Updates (#2282)

infrastructure/api-mgmt-policy.xml

@@ -1,12 +1,12 @@
 <policies>
   <inbound>
     <base />
-    <validate-azure-ad-token header-name="Authorization" tenant-id="{TENANT_ID}" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
+    <validate-azure-ad-token header-name="Authorization" tenant-id="{tenant_id}" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
       <client-application-ids>
-        <application-id>{CLIENT_ID}</application-id>
+        <application-id>{client_id}</application-id>
       </client-application-ids>
       <audiences>
-        <audience>{APP_ID}</audience>
+        <audience>{app_id}</audience>
       </audiences>
     </validate-azure-ad-token>
   </inbound>

infrastructure/api-mgmt.tf

@@ -4,6 +4,16 @@ locals {
   api_mgmt_rg     = join("-", ["cft", var.env, "network-rg"])
 }
 
+data "template_file" "apim_policy" {
+  template = file("${path.module}/api-mgmt-policy.xml")
+
+  vars = {
+    tenant_id = data.azurerm_key_vault_secret.apim_tenant_id.value
+    client_id = data.azurerm_key_vault_secret.apim_client_id.value
+    app_id    = data.azurerm_key_vault_secret.apim_app_id.value
+  }
+}
+
 module "api_mgmt_product" {
   source                        = "[email protected]:hmcts/cnp-module-api-mgmt-product?ref=master"
   api_mgmt_name                 = local.api_mgmt_name
@@ -35,36 +45,16 @@ module "api_mgmt" {
   providers = {
     azurerm = azurerm.aks-cftapps
   }
-
-  depends_on = [
-    module.api_mgmt_product
-  ]
 }
 
 module "api_mgmt_policy" {
-  source        = "[email protected]:hmcts/cnp-module-api-mgmt-api-policy?ref=master"
-  api_mgmt_name = local.api_mgmt_name
-  api_mgmt_rg   = local.api_mgmt_rg
-  api_name      = module.api_mgmt.name
-  api_policy_xml_content = replace(
-    replace(
-      replace(
-        file("api-mgmt-policy.xml"),
-        "TENANT_ID",
-        data.azurerm_key_vault_secret.apim_tenant_id.value
-      ),
-      "CLIENT_ID",
-      data.azurerm_key_vault_secret.apim_client_id.value
-    ),
-    "APP_ID",
-    data.azurerm_key_vault_secret.apim_app_id.value
-  )
+  source                 = "[email protected]:hmcts/cnp-module-api-mgmt-api-policy?ref=master"
+  api_mgmt_name          = local.api_mgmt_name
+  api_mgmt_rg            = local.api_mgmt_rg
+  api_name               = module.api_mgmt.name
+  api_policy_xml_content = data.template_file.apim_policy.rendered
 
   providers = {
     azurerm = azurerm.aks-cftapps
   }
-
-  depends_on = [
-    module.api_mgmt
-  ]
 }