From 7e31ea041e1e223db96a04d6de2373886dbf9410 Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@sunet.se>
Date: Mon, 4 Mar 2024 14:33:44 +0100
Subject: [PATCH] IDM test frontends

---
 .../overlay/etc/hiera/data/group.yaml         | 20 ++++++++++++++++++
 .../opt/frontend/config/idmtest/haproxy.j2    | 21 +++++++++++++++++++
 global/overlay/etc/puppet/cosmos-rules.yaml   |  7 +++++++
 3 files changed, 48 insertions(+)
 create mode 100644 fe-test-common/overlay/opt/frontend/config/idmtest/haproxy.j2

diff --git a/fe-test-common/overlay/etc/hiera/data/group.yaml b/fe-test-common/overlay/etc/hiera/data/group.yaml
index 2ae8bbba..7418ba49 100644
--- a/fe-test-common/overlay/etc/hiera/data/group.yaml
+++ b/fe-test-common/overlay/etc/hiera/data/group.yaml
@@ -172,3 +172,23 @@ sunet_frontend:
         haproxy_imagetag: 'test'
         frontendtools_image: docker.sunet.se/eidas-frontend-tools
         frontendtools_imagetag: 'staging'
+
+      'idmtest':
+        site_name: 'test.idm.test.swedenconnect.se'
+        frontends:
+          'fe-fre-1.test.komreg.net':
+            ips: ['94.176.226.140', '2001:6b0:65:2::140']
+          'fe-tug-1.test.komreg.net':
+            ips: ['94.176.226.141', '2001:6b0:65:2::141']
+        backends:
+          default:
+            'idm-sto1-test-app-1.komreg.net':
+              ips: ['89.47.185.124']
+              server_args: 'ssl check verify none'
+        allow_ports:
+          - 443
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_image: docker.sunet.se/eidas-haproxy
+        haproxy_imagetag: 'test'
+        frontendtools_image: docker.sunet.se/eidas-frontend-tools
+        frontendtools_imagetag: 'staging'
diff --git a/fe-test-common/overlay/opt/frontend/config/idmtest/haproxy.j2 b/fe-test-common/overlay/opt/frontend/config/idmtest/haproxy.j2
new file mode 100644
index 00000000..4e077c03
--- /dev/null
+++ b/fe-test-common/overlay/opt/frontend/config/idmtest/haproxy.j2
@@ -0,0 +1,21 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 7b619a5d..39d80a84 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1221,3 +1221,10 @@ idm-sto[13]-test-app-[123]\.komreg\.net:
 
 idm-sto1-test-app-1\.komreg\.net:
    eid::idm_app:
+   sunet::frontend::register_sites:
+     sites:
+       'test.idm.eidas.swedenconnect.se':
+         frontends:
+           - 'fe-fre-1.test.komreg.net'
+           - 'fe-tug-1.test.komreg.net'
+         port: '443'