# Configure a SUNET CDN CA server
class cdn::ca_trust(
  Hash[String, Hash[String, String]] $ca_root = {
    test => {
      url => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000',
      fp => '9c7cb4b835ad1ee2d63f903032208b245c82c38823b02a05c66a5b93c1d5e32d',
    },
  }
)
{
  # Files for trusting internal CA
  file { '/opt/cdn-ca-trust':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  }

  file { '/opt/cdn-ca-trust/scripts':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  }

  file { '/opt/cdn-ca-trust/scripts/trust-step-ca':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    content => file('cdn/ca_trust/trust-step-ca'),
  }

  # From https://wiki.sunet.se/display/sunetops/Platform+naming+standards
  $my_fqdn = $facts['networking']['fqdn']
  $dot_split = split($my_fqdn, '[.]')
  $my_hostname = $dot_split[0]
  $dash_split = split($my_hostname,'[-]')
  $environment = $dash_split[2]

  exec { "/opt/cdn-ca-trust/scripts/trust-step-ca ${ca_root[$environment]['url']} ${ca_root[$environment]['fp']}":
  }
}