IDM test frontends

2024-03-04 14:33:44 +01:00 · 2024-03-04 14:33:44 +01:00 · 7e31ea041e
commit 7e31ea041e
parent 51237ed134
3 changed files with 48 additions and 0 deletions
--- a/fe-test-common/overlay/etc/hiera/data/group.yaml
+++ b/fe-test-common/overlay/etc/hiera/data/group.yaml
@ -172,3 +172,23 @@ sunet_frontend:
        haproxy_imagetag: 'test'
        frontendtools_image: docker.sunet.se/eidas-frontend-tools
        frontendtools_imagetag: 'staging'
+
+      'idmtest':
+        site_name: 'test.idm.test.swedenconnect.se'
+        frontends:
+          'fe-fre-1.test.komreg.net':
+            ips: ['94.176.226.140', '2001:6b0:65:2::140']
+          'fe-tug-1.test.komreg.net':
+            ips: ['94.176.226.141', '2001:6b0:65:2::141']
+        backends:
+          default:
+            'idm-sto1-test-app-1.komreg.net':
+              ips: ['89.47.185.124']
+              server_args: 'ssl check verify none'
+        allow_ports:
+          - 443
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_image: docker.sunet.se/eidas-haproxy
+        haproxy_imagetag: 'test'
+        frontendtools_image: docker.sunet.se/eidas-frontend-tools
+        frontendtools_imagetag: 'staging'
--- a/fe-test-common/overlay/opt/frontend/config/idmtest/haproxy.j2
+++ b/fe-test-common/overlay/opt/frontend/config/idmtest/haproxy.j2
@ -0,0 +1,21 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -1221,3 +1221,10 @@ idm-sto[13]-test-app-[123]\.komreg\.net:

 idm-sto1-test-app-1\.komreg\.net:
   eid::idm_app:
+   sunet::frontend::register_sites:
+     sites:
+       'test.idm.eidas.swedenconnect.se':
+         frontends:
+           - 'fe-fre-1.test.komreg.net'
+           - 'fe-tug-1.test.komreg.net'
+         port: '443'