pagopa · alessio-cialini · Oct 14, 2024 · Oct 14, 2024 · Oct 21, 2024 · Oct 24, 2024
@@ -0,0 +1,76 @@
+####################
+## Local variables #
+####################
+
+locals {
+  apim_gpd_debezium_api = {
+    published             = false
+    subscription_required = true
+    approval_required     = false
+    subscriptions_limit   = 1000
+    service_url           = format("https://%s/debezium-gpd", local.gps_hostname)
+  }
+}
+
+##############
+## Products ##
+##############
+
+module "apim_gpd_debezium_product" {
+  source = "./.terraform/modules/__v3__/api_management_product"
+
+  product_id   = "product-gpd-debezium"
+  display_name = "GPD Debezium API pagoPA"
+  description  = "Prodotto GPD Debezium API"
+
+  api_management_name = local.pagopa_apim_name
+  resource_group_name = local.pagopa_apim_rg
+
+  published             = local.apim_gpd_debezium_api.published
+  subscription_required = local.apim_gpd_debezium_api.subscription_required
+  approval_required     = local.apim_gpd_debezium_api.approval_required
+  subscriptions_limit   = local.apim_gpd_debezium_api.subscriptions_limit
+
+  policy_xml = file("./api_product/debezium-api/_base_policy.xml")
+}
+
+##############
+##    API   ##
+##############
+
+resource "azurerm_api_management_api_version_set" "api_gpd_debezium_api" {
+
+  name                = format("%s-api-gpd-debezium-api", var.env_short)
+  api_management_name = local.pagopa_apim_name
+  resource_group_name = local.pagopa_apim_rg
+  display_name        = "GPD Debezium API"
+  versioning_scheme   = "Segment"
+}
+
+
+module "apim_api_gpd_debezium_api" {
+  source = "./.terraform/modules/__v3__/api_management_api"
+
+  name                  = format("%s-api-gpd-debezium-api", var.env_short)
+  api_management_name   = local.pagopa_apim_name
+  resource_group_name   = local.pagopa_apim_rg
+  product_ids           = [module.apim_gpd_debezium_product.product_id, module.apim_gpd_debezium_product.product_id]
+  subscription_required = local.apim_gpd_debezium_api.subscription_required
+  api_version           = "v1"
+  version_set_id        = azurerm_api_management_api_version_set.api_gpd_debezium_api.id
+  service_url           = format("https://%s", module.reporting_analysis_function.default_hostname)
+
+  description  = "Api GPD Debezium"
+  display_name = "GPDDebezium API pagoPA"
+  path         = "gpd-debezium/api"
+  protocols    = ["https"]
+
+  content_format = "openapi"
+  content_value = templatefile("./api/debezium-api/v1/_openapi.json.tpl", {
+    host = local.apim_hostname
+  })
+
+  xml_content = templatefile("./api/debezium-api/v1/_base_policy.xml", {
+    origin = format("https://%s.%s.%s", var.cname_record_name, var.apim_dns_zone_prefix, var.external_domain)
+  })
+}
@@ -91,6 +91,24 @@ locals {
     max_threads           = var.max_threads
   })
 
+  healthchecker_config_yaml = templatefile("${path.module}/yaml/healthchecker-config-map.yaml", {
+    namespace = "gps" # kubernetes_namespace.namespace.metadata[0].name
+  })
+
+  debezium_health_checker_cron_yaml = templatefile("${path.module}/yaml/debezium-health-checker-cron.yaml", {
+    namespace = "gps" # kubernetes_namespace.namespace.metadata[0].name
+  })
+
+  debezium_network_policy_yaml = templatefile("${path.module}/yaml/debezium-network-policy.yaml", {
+    namespace = "gps" # kubernetes_namespace.namespace.metadata[0].name
+  })
+
+  debezium_ingress_yaml = templatefile("${path.module}/yaml/debezium-ingress.yaml", {
+    namespace = "gps" # kubernetes_namespace.namespace.metadata[0].name
+    host = "${var.location_short}${var.env_short}.gps.internal.${var.env_short}.platform.pagopa.it"
+    secret = "${var.location_short}${var.env_short}-gps-internal-${var.env_short}-platform-pagopa-it"
+  })
+
 }
 
 resource "kubectl_manifest" "debezium_role" {
@@ -178,3 +196,36 @@ resource "null_resource" "wait_postgres_connector" {
     interpreter = ["/bin/bash", "-c"]
   }
 }
+
+resource "kubectl_manifest" "healthchecker-config-map" {
+  depends_on = [
+    helm_release.strimzi-kafka-operator
+  ]
+  force_conflicts = true
+  yaml_body       = local.healthchecker_config_yaml
+}
+
+resource "kubectl_manifest" "healthchecker-cron" {
+  depends_on = [
+    helm_release.strimzi-kafka-operator, kubectl_manifest.healthchecker-config-map
+  ]
+  force_conflicts = true
+  yaml_body       = local.debezium_health_checker_cron_yaml
+}
+
+resource "kubectl_manifest" "debezium-ingress" {
+  depends_on = [
+    kubectl_manifest.kafka_connect
+  ]
+  force_conflicts = true
+  yaml_body       = local.debezium_ingress_yaml
+}
+
+resource "kubectl_manifest" "debezium-network-policy" {
+  depends_on = [
+    kubectl_manifest.kafka_connect
+  ]
+  force_conflicts = true
+  yaml_body       = local.debezium_network_policy_yaml
+}
+
@@ -0,0 +1,28 @@
+<!--
+    IMPORTANT:
+    - Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
+    - To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
+    - To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
+    - To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
+    - To remove a policy, delete the corresponding policy statement from the policy document.
+    - Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
+    - Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
+    - Policies are applied in the order of their appearance, from the top down.
+    - Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope.
+-->
+<policies>
+    <inbound>
+        <base />
+        <!-- rate limit by subscription key -->
+        <rate-limit calls="300" renewal-period="10" remaining-calls-variable-name="remainingCallsPerSubscription"/>
+    </inbound>
+    <backend>
+        <base />
+    </backend>
+    <outbound>
+        <base />
+    </outbound>
+    <on-error>
+        <base />
+    </on-error>
+</policies>
@@ -0,0 +1,156 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Debezium API - GPD",
+    "version": "1.0.0"
+  },
+  "servers": [
+    {
+      "url": "${host}"
+    }
+  ],
+  "paths": {
+    "/connectors": {
+      "get": {
+        "tags": [
+          "Get Connectors List"
+        ],
+        "summary": "getConnectors",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+              }
+            }
+          },
+          "400": {
+            "description": "Error response",
+            "content": {
+              "application/json": {}
+            }
+          }
+        }
+      }
+    },
+    "/connectors/{connectorId}/status": {
+      "get": {
+        "tags": [
+          "Get Detail on Connector Status"
+        ],
+        "summary": "getConnectorStatus",
+        "parameters": [
+          {
+            "name": "connectorId",
+            "in": "path",
+            "schema": {
+              "type": "string"
+            },
+            "required": true,
+            "example": "debezium-connector-postgres"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {}
+            }
+          },
+          "404": {
+            "description": "Not Found",
+            "content": {
+              "application/json": {}
+            }
+          }
+        }
+      }
+    },
+    "/connectors/{connectorId}/restart": {
+      "post": {
+        "tags": [
+          "Restart Connector"
+        ],
+        "summary": "restartConnector",
+        "parameters": [
+          {
+            "name": "connectorId",
+            "in": "path",
+            "schema": {
+              "type": "string"
+            },
+            "required": true,
+            "example": "debezium-connector-postgres"
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {}
+            }
+          },
+          "404": {
+            "description": "Not Found",
+            "content": {
+              "application/json": {}
+            }
+          }
+        }
+      }
+    },
+    "/connectors/{connectorId}/tasks/{taskId}/restart": {
+      "post": {
+        "tags": [
+          "Restart Task "
+        ],
+        "summary": "restartTask",
+        "parameters": [
+          {
+            "name": "connectorId",
+            "in": "path",
+            "schema": {
+              "type": "string"
+            },
+            "required": true,
+            "example": "debezium-connector-postgres"
+          },
+          {
+            "name": "taskId",
+            "in": "path",
+            "schema": {
+              "type": "string"
+            },
+            "required": true,
+            "example": "0"
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {}
+            }
+          },
+          "404": {
+            "description": "Not Found",
+            "content": {
+              "application/json": {}
+            }
+          }
+        }
+      }
+    }
+  },
+  "components": {
+		"securitySchemes": {
+			"ApiKey": {
+				"type": "apiKey",
+				"description": "The API key to access this function app.",
+				"name": "Ocp-Apim-Subscription-Key",
+				"in": "header"
+			}
+		}
+  }
+}
@@ -0,0 +1,26 @@
+<!--
+    IMPORTANT:
+    - Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
+    - To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
+    - To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
+    - To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
+    - To remove a policy, delete the corresponding policy statement from the policy document.
+    - Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
+    - Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
+    - Policies are applied in the order of their appearance, from the top down.
+    - Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope.
+-->
+<policies>
+    <inbound>
+        <base />
+    </inbound>
+    <backend>
+        <base />
+    </backend>
+    <outbound>
+        <base />
+    </outbound>
+    <on-error>
+        <base />
+    </on-error>
+</policies>
@@ -0,0 +1,26 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: debezium-health-checker-cron
+  namespace: ${namespace}
+spec:
+  schedule: "*/5 * * * *"  # Runs every 5 minutes
+  successfulJobsHistoryLimit: 0
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      ttlSecondsAfterFinished: 100
+      template:
+        spec:
+          containers:
+          - name: debezium-health-checker
+            image: bitnami/kubectl:latest
+            command: ["/bin/bash", "/scripts/check_kafka_connect.sh"]
+            volumeMounts:
+            - name: script-volume
+              mountPath: /scripts
+          restartPolicy: OnFailure
+          volumes:
+          - name: script-volume
+            configMap:
+              name: health-checker-script