switch to using config file

eidas-node/overlay/etc/eidas-connector/eidas-connector.conf

@@ -5,62 +5,54 @@
 # Script within docker container reads from /etc/eidas-connector/env/ - So make sure to have a volume mount.
 #
 
-# The hostname that the connector exposes externally - Set in "docker run"
-#IDP_SERVER_HOSTNAME=eunode.qa.sveidas.se
-
-# Connector IdP entityID
-IDP_ENTITY_ID=https://${IDP_SERVER_HOSTNAME}/eidas
-
-# Connector SP entityID
-SP_ENTITY_ID=https://${IDP_SERVER_HOSTNAME}/idp/metadata/sp
-
 #
 # Logging settings
 #
 
 # Logback log levels
 #   There must be a Docker volume mounted to the /etc/eidas-connector directory.
-IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml
+export IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml
 
 # Process logs go to stdout
-IDP_LOG_CONSOLE=true
+export IDP_LOG_CONSOLE=true
 
 # Syslog (for Audit and F-TICKS)
-IDP_SYSLOG_HOST=syslog.nordu.net
-IDP_SYSLOG_PORT=514
+export IDP_SYSLOG_HOST=syslog.nordu.net
+export IDP_SYSLOG_PORT=514
 
 # F-TICKS and Audit
-IDP_FTICKS_FEDERATION_ID=eIDAS
-#IDP_FTICKS_SALT=changeme
+export IDP_FTICKS_FEDERATION_ID=eIDAS
 
 # Different formats -> different facilities (?)
-IDP_FTICKS_SYSLOG_FACILITY=AUTHPRIV
-IDP_AUDIT_SYSLOG_FACILITY=AUTH
+export IDP_FTICKS_SYSLOG_FACILITY=AUTHPRIV
+export IDP_AUDIT_SYSLOG_FACILITY=AUTH
 
 
 # JVM settings
-JVM_MAX_HEAP=1536m
-JVM_START_HEAP=512m
+export JVM_MAX_HEAP=1536m
+export JVM_START_HEA=512m
 
-IDP_CREDENTIALS=/etc/eidas-connector/credentials
+export IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt
 
-IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/idp/sealer.jks
-IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/idp/sealer.kver
-IDP_SIGNING_KEY=$IDP_CREDENTIALS/idp/idp-signing.key
-IDP_SIGNING_CERT=$IDP_CREDENTIALS/idp/idp-signing.crt
-IDP_ENCRYPTION_KEY=$IDP_CREDENTIALS/idp/idp-encryption.key
-IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/idp/idp-encryption.crt
-IDP_METADATA_SIGNING_KEY=$IDP_CREDENTIALS/idp/metadata-signing.key
-IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/idp/metadata-signing.crt
+export IDP_CREDENTIALS=/etc/eidas-connector/credentials
 
-SP_SIGNING_KEY=$SP_CREDENTIALS/sp/sp-signing.key
-SP_SIGNING_CERT=$SP_CREDENTIALS/sp/sp-signing.crt
-SP_ENCRYPTION_KEY=$SP_CREDENTIALS/sp/sp-encryption.key
-SP_ENCRYPTION_CERT=$SP_CREDENTIALS/sp/sp-encryption.crt
-SP_METADATA_SIGNING_KEY=$SP_CREDENTIALS/sp/metadata-signing.key
-SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/sp/metadata-signing.crt
+export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/idp/sealer.jks
+export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/idp/sealer.kver
+export IDP_SIGNING_KEY=$IDP_CREDENTIALS/idp/idp-signing.key
+export IDP_SIGNING_CERT=$IDP_CREDENTIALS/idp/idp-signing.crt
+export IDP_ENCRYPTION_KEY=$IDP_CREDENTIALS/idp/idp-encryption.key
+export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/idp/idp-encryption.crt
+export IDP_METADATA_SIGNING_KEY=$IDP_CREDENTIALS/idp/metadata-signing.key
+export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/idp/metadata-signing.crt
+
+export SP_SIGNING_KEY=$SP_CREDENTIALS/sp/sp-signing.key
+export SP_SIGNING_CERT=$SP_CREDENTIALS/sp/sp-signing.crt
+export SP_ENCRYPTION_KEY=$SP_CREDENTIALS/sp/sp-encryption.key
+export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/sp/sp-encryption.crt
+export SP_METADATA_SIGNING_KEY=$SP_CREDENTIALS/sp/metadata-signing.key
+export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/sp/metadata-signing.crt
 
 # Tomcat settings
-TOMCAT_TLS_SERVER_KEY=$IDP_CREDENTIALS/tomcat/tomcat-key.pem
-TOMCAT_TLS_SERVER_CERTIFICATE=$IDP_CREDENTIALS/tomcat/tomcat-cert.pem
-TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$IDP_CREDENTIALS/tomcat/tomcat-chain.pem
+export TOMCAT_TLS_SERVER_KEY=$IDP_CREDENTIALS/tomcat/tomcat-key.pem
+export TOMCAT_TLS_SERVER_CERTIFICATE=$IDP_CREDENTIALS/tomcat/tomcat-cert.pem
+export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$IDP_CREDENTIALS/tomcat/tomcat-chain.pem

global/overlay/etc/puppet/manifests/cosmos-site.pp

@@ -217,25 +217,6 @@ class eidas_connector($version="1.0.5") {
                    "SP_ENTITY_ID=https://$hostname/idp/metadata/sp",
                    "IDP_PERSISTENT_ID_SALT=$idp_persistent_id_salt",
                    "IDP_SEALER_PASSWORD=$idp_sealer_password",
-                   "IDP_PRID_SERVICE_URL=$prid_service",
-                   "IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt",
-                   "IDP_SEALER_STORE_RESOURCE=/etc/eidas-connector/credentials/idp/sealer.jks",
-                   "IDP_SEALER_VERSION_RESOURCES=/etc/eidas-connector/credentials/idp/sealer.kver",
-                   "IDP_SIGNING_KEY=/etc/eidas-connector/credentials/idp/idp-signing.key",
-                   "IDP_SIGNING_CERT=/etc/eidas-connector/credentials/idp/idp-signing.crt",
-                   "IDP_ENCRYPTION_KEY=/etc/eidas-connector/credentials/idp/idp-encryption.key",
-                   "IDP_ENCRYPTION_CERT=/etc/eidas-connector/credentials/idp/idp-encryption.crt",
-                   "IDP_METADATA_SIGNING_KEY=/etc/eidas-connector/credentials/idp/metadata-signing.key",
-                   "IDP_METADATA_SIGNING_CERT=/etc/eidas-connector/credentials/idp/metadata-signing.crt",
-                   "SP_SIGNING_KEY=/etc/eidas-connector/credentials/sp/sp-signing.key",
-                   "SP_SIGNING_CERT=/etc/eidas-connector/credentials/sp/sp-signing.crt",
-                   "SP_ENCRYPTION_KEY=/etc/eidas-connector/credentials/sp/sp-encryption.key",
-                   "SP_ENCRYPTION_CERT=/etc/eidas-connector/credentials/sp/sp-encryption.crt",
-                   "SP_METADATA_SIGNING_KEY=/etc/eidas-connector/credentials/sp/metadata-signing.key",
-                   "SP_METADATA_SIGNING_CERT=/etc/eidas-connector/credentials/sp/metadata-signing.crt",
-                   "TOMCAT_TLS_SERVER_KEY=/etc/eidas-connector/credentials/tomcat/tomcat-key.pem",
-                   "TOMCAT_TLS_SERVER_CERTIFICATE=/etc/eidas-connector/credentials/tomcat/tomcat-cert.pem",
-                   "TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=/etc/eidas-connector/credentials/tomcat/tomcat-chain.pem",
                    "IDP_FTICKS_SALT=$idp_fticks_salt"]
    } ->
    class {'webserver': } ->