From d007e6ffa1b2ad4d2381d264a01ef20de98fc79a Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Tue, 11 Mar 2025 16:41:55 +0100
Subject: [PATCH 1/7] Update infra-ca root cert, SC-2856

---
 global/overlay/etc/ssl/certs/infra.crt | 59 ++++++++++++++------------
 1 file changed, 32 insertions(+), 27 deletions(-)

diff --git a/global/overlay/etc/ssl/certs/infra.crt b/global/overlay/etc/ssl/certs/infra.crt
index c9e5d406..a83d607e 100644
--- a/global/overlay/etc/ssl/certs/infra.crt
+++ b/global/overlay/etc/ssl/certs/infra.crt
@@ -1,29 +1,34 @@
 -----BEGIN CERTIFICATE-----
-MIIFBTCCAu0CFGmORfcOeSpSIqNq6zspBYDaA6BzMA0GCSqGSIb3DQEBCwUAMD8x
-IDAeBgNVBAMTF1NVTkVUIEluZnJhc3RydWN0dXJlIENBMQ4wDAYDVQQKEwVTVU5F
-VDELMAkGA1UEBhMCU0UwHhcNMjUwMjExMDk0MTI1WhcNMzUwMjA5MDk0MTI1WjA/
-MSAwHgYDVQQDExdTVU5FVCBJbmZyYXN0cnVjdHVyZSBDQTEOMAwGA1UEChMFU1VO
-RVQxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
-1fwTe0CQ7aWbtpTXw0OEm0wBEc5uib1v5KnCt+AQjp2yciqyuPOtnVf5u/cCGWZY
-xLto+vQG6+2wrHBxFoNNF18zuKTsvjS9cCQHBVa9cm+N0Xl34BkjvnRLkbWNKH+/
-w3P7MexqLWa12fHsVPo+DUElvB/QjIgdkKVyc786bASU2cZUHm42nd7/rsoKojgi
-GMC37gbfSZF8ilnUqhS97FmzP75xkSsJcR7R5aeGWcKN+hswqYQeG9fpHO9NsHzQ
-Av+1+uqc4TAPrLuJQ6k30VJOIe8fFGIPzRaCUuuHaofNKfeK33VEDU699jQegiB3
-PUX+XTs2WbxrpauttFk+D4fOVnfWLLT+yp26PZ8+sO4MNCfzsG7eiGxk+DW3vTRl
-b5gxRa2aH08crThrZ8h/0RPuWUk9jPI5DVqmiICA9F/imfE5I6CNSFUMFjbSmlMr
-EUntZj0lIpE+P3YDoe3b+4B9Rqko849JoBIiu5XPuxnsOqJa+rru69G3CvnLK1Gh
-nzYcbVnfoPFI1RwnZfwyYQtP841AeiW7yGJkIsMKJ6dhZlQ8Gdoj2NuUKq+YGt2U
-nMp2tbNvXMoRA2x25ywqXCCHmFnq0ktxre/+wPHuh1QrgwX6+6ETJFnJdRAFnf6b
-uIgj7aYcvJnYRSl8GNmGU4REi20USuQ8/kKw+R/y68MCAwEAATANBgkqhkiG9w0B
-AQsFAAOCAgEAav0cKqnikHVYheOcf69SlOEtYT3184rE3Oqz3977m8KkK/sUUGHm
-nee+fT40TCc0Ns7Desh6GgMolQ/csCUBfoNuCSz21c334eB4hjqjtFNvKDpnL4r3
-lWFoFtjJX6R8yleYwTVqQbr3DUetQL/tkYlS+GPysk81lp45PdpLR3IWqCMgWpUT
-5OvAleahFZAWw3RLdxXBi9pjZD/tK2JMEcBirCTKcOQDYfsk3Rz2BAG6FONyMOYM
-VpKReGjBn+VStNLAM6FsQncFfkh7VairHxZ0AEFJrFa8/+F0hHQMau8OqlJ6dpNW
-urDWsSUzhIbXZrU3b69AkQUFy6c1Bq4aeMWNg//KGFvxy+D5j4MNkXyJQDLbeyHB
-rTTmF9m357wUWY+02tHs0aS6ZM78v+wj1lAGOZtaDicWYVkWoOQxSkkHRg2LoYJz
-nNF3T5YKoC2y21KLGvW9ZpNB3Lzt78mhCrqooxq1w1rJr949TIkUWr5qLnYnJwq9
-aD+iexH269lXCCEhrkJyD27Obq1mvnUM7KO+3otHvJXmHwa6LZ69TZvaFjehvl85
-+t7kZsW8jN1OT9k84thEyvYlzh5uBaorUpp+Qj8W3Co+8FAWtKq5N+M0LzPt3iTc
-TN36IaBs9U0+a6005+DJqELzXtkCh386SzNnVqniIcQCeB02QigU0cc=
+MIIF8zCCA9ugAwIBAgIBADANBgkqhkiG9w0BAQsFADA/MSAwHgYDVQQDExdTVU5F
+VCBJbmZyYXN0cnVjdHVyZSBDQTEOMAwGA1UEChMFU1VORVQxCzAJBgNVBAYTAlNF
+MB4XDTI1MDMxMTEzMTYxN1oXDTM1MDMwOTEzMTYxN1owPzEgMB4GA1UEAxMXU1VO
+RVQgSW5mcmFzdHJ1Y3R1cmUgQ0ExDjAMBgNVBAoTBVNVTkVUMQswCQYDVQQGEwJT
+RTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANX8E3tAkO2lm7aU18ND
+hJtMARHObom9b+SpwrfgEI6dsnIqsrjzrZ1X+bv3AhlmWMS7aPr0BuvtsKxwcRaD
+TRdfM7ik7L40vXAkBwVWvXJvjdF5d+AZI750S5G1jSh/v8Nz+zHsai1mtdnx7FT6
+Pg1BJbwf0IyIHZClcnO/OmwElNnGVB5uNp3e/67KCqI4IhjAt+4G30mRfIpZ1KoU
+vexZsz++cZErCXEe0eWnhlnCjfobMKmEHhvX6RzvTbB80AL/tfrqnOEwD6y7iUOp
+N9FSTiHvHxRiD80WglLrh2qHzSn3it91RA1OvfY0HoIgdz1F/l07Nlm8a6WrrbRZ
+Pg+HzlZ31iy0/sqduj2fPrDuDDQn87Bu3ohsZPg1t700ZW+YMUWtmh9PHK04a2fI
+f9ET7llJPYzyOQ1apoiAgPRf4pnxOSOgjUhVDBY20ppTKxFJ7WY9JSKRPj92A6Ht
+2/uAfUapKPOPSaASIruVz7sZ7DqiWvq67uvRtwr5yytRoZ82HG1Z36DxSNUcJ2X8
+MmELT/ONQHolu8hiZCLDCienYWZUPBnaI9jblCqvmBrdlJzKdrWzb1zKEQNsducs
+Klwgh5hZ6tJLca3v/sDx7odUK4MF+vuhEyRZyXUQBZ3+m7iII+2mHLyZ2EUpfBjZ
+hlOERIttFErkPP5CsPkf8uvDAgMBAAGjgfkwgfYwHQYDVR0OBBYEFOcsnlEasB0B
+HeZCtCcaNZNwwG3XMB8GA1UdIwQYMBaAFOcsnlEasB0BHeZCtCcaNZNwwG3XMDsG
+CCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL2NhLnN1bmV0LnNlL2lu
+ZnJhL2NhLmNydDAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEvY3JsLnBlbTAjBgNVHRIEHDAahhhodHRwOi8vY2Euc3VuZXQuc2UvaW5m
+cmEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL
+BQADggIBAHeatojzrHiz+HQdtvNhY68mQgiiSoOJmwvHUmTPvkU5pdVX6P7ltiX1
+t2Tl5VVNiMVu12v8b6q5lsrjK/pdZ9pm/KMS0HplirMP4t3I/5tU28oOThRJwb5J
+hzxIwyG+EOzptXyQfPXMWVVhWfUBOXXflPOpMVyGuvyT07HbBEcXDU84s5AHVwmX
+WS+iQejofB3VKRzEv6ZM4Adsl8XCLq+/+sRIdJL3/FOESA/GlqmvmWm9udg07ocV
+eAdnNU12rUg9cvnCdUk+g7Pxm7yHb/BXqrod+JMNWBtDJvgYZledzTcamyqMFk4L
+oAHme3UP/IdVmCLpo9J5Iqt67ON46xx+iBoycSnb/DQZ14PWJtcAwLlid3HUqnMh
+y9bDBMIp0pNdVwKrFFstGKHFN55d3cZM401ONbT6OBAcxxOhIn1iAOg4pWsyngaq
+vteqsufFJM/osNND158b1octMS0R8Tz1xMvTtY6E4tE0yaPEPpW1BB2JAGTghWjx
+UC6xl9SO/7hGKQxTuXPVk+Dwm4OJnjKd4Gw77IZEGKy8asjLjnrO4EfcPVA8+grc
+IrypcTtOPB0cnQZ3R7NB10RqJ+a1BCmbhl9u8mFRlA3+43tl/J2pEDP0UzHY55dy
+fEaZ6hu4IskjN7z5ZbaqkosI4foGrwQREnsgn8F72zxGaEXOQrqo
 -----END CERTIFICATE-----

From a6f55e81616b586398e37ede6a7ee5d56bcd89d5 Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 12 Mar 2025 13:02:15 +0100
Subject: [PATCH 2/7] Bump connector in QA to 2.0.4, SC-2862

---
 global/overlay/etc/puppet/cosmos-rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index e5746ada..02d4eb61 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1290,7 +1290,7 @@ connector-qa-sto1-1.komreg.net:
      environment: qa
      session_backend: memory
      use_hsm: false
-     version: 2.0.3_hsm2_ubuntu
+     version: 2.0.4_hsm2_ubuntu
    sunet::frontend::register_sites:
      sites:
        'qa.connector.eidas.swedenconnect.se':

From db08a8dc5551529077a5908b2a465faa02c175e6 Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 12 Mar 2025 13:11:49 +0100
Subject: [PATCH 3/7] Bump proxy version in QA, SC-2835

---
 global/overlay/etc/puppet/cosmos-rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 02d4eb61..6a2203a2 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1303,7 +1303,7 @@ proxy-qa-sto1-1.komreg.net:
    autoupdate:
    sunet::dockerhost2:
    eid::proxy:
-      version: 3.0.8_hsm2
+      version: 3.0.9_hsm2
       service_name: qa.proxy.eidas.swedenconnect.se
       environment: qa
       use_hsm: false

From 61e46fa58872c892d7fccf96d0649940ec0c9b4d Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 12 Mar 2025 13:16:06 +0100
Subject: [PATCH 4/7] Add LB registration for new proxy in QA, SC-2835

---
 global/overlay/etc/puppet/cosmos-rules.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 6a2203a2..a581a8be 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1307,6 +1307,13 @@ proxy-qa-sto1-1.komreg.net:
       service_name: qa.proxy.eidas.swedenconnect.se
       environment: qa
       use_hsm: false
+   sunet::frontend::register_sites:
+     sites:
+       'qa.proxy.eidas.swedenconnect.se':
+         frontends:
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
+         port: '443'
 
 testmyeid-qa-sto1-1.komreg.net:
    autoupdate:

From e209774f5aed3853dd99f715e6a3a86b6b6f4f59 Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 12 Mar 2025 13:28:01 +0100
Subject: [PATCH 5/7] Remove registration of old proxy server in QA, SC-2835

---
 global/overlay/etc/puppet/cosmos-rules.yaml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index a581a8be..d67e18b8 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1142,13 +1142,6 @@ log-1.sveidas.se:
       version: 3.0.8_hsm2
       hostname: qa.proxy.eidas.swedenconnect.se
       spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION
-   sunet::frontend::register_sites:
-     sites:
-       'qa.proxy.eidas.swedenconnect.se':
-         frontends:
-           - 'sthb-lb-1.sunet.se'
-           - 'tug-lb-1.sunet.se'
-         port: '443'
 
 '^eidas-proxy-[0-9]+\.test\.sveidas\.se$':
    sunet_iaas_cloud:

From 7211162e5ecd133f4d54573632141dcff21b7e86 Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 12 Mar 2025 16:09:42 +0100
Subject: [PATCH 6/7] Add conf files for new test-my-eid in test, SC-2873

---
 .../modules/eid/manifests/test_my_eid.pp      | 10 +++
 .../test_my_eid/application-test.yml          | 68 +++++++++++++++++++
 .../templates/test_my_eid/idp-disco-test.yml  |  8 +++
 3 files changed, 86 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-test.yml
 create mode 100644 global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-test.yml

diff --git a/global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp b/global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp
index 6fd97e46..b02fa217 100644
--- a/global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp
+++ b/global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp
@@ -27,4 +27,14 @@ class eid::test_my_eid (
 
   file {["${service_dir}",'/var/log/test-my-eid','/etc/ssl']: ensure => directory }
 
+  # Create the environment specific config files from template
+  file { "${service_dir}/application-${environment}.yml":
+    ensure  => 'file',
+    content => template("eid/test_my_eid/application-${environment}.yml.erb")
+  }
+  file { "${service_dir}/idp-disco-${environment}.yml":
+    ensure  => 'file',
+    content => template("eid/test_my_eid/idp-disco-${environment}.yml.erb")
+  }
+
 }
diff --git a/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-test.yml b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-test.yml
new file mode 100644
index 00000000..5cf32c40
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-test.yml
@@ -0,0 +1,68 @@
+---
+credential:
+  bundles:
+    keystore:
+      sp-keys-store:
+        location: file:${SP_CONFIG_DIRECTORY}/credentials/sp-keys.jks
+        type: JKS
+        password: secret
+    jks:
+      sp-sign:
+        name: sp-sign-key
+        store-reference: sp-keys-store
+        key:
+          alias: sign
+          key-password: secret
+      sp-decrypt:
+        name: sp-decrypt-key
+        store-reference: sp-keys-store
+        key:
+          alias: encrypt
+          key-password: secret
+      sp-md-sign:
+        name: sp-metadata-sign
+        store:
+          location: file:${SP_CONFIG_DIRECTORY}/credentials/metadata-sign.jks
+          type: JKS
+          password: secret
+        key:
+          alias: mdsign
+          key-password: secret
+
+server:
+  servlet:
+    context-path: /
+    session:
+      cookie:
+        domain: test.test.swedenconnect.se
+
+
+sp:
+  base-uri: https://test.test.swedenconnect.se
+  entity-id: https://test.test.swedenconnect.se/testmyeid
+  sign-entity-id: http://test.swedenconnect.se/testmyeid-sign
+  credential:
+    sign:
+      bundle: sp-sign
+    decrypt:
+      bundle: sp-decrypt
+    md-sign:
+      bundle: sp-md-sign
+  eidas-connector:
+    entity-id: https://test.connector.eidas.swedenconnect.se/eidas
+  discovery:
+    ignore-contracts: true
+    include-only-static: true
+    static-idp-configuration: file:${SP_CONFIG_DIRECTORY}/idp-disco-test.yml
+  federation:
+    metadata:
+      url: https://test.md.swedenconnect.se/role/idp.xml
+      validation-certificate: file:${SP_CONFIG_DIRECTORY}/sc-test-metadata.crt
+  security:
+    algorithm-config:
+      use-aes-gcm: true
+
+logging:
+  level:
+    root: WARN
+    testmyeid: INFO
diff --git a/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-test.yml b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-test.yml
new file mode 100644
index 00000000..bfc16482
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-test.yml
@@ -0,0 +1,8 @@
+---
+idp:
+  - entity-id: https://test.connector.eidas.swedenconnect.se/eidas
+  - entity-id: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com
+    logo-url: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com/idp/images/frejaeid_logo.svg
+    logo-height: 75
+    logo-width: 75
+  - entity-id: http://test.test.swedenconnect.se/idp

From dd69289549c90526735e500ad591423949b46f7d Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 12 Mar 2025 16:13:25 +0100
Subject: [PATCH 7/7] Add conf files for new test-my-eid in qa, SC-2873

---
 .../templates/test_my_eid/application-qa.yml  | 68 +++++++++++++++++++
 .../templates/test_my_eid/idp-disco-qa.yml    |  8 +++
 2 files changed, 76 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-qa.yml
 create mode 100644 global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-qa.yml

diff --git a/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-qa.yml b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-qa.yml
new file mode 100644
index 00000000..3d1087f1
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-qa.yml
@@ -0,0 +1,68 @@
+---
+credential:
+  bundles:
+    keystore:
+      sp-keys-store:
+        location: file:${SP_CONFIG_DIRECTORY}/credentials/sp-keys.jks
+        type: JKS
+        password: secret
+    jks:
+      sp-sign:
+        name: sp-sign-key
+        store-reference: sp-keys-store
+        key:
+          alias: sign
+          key-password: secret
+      sp-decrypt:
+        name: sp-decrypt-key
+        store-reference: sp-keys-store
+        key:
+          alias: encrypt
+          key-password: secret
+      sp-md-sign:
+        name: sp-metadata-sign
+        store:
+          location: file:${SP_CONFIG_DIRECTORY}/credentials/metadata-sign.jks
+          type: JKS
+          password: secret
+        key:
+          alias: mdsign
+          key-password: secret
+
+server:
+  servlet:
+    context-path: /
+    session:
+      cookie:
+        domain: qa.test.swedenconnect.se
+
+
+sp:
+  base-uri: https://qa.test.swedenconnect.se
+  entity-id: https://qa.test.swedenconnect.se/testmyeid
+  sign-entity-id: http://qa.swedenconnect.se/testmyeid-sign
+  credential:
+    sign:
+      bundle: sp-sign
+    decrypt:
+      bundle: sp-decrypt
+    md-sign:
+      bundle: sp-md-sign
+  eidas-connector:
+    entity-id: https://qa.connector.eidas.swedenconnect.se/eidas
+  discovery:
+    ignore-contracts: true
+    include-only-static: true
+    static-idp-configuration: file:${SP_CONFIG_DIRECTORY}/idp-disco-qa.yml
+  federation:
+    metadata:
+      url: https://qa.md.swedenconnect.se/role/idp.xml
+      validation-certificate: file:${SP_CONFIG_DIRECTORY}/sc-qa-metadata.crt
+  security:
+    algorithm-config:
+      use-aes-gcm: true
+
+logging:
+  level:
+    root: WARN
+    testmyeid: INFO
diff --git a/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-qa.yml b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-qa.yml
new file mode 100644
index 00000000..e8dcfa09
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-qa.yml
@@ -0,0 +1,8 @@
+---
+idp:
+  - entity-id: https://qa.connector.eidas.swedenconnect.se/eidas
+  - entity-id: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com
+    logo-url: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com/idp/images/frejaeid_logo.svg
+    logo-height: 75
+    logo-width: 75
+  - entity-id: http://qa.test.swedenconnect.se/idp