From 4369e8892949a2a09a2f8575ca5002e7c0431007 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20Bergstr=C3=B6m?= <berra@sunet.se>
Date: Fri, 19 Jan 2024 09:40:25 +0100
Subject: [PATCH] eidas proxy, create oidc-rp.jks if set in hiera

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index ad6cb820..7b815f65 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -637,8 +637,10 @@ class eidas_proxy($version='1.0.0',$country='se',$hostname='localhost', $spring_
    $_hostname = safe_hiera('eidas_proxy_hostname',$hostname);
    $_country = safe_hiera('eidas_proxy_country',$country);
    $_pkcs11pin = safe_hiera('pkcs11_pin');
+   $_eidas_proxy_oidc_rp_jks = safe_hiera('eidas_proxy_oidc_rp_jks','');
    $proxy_service_cookie_encrypt_pw = safe_hiera('proxy_service_cookie_encrypt_pw');
    file {['/etc/eidas-proxy/',"/etc/eidas-proxy/$_country"]: ensure => directory } ->
+   file {["/etc/eidas-proxy/$_country/keystore"]: ensure => directory } ->
    sunet::snippets::secret_file {"/etc/eidas-proxy/$_country/metadata.p12":
       hiera_key => 'eidas_metadata_key',
       base64    => true
@@ -669,6 +671,13 @@ class eidas_proxy($version='1.0.0',$country='se',$hostname='localhost', $spring_
    }
    ensure_resource('class','webserver',{})
    ensure_resource('class','https_server',{})
+
+   if $_eidas_proxy_oidc_rp_jks != '' {
+      sunet::snippets::secret_file {"/etc/eidas-proxy/$_country/keystore/oidc-rp.jks":
+         hiera_key => 'eidas_proxy_oidc_rp_jks',
+         base64    => true
+      }
+   }
 }
 
 class prid($version="1.0.0",$clients="",$mdsl="") {