From 20ce34fd6a9e51179a5a51647f8a60e57f7bbdd4 Mon Sep 17 00:00:00 2001 From: anttorre Date: Mon, 22 Nov 2021 20:51:47 +0100 Subject: [PATCH] fixed interop-services configuration --- src/core/apim.tf | 6 +++--- src/k8s/rbac.tf | 31 +++++++++++++++++++++++++++++++ src/k8s/selc_configmaps.tf | 14 +++++++------- src/k8s/selc_ingress.tf | 12 ++++++------ 4 files changed, 47 insertions(+), 16 deletions(-) diff --git a/src/core/apim.tf b/src/core/apim.tf index d6c4e9291..dc894baa7 100644 --- a/src/core/apim.tf +++ b/src/core/apim.tf @@ -208,7 +208,7 @@ module "apim_uservice_party_process_v1" { api_version = "v1" protocols = ["https"] - service_url = format("http://%s/uservice-party-process/pdnd-interop-uservice-party-process/0.1", var.reverse_proxy_ip) + service_url = format("http://%s/pdnd-interop-uservice-party-process/pdnd-interop-uservice-party-process/0.1", var.reverse_proxy_ip) content_format = "openapi" content_value = templatefile("./api/party_process/v1/party-process.yml.tpl", { @@ -263,7 +263,7 @@ module "apim_uservice_party_management_v1" { api_version = "v1" protocols = ["https"] - service_url = format("http://%s/uservice-party-management/pdnd-interop-uservice-party-management/0.1", var.reverse_proxy_ip) + service_url = format("http://%s/pdnd-interop-uservice-party-management/pdnd-interop-uservice-party-management/0.1", var.reverse_proxy_ip) content_format = "openapi" content_value = templatefile("./api/party_management/v1/party-management.yml.tpl", { @@ -306,7 +306,7 @@ module "apim_uservice_party_registry_proxy_v1" { api_version = "v1" protocols = ["https"] - service_url = format("http://%s/uservice-party-registry-proxy/pdnd-interop-uservice-party-registry-proxy/0.1", var.reverse_proxy_ip) + service_url = format("http://%s/pdnd-interop-uservice-party-registry-proxy/pdnd-interop-uservice-party-registry-proxy/0.1", var.reverse_proxy_ip) content_format = "openapi" content_value = templatefile("./api/party_registry_proxy/v1/party-registry-proxy.yml.tpl", { diff --git a/src/k8s/rbac.tf b/src/k8s/rbac.tf index 840cae54d..c56f1058b 100644 --- a/src/k8s/rbac.tf +++ b/src/k8s/rbac.tf @@ -174,3 +174,34 @@ resource "kubernetes_cluster_role_binding" "view_binding" { namespace = "kube-system" } } + +# role required by interop services + +resource "kubernetes_role" "pod_reader" { + metadata { + name = "pod-reader" + namespace = kubernetes_namespace.selc.metadata[0].name + } + + rule { + api_groups = [""] + resources = ["pods"] + verbs = ["get", "watch", "list"] + } +} + +resource "kubernetes_role_binding" "pod_reader" { + metadata { + name = "pod-reader" + namespace = kubernetes_namespace.selc.metadata[0].name + } + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "Role" + name = "pod-reader" + } + subject { + kind = "User" + name = format("system:serviceaccount:%s:default", kubernetes_namespace.selc.metadata[0].name) + } +} \ No newline at end of file diff --git a/src/k8s/selc_configmaps.tf b/src/k8s/selc_configmaps.tf index 798b1338d..c86222b5a 100644 --- a/src/k8s/selc_configmaps.tf +++ b/src/k8s/selc_configmaps.tf @@ -8,10 +8,10 @@ resource "kubernetes_config_map" "inner-service-url" { HUB_SPID_LOGIN_URL = "http://hub-spid-login-ms:8080" B4F_DASHBOARD_URL = "http://b4f-dashboard:8080" MS_PRODUCT_URL = "http://ms-product:8080" - USERVICE_PARTY_PROCESS_URL = "https://api.dev.selfcare.pagopa.it/party-process/v1" // TODO when mock not more required "http://uservice-party-process:8088/pdnd-interop-uservice-party-process/0.1" - USERVICE_PARTY_MANAGEMENT_URL = "https://api.dev.selfcare.pagopa.it/party-management/v1" // TODO when mock not more required "http://uservice-party-management:8088/pdnd-interop-uservice-party-management/0.1" - USERVICE_PARTY_REGISTRY_PROXY_URL = "https://api.dev.selfcare.pagopa.it/party-registry-proxy/v1" // TODO when mock not more required "http://uservice-party-registry-proxy:8088/pdnd-interop-uservice-party-registry-proxy/0.1" - USERVICE_ATTRIBUTE_REGISTRY_MANAGEMENT_URL = "https://api.dev.selfcare.pagopa.it/attribute-registry-management/v1" // TODO when mock not more required "http://uservice-party-registry-proxy:8088/pdnd-interop-uservice-attribute-registry-management/0.1" + USERVICE_PARTY_PROCESS_URL = "https://api.dev.selfcare.pagopa.it/party-process/v1" // TODO when mock not more required "http://pdnd-interop-uservice-party-process:8088/pdnd-interop-uservice-party-process/0.1" + USERVICE_PARTY_MANAGEMENT_URL = "https://api.dev.selfcare.pagopa.it/party-management/v1" // TODO when mock not more required "http://pdnd-interop-uservice-party-management:8088/pdnd-interop-uservice-party-management/0.1" + USERVICE_PARTY_REGISTRY_PROXY_URL = "https://api.dev.selfcare.pagopa.it/party-registry-proxy/v1" // TODO when mock not more required "http://pdnd-interop-uservice-party-registry-proxy:8088/pdnd-interop-uservice-party-registry-proxy/0.1" + USERVICE_ATTRIBUTE_REGISTRY_MANAGEMENT_URL = "https://api.dev.selfcare.pagopa.it/attribute-registry-management/v1" // TODO when mock not more required "http://pdnd-interop-uservice-party-registry-proxy:8088/pdnd-interop-uservice-attribute-registry-management/0.1" } } @@ -133,9 +133,9 @@ resource "kubernetes_config_map" "uservice-party-process" { MANAGER_PRODUCT_ROLES = "ADMIN"//TODO DELEGATE_PRODUCT_ROLES = "ADMIN"//TODO OPERATOR_PRODUCT_ROLES = "ADMIN_REF,TECH_REF"//TODO - PARTY_MANAGEMENT_URL = format("http://uservice-party-management:8088/pdnd-interop-uservice-party-management/%s", var.api-version_uservice-party-management) - PARTY_PROXY_URL = format("http://uservice-party-registry-proxy:8088/pdnd-interop-uservice-party-registry-proxy/%s", var.api-version_uservice-party-registry-proxy) - ATTRIBUTE_REGISTRY_URL = format("http://uservice-attribute-registry-management:8088/pdnd-interop-uservice-attribute-registry-management/%s", var.api-version_uservice-attribute-registry-management) + PARTY_MANAGEMENT_URL = format("http://pdnd-interop-uservice-party-management:8088/pdnd-interop-uservice-party-management/%s", var.api-version_uservice-party-management) + PARTY_PROXY_URL = format("http://pdnd-interop-uservice-party-registry-proxy:8088/pdnd-interop-uservice-party-registry-proxy/%s", var.api-version_uservice-party-registry-proxy) + ATTRIBUTE_REGISTRY_URL = format("http://pdnd-interop-uservice-attribute-registry-management:8088/pdnd-interop-uservice-attribute-registry-management/%s", var.api-version_uservice-attribute-registry-management) }, var.configmaps_uservice-party-process ) diff --git a/src/k8s/selc_ingress.tf b/src/k8s/selc_ingress.tf index 9757a9351..d77324467 100644 --- a/src/k8s/selc_ingress.tf +++ b/src/k8s/selc_ingress.tf @@ -34,26 +34,26 @@ resource "kubernetes_ingress" "selc_ingress" { path { backend { - service_name = "uservice-party-process" + service_name = "pdnd-interop-uservice-party-process" service_port = 8088 } - path = "/uservice-party-process/(.*)" + path = "/pdnd-interop-uservice-party-process/(.*)" } path { backend { - service_name = "uservice-party-management" + service_name = "pdnd-interop-uservice-party-management" service_port = 8088 } - path = "/uservice-party-management/(.*)" + path = "/pdnd-interop-uservice-party-management/(.*)" } path { backend { - service_name = "uservice-party-registry-proxy" + service_name = "pdnd-interop-uservice-party-registry-proxy" service_port = 8088 } - path = "/uservice-party-registry-proxy/(.*)" + path = "/pdnd-interop-uservice-party-registry-proxy/(.*)" } path {