enabling SP metadata signing for QA

connector-qa-sto1-1.komreg.net/overlay/etc/hiera/data/local.eyaml

@@ -180,3 +180,93 @@ connector_enc_key: >
   gf8feOOE5KYAAM+NoD31J0ebcljMaQLInOX1S1GrmH4hffWyvSPFNJKAs/we
   ho2CGYAbwlxDhcfUA+RE4JQnhIHAxQWxV8]
 
+sc_md_signer_key: >
+  ENC[PKCS7,MIIPhgYJKoZIhvcNAQcDoIIPdzCCD3MCAQAxggKKMIIChgIBAD
+  BuMFYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
+  lBTUwxJzAlBgNVBAMMHmNvbm5lY3Rvci1xYS1zdG8xLTEua29tcmVnLm5ldA
+  IUB3/P/2bKTKX2n6zgyITK19GrzcowDQYJKoZIhvcNAQEBBQAEggIAaj42Vv
+  8OVNJXbFCk9jKtSiwqj0EOJ5tz6zfVqPCcJb2X1EIbRG54xdT0y0EhQKsjvX
+  HGXGif48jPQlFthgDiEt24HQaVuKHFGJFJlLQTrKoN/O5m8oRIi0PlX7pTtd
+  bAIwyGNV1s3tWx+arp+bs7wkukVFXWVpwNEgbMRO7jNMpjiW1AkczuMgs0l4
+  GBIJizWpmYdu/oD1N8LCzIwKFcFbWLMpPRqiJuqwgMy6askAmq/Pwz2zABi7
+  N3bpbAPK/iJviMKwP9TBo0vqp0D4lUvovc8dFE9laeWqPFiUd5gns/llIvxY
+  lRyEcf0rHCqSLTTDEI4FSm89emBIPTeHS/wFqE2P8dGx/aLOlsRDZL4Yxtvi
+  WP6HDUqUhEd1wneLe80aCNaDOlFX1N5stng7q2oVhibSm2ECSVcAGASNY285
+  3ZaXsPQCeAS7mGxcqo7w5ry3jnDTTRVbIbJumI443bWIoibzhV5JrfgYES3E
+  CC2emvQywoJ1K+6hqMU3oynhKUN/XbL3XJ7VQlEnjzxjXJPDCIwHRUBwUVLL
+  zpSPjg8s/mdcgk4wi0HClHqtMz5JEdUPSHiiGcUGoGEPkvTZ3l39sxUrLScS
+  yfyjOOPi5dIfv8u2DH0uByEyVZ3VeVCATH9geU10PQ6V2vIZcMJL6ntP1p51
+  Q/Cy298APs4DZEFTcwggzeBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA4SW
+  J1xSlPWQiORlGREg+TgIIMsBkRrjjc2aAKAsiB7Dea3za8AEgrcxCoaZ3Xn3
+  hTp5eNjhembnrUMowPV0uHqxQ4srIWMODxbRqXQrERa+ZI86Bo2v0cA+o1Mr
+  n/v7+2+Qq5V/0UcTEYmo68z8a4VOOgIrrT9zE+4SQgIO3m4Szq5PjUJZGwC5
+  yMH6lusFBq0ASdF8EaYpdNh927Bt9hToueKqpGzao02nNIzjXeEfAycJAECI
+  Jfsz7CuZjhGcSTFL3jg4ptApfvbiNlcV59VtobCgloRPhtAQXWuE+5pKmoXM
+  gRAzJUVLlbp5GVB+4ckbGg3ORzCH1D+quU9a+v5WnVCFTfKo63A80S43GBjf
+  4PY6fNtpxGejNoZ5mhY+7dj14ySRXw9AJ8RigfBP3T2WrPq5hKoCoi7swPMM
+  BAQ7CGAz/oDWXGQ8oT8XNy5Fk/sahYIK6nvepxkb05mHKrH7xd7MY4SbL5+5
+  G0uK/Qk3xpPTJ74t4/vScMzP9+6sC0ZSAtWLK979BK9mXrZWY/0VVi63qLXO
+  3b1SXZbim54OLRn43Eovzpqhhw4/ZRSelA+LgNmt/ygaYYshPlSJ4OYY3uN1
+  ruuuh24iWT9icSi2kPa0JBcFMMkZaK0pocJMsrbynln3+D5Z3ONhton2NiJc
+  v9ivfFO+r1c4YIpBVbAxfQX3xX9Hq2NM7K0Mfkhz/nxwyQbAgX2jJjOguc1M
+  Iv3d2d/t7IHY7nA6xgEcQG7l+O4YuAbhqlxAPRbDM097FiOY/et2VMXfp+lh
+  NjtZ+GRAUbXGUaMd221CxmbZbsEr1P9VKFizG42tJTmDY+dEEnEoQGxd4PTN
+  mRYZAhLzjYjUUQZ/FKcAcT/78hQ/dUhIqMmMmGiPaizN85/oT8V41howIAKI
+  j39YAiu0Gsimtqa2NfhD6mPTD4YD1mNftgodCbt6RwxCCwb0bnRXe2teCf13
+  SwOmhZeMH2OQrA0cSnQbnAoq7VRea6IXyEqGTS72kr2MK7xsI04HGJorIubw
+  cM7wH5LTse+o+jVFDKnnvfbkbTHsuKTyfjmJADyqWwOLRDni6awxgIJBVJPi
+  h3yup49Fw3i2eWFWq6JQR4sU4zKxWDYJpDoKBFhRTYoqlUxI//WgclHnGq3q
+  6tnP3w5Fv0J3FFw9l+xlS0EeK58gQ9JJk0a62pD0ioCzaDiLJo/qO7q9h3sh
+  H/iVwLp6X6xxcUZd5aFm0a6Qo9EywuD9Exbp/Rho0lQr2QUAQekc9kxw8aYr
+  bsGIteurDRRdMczjauuNLNbQPDMvrVmu5TcQlKodosnmL7JzzTS54K7VGwbC
+  w+egONP0du1adCJdxZWcu8kQfEf0ZwRR5BOMXLACY/3T3/AjEO3KU881bI7b
+  FDDQfM7b1XB37rGV/DlF8bXz/pGXBMXkJJ9FkGT5X20zFdK0RgFS2oSfoZ4M
+  ZLNpTkyZG8rLpsXHlGfrcu4kaZVtVScbg5xqQTxCq3E0fc8NzMqOv3jGGKLM
+  nmsqdSH7IMNrbr0QKfwU9v60hKYZMySXkixuCtpBHd5oqfRKdzhZ3grISDGh
+  riGoSitSI3GGwmRpqyUy7dCFILwoOgyGC0EoWbB4vsElAXnCNQVmX5RYSUH2
+  zIDZgybWSpRR9S9FEUnylOncKOSjq17KgkvJa5/dMOwkzMqHNmP7ZZSi3mhv
+  PQj26Hdx65f3us2tgULeTuchPQgQhDhEBDq7zJmsQBOu4V3kH0/LbJzrwF/r
+  OF1Ma1aRP5Y54F+Xl/iY6Jry/MsWtf0G1Vk6VxMHj6IbFAlwumddVVRo6vF8
+  7VwCcoPxV5VfrvLNKY1lO3eXgf0j1k9ZEqNArQBuvRqylMc8GMRhVNzK8hu+
+  7k7yIiFhLK+m6rXJvWoAMj/Y/+/h8gmaMWelHdXeN8P8vfvcr8AYbeDTCruA
+  lAaEaUBt21KZdCjrQeLh9UyFM9BcMdX+OGr3UWNwv2ekXEcBCTcbdOgvhQ6b
+  mo46ovHc/HmqLrnDjBTFIL3qaDjlzdnDdU9wXtiAqSOK5wkumSGUPCaotXpm
+  npEAckwcwnaS1B84ZsMc6c1n1y+MQ9CNz05niLWR7V2iZxepPGEA6+BzTi8i
+  myJBPGfW45s+mIRCo/bxUKGDLJF/eUp9bJhRL6kd5hMui91vdrH4IEYxs8Hx
+  v5RRE3QH+9MwBnZZY6A9TebR6VZrRVu5PQQPvRaTFHrSAShNP34zjp3Xgmzz
+  7FSFaCiMS7Z9mn+bcYTJr16VYDOYHw2hyGT2J0mAf1PeMF3DjJnTW0/9mQko
+  F2fSJqSI7Ht7JFex7WT7qIUsM4M0mTXfpewGMvMW9F8SKpn/gfy6NIvaMTso
+  Cv9Z57o62tYb3LSrma3Qt/YSpF/bIFkO9Ye1Qdx+nfpqKwu4fokBRYshTefw
+  2aW9P51mgJ0dfzzT47GP3c71N0kCeprVf8CGL2wnXGWXUpZ4udxRG6ZdVHeV
+  G39iabtMCppj9z+HvZo2cVjVkWldU8QBnhuec0Y1yBf+Xw+Db6u4pyC86pCl
+  E7vkbt1YpThUSdkzFsYMceyPzETqpuyLkWL1GyYNsyTiCX9VROj9LaFQPt5U
+  lwJxa816poyAmj04j+hlpNW7IJO3c1/F7wegC1repf3ydxL4+V76pQh6AKbA
+  zYZ6+GsIY8IE4MAnM9elFkDJ9B4QLzYjjq5KpIfULxSBrdgmrY8R74tC9H6n
+  kWG6Q5JjbZ5C77fLVEBuyzKwji6nEjO8KVTpHycBKCm71gZCeK+wmvMAPbey
+  ykQMue/iKTHPRN8FhhtVyfw+OchYJ3/17Lu+Se+Vne++MC5Gv6vyCG5JcCkc
+  iBC51f/zybIeAeTAswGsaV30kVxtjHFshL9sV8KkJoW7nJXIGi1OyqoyxpwB
+  UD9gd6gFhFWQMy1E2r1QkUjELuA237Xy5Ny4blMN2bbLZjC9atZxKd0KgrXL
+  gnBiFpL6A6zvZ9coz2+I2+Q39eklCluVt5PS4AA2V/2FFgH3GZ9lRVfqXTHp
+  IH3E1Q0aJBC/F+i/9dn9KxudXnUzCnex9Rf5ez47wlS3XW3C62L0eeA95PfM
+  DizvYOqZVCkznrjpeYwyio/fsoHxrO+6iU+Etv3grTwYZErd9xViB49/zNoh
+  pGnW5tpGha8Y2PAYtKe5ccZgRwcSA+oMkdb4/eW40K9ZrWq2zyJ/aNGmVSsn
+  AgFvuh9CbmbtVUxmsEpesidAUJ3L7WE6slLqX2UlDuriLstWbVuBuaGhaJKu
+  noHPAS8+clAHGWxMHnMHjzuexh1ZT65RK/NWYo2jtmZR3/ytopd2e19W4y6N
+  8537DilhreqW4b9z8u2Q0YNRK8wjXviOig1KzNO3ZOQBjdizlPBAr1XPvoNx
+  jMXovtX/7647Ruj49dzx3K0TAofswLtxZf2M5uogJj0unVLk84ZkNk6meAfy
+  bkHlH3FnMEDlQtjsa8a1zqvNj6dmIKUNNwagUlmO60qeNC6+29WEbi5pM089
+  I4u0fnZaqoXk87zwvkV+hPI3ZAJSAP7V8Bj3bIJula1icgX/ZRp7CwgkEkUh
+  0w7VZGBYwwjLiJaq7dPsiLTC75jnWm/84ZplW3XO9cJPQ0ggg7iDr6QPvoip
+  yrqPilR/H7qYk4ZNNKuli5bt0fPud2FF/iwbQNkxaNSivdAD8YDzUbww6vyr
+  /e12m2WEr7+7PiMtn6qzHhdMu3oVpdETK5tHd14pYqB02+bu+sIIjQzJZEMo
+  iWV3DXS7r0AU+qBTxVfMKoRnotPk4llQIooPwBHkVXdRljB9h3sd9J+HAz7v
+  QhQ5r1GfY+5RLnZ0p5CiTGqltRBj1TL+NmvmNqZPtjF1d5+7Tsz6s0cz7rNw
+  +YMWX4Ic4ER3DwJANdN4kUjwq2Cy8pWXTOVX+S92yBxlJKEmBOizIbJBI0j0
+  DpiT0jD5FHVfnZyPkojT+hSf7FH6GlAQ4QaUhRgj7cgnVEGUJFq4wB6G1oxr
+  ebkktMmpcAeYKw83rFQV9O6lsWL9dwOz/HM7uPBg+akkHm5PA4HTX3C1ny/8
+  6zJ4McoFRaWyMGIMxLjhe2nw8GnMyj3aFVFwJpWLZQxtFaUNW6/8Q0TLr8ht
+  TwFGnfr5LUVRlcP/COlpQbg0UANAAV5IRzZrtszua1XPaj8Cvr1qPYSVfKc4
+  o1NS4YemDjLu3rhEoIGiH8yEGbLaKxQ+4kKCegPGNTAhL9DL/s32vNjvizyF
+  XQ1zntBYG0DpUOEB3CQUwI6GhdzJY3rIVv5Cm4NfOx+rifvmthGm0jug47Gb
+  QmCOXveWAM3JsZfmfWGXz7TR2uiedYaeKBDH6wtd/cW4x/M87sM8o2KmE3TU
+  njy/W7IafHt+xwB401YLRVOR4RgfrXOY2f]

global/overlay/etc/puppet/modules/eid/manifests/connector.pp

@@ -50,6 +50,9 @@ class eid::connector (
       sunet::snippets::secret_file {"${connector_directory}/credentials/connector-${environment}-enc.key":
         hiera_key => 'connector_enc_key',
       }
+      sunet::snippets::secret_file {"${connector_directory}/credentials/sc-${environment}-md-signer.key":
+        hiera_key => 'sc_md_signer_key',
+      }
     }
 
     sunet::docker_compose { 'eidas-connector':

global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb

@@ -69,6 +69,10 @@ credential:
         name: "Connector Encryption Credential"
         certificates: file:${CONNECTOR_DIRECTORY}/credentials/connector-qa-enc.crt
         private-key: file:${CONNECTOR_DIRECTORY}/credentials/connector-qa-enc.key
+      connector-metadata-sign:
+        name: "Connector Metadata Sign Credential"
+        certificates: file:${CONNECTOR_DIRECTORY}/credentials/sc-qa-md-signer.crt
+        private-key: file:${CONNECTOR_DIRECTORY}/credentials/sc-qa-md-signer.key
     monitoring:
       enabled: true
       test-interval: 10m
@@ -81,6 +85,10 @@ connector:
   eu-metadata:
     location: https://<%= @environment %>.md.eidas.swedenconnect.se/role/idp.xml
     validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sc-qa-md-signer.crt
+  eidas:
+    credentials:
+      metadata-sign:
+        bundle: connector-metadata-sign
   prid:
     policy-resource: file:${CONNECTOR_DIRECTORY}/prid/policy.properties
   idp: