swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make redis or in memory configurable, SC-2670

Browse source
This commit is contained in:
Patrik Holmqvist 2025-02-05 13:08:51 +01:00
parent a270a73da7
commit 57a46b79ce
Signed by: pahol
GPG key ID: 5D5B0D4E93F77273
2 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
global/overlay/etc/puppet/modules/eid/manifests/connector.pp
View file

@ -1,11 +1,13 @@
# This puppet manifest is used to configure Sweden Connect proxy servers # This puppet manifest is used to configure Sweden Connect proxy servers
# @param environment The environment that the server belongs to. (referenced in compose file) # @param environment The environment that the server belongs to. (referenced in compose file)
# @param session_backend Choose if it should run with a "redis" cluster (session synk) or without session synk
# @param version Version of the docker image to use. (referenced in compose file) # @param version Version of the docker image to use. (referenced in compose file)
# @param server_fqdn The FQDN of the server. (referenced in compose file) # @param server_fqdn The FQDN of the server. (referenced in compose file)
# @param connector_directory The directory where all connector related config and files are stored. (referenced in compose file) # @param connector_directory The directory where all connector related config and files are stored. (referenced in compose file)
class eid::connector ( class eid::connector (
Enum['test', 'qa', 'prod'] $environment, Enum['test', 'qa', 'prod'] $environment,
Enum['redis', 'memory'] $session_backend = 'redis',
String $version = '', String $version = '',
#String $connector_hostname = '', #String $connector_hostname = '',
String $server_fqdn = $facts['networking']['fqdn'], String $server_fqdn = $facts['networking']['fqdn'],

23
global/overlay/etc/puppet/modules/eid/templates/connector/application-test.yml.erb
View file

@ -3,10 +3,6 @@
# #
--- ---
spring: spring:
session:
timeout: 15m
redis:
namespace: spring:session:connector
ssl: ssl:
bundle: bundle:
pem: pem:
@ -15,11 +11,16 @@ spring:
certificate: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-cert.pem certificate: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-cert.pem
private-key: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-key.pem private-key: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-key.pem
sunet-tls-trust: sunet-tls-trust:
truststore:
certificate: file:/etc/ssl/certs/infra.crt
<% if @session_backend == redis -%>
keystore: keystore:
certificate: file:/etc/ssl/certs/<%= @server_fqdn %>_infra.crt certificate: file:/etc/ssl/certs/<%= @server_fqdn %>_infra.crt
private-key: file:/etc/ssl/private/<%= @server_fqdn %>_infra.key private-key: file:/etc/ssl/private/<%= @server_fqdn %>_infra.key
truststore: session:
certificate: file:/etc/ssl/certs/infra.crt timeout: 15m
redis:
namespace: spring:session:connector
data: data:
redis: redis:
cluster: cluster:
@ -33,6 +34,7 @@ spring:
bundle: sunet-tls-trust bundle: sunet-tls-trust
ssl-ext: ssl-ext:
enable-hostname-verification: false enable-hostname-verification: false
<% end -%>
server: server:
port: 8443 port: 8443
@ -49,7 +51,12 @@ management:
port: 8444 port: 8444
health: health:
redis: redis:
<% if @session_backend == redis -%>
enabled: true enabled: true
<% end %>
<% if @session_backend == memory -%>
enabled: false
<% end %>
credential: credential:
bundles: bundles:
@ -140,9 +147,9 @@ saml:
entity-id: https://test.connector.eidas.swedenconnect.se/eidas entity-id: https://test.connector.eidas.swedenconnect.se/eidas
base-url: ${connector.base-url} base-url: ${connector.base-url}
session: session:
module: redis module: <%= @session_backend %>
replay: replay:
type: redis type: <%= @session_backend %>
context: "connector-replay-cache" context: "connector-replay-cache"
metadata-providers: metadata-providers:
- location: https://test.md.swedenconnect.se/role/sp.xml - location: https://test.md.swedenconnect.se/role/sp.xml