@pagopa/dx-cli 0.21.2 → 0.21.4

package/dist/use-cases/request-authorization.d.ts

@@ -2,14 +2,14 @@
  * Request Authorization Use Case
  *
  * Orchestrates an authorization request by delegating to the
- * technology-agnostic AuthorizationService.
+ * AuthorizationService.
  */
 import { ResultAsync } from "neverthrow";
 import { AuthorizationError, AuthorizationResult, AuthorizationService, RequestAuthorizationInput } from "../domain/authorization.js";
 /**
  * Creates a function that requests authorization for a bootstrap identity.
  *
- * @param authorizationService - The service handling platform-specific authorization logic
+ * @param authorizationService - The service handling authorization logic
  * @returns A function that takes input and returns a ResultAsync with the authorization result
  */
 export declare const requestAuthorization: (authorizationService: AuthorizationService) => (input: RequestAuthorizationInput) => ResultAsync<AuthorizationResult, AuthorizationError>;

package/dist/use-cases/request-authorization.js

@@ -2,12 +2,12 @@
  * Request Authorization Use Case
  *
  * Orchestrates an authorization request by delegating to the
- * technology-agnostic AuthorizationService.
+ * AuthorizationService.
  */
 /**
  * Creates a function that requests authorization for a bootstrap identity.
  *
- * @param authorizationService - The service handling platform-specific authorization logic
+ * @param authorizationService - The service handling authorization logic
  * @returns A function that takes input and returns a ResultAsync with the authorization result
  */
 export const requestAuthorization = (authorizationService) => (input) => authorizationService.requestAuthorization(input);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/dx-cli",
-  "version": "0.21.2",
+  "version": "0.21.4",
   "type": "module",
   "description": "A CLI useful to manage DX tools.",
   "repository": {

package/templates/environment/bootstrapper/{{env.name}}/data.tf.hbs

@@ -13,10 +13,6 @@ data "azuread_group" "externals" {
 {{/with}}
 
 {{#with includesProdIO}}
-data "azurerm_subscription" "PROD_IO" {
-  provider = azurerm.PROD-IO
-}
-
 data "azurerm_resource_group" "common_itn_01" {
   provider = azurerm.PROD-IO
   name     = "io-p-itn-common-rg-01"
@@ -38,21 +34,9 @@ data "azurerm_container_app_environment" "runner" {
   resource_group_name = "io-p-itn-github-runner-rg-01"
 }
 
-data "azurerm_api_management" "apim" {
-  provider            = azurerm.PROD-IO
-  name                = "io-p-itn-apim-01"
-  resource_group_name = data.azurerm_resource_group.common_itn_01.name
-}
-
 data "azurerm_key_vault" "common" {
   provider            = azurerm.PROD-IO
   name                = "io-p-kv-common"
   resource_group_name = data.azurerm_resource_group.common_weu.name
 }
-
-data "azurerm_virtual_network" "common" {
-  provider            = azurerm.PROD-IO
-  name                = "io-p-itn-common-vnet-01"
-  resource_group_name = data.azurerm_resource_group.common_itn_01.name
-}
 {{/with}}

package/templates/environment/bootstrapper/{{env.name}}/main.tf.hbs

@@ -8,7 +8,7 @@ locals {
 {{#if (eq displayName "PROD-IO")}}
 module "azure-{{displayName}}_bootstrap" {
   source  = "pagopa-dx/azure-github-environment-bootstrap/azurerm"
-  version = "~> 3.0"
+  version = "~> 4.0"
 
   providers = {
     azurerm = azurerm.{{displayName}}
@@ -16,9 +16,6 @@ module "azure-{{displayName}}_bootstrap" {
 
   environment = merge(local.environment, local.azure_accounts.{{displayName}})
 
-  subscription_id = data.azurerm_subscription.PROD_IO.id
-  tenant_id       = data.azurerm_subscription.PROD_IO.tenant_id
-
   entraid_groups = {
     admins_object_id    = data.azuread_group.admins.object_id
     devs_object_id      = data.azuread_group.developers.object_id
@@ -37,7 +34,6 @@ module "azure-{{displayName}}_bootstrap" {
 
   github_private_runner = {
     container_app_environment_id       = data.azurerm_container_app_environment.runner.id
-    container_app_environment_location = data.azurerm_container_app_environment.runner.location
     key_vault = {
       name                = data.azurerm_key_vault.common.name
       resource_group_name = data.azurerm_key_vault.common.resource_group_name
@@ -45,10 +41,7 @@ module "azure-{{displayName}}_bootstrap" {
     use_github_app = true
   }
 
-  apim_id                            = data.azurerm_api_management.apim.id
-  pep_vnet_id                        = data.azurerm_virtual_network.common.id
   private_dns_zone_resource_group_id = data.azurerm_resource_group.common_weu.id
-  nat_gateway_resource_group_id      = data.azurerm_resource_group.common_itn_01.id
   opex_resource_group_id             = data.azurerm_resource_group.dashboards.id
 
   tags = local.bootstrapper_tags
@@ -73,7 +66,7 @@ module "azure-{{displayName}}_core_values" {
 
 module "azure-{{displayName}}_bootstrap" {
   source  = "pagopa-dx/azure-github-environment-bootstrap/azurerm"
-  version = "~> 3.0"
+  version = "~> 4.0"
 
   providers = {
     azurerm = azurerm.{{displayName}}
@@ -81,9 +74,6 @@ module "azure-{{displayName}}_bootstrap" {
 
   environment = merge(local.environment, local.azure_accounts.{{displayName}})
 
-  subscription_id = module.azure-{{displayName}}_core_values.subscription_id
-  tenant_id       = module.azure-{{displayName}}_core_values.tenant_id
-
   entraid_groups = {
     admins_object_id    = data.azuread_group.admins.object_id
     devs_object_id      = data.azuread_group.developers.object_id
@@ -102,7 +92,6 @@ module "azure-{{displayName}}_bootstrap" {
 
   github_private_runner = {
     container_app_environment_id       = module.azure-{{displayName}}_core_values.github_runner.environment_id
-    container_app_environment_location = local.azure_accounts.{{displayName}}.location
     labels = [
       "{{@root.env.name}}"
     ]
@@ -114,7 +103,6 @@ module "azure-{{displayName}}_bootstrap" {
     use_github_app = true
   }
 
-  pep_vnet_id                        = module.azure-{{displayName}}_core_values.common_vnet.id
   private_dns_zone_resource_group_id = module.azure-{{displayName}}_core_values.network_resource_group_id
   opex_resource_group_id             = module.azure-{{displayName}}_core_values.opex_resource_group_id
 

package/dist/adapters/pagopa-technology/authorization.js

@@ -1,124 +0,0 @@
-/**
- * PagoPA Technology Authorization Adapter
- *
- * Implements the AuthorizationService interface for the PagoPA Azure
- * authorization workflow. Encapsulates all platform-specific details:
- * the target GitHub repository, file paths, branch naming, JSON file
- * parsing, and pull request creation.
- */
-import { getLogger } from "@logtape/logtape";
-import { err, errAsync, ok, okAsync, ResultAsync } from "neverthrow";
-import { z } from "zod";
-import { AuthorizationError, AuthorizationResult, IdentityAlreadyExistsError, InvalidAuthorizationFileFormatError, } from "../../domain/authorization.js";
-const authorizationFileSchema = z
-    .object({
-    directory_readers: z
-        .object({
-        service_principals_name: z.array(z.string()),
-    })
-        .loose(),
-})
-    .loose();
-const addIdentity = (content, identityId) => {
-    let parsed;
-    try {
-        parsed = JSON.parse(content);
-    }
-    catch {
-        return err(new InvalidAuthorizationFileFormatError("File content is not valid JSON"));
-    }
-    const result = authorizationFileSchema.safeParse(parsed);
-    if (!result.success) {
-        return err(new InvalidAuthorizationFileFormatError("Could not find directory_readers.service_principals_name list"));
-    }
-    const jsonContent = result.data;
-    if (jsonContent.directory_readers.service_principals_name.includes(identityId)) {
-        return err(new IdentityAlreadyExistsError(identityId));
-    }
-    const updated = {
-        ...jsonContent,
-        directory_readers: {
-            ...jsonContent.directory_readers,
-            service_principals_name: [
-                ...jsonContent.directory_readers.service_principals_name,
-                identityId,
-            ],
-        },
-    };
-    return ok(JSON.stringify(updated, null, 2));
-};
-const REPO_OWNER = "pagopa";
-const REPO_NAME = "eng-azure-authorization";
-const BASE_BRANCH = "main";
-export const makeAuthorizationService = (gitHubService) => ({
-    requestAuthorization(input) {
-        const logger = getLogger(["dx-cli", "pagopa-authorization"]);
-        const { bootstrapIdentityId, repoName, subscriptionName } = input;
-        const filePath = `src/azure-subscriptions/subscriptions/${subscriptionName}/terraform.tfvars.json`;
-        const branchName = `feats/add-${repoName}-${subscriptionName}-bootstrap-identity`;
-        return (
-        // Step 1: Create branch first to avoid race condition with main branch updates
-        ResultAsync.fromPromise(gitHubService.createBranch({
-            branchName,
-            fromRef: BASE_BRANCH,
-            owner: REPO_OWNER,
-            repo: REPO_NAME,
-        }), () => new AuthorizationError(`Unable to create branch ${branchName} in ${REPO_OWNER}/${REPO_NAME}`))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            // Step 2: Fetch file content from the newly created branch
-            .andThen(() => ResultAsync.fromPromise(gitHubService.getFileContent({
-            owner: REPO_OWNER,
-            path: filePath,
-            ref: branchName,
-            repo: REPO_NAME,
-        }), () => new AuthorizationError(`Unable to get ${filePath} in ${REPO_OWNER}/${REPO_NAME}`)))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            // Modify the file content, detecting duplicates and format errors
-            .andThen(({ content, sha }) => addIdentity(content, bootstrapIdentityId)
-            .mapErr((error) => {
-            if (error instanceof IdentityAlreadyExistsError) {
-                logger.warn("Identity already exists", {
-                    identityId: bootstrapIdentityId,
-                    subscription: subscriptionName,
-                });
-            }
-            else {
-                logger.error("Failed to modify tfvars", {
-                    error: error.message,
-                });
-            }
-            return error;
-        })
-            .match((updatedContent) => okAsync({ sha, updatedContent }), (error) => errAsync(error)))
-            // Update the file on the new branch
-            .andThen(({ sha, updatedContent }) => ResultAsync.fromPromise(gitHubService.updateFile({
-            branch: branchName,
-            content: updatedContent,
-            message: `Add directory reader for ${subscriptionName}`,
-            owner: REPO_OWNER,
-            path: filePath,
-            repo: REPO_NAME,
-            sha,
-        }), () => new AuthorizationError(`Unable to update ${filePath} on branch ${branchName} in ${REPO_OWNER}/${REPO_NAME}`)))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            // Create a pull request for review
-            .andThen(() => ResultAsync.fromPromise(gitHubService.createPullRequest({
-            base: BASE_BRANCH,
-            body: `This PR adds the bootstrap identity \`${bootstrapIdentityId}\` to the directory readers for subscription \`${subscriptionName}\`.`,
-            head: branchName,
-            owner: REPO_OWNER,
-            repo: REPO_NAME,
-            title: `Add directory reader for ${subscriptionName}`,
-        }), () => new AuthorizationError(`Unable to create pull request from ${branchName} to ${BASE_BRANCH} in ${REPO_OWNER}/${REPO_NAME}`)))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            .map((pr) => new AuthorizationResult(pr.url)));
-    },
-});