diff --git a/connector-qa-sto1-1.komreg.net/overlay/etc/hiera/data/local.eyaml b/connector-qa-sto1-1.komreg.net/overlay/etc/hiera/data/local.eyaml index a2bbcc71..2eb26673 100644 --- a/connector-qa-sto1-1.komreg.net/overlay/etc/hiera/data/local.eyaml +++ b/connector-qa-sto1-1.komreg.net/overlay/etc/hiera/data/local.eyaml @@ -180,3 +180,93 @@ connector_enc_key: > gf8feOOE5KYAAM+NoD31J0ebcljMaQLInOX1S1GrmH4hffWyvSPFNJKAs/we ho2CGYAbwlxDhcfUA+RE4JQnhIHAxQWxV8] +sc_md_signer_key: > + ENC[PKCS7,MIIPhgYJKoZIhvcNAQcDoIIPdzCCD3MCAQAxggKKMIIChgIBAD + BuMFYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV + lBTUwxJzAlBgNVBAMMHmNvbm5lY3Rvci1xYS1zdG8xLTEua29tcmVnLm5ldA + IUB3/P/2bKTKX2n6zgyITK19GrzcowDQYJKoZIhvcNAQEBBQAEggIAaj42Vv + 8OVNJXbFCk9jKtSiwqj0EOJ5tz6zfVqPCcJb2X1EIbRG54xdT0y0EhQKsjvX + HGXGif48jPQlFthgDiEt24HQaVuKHFGJFJlLQTrKoN/O5m8oRIi0PlX7pTtd + bAIwyGNV1s3tWx+arp+bs7wkukVFXWVpwNEgbMRO7jNMpjiW1AkczuMgs0l4 + GBIJizWpmYdu/oD1N8LCzIwKFcFbWLMpPRqiJuqwgMy6askAmq/Pwz2zABi7 + N3bpbAPK/iJviMKwP9TBo0vqp0D4lUvovc8dFE9laeWqPFiUd5gns/llIvxY + lRyEcf0rHCqSLTTDEI4FSm89emBIPTeHS/wFqE2P8dGx/aLOlsRDZL4Yxtvi + WP6HDUqUhEd1wneLe80aCNaDOlFX1N5stng7q2oVhibSm2ECSVcAGASNY285 + 3ZaXsPQCeAS7mGxcqo7w5ry3jnDTTRVbIbJumI443bWIoibzhV5JrfgYES3E + CC2emvQywoJ1K+6hqMU3oynhKUN/XbL3XJ7VQlEnjzxjXJPDCIwHRUBwUVLL + zpSPjg8s/mdcgk4wi0HClHqtMz5JEdUPSHiiGcUGoGEPkvTZ3l39sxUrLScS + yfyjOOPi5dIfv8u2DH0uByEyVZ3VeVCATH9geU10PQ6V2vIZcMJL6ntP1p51 + Q/Cy298APs4DZEFTcwggzeBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA4SW + J1xSlPWQiORlGREg+TgIIMsBkRrjjc2aAKAsiB7Dea3za8AEgrcxCoaZ3Xn3 + hTp5eNjhembnrUMowPV0uHqxQ4srIWMODxbRqXQrERa+ZI86Bo2v0cA+o1Mr + n/v7+2+Qq5V/0UcTEYmo68z8a4VOOgIrrT9zE+4SQgIO3m4Szq5PjUJZGwC5 + yMH6lusFBq0ASdF8EaYpdNh927Bt9hToueKqpGzao02nNIzjXeEfAycJAECI + Jfsz7CuZjhGcSTFL3jg4ptApfvbiNlcV59VtobCgloRPhtAQXWuE+5pKmoXM + gRAzJUVLlbp5GVB+4ckbGg3ORzCH1D+quU9a+v5WnVCFTfKo63A80S43GBjf + 4PY6fNtpxGejNoZ5mhY+7dj14ySRXw9AJ8RigfBP3T2WrPq5hKoCoi7swPMM + BAQ7CGAz/oDWXGQ8oT8XNy5Fk/sahYIK6nvepxkb05mHKrH7xd7MY4SbL5+5 + G0uK/Qk3xpPTJ74t4/vScMzP9+6sC0ZSAtWLK979BK9mXrZWY/0VVi63qLXO + 3b1SXZbim54OLRn43Eovzpqhhw4/ZRSelA+LgNmt/ygaYYshPlSJ4OYY3uN1 + ruuuh24iWT9icSi2kPa0JBcFMMkZaK0pocJMsrbynln3+D5Z3ONhton2NiJc + v9ivfFO+r1c4YIpBVbAxfQX3xX9Hq2NM7K0Mfkhz/nxwyQbAgX2jJjOguc1M + Iv3d2d/t7IHY7nA6xgEcQG7l+O4YuAbhqlxAPRbDM097FiOY/et2VMXfp+lh + NjtZ+GRAUbXGUaMd221CxmbZbsEr1P9VKFizG42tJTmDY+dEEnEoQGxd4PTN + mRYZAhLzjYjUUQZ/FKcAcT/78hQ/dUhIqMmMmGiPaizN85/oT8V41howIAKI + j39YAiu0Gsimtqa2NfhD6mPTD4YD1mNftgodCbt6RwxCCwb0bnRXe2teCf13 + SwOmhZeMH2OQrA0cSnQbnAoq7VRea6IXyEqGTS72kr2MK7xsI04HGJorIubw + cM7wH5LTse+o+jVFDKnnvfbkbTHsuKTyfjmJADyqWwOLRDni6awxgIJBVJPi + h3yup49Fw3i2eWFWq6JQR4sU4zKxWDYJpDoKBFhRTYoqlUxI//WgclHnGq3q + 6tnP3w5Fv0J3FFw9l+xlS0EeK58gQ9JJk0a62pD0ioCzaDiLJo/qO7q9h3sh + H/iVwLp6X6xxcUZd5aFm0a6Qo9EywuD9Exbp/Rho0lQr2QUAQekc9kxw8aYr + bsGIteurDRRdMczjauuNLNbQPDMvrVmu5TcQlKodosnmL7JzzTS54K7VGwbC + w+egONP0du1adCJdxZWcu8kQfEf0ZwRR5BOMXLACY/3T3/AjEO3KU881bI7b + FDDQfM7b1XB37rGV/DlF8bXz/pGXBMXkJJ9FkGT5X20zFdK0RgFS2oSfoZ4M + ZLNpTkyZG8rLpsXHlGfrcu4kaZVtVScbg5xqQTxCq3E0fc8NzMqOv3jGGKLM + nmsqdSH7IMNrbr0QKfwU9v60hKYZMySXkixuCtpBHd5oqfRKdzhZ3grISDGh + riGoSitSI3GGwmRpqyUy7dCFILwoOgyGC0EoWbB4vsElAXnCNQVmX5RYSUH2 + zIDZgybWSpRR9S9FEUnylOncKOSjq17KgkvJa5/dMOwkzMqHNmP7ZZSi3mhv + PQj26Hdx65f3us2tgULeTuchPQgQhDhEBDq7zJmsQBOu4V3kH0/LbJzrwF/r + OF1Ma1aRP5Y54F+Xl/iY6Jry/MsWtf0G1Vk6VxMHj6IbFAlwumddVVRo6vF8 + 7VwCcoPxV5VfrvLNKY1lO3eXgf0j1k9ZEqNArQBuvRqylMc8GMRhVNzK8hu+ + 7k7yIiFhLK+m6rXJvWoAMj/Y/+/h8gmaMWelHdXeN8P8vfvcr8AYbeDTCruA + lAaEaUBt21KZdCjrQeLh9UyFM9BcMdX+OGr3UWNwv2ekXEcBCTcbdOgvhQ6b + mo46ovHc/HmqLrnDjBTFIL3qaDjlzdnDdU9wXtiAqSOK5wkumSGUPCaotXpm + npEAckwcwnaS1B84ZsMc6c1n1y+MQ9CNz05niLWR7V2iZxepPGEA6+BzTi8i + myJBPGfW45s+mIRCo/bxUKGDLJF/eUp9bJhRL6kd5hMui91vdrH4IEYxs8Hx + v5RRE3QH+9MwBnZZY6A9TebR6VZrRVu5PQQPvRaTFHrSAShNP34zjp3Xgmzz + 7FSFaCiMS7Z9mn+bcYTJr16VYDOYHw2hyGT2J0mAf1PeMF3DjJnTW0/9mQko + F2fSJqSI7Ht7JFex7WT7qIUsM4M0mTXfpewGMvMW9F8SKpn/gfy6NIvaMTso + Cv9Z57o62tYb3LSrma3Qt/YSpF/bIFkO9Ye1Qdx+nfpqKwu4fokBRYshTefw + 2aW9P51mgJ0dfzzT47GP3c71N0kCeprVf8CGL2wnXGWXUpZ4udxRG6ZdVHeV + G39iabtMCppj9z+HvZo2cVjVkWldU8QBnhuec0Y1yBf+Xw+Db6u4pyC86pCl + E7vkbt1YpThUSdkzFsYMceyPzETqpuyLkWL1GyYNsyTiCX9VROj9LaFQPt5U + lwJxa816poyAmj04j+hlpNW7IJO3c1/F7wegC1repf3ydxL4+V76pQh6AKbA + zYZ6+GsIY8IE4MAnM9elFkDJ9B4QLzYjjq5KpIfULxSBrdgmrY8R74tC9H6n + kWG6Q5JjbZ5C77fLVEBuyzKwji6nEjO8KVTpHycBKCm71gZCeK+wmvMAPbey + ykQMue/iKTHPRN8FhhtVyfw+OchYJ3/17Lu+Se+Vne++MC5Gv6vyCG5JcCkc + iBC51f/zybIeAeTAswGsaV30kVxtjHFshL9sV8KkJoW7nJXIGi1OyqoyxpwB + UD9gd6gFhFWQMy1E2r1QkUjELuA237Xy5Ny4blMN2bbLZjC9atZxKd0KgrXL + gnBiFpL6A6zvZ9coz2+I2+Q39eklCluVt5PS4AA2V/2FFgH3GZ9lRVfqXTHp + IH3E1Q0aJBC/F+i/9dn9KxudXnUzCnex9Rf5ez47wlS3XW3C62L0eeA95PfM + DizvYOqZVCkznrjpeYwyio/fsoHxrO+6iU+Etv3grTwYZErd9xViB49/zNoh + pGnW5tpGha8Y2PAYtKe5ccZgRwcSA+oMkdb4/eW40K9ZrWq2zyJ/aNGmVSsn + AgFvuh9CbmbtVUxmsEpesidAUJ3L7WE6slLqX2UlDuriLstWbVuBuaGhaJKu + noHPAS8+clAHGWxMHnMHjzuexh1ZT65RK/NWYo2jtmZR3/ytopd2e19W4y6N + 8537DilhreqW4b9z8u2Q0YNRK8wjXviOig1KzNO3ZOQBjdizlPBAr1XPvoNx + jMXovtX/7647Ruj49dzx3K0TAofswLtxZf2M5uogJj0unVLk84ZkNk6meAfy + bkHlH3FnMEDlQtjsa8a1zqvNj6dmIKUNNwagUlmO60qeNC6+29WEbi5pM089 + I4u0fnZaqoXk87zwvkV+hPI3ZAJSAP7V8Bj3bIJula1icgX/ZRp7CwgkEkUh + 0w7VZGBYwwjLiJaq7dPsiLTC75jnWm/84ZplW3XO9cJPQ0ggg7iDr6QPvoip + yrqPilR/H7qYk4ZNNKuli5bt0fPud2FF/iwbQNkxaNSivdAD8YDzUbww6vyr + /e12m2WEr7+7PiMtn6qzHhdMu3oVpdETK5tHd14pYqB02+bu+sIIjQzJZEMo + iWV3DXS7r0AU+qBTxVfMKoRnotPk4llQIooPwBHkVXdRljB9h3sd9J+HAz7v + QhQ5r1GfY+5RLnZ0p5CiTGqltRBj1TL+NmvmNqZPtjF1d5+7Tsz6s0cz7rNw + +YMWX4Ic4ER3DwJANdN4kUjwq2Cy8pWXTOVX+S92yBxlJKEmBOizIbJBI0j0 + DpiT0jD5FHVfnZyPkojT+hSf7FH6GlAQ4QaUhRgj7cgnVEGUJFq4wB6G1oxr + ebkktMmpcAeYKw83rFQV9O6lsWL9dwOz/HM7uPBg+akkHm5PA4HTX3C1ny/8 + 6zJ4McoFRaWyMGIMxLjhe2nw8GnMyj3aFVFwJpWLZQxtFaUNW6/8Q0TLr8ht + TwFGnfr5LUVRlcP/COlpQbg0UANAAV5IRzZrtszua1XPaj8Cvr1qPYSVfKc4 + o1NS4YemDjLu3rhEoIGiH8yEGbLaKxQ+4kKCegPGNTAhL9DL/s32vNjvizyF + XQ1zntBYG0DpUOEB3CQUwI6GhdzJY3rIVv5Cm4NfOx+rifvmthGm0jug47Gb + QmCOXveWAM3JsZfmfWGXz7TR2uiedYaeKBDH6wtd/cW4x/M87sM8o2KmE3TU + njy/W7IafHt+xwB401YLRVOR4RgfrXOY2f] diff --git a/global/overlay/etc/puppet/modules/eid/manifests/connector.pp b/global/overlay/etc/puppet/modules/eid/manifests/connector.pp index 1aaaa61c..4e5c4243 100644 --- a/global/overlay/etc/puppet/modules/eid/manifests/connector.pp +++ b/global/overlay/etc/puppet/modules/eid/manifests/connector.pp @@ -50,6 +50,9 @@ class eid::connector ( sunet::snippets::secret_file {"${connector_directory}/credentials/connector-${environment}-enc.key": hiera_key => 'connector_enc_key', } + sunet::snippets::secret_file {"${connector_directory}/credentials/sc-${environment}-md-signer.key": + hiera_key => 'sc_md_signer_key', + } } sunet::docker_compose { 'eidas-connector': diff --git a/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb b/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb index 03e68093..9d31c2a4 100644 --- a/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb +++ b/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb @@ -69,6 +69,10 @@ credential: name: "Connector Encryption Credential" certificates: file:${CONNECTOR_DIRECTORY}/credentials/connector-qa-enc.crt private-key: file:${CONNECTOR_DIRECTORY}/credentials/connector-qa-enc.key + connector-metadata-sign: + name: "Connector Metadata Sign Credential" + certificates: file:${CONNECTOR_DIRECTORY}/credentials/sc-qa-md-signer.crt + private-key: file:${CONNECTOR_DIRECTORY}/credentials/sc-qa-md-signer.key monitoring: enabled: true test-interval: 10m @@ -81,6 +85,10 @@ connector: eu-metadata: location: https://<%= @environment %>.md.eidas.swedenconnect.se/role/idp.xml validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sc-qa-md-signer.crt + eidas: + credentials: + metadata-sign: + bundle: connector-metadata-sign prid: policy-resource: file:${CONNECTOR_DIRECTORY}/prid/policy.properties idp: