap-payment/api-internal"
-  }
-}
+# data "aws_lb" "eks_payment_elb" {
+#   tags = {
+#     "kubernetes.io/service-name" = "fiap-payment/api-internal"
+#   }
+# }
 
-data "aws_lb" "eks_kitchen_elb" {
-  tags = {
-    "kubernetes.io/service-name" = "fiap-production/api-internal"
-  }
-}
+# data "aws_lb" "eks_kitchen_elb" {
+#   tags = {
+#     "kubernetes.io/service-name" = "fiap-production/api-internal"
+#   }
+# }
 
 data "aws_lb" "load_balancers" {
   for_each = var.services

modules/rest_api/main.tf

@@ -51,7 +51,6 @@ resource "aws_api_gateway_integration" "integrations" {
     "integration.request.path.proxy"         = "method.request.path.proxy"
     "integration.request.header.accessToken" = "context.authorizer.accessToken"
   }
-
 }
 
 resource "aws_api_gateway_authorizer" "cpf_auth" {
@@ -73,12 +72,18 @@ resource "aws_api_gateway_deployment" "dev" {
   depends_on  = [aws_api_gateway_integration.integrations]
   rest_api_id = aws_api_gateway_rest_api.api_gtw.id
   # stage_name  = "dev"
-  description = sha1(jsonencode(aws_api_gateway_rest_api.api_gtw.body))
+  description =  sha1(jsonencode([
+      aws_api_gateway_rest_api.api_gtw.body,
+      aws_api_gateway_resource.payment_webhook_proxy
+    ]))
   lifecycle {
     create_before_destroy = true
   }
   triggers = {
-    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.api_gtw.body))
+    redeployment = sha1(jsonencode([
+      aws_api_gateway_rest_api.api_gtw.body,
+      aws_api_gateway_resource.payment_webhook_proxy
+    ]))
   }
 }
 
@@ -175,3 +180,46 @@ resource "aws_api_gateway_integration_response" "cors_integration_response" {
     "method.response.header.Access-Control-Allow-Origin"  = "'*'"
   }
 }
+
+######### NO AUTH WEBHOOK ######
+
+resource "aws_api_gateway_resource" "payment_webhook_resource" {
+  depends_on = [
+    aws_api_gateway_resource.resource["payment"],
+  ]
+  rest_api_id = aws_api_gateway_rest_api.api_gtw.id
+  parent_id   = aws_api_gateway_resource.resource["payment"].id
+  path_part   = "webhook"
+}
+
+resource "aws_api_gateway_resource" "payment_webhook_proxy" {
+  rest_api_id = aws_api_gateway_rest_api.api_gtw.id
+  parent_id   = aws_api_gateway_resource.payment_webhook_resource.id
+  path_part   = "{proxy+}"
+}
+
+resource "aws_api_gateway_method" "payment_webhook_proxy_method" {
+  rest_api_id = aws_api_gateway_rest_api.api_gtw.id
+  resource_id = aws_api_gateway_resource.payment_webhook_proxy.id
+  http_method = "POST"
+  authorization = "NONE"
+  request_parameters = {
+    "method.request.path.proxy" = true
+  }
+}
+
+resource "aws_api_gateway_integration" "payment_webhook_integrations" {
+  rest_api_id             = aws_api_gateway_rest_api.api_gtw.id
+  resource_id             = aws_api_gateway_resource.payment_webhook_proxy.id
+  http_method             = aws_api_gateway_method.payment_webhook_proxy_method.http_method
+  type                    = "HTTP_PROXY"
+  uri                     = "http://${var.elb_map["payment"].dns_name}/api/notifications/{proxy}"
+  integration_http_method = "POST"
+  connection_type         = "VPC_LINK"
+  connection_id           = aws_api_gateway_vpc_link.vpc_link["payment"].id
+
+  timeout_milliseconds = 29000
+  request_parameters = {
+    "integration.request.path.proxy"         = "method.request.path.proxy"
+  }
+}

variables.tf

@@ -45,7 +45,7 @@ variable "jwt_issuer" {
 }
 
 variable "services" {
-   type = map(object({
+  type = map(object({
     namespace = string
     auth      = bool
   }))
@@ -62,9 +62,5 @@ variable "services" {
       namespace = "fiap-orders"
       auth      = true
     }
-    # "log" = {
-    #   namespace = "fiap-log"
-    #   auth = false
-    # }
   }
 }