# OCI API Gateways - Completo ## Gateway 1: api-gateway-nexus-dev | Propriedade | Valor | |-------------|-------| | Nome | api-gateway-nexus-dev | | Tipo | PRIVATE | | Hostname | `dnqe6ufrommkqxtfp7k2ehrbmu.apigateway.sa-saopaulo-1.oci.customer-oci.com` | | IP | 10.6.0.123 | | Compartment | cmp-dev-nexus | | Estado | ACTIVE | ### Deployments | Nome | Endpoint | |------|----------| | auth | /api/auth | | user | /api/user | | user-external | /api/user-external | | user-internal | /api/user-internal | | person | /api/person | | role | /api/role | | sso | /api/sso | | cache | /api/cache | | poc | /api/poc | | commercial-manager | /api/commercial-manager | --- ## Gateway 2: api-gateway-insign-dev | Propriedade | Valor | |-------------|-------| | Nome | api-gateway-insign-dev | | Tipo | PRIVATE | | Hostname | `oyk5unl6ec7a53aychqlvz5bwa.apigateway.sa-saopaulo-1.oci.customer-oci.com` | | IP | 10.6.0.33 | | Compartment | cmp-dev-insign | | Estado | ACTIVE | ### Deployments | Nome | Endpoint | |------|----------| | insign-deploy-dev | /insign | | insing-dev | / | | root | / | --- ## Gateway 3: api-gateway-mfe-dev (Terraform-managed) | Propriedade | Valor | |-------------|-------| | Nome | api-gateway-mfe-dev | | Tipo | PRIVATE | | OCID | `ocid1.apigateway.oc1.sa-saopaulo-1.amaaaaaasks3yliabdiquogy2pqyohas4wjopizv2xzgzrclmsvsh4x7ewea` | | Hostname | `guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com` | | IP | 10.110.198.250 | | VCN | vcn-oke (10.110.0.0/16) | | Subnet | sbn-api-gateway (10.110.192.0/20) | | Compartment | DEV (`ocid1.compartment.oc1..aaaaaaaa76x3nykkjwvctpr6px34dysu3pbg7p62h2r65fegt7fvbrioll3a`) | | Estado | ACTIVE | | Gerenciado por | Terraform (`tf_oci_clusters/modules/api_gateway_mfe`) | | Criado em | 2026-02-22 (pipeline build #5964) | ### Deployments 6 deployments — um por MFE. Cada deployment tem 2 rotas: `/` (index.html) e `/{path*}` (arquivos estáticos). | Deployment | Bucket OCI | Hostname planejado | |------------|-----------|-------------------| | deploy-mfe-shell-dev | `mfe-shell-dev` | `mfe-shell-dev.invista.com.br` | | deploy-mfe-auth-dev | `mfe-auth-dev` | `mfe-auth-dev.invista.com.br` | | deploy-mfe-user-dev | `mfe-user-dev` | `mfe-user-dev.invista.com.br` | | deploy-mfe-person-dev | `mfe-person-dev` | `mfe-person-dev.invista.com.br` | | deploy-mfe-formalization-dev | `mfe-formalization-dev` | `mfe-formalization-dev.invista.com.br` | | deploy-mfe-poc-dev | `mfe-poc-dev` | `mfe-poc-dev.invista.com.br` | Namespace Object Storage: `grbb7qzeuoag` | Region: `sa-saopaulo-1` ### Acesso | Tipo | URL | |------|-----| | Direto (privado) | `https://guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com/{mfe-name}/` | | Planejado (DNS) | `https://mfe-{name}-dev.invista.com.br` (pendente VCN peering + LB + Cloudflare) | ### Terraform ```hcl # environments/dev/api_gateway_mfe.tf module "api_gateway_mfe" { count = var.enable_api_gateway_mfe ? 1 : 0 source = "../../modules/api_gateway_mfe" compartment_id = local.compartment_id subnet_id = module.network.lb_subnet_ids[0] env_name = var.env_name endpoint_type = "PUBLIC" mfe_deployments = [ { name = "mfe-shell", hostname = "mfe-shell-dev.invista.com.br", bucket_name = "mfe-shell-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, { name = "mfe-auth", hostname = "mfe-auth-dev.invista.com.br", bucket_name = "mfe-auth-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, { name = "mfe-user", hostname = "mfe-user-dev.invista.com.br", bucket_name = "mfe-user-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, { name = "mfe-person", hostname = "mfe-person-dev.invista.com.br", bucket_name = "mfe-person-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, { name = "mfe-formalization", hostname = "mfe-formalization-dev.invista.com.br", bucket_name = "mfe-formalization-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, { name = "mfe-poc", hostname = "mfe-poc-dev.invista.com.br", bucket_name = "mfe-poc-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, ] } ``` ### Pendencias - [ ] VCN Peering: Attach vcn-oke ao DRG-Invista-Shared - [ ] Rota no LB Test_Crivo_Dev: backend set apontando para 10.110.198.250:443 - [ ] Routing policy por hostname: `mfe-{name}-dev.invista.com.br` para cada MFE - [ ] DNS Cloudflare: 6 CNAMEs `mfe-{name}-dev` -> LB IP (via Cloudflare proxy) - [ ] Atualizar `federation.manifest.json` do mfe-shell com URLs reais dos remotes - [ ] Migrar `EnvironmentService` do mfe-shell de AWS para OCI api-gateway-nexus-dev --- ## Frontends Estaticos (Buckets) | Bucket | Namespace | Acesso | Descricao | |--------|-----------|--------|-----------| | `mfe-shell-dev` | grbb7qzeuoag | API Gateway MFE | Shell Angular (HOST) — orquestra todos os remotes | | `mfe-auth-dev` | grbb7qzeuoag | API Gateway MFE | MFE Auth | | `mfe-user-dev` | grbb7qzeuoag | API Gateway MFE | MFE User | | `mfe-person-dev` | grbb7qzeuoag | API Gateway MFE | MFE Person | | `mfe-formalization-dev` | grbb7qzeuoag | API Gateway MFE | MFE Formalization | | `mfe-poc-dev` | grbb7qzeuoag | API Gateway MFE | MFE PoC | | `app-front-insign-teste` | grbb7qzeuoag | Cloudflare + OCI | Site estatico de teste (insign) | | `front` | grbb7qzeuoag | — | Icones SVG | Todos os buckets MFE: `public-access-type = ObjectReadWithoutList`, criados via pipeline CI/CD (Azure DevOps). --- ## Conectividade de Rede ### VCNs envolvidas | VCN | CIDR | Componentes | |-----|------|-------------| | VCN-Shared | 10.8.0.0/16 | LB Test_Crivo_Dev (10.8.4.127) | | vcn-oke (dev) | 10.110.0.0/16 | API Gateway MFE (10.110.198.250), OKE clusters | ### DRG (Dynamic Routing Gateway) | Propriedade | Valor | |-------------|-------| | Nome | DRG-Invista-Shared | | OCID | `ocid1.drg.oc1.sa-saopaulo-1.aaaaaaaazuiluiavm3zcrzelqs2f3k3sdy3fka5yytwjua37a2ksn446deza` | | VCN-Shared | Attached | | vcn-oke (dev) | **Pendente** - necessario para LB acessar API Gateway | ### Fluxo de rede planejado ``` Browser -> Cloudflare (mfe-{name}-dev.invista.com.br) -> LB Test_Crivo_Dev (10.8.4.127, VCN-Shared) -> DRG-Invista-Shared (VCN peering — PENDENTE) -> API Gateway MFE (10.110.198.250, vcn-oke) -> Object Storage (mfe-{name}-dev, namespace grbb7qzeuoag) ``` --- *Atualizado em: 2026-02-28*