From 1036eb0b03d7c44e3fe7862f2cd242401f5153c2 Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@nordu.net>
Date: Thu, 24 Mar 2022 15:51:06 +0100
Subject: [PATCH] added two new env variables for rep idp service

---
 global/overlay/etc/puppet/cosmos-rules.yaml        | 1 +
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index fd9a9001..b708a58b 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -863,6 +863,7 @@ demw-2.sveidas.se:
    swedenconnect_refidp:
       version: 1.3.1
       hostname: qa.test.swedenconnect.se
+      env: qa
    sunet::frontend::register_sites:
      sites:
        'qa.test.swedenconnect.se':
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 6358a451..02114b7a 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -491,7 +491,7 @@ class eidastest($version="1.0.0", $hostname="locahost") {
    ensure_resource('class','https_server',{})
 }
 
-class swedenconnect_refidp($version="1.0.3",$hostname='localhost') {
+class swedenconnect_refidp($version="1.0.3",$hostname='localhost',$env=undef) {
   $_version = safe_hiera('swedenconnect_refidp_version',$version)
   $_hostname = safe_hiera('swedenconnect_refidp_hostname',$hostname)
   $idp_persistent_id_salt = safe_hiera('idp_persistent_id_salt');
@@ -509,6 +509,8 @@ class swedenconnect_refidp($version="1.0.3",$hostname='localhost') {
                    '/etc/ssl:/etc/ssl'],
       env      => ["IDP_SERVER_HOSTNAME=$_hostname",
                    "TOMCAT_HOSTNAME=$_hostname",
+                   "IDP_FEDERATION_METADATA_URL=https://${env}.md.swedenconnect.se/entities",
+                   "IDP_FEDERATION_METADATA_VALIDATION_CERT=/etc/swedenconnect-idp/credentials/trust/sc-${env}-metadata-validation-cert.crt",
                    "TOMCAT_TLS_SERVER_KEY=/etc/ssl/private/${::fqdn}_infra.key",
                    "TOMCAT_TLS_SERVER_CERTIFICATE=/etc/ssl/certs/${::fqdn}_infra.crt",
                    "TOMCAT_PROXY_SHARED_SECRET=$proxy_header_secret",