eid-ops/global/overlay/etc/puppet/modules/eid/templates/idm/idm.yml.erb

server:
  port: 8082
  ssl:
    bundle: infra

spring:
  application:
    name: IdM-Service
  ssl:
    bundle:
      pem:
        infra:
          keystore:
            private-key: file:/etc/ssl/private/<%= @fqdn %>_infra.key
            certificate: file:/etc/ssl/certs/<%= @fqdn %>_infra.crt
          truststore:
            certificate: file:/etc/ssl/certs/infra.crt
  data:
    redis:
      password: '<%= scope.call_function('safe_hiera', ['redis_password'])  %>'
      cluster:
        nodes:
          <%- @redises.each do |host| -%>
          - <%= host %>:6379
          - <%= host %>:6380
          <%- end -%>
      ssl:
        enabled: true
      ssl-ext:
        # redis or java require IP addresses in cert if verifcation is turned on
        # Caused by: java.util.concurrent.CompletionException:
        # javax.net.ssl.SSLHandshakeException: No subject alternative names
        # matching IP address 89.46.20.236 found
        enable-hostname-verification: false
        credential:
          resource: file:/etc/ssl/private/<%= @fqdn %>_infra.p12
          password: qwerty123
        trust:
          resource: file:/etc/ssl/certs/infra.p12
          password: qwerty123

  datasource:
    url: jdbc:mariadb:loadbalance://<%= @dbs_string %>/idm
    username: idm
    password: <%= scope.call_function('safe_hiera', ['sql_password'])  %>

  liquibase:
    enabled: true # Generates database schema/tables
    change-log: classpath:changelogs/changelog-master.xml

navet:
  authorization-url: https://sysorgoauth2.test.skatteverket.se/oauth2/v1/sysorg/token
  base-url: https://api.test.skatteverket.se/folkbokforing/folkbokforingsuppgifter-for-offentliga-aktorer/v2
  bestallnings-identitet: 00000236-FO01-0001
  organisationsnummer: 162021004748
  secret:
    key-store: classpath:/credentials/64905004722e1.p12
    key-store-password: 4729451359506045
    credentials:
      gateway:
        client-id: d3e1d1563a504f17acb2b33a51097a99
        client-secret: 9eE7A58695fc46DF9f563B058ffB36F1
      authorization-server:
        client-id: d34f109e3a11d02d744394423a020023e9bab0cd3ff78d63
        client-secret: ebc8b00ca4b08e790b208dc0abd460273fa6c459bc2f0023e9bab0cd3ff78d63
Configuration 2024-02-26 11:26:43 +01:00			`server:`
			`port: 8082`
			`ssl:`
			`bundle: infra`

			`spring:`
From example configuration 2024-02-26 12:43:21 +01:00			`application:`
			`name: IdM-Service`
Configuration 2024-02-26 11:26:43 +01:00			`ssl:`
			`bundle:`
			`pem:`
			`infra:`
			`keystore:`
			`private-key: file:/etc/ssl/private/<%= @fqdn %>_infra.key`
			`certificate: file:/etc/ssl/certs/<%= @fqdn %>_infra.crt`
			`truststore:`
			`certificate: file:/etc/ssl/certs/infra.crt`
			`data:`
			`redis:`
No prefix 2024-02-26 12:22:49 +01:00			`password: '<%= scope.call_function('safe_hiera', ['redis_password']) %>'`
Configuration 2024-02-26 11:26:43 +01:00			`cluster:`
			`nodes:`
			`<%- @redises.each do \|host\| -%>`
			`- <%= host %>:6379`
			`- <%= host %>:6380`
			`<%- end -%>`
			`ssl:`
			`enabled: true`
			`ssl-ext:`
			`# redis or java require IP addresses in cert if verifcation is turned on`
			`# Caused by: java.util.concurrent.CompletionException:`
			`# javax.net.ssl.SSLHandshakeException: No subject alternative names`
			`# matching IP address 89.46.20.236 found`
			`enable-hostname-verification: false`
			`credential:`
			`resource: file:/etc/ssl/private/<%= @fqdn %>_infra.p12`
			`password: qwerty123`
			`trust:`
			`resource: file:/etc/ssl/certs/infra.p12`
			`password: qwerty123`
Configure SQL 2024-02-27 13:30:55 +01:00
			`datasource:`
Access all cluster nodes 2024-02-27 13:36:51 +01:00			`url: jdbc:mariadb:loadbalance://<%= @dbs_string %>/idm`
Configure SQL 2024-02-27 13:30:55 +01:00			`username: idm`
			`password: <%= scope.call_function('safe_hiera', ['sql_password']) %>`
Database should be created and handled 2024-02-27 13:41:26 +01:00
			`liquibase:`
			`enabled: true # Generates database schema/tables`
			`change-log: classpath:changelogs/changelog-master.xml`
Add navet example configuration From https://github.com/swedenconnect/docker-eidas-identity-matching/blob/main/config/application-qa.yml so there is no real secrets here. 2024-02-29 10:46:04 +01:00
			`navet:`
			`authorization-url: https://sysorgoauth2.test.skatteverket.se/oauth2/v1/sysorg/token`
			`base-url: https://api.test.skatteverket.se/folkbokforing/folkbokforingsuppgifter-for-offentliga-aktorer/v2`
			`bestallnings-identitet: 00000236-FO01-0001`
			`organisationsnummer: 162021004748`
			`secret:`
			`key-store: classpath:/credentials/64905004722e1.p12`
			`key-store-password: 4729451359506045`
			`credentials:`
			`gateway:`
			`client-id: d3e1d1563a504f17acb2b33a51097a99`
			`client-secret: 9eE7A58695fc46DF9f563B058ffB36F1`
			`authorization-server:`
			`client-id: d34f109e3a11d02d744394423a020023e9bab0cd3ff78d63`
			`client-secret: ebc8b00ca4b08e790b208dc0abd460273fa6c459bc2f0023e9bab0cd3ff78d63`