pagopa
diff --git a/‎src/infra/api/oi-admin.tpl.json‎
Lines changed: 58 additions & 108 deletions b/‎src/infra/api/oi-admin.tpl.json‎
Lines changed: 58 additions & 108 deletions
diff --git a/‎src/infra/modules/backend/lambda.tf‎
Lines changed: 35 additions & 2 deletions b/‎src/infra/modules/backend/lambda.tf‎
Lines changed: 35 additions & 2 deletions
@@ -334,7 +334,7 @@
           {
             "in": "path",
             "name": "client_id",
-            "description": "the user_id of the cognito user",
+            "description": "the unique client_id of the client",
             "required": true,
             "schema": {
               "type": "string"
@@ -391,21 +391,6 @@
           }
         },
         "summary": "Client refresh secret endpoint",
-        "requestBody": {
-          "content": {
-            "application/json": {
-              "schema": {
-                "userId": {
-                  "type": "string",
-                  "description": "The userId of the user who is requesting the client secret refresh. This is required to ensure that only authorized users can refresh the client secret.",
-                  "example": "fake-user-id"
-                }
-              }
-            }
-          },
-          "description": "Request body",
-          "required": true
-        },
         "responses": {
           "200": {
             "description": "Client secret refreshed successfully.",
@@ -450,7 +435,9 @@
         ]
       }
     },
-    %{ if strcontains(server_url, "dev") || strcontains(server_url, "uat")
+    %{ if strcontains(server_url,
+      "dev") || strcontains(server_url,
+      "uat")
     }
 "/client-manager/client-users": {
       "post": {
@@ -546,30 +533,31 @@
             "${authorizer}": []
           }
         ]
-      }
-    },
-    "/client-manager/client-users/{user_id}/{username}": {
-      "patch": {
+      },
+      "get": {
         "tags": [
           "Admin Client Manager APIs"
         ],
-        "description": "This endpoint updates samlAttribrutes for a user in the Internal IDP",
-        "operationId": "Patch_admin_client_manager_client_users",
+        "description": "This endpoint expose backend function for Client Onboarding Portal.",
+        "operationId": "Get_admin_client_manager_client_users",
         "parameters": [
           {
-            "in": "path",
-            "name": "user_id",
-            "description": "user_id that is associated to the currently logged in user",
-            "required": true,
+            "in": "query",
+            "name": "limit",
+            "description": "Limit the number of results returned, max 1000",
+            "required": false,
             "schema": {
-              "type": "string"
+              "type": "integer",
+              "default": 10,
+              "minimum": 1,
+              "maximum": 1000
             }
           },
           {
-            "in": "path",
-            "name": "username",
-            "description": "username of the test user that is being updated",
-            "required": true,
+            "in": "query",
+            "name": "last_evaluated_key",
+            "description": "Last evaluated key for pagination",
+            "required": false,
             "schema": {
               "type": "string"
             }
@@ -601,10 +589,6 @@
               "statusCode": "403",
               "responseParameters": {}
             },
-            "404": {
-              "statusCode": "404",
-              "responseParameters": {}
-            },
             "405": {
               "statusCode": "405",
               "responseParameters": {}
@@ -620,20 +604,9 @@
           }
         },
         "summary": "Client Onboarding portal backend",
-        "requestBody": {
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/ClientUserUpdate"
-              }
-            }
-          },
-          "description": "Request body",
-          "required": true
-        },
         "responses": {
           "200": {
-            "$ref": "#/components/responses/responseOkNoContentJson"
+            "$ref": "#/components/responses/responseOkUsersJson"
           },
           "400": {
             "$ref": "#/components/responses/invalidParameters"
@@ -644,9 +617,6 @@
           "403": {
             "$ref": "#/components/responses/forbidden"
           },
-          "404": {
-            "$ref": "#/components/responses/notFound"
-          },
           "405": {
             "$ref": "#/components/responses/methodNotAllowed"
           },
@@ -662,23 +632,16 @@
             "${authorizer}": []
           }
         ]
-      },
-      "delete": {
+      }
+    },
+    "/client-manager/client-users/{username}": {
+      "patch": {
         "tags": [
           "Admin Client Manager APIs"
         ],
-        "description": "This endpoint deletes a user in the Internal IDP",
-        "operationId": "Delete_admin_client_manager_client_users",
+        "description": "This endpoint updates samlAttribrutes for a user in the Internal IDP",
+        "operationId": "Patch_admin_client_manager_client_users",
         "parameters": [
-          {
-            "in": "path",
-            "name": "user_id",
-            "description": "user_id that is associated to the currently logged in user",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
           {
             "in": "path",
             "name": "username",
@@ -697,8 +660,8 @@
           "httpMethod": "POST",
           "uri": "arn:aws:apigateway:${aws_region}:lambda:path/2015-03-31/functions/${client_manager_lambda_arn}/invocations",
           "responses": {
-            "204": {
-              "statusCode": "204",
+            "200": {
+              "statusCode": "200",
               "responseParameters": {
                 "method.response.header.content-type": "'application/json'"
               }
@@ -715,6 +678,10 @@
               "statusCode": "403",
               "responseParameters": {}
             },
+            "404": {
+              "statusCode": "404",
+              "responseParameters": {}
+            },
             "405": {
               "statusCode": "405",
               "responseParameters": {}
@@ -730,8 +697,19 @@
           }
         },
         "summary": "Client Onboarding portal backend",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/ClientUserUpdate"
+              }
+            }
+          },
+          "description": "Request body",
+          "required": true
+        },
         "responses": {
-          "204": {
+          "200": {
             "$ref": "#/components/responses/responseOkNoContentJson"
           },
           "400": {
@@ -743,6 +721,9 @@
           "403": {
             "$ref": "#/components/responses/forbidden"
           },
+          "404": {
+            "$ref": "#/components/responses/notFound"
+          },
           "405": {
             "$ref": "#/components/responses/methodNotAllowed"
           },
@@ -758,45 +739,22 @@
             "${authorizer}": []
           }
         ]
-      }
-    },
-    "/client-manager/client-users/{user_id}": {
-      "get": {
+      },
+      "delete": {
         "tags": [
           "Admin Client Manager APIs"
         ],
-        "description": "This endpoint expose backend function for Client Onboarding Portal.",
-        "operationId": "Get_admin_client_manager_client_users",
+        "description": "This endpoint deletes a user in the Internal IDP",
+        "operationId": "Delete_admin_client_manager_client_users",
         "parameters": [
           {
             "in": "path",
-            "name": "user_id",
-            "description": "user_id that is associated to the currently logged in user",
+            "name": "username",
+            "description": "username of the test user that is being updated",
             "required": true,
             "schema": {
               "type": "string"
             }
-          },
-          {
-            "in": "query",
-            "name": "limit",
-            "description": "Limit the number of results returned, max 1000",
-            "required": false,
-            "schema": {
-              "type": "integer",
-              "default": 10,
-              "minimum": 1,
-              "maximum": 1000
-            }
-          },
-          {
-            "in": "query",
-            "name": "last_evaluated_key",
-            "description": "Last evaluated key for pagination",
-            "required": false,
-            "schema": {
-              "type": "string"
-            }
           }
         ],
         "x-amazon-apigateway-integration": {
@@ -807,8 +765,8 @@
           "httpMethod": "POST",
           "uri": "arn:aws:apigateway:${aws_region}:lambda:path/2015-03-31/functions/${client_manager_lambda_arn}/invocations",
           "responses": {
-            "200": {
-              "statusCode": "200",
+            "204": {
+              "statusCode": "204",
               "responseParameters": {
                 "method.response.header.content-type": "'application/json'"
               }
@@ -841,8 +799,8 @@
         },
         "summary": "Client Onboarding portal backend",
         "responses": {
-          "200": {
-            "$ref": "#/components/responses/responseOkUsersJson"
+          "204": {
+            "$ref": "#/components/responses/responseOkNoContentJson"
           },
           "400": {
             "$ref": "#/components/responses/invalidParameters"
@@ -1564,10 +1522,6 @@
       "ClientRegistration": {
         "type": "object",
         "properties": {
-          "userId": {
-            "type": "string",
-            "description": "The userId of the cognito user"
-          },
           "redirectUris": {
             "type": "array",
             "items": {
@@ -2025,10 +1979,6 @@
                 "$ref": "#/components/schemas/SamlAttributes"
               }
             }
-          },
-          "user_id": {
-            "type": "string",
-            "description": "The user_id that is associated to the currently logged in user"
           }
         }
       },
 
@@ -895,6 +895,39 @@ data "aws_iam_policy_document" "invalidate_cache_lambda" {
 
 # Lambda client manager
 
+resource "null_resource" "install_client_manager_dependencies" {
+  provisioner "local-exec" {
+    command = <<EOT
+      mkdir -p ${path.module}/../../dist/python
+      pip install \
+        --platform manylinux2014_x86_64 \
+        --target=${path.module}/../../dist/python \
+        --implementation cp \
+        --only-binary=:all: --upgrade \
+        -r ../../../oneid/oneid-lambda-client-manager/requirements.txt
+    EOT
+  }
+
+  triggers = {
+    always_run = "${timestamp()}"
+  }
+}
+
+data "archive_file" "pyjwt_layer" {
+  type        = "zip"
+  source_dir  = "${path.module}/../../dist/"
+  output_path = "${path.module}/../../dist/python.zip"
+  depends_on  = [null_resource.install_client_manager_dependencies]
+}
+
+resource "aws_lambda_layer_version" "pyjwt_layer" {
+  layer_name          = "pyjwt-layer"
+  description         = "Lambda layer with PyJWT"
+  compatible_runtimes = ["python3.12"]
+  filename            = data.archive_file.pyjwt_layer.output_path
+  source_code_hash    = data.archive_file.pyjwt_layer.output_base64sha256
+}
+
 module "client_manager_lambda" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "7.4.0"
@@ -907,7 +940,6 @@ module "client_manager_lambda" {
   local_existing_package  = var.client_manager_lambda.filename
   ignore_source_code_hash = true
 
-
   attach_policy_json = true
   policy_json        = data.aws_iam_policy_document.client_manager_lambda.json
 
@@ -919,7 +951,8 @@ module "client_manager_lambda" {
 
   # lambda powertools layer
   layers = [
-    "arn:aws:lambda:${var.aws_region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:11"
+    "arn:aws:lambda:${var.aws_region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:11",
+    aws_lambda_layer_version.pyjwt_layer.arn
   ]
 
   memory_size = 256