Merge branch 'master' of gitops.sunet.se:eid-ops

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -1142,13 +1142,6 @@ log-1.sveidas.se:
       version: 3.0.8_hsm2
       hostname: qa.proxy.eidas.swedenconnect.se
       spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION
-   sunet::frontend::register_sites:
-     sites:
-       'qa.proxy.eidas.swedenconnect.se':
-         frontends:
-           - 'sthb-lb-1.sunet.se'
-           - 'tug-lb-1.sunet.se'
-         port: '443'
 
 '^eidas-proxy-[0-9]+\.test\.sveidas\.se$':
    sunet_iaas_cloud:
@@ -1290,7 +1283,7 @@ connector-qa-sto1-1.komreg.net:
      environment: qa
      session_backend: memory
      use_hsm: false
-     version: 2.0.3_hsm2_ubuntu
+     version: 2.0.4_hsm2_ubuntu
    sunet::frontend::register_sites:
      sites:
        'qa.connector.eidas.swedenconnect.se':
@@ -1303,10 +1296,17 @@ proxy-qa-sto1-1.komreg.net:
    autoupdate:
    sunet::dockerhost2:
    eid::proxy:
-      version: 3.0.8_hsm2
+      version: 3.0.9_hsm2
       service_name: qa.proxy.eidas.swedenconnect.se
       environment: qa
       use_hsm: false
+   sunet::frontend::register_sites:
+     sites:
+       'qa.proxy.eidas.swedenconnect.se':
+         frontends:
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
+         port: '443'
 
 testmyeid-qa-sto1-1.komreg.net:
    autoupdate:

global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp

@@ -27,4 +27,14 @@ class eid::test_my_eid (
 
   file {["${service_dir}",'/var/log/test-my-eid','/etc/ssl']: ensure => directory }
 
+  # Create the environment specific config files from template
+  file { "${service_dir}/application-${environment}.yml":
+    ensure  => 'file',
+    content => template("eid/test_my_eid/application-${environment}.yml.erb")
+  }
+  file { "${service_dir}/idp-disco-${environment}.yml":
+    ensure  => 'file',
+    content => template("eid/test_my_eid/idp-disco-${environment}.yml.erb")
+  }
+
 }

global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-qa.yml

@@ -0,0 +1,68 @@
+---
+credential:
+  bundles:
+    keystore:
+      sp-keys-store:
+        location: file:${SP_CONFIG_DIRECTORY}/credentials/sp-keys.jks
+        type: JKS
+        password: secret
+    jks:
+      sp-sign:
+        name: sp-sign-key
+        store-reference: sp-keys-store
+        key:
+          alias: sign
+          key-password: secret
+      sp-decrypt:
+        name: sp-decrypt-key
+        store-reference: sp-keys-store
+        key:
+          alias: encrypt
+          key-password: secret
+      sp-md-sign:
+        name: sp-metadata-sign
+        store:
+          location: file:${SP_CONFIG_DIRECTORY}/credentials/metadata-sign.jks
+          type: JKS
+          password: secret
+        key:
+          alias: mdsign
+          key-password: secret
+
+server:
+  servlet:
+    context-path: /
+    session:
+      cookie:
+        domain: qa.test.swedenconnect.se
+
+
+sp:
+  base-uri: https://qa.test.swedenconnect.se
+  entity-id: https://qa.test.swedenconnect.se/testmyeid
+  sign-entity-id: http://qa.swedenconnect.se/testmyeid-sign
+  credential:
+    sign:
+      bundle: sp-sign
+    decrypt:
+      bundle: sp-decrypt
+    md-sign:
+      bundle: sp-md-sign
+  eidas-connector:
+    entity-id: https://qa.connector.eidas.swedenconnect.se/eidas
+  discovery:
+    ignore-contracts: true
+    include-only-static: true
+    static-idp-configuration: file:${SP_CONFIG_DIRECTORY}/idp-disco-qa.yml
+  federation:
+    metadata:
+      url: https://qa.md.swedenconnect.se/role/idp.xml
+      validation-certificate: file:${SP_CONFIG_DIRECTORY}/sc-qa-metadata.crt
+  security:
+    algorithm-config:
+      use-aes-gcm: true
+
+logging:
+  level:
+    root: WARN
+    testmyeid: INFO

global/overlay/etc/puppet/modules/eid/templates/test_my_eid/application-test.yml

@@ -0,0 +1,68 @@
+---
+credential:
+  bundles:
+    keystore:
+      sp-keys-store:
+        location: file:${SP_CONFIG_DIRECTORY}/credentials/sp-keys.jks
+        type: JKS
+        password: secret
+    jks:
+      sp-sign:
+        name: sp-sign-key
+        store-reference: sp-keys-store
+        key:
+          alias: sign
+          key-password: secret
+      sp-decrypt:
+        name: sp-decrypt-key
+        store-reference: sp-keys-store
+        key:
+          alias: encrypt
+          key-password: secret
+      sp-md-sign:
+        name: sp-metadata-sign
+        store:
+          location: file:${SP_CONFIG_DIRECTORY}/credentials/metadata-sign.jks
+          type: JKS
+          password: secret
+        key:
+          alias: mdsign
+          key-password: secret
+
+server:
+  servlet:
+    context-path: /
+    session:
+      cookie:
+        domain: test.test.swedenconnect.se
+
+
+sp:
+  base-uri: https://test.test.swedenconnect.se
+  entity-id: https://test.test.swedenconnect.se/testmyeid
+  sign-entity-id: http://test.swedenconnect.se/testmyeid-sign
+  credential:
+    sign:
+      bundle: sp-sign
+    decrypt:
+      bundle: sp-decrypt
+    md-sign:
+      bundle: sp-md-sign
+  eidas-connector:
+    entity-id: https://test.connector.eidas.swedenconnect.se/eidas
+  discovery:
+    ignore-contracts: true
+    include-only-static: true
+    static-idp-configuration: file:${SP_CONFIG_DIRECTORY}/idp-disco-test.yml
+  federation:
+    metadata:
+      url: https://test.md.swedenconnect.se/role/idp.xml
+      validation-certificate: file:${SP_CONFIG_DIRECTORY}/sc-test-metadata.crt
+  security:
+    algorithm-config:
+      use-aes-gcm: true
+
+logging:
+  level:
+    root: WARN
+    testmyeid: INFO

global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-qa.yml

@@ -0,0 +1,8 @@
+---
+idp:
+  - entity-id: https://qa.connector.eidas.swedenconnect.se/eidas
+  - entity-id: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com
+    logo-url: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com/idp/images/frejaeid_logo.svg
+    logo-height: 75
+    logo-width: 75
+  - entity-id: http://qa.test.swedenconnect.se/idp

global/overlay/etc/puppet/modules/eid/templates/test_my_eid/idp-disco-test.yml

@@ -0,0 +1,8 @@
+---
+idp:
+  - entity-id: https://test.connector.eidas.swedenconnect.se/eidas
+  - entity-id: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com
+    logo-url: https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com/idp/images/frejaeid_logo.svg
+    logo-height: 75
+    logo-width: 75
+  - entity-id: http://test.test.swedenconnect.se/idp

global/overlay/etc/ssl/certs/infra.crt

@@ -1,29 +1,34 @@
 -----BEGIN CERTIFICATE-----
-MIIFBTCCAu0CFGmORfcOeSpSIqNq6zspBYDaA6BzMA0GCSqGSIb3DQEBCwUAMD8x
+MIIF8zCCA9ugAwIBAgIBADANBgkqhkiG9w0BAQsFADA/MSAwHgYDVQQDExdTVU5F
-IDAeBgNVBAMTF1NVTkVUIEluZnJhc3RydWN0dXJlIENBMQ4wDAYDVQQKEwVTVU5F
+VCBJbmZyYXN0cnVjdHVyZSBDQTEOMAwGA1UEChMFU1VORVQxCzAJBgNVBAYTAlNF
-VDELMAkGA1UEBhMCU0UwHhcNMjUwMjExMDk0MTI1WhcNMzUwMjA5MDk0MTI1WjA/
+MB4XDTI1MDMxMTEzMTYxN1oXDTM1MDMwOTEzMTYxN1owPzEgMB4GA1UEAxMXU1VO
-MSAwHgYDVQQDExdTVU5FVCBJbmZyYXN0cnVjdHVyZSBDQTEOMAwGA1UEChMFU1VO
+RVQgSW5mcmFzdHJ1Y3R1cmUgQ0ExDjAMBgNVBAoTBVNVTkVUMQswCQYDVQQGEwJT
-RVQxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+RTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANX8E3tAkO2lm7aU18ND
-1fwTe0CQ7aWbtpTXw0OEm0wBEc5uib1v5KnCt+AQjp2yciqyuPOtnVf5u/cCGWZY
+hJtMARHObom9b+SpwrfgEI6dsnIqsrjzrZ1X+bv3AhlmWMS7aPr0BuvtsKxwcRaD
-xLto+vQG6+2wrHBxFoNNF18zuKTsvjS9cCQHBVa9cm+N0Xl34BkjvnRLkbWNKH+/
+TRdfM7ik7L40vXAkBwVWvXJvjdF5d+AZI750S5G1jSh/v8Nz+zHsai1mtdnx7FT6
-w3P7MexqLWa12fHsVPo+DUElvB/QjIgdkKVyc786bASU2cZUHm42nd7/rsoKojgi
+Pg1BJbwf0IyIHZClcnO/OmwElNnGVB5uNp3e/67KCqI4IhjAt+4G30mRfIpZ1KoU
-GMC37gbfSZF8ilnUqhS97FmzP75xkSsJcR7R5aeGWcKN+hswqYQeG9fpHO9NsHzQ
+vexZsz++cZErCXEe0eWnhlnCjfobMKmEHhvX6RzvTbB80AL/tfrqnOEwD6y7iUOp
-Av+1+uqc4TAPrLuJQ6k30VJOIe8fFGIPzRaCUuuHaofNKfeK33VEDU699jQegiB3
+N9FSTiHvHxRiD80WglLrh2qHzSn3it91RA1OvfY0HoIgdz1F/l07Nlm8a6WrrbRZ
-PUX+XTs2WbxrpauttFk+D4fOVnfWLLT+yp26PZ8+sO4MNCfzsG7eiGxk+DW3vTRl
+Pg+HzlZ31iy0/sqduj2fPrDuDDQn87Bu3ohsZPg1t700ZW+YMUWtmh9PHK04a2fI
-b5gxRa2aH08crThrZ8h/0RPuWUk9jPI5DVqmiICA9F/imfE5I6CNSFUMFjbSmlMr
+f9ET7llJPYzyOQ1apoiAgPRf4pnxOSOgjUhVDBY20ppTKxFJ7WY9JSKRPj92A6Ht
-EUntZj0lIpE+P3YDoe3b+4B9Rqko849JoBIiu5XPuxnsOqJa+rru69G3CvnLK1Gh
+2/uAfUapKPOPSaASIruVz7sZ7DqiWvq67uvRtwr5yytRoZ82HG1Z36DxSNUcJ2X8
-nzYcbVnfoPFI1RwnZfwyYQtP841AeiW7yGJkIsMKJ6dhZlQ8Gdoj2NuUKq+YGt2U
+MmELT/ONQHolu8hiZCLDCienYWZUPBnaI9jblCqvmBrdlJzKdrWzb1zKEQNsducs
-nMp2tbNvXMoRA2x25ywqXCCHmFnq0ktxre/+wPHuh1QrgwX6+6ETJFnJdRAFnf6b
+Klwgh5hZ6tJLca3v/sDx7odUK4MF+vuhEyRZyXUQBZ3+m7iII+2mHLyZ2EUpfBjZ
-uIgj7aYcvJnYRSl8GNmGU4REi20USuQ8/kKw+R/y68MCAwEAATANBgkqhkiG9w0B
+hlOERIttFErkPP5CsPkf8uvDAgMBAAGjgfkwgfYwHQYDVR0OBBYEFOcsnlEasB0B
-AQsFAAOCAgEAav0cKqnikHVYheOcf69SlOEtYT3184rE3Oqz3977m8KkK/sUUGHm
+HeZCtCcaNZNwwG3XMB8GA1UdIwQYMBaAFOcsnlEasB0BHeZCtCcaNZNwwG3XMDsG
-nee+fT40TCc0Ns7Desh6GgMolQ/csCUBfoNuCSz21c334eB4hjqjtFNvKDpnL4r3
+CCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL2NhLnN1bmV0LnNlL2lu
-lWFoFtjJX6R8yleYwTVqQbr3DUetQL/tkYlS+GPysk81lp45PdpLR3IWqCMgWpUT
+ZnJhL2NhLmNydDAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY2Euc3VuZXQuc2Uv
-5OvAleahFZAWw3RLdxXBi9pjZD/tK2JMEcBirCTKcOQDYfsk3Rz2BAG6FONyMOYM
+aW5mcmEvY3JsLnBlbTAjBgNVHRIEHDAahhhodHRwOi8vY2Euc3VuZXQuc2UvaW5m
-VpKReGjBn+VStNLAM6FsQncFfkh7VairHxZ0AEFJrFa8/+F0hHQMau8OqlJ6dpNW
+cmEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL
-urDWsSUzhIbXZrU3b69AkQUFy6c1Bq4aeMWNg//KGFvxy+D5j4MNkXyJQDLbeyHB
+BQADggIBAHeatojzrHiz+HQdtvNhY68mQgiiSoOJmwvHUmTPvkU5pdVX6P7ltiX1
-rTTmF9m357wUWY+02tHs0aS6ZM78v+wj1lAGOZtaDicWYVkWoOQxSkkHRg2LoYJz
+t2Tl5VVNiMVu12v8b6q5lsrjK/pdZ9pm/KMS0HplirMP4t3I/5tU28oOThRJwb5J
-nNF3T5YKoC2y21KLGvW9ZpNB3Lzt78mhCrqooxq1w1rJr949TIkUWr5qLnYnJwq9
+hzxIwyG+EOzptXyQfPXMWVVhWfUBOXXflPOpMVyGuvyT07HbBEcXDU84s5AHVwmX
-aD+iexH269lXCCEhrkJyD27Obq1mvnUM7KO+3otHvJXmHwa6LZ69TZvaFjehvl85
+WS+iQejofB3VKRzEv6ZM4Adsl8XCLq+/+sRIdJL3/FOESA/GlqmvmWm9udg07ocV
-+t7kZsW8jN1OT9k84thEyvYlzh5uBaorUpp+Qj8W3Co+8FAWtKq5N+M0LzPt3iTc
+eAdnNU12rUg9cvnCdUk+g7Pxm7yHb/BXqrod+JMNWBtDJvgYZledzTcamyqMFk4L
-TN36IaBs9U0+a6005+DJqELzXtkCh386SzNnVqniIcQCeB02QigU0cc=
+oAHme3UP/IdVmCLpo9J5Iqt67ON46xx+iBoycSnb/DQZ14PWJtcAwLlid3HUqnMh
+y9bDBMIp0pNdVwKrFFstGKHFN55d3cZM401ONbT6OBAcxxOhIn1iAOg4pWsyngaq
+vteqsufFJM/osNND158b1octMS0R8Tz1xMvTtY6E4tE0yaPEPpW1BB2JAGTghWjx
+UC6xl9SO/7hGKQxTuXPVk+Dwm4OJnjKd4Gw77IZEGKy8asjLjnrO4EfcPVA8+grc
+IrypcTtOPB0cnQZ3R7NB10RqJ+a1BCmbhl9u8mFRlA3+43tl/J2pEDP0UzHY55dy
+fEaZ6hu4IskjN7z5ZbaqkosI4foGrwQREnsgn8F72zxGaEXOQrqo
 -----END CERTIFICATE-----