diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index e149bda..e2a057c 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -38,6 +38,7 @@ jobs: uses: hashicorp/setup-terraform@v3 with: cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + terraform_version: 1.9.4 - name: Terraform Init run: terraform init -upgrade diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 9bb6bb3..13655c0 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -102,22 +102,3 @@ provider "registry.terraform.io/hashicorp/null" { "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", ] } - -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.3" - hashes = [ - "h1:N2IQabOiZC5eCEGrfgVS6ChVmRDh1ENtfHgGjnV4QQQ=", - "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", - "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", - "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", - "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", - "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", - "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", - "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", - "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", - "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", - "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", - ] -} diff --git a/data.tf b/data.tf index 23bfc5b..ad3bbdb 100644 --- a/data.tf +++ b/data.tf @@ -27,17 +27,17 @@ # } # } -data "aws_lb" "eks_payment_elb" { - tags = { - "kubernetes.io/service-name" = "fiap-payment/api-internal" - } -} +# data "aws_lb" "eks_payment_elb" { +# tags = { +# "kubernetes.io/service-name" = "fiap-payment/api-internal" +# } +# } -data "aws_lb" "eks_kitchen_elb" { - tags = { - "kubernetes.io/service-name" = "fiap-production/api-internal" - } -} +# data "aws_lb" "eks_kitchen_elb" { +# tags = { +# "kubernetes.io/service-name" = "fiap-production/api-internal" +# } +# } data "aws_lb" "load_balancers" { for_each = var.services diff --git a/modules/rest_api/main.tf b/modules/rest_api/main.tf index 00807aa..6424c84 100644 --- a/modules/rest_api/main.tf +++ b/modules/rest_api/main.tf @@ -51,7 +51,6 @@ resource "aws_api_gateway_integration" "integrations" { "integration.request.path.proxy" = "method.request.path.proxy" "integration.request.header.accessToken" = "context.authorizer.accessToken" } - } resource "aws_api_gateway_authorizer" "cpf_auth" { @@ -73,12 +72,18 @@ resource "aws_api_gateway_deployment" "dev" { depends_on = [aws_api_gateway_integration.integrations] rest_api_id = aws_api_gateway_rest_api.api_gtw.id # stage_name = "dev" - description = sha1(jsonencode(aws_api_gateway_rest_api.api_gtw.body)) + description = sha1(jsonencode([ + aws_api_gateway_rest_api.api_gtw.body, + aws_api_gateway_resource.payment_webhook_proxy + ])) lifecycle { create_before_destroy = true } triggers = { - redeployment = sha1(jsonencode(aws_api_gateway_rest_api.api_gtw.body)) + redeployment = sha1(jsonencode([ + aws_api_gateway_rest_api.api_gtw.body, + aws_api_gateway_resource.payment_webhook_proxy + ])) } } @@ -175,3 +180,46 @@ resource "aws_api_gateway_integration_response" "cors_integration_response" { "method.response.header.Access-Control-Allow-Origin" = "'*'" } } + +######### NO AUTH WEBHOOK ###### + +resource "aws_api_gateway_resource" "payment_webhook_resource" { + depends_on = [ + aws_api_gateway_resource.resource["payment"], + ] + rest_api_id = aws_api_gateway_rest_api.api_gtw.id + parent_id = aws_api_gateway_resource.resource["payment"].id + path_part = "webhook" +} + +resource "aws_api_gateway_resource" "payment_webhook_proxy" { + rest_api_id = aws_api_gateway_rest_api.api_gtw.id + parent_id = aws_api_gateway_resource.payment_webhook_resource.id + path_part = "{proxy+}" +} + +resource "aws_api_gateway_method" "payment_webhook_proxy_method" { + rest_api_id = aws_api_gateway_rest_api.api_gtw.id + resource_id = aws_api_gateway_resource.payment_webhook_proxy.id + http_method = "POST" + authorization = "NONE" + request_parameters = { + "method.request.path.proxy" = true + } +} + +resource "aws_api_gateway_integration" "payment_webhook_integrations" { + rest_api_id = aws_api_gateway_rest_api.api_gtw.id + resource_id = aws_api_gateway_resource.payment_webhook_proxy.id + http_method = aws_api_gateway_method.payment_webhook_proxy_method.http_method + type = "HTTP_PROXY" + uri = "http://${var.elb_map["payment"].dns_name}/api/notifications/{proxy}" + integration_http_method = "POST" + connection_type = "VPC_LINK" + connection_id = aws_api_gateway_vpc_link.vpc_link["payment"].id + + timeout_milliseconds = 29000 + request_parameters = { + "integration.request.path.proxy" = "method.request.path.proxy" + } +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 629047d..37be08e 100644 --- a/variables.tf +++ b/variables.tf @@ -45,7 +45,7 @@ variable "jwt_issuer" { } variable "services" { - type = map(object({ + type = map(object({ namespace = string auth = bool })) @@ -62,9 +62,5 @@ variable "services" { namespace = "fiap-orders" auth = true } - # "log" = { - # namespace = "fiap-log" - # auth = false - # } } }