From 6dc76fccde84cac8f4ee0c06980570c88ad454ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Mattsson?= Date: Thu, 5 Oct 2023 21:46:44 +0200 Subject: [PATCH 1/5] Update expired leifj key --- .../etc/cosmos/keys/leifj-0AD478D6.pub | 70 +++++++++---------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/global/overlay/etc/cosmos/keys/leifj-0AD478D6.pub b/global/overlay/etc/cosmos/keys/leifj-0AD478D6.pub index b895e8f8..54c931e1 100644 --- a/global/overlay/etc/cosmos/keys/leifj-0AD478D6.pub +++ b/global/overlay/etc/cosmos/keys/leifj-0AD478D6.pub @@ -7,13 +7,13 @@ FS5D0Tro8Xfxjk98u8rNpQXi9walRAffRY+byhkPiBj0sVA2RXK9Dx2DL3EY0xx0 7r6Qhs2XkbXNDDCHRuChhHSHwWC16VS9x7Nhfg2EwKqmMGRNREikjwzDl/aHKz+F XTLONdmc83sRyklqgH90f3na6s/RT5XTb08xABEBAAG0IExlaWYgSm9oYW5zc29u IDxsZWlmakBub3JkdS5uZXQ+iQFVBBMBCAA/AhsDBgsJCAcDAgYVCAIJCgsEFgID -AQIeAQIXgBYhBIqgkoGkEvxr5Qru5Nc61kMK1HjWBQJjPBkgBQkS0lX+AAoJENc6 -1kMK1HjWwG0H/jMMu5r/CafcnFftGP8rAErrx2hEyFApV2ZSDk2fA8H/jhd7e8GV -QWX8Gql5x2IhcWqfwGLPn8MJFufnzbDNP2UL9gZrKfq3mWzBjf4w1PEu8IhePVrO -dChylfhG3WNZIKQYFNFMdisi9vegj0huLhtDopn3teW2kl+baJWQZdcmYO+ByhJ4 -2pQF4WP1KQLe+XtOoDJlmSpyU8a8628Tktetj/pyvk9ZwtMopT+RCM8mDdO76HnY -lIGzFFKiMt3bMd8GMT4H8ZcqBT3a4SQsmz58CaYXuQRWOlBpA1eIKj+g2rJeZdTO -FPmqc3k3Oigi38EgqHgfGsBB5kRr9Mlc/oyJAT0EEwECACgFAlJK90YCGwMFCQHh +AQIeAQIXgBYhBIqgkoGkEvxr5Qru5Nc61kMK1HjWBQJlHtIWBQkUtQ70AAoJENc6 +1kMK1HjWc84IAKIABd093e4sBJA2d0JBSroHf22jM843DIrMpmfMVyEnInWZCZfA +oeRu7aVINlb8x81j+XZu/11NW3RTgy3A9M/OiwpaYubwrDnzWqV0W3iuicFZ0ywk +fMSeiDbjjbzRUEUmm7GoyRK99ZTKD/Q7WJvQw8inHupB8Do9Vf9dJLhfdiFZ+nL/ +6Fl5mkbuKkQLgywGlC8jgXQ7ohUTHNtZcr1bNrLQ24BnqFim4MKYLZeWUJG1i33v +uoKujcB+jkaBRn/jaDo9Sd37jXonQnQBvWgqV66dGuagby4L0e4HRgQKgLeSrUfJ +SlUQhifkyiU1iI/HL3COVnfUZT1B+/9ww7eJAT0EEwECACgFAlJK90YCGwMFCQHh M4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENc61kMK1HjWzCkH9iPY5J5f vEDt/mhHQCIzxBUaovooraxD7DuMMzYB1UrJPiw2SmdnCt6LaI23BQiia6ewB4AT 79HLLBqDqBNY3djZ8pp0v6rHsb9h3Dc8a+o/RdldmIKmq691V6nQlhO9rRbRmrpW @@ -35,13 +35,13 @@ B2qLVkYbpyp8iJM3/6Gn6G/49daYYt286UQnKSjf+BYv219xDRBGuKhXAwinueJf 6DEoDhtPRs6ZIesFCkMZRprrQWtoopyxikc7xC3PfLuPD5HcVFy7+N4mAwImv+lX b5E7+te4MJGEPhIpqFh/RR9DCjf5hq1UnmUHULQdTGVpZiBKb2hhbnNzb24gPGxl aWZqQG1udC5zZT6JAVUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA -FiEEiqCSgaQS/GvlCu7k1zrWQwrUeNYFAmM8GSAFCRLSVf4ACgkQ1zrWQwrUeNaI -vQf+JmHKXWcH81yjnPWyrMUa6lr1HoAtnQkYsBJFNoDZE0PE+y3pat0shphsm1wn -4VTkirQkqViGhVA44xHiRyU5InSPmlmIpeq/tZmG9X6891qAlg2QsFHDhxTfGe4V -Nr/58QDmBUpWVgStaI9WbcIcO86JbH1BuUqQyXG6VUNiLVtJ47cwbFGlTOzbaPiv -vBtg8/BgoLVkG6onGJX0QoMC6t0FItOf4KSdWQ/IapjB4WDLRLoYwQsKd5Rcjtl4 -3tOsp7cOiqV+SdOTfPG/zK+aL3wexPEPsCLjwUoqvQTdREa+xa7Krp6ohmIzbE1G -XWK3lVJSoop2DtrnzEOKLBpuR4kBPgQTAQIAKAUCUkr3UgIbAwUJAeEzgAYLCQgH +FiEEiqCSgaQS/GvlCu7k1zrWQwrUeNYFAmUe0hYFCRS1DvQACgkQ1zrWQwrUeNao +7wf/YS51lOO6jpxwuzTRillJLlJsDalsJCx5kPO1aEtzC/LJDpZGPawLwoM45Wd+ +ue1LyzDgT6lLztEJlfLFFiFkU6A1aUn5Syqr9Uav4PHiDL4/L0vOHbBMtfcMp47g +sQHJv4Vtoq0DyctJefmq8GjfqzRO2PPE9wyN2Ux6JMY7zCZXqS2zzoowa2po1kUO +ynHdUQJQlLXl31job4YaJ94b+zgOmvbpQJHhx0lXvw16xYct8bohiOWUMOLOngzo +mBzNIlrjjzYURbyBLBj7RzFAIUioBTEwN0yx1akfIhrqbvF13vz68/OeEsVAjfUj +6Ips+6qail/2QKVdjru66Ju2e4kBPgQTAQIAKAUCUkr3UgIbAwUJAeEzgAYLCQgH AwIGFQgCCQoLBBYCAwECHgECF4AACgkQ1zrWQwrUeNas4Qf9EInrx4bBN1PWVXWo UL6b0OdnO8PQLigazE+PTn8+CCUq8snGEYJdJNGET9ltWGxQnryoS1IVBTy6WDkZ rGsW+zzp2WNbCViAvXtWWYbFax041StZdGcOtw0EkIcxuzVUrel37xRdNhzYuP7T @@ -63,13 +63,13 @@ iyROzABX0Hr4mUQZjdW4/Yp0UrWR7yZT/2zcK/9nYw1Sa1q4rxRHW3bXKeAPjupv xsHkLV+AyAcEqHy+IxKgXvJuteLqEblYi04tFMMem595EsJZvWOl5l5aH7vIzHKh YfOPlRPzgzhIIa2vjrsQL9WPDWlT3rQfTGVpZiBKb2hhbnNzb24gPGxlaWZqQHN1 bmV0LnNlPokBVQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQSK -oJKBpBL8a+UK7uTXOtZDCtR41gUCYzwZIAUJEtJV/gAKCRDXOtZDCtR41gDuB/45 -icHrbHcO4P8xSnOJTvfsRmg/KIh6JQkUOXIwJOW3isjvVKShR8m9LEUwf1thY3bc -MVl2ukeHXgGrelOGfTLII8rceOki0ddNnDovdhL6vKSuWfiDq//WMde+7YBU8Izl -EBMU6x9sLMS+aTrIRmP/rZWNYIdTOmG4JQMKy7bkQ0AM2QejWkPXZnlba10WnF6j -cDwWPgTkAt2srHQrGyn6JLF3W9qOhAIFwz7kG/zi5G01EaFNJJ6CsayPrXjaCFZ0 -GzubB7yAjdKu/MqIJQlYseoOrR1PYJsyMZq6QCuxygOhGnbCquif4to0+6Y/ACfK -ZcVhfP3vRGE1YJLj20SviQE+BBMBAgAoBQJSSvaiAhsDBQkB4TOABgsJCAcDAgYV +oJKBpBL8a+UK7uTXOtZDCtR41gUCZR7SFgUJFLUO9AAKCRDXOtZDCtR41sH0B/wL +bcm3d/bUYo6BYd78bidgdpelqWI2KWSXQyZ6k6e5yAQ9yJPaCbnl/nMmoXYl3Opd +Qs+DEtZ3D4vRP7iYSiBDPF0D6R0ppxo7xPL+dQN9GmDgLj2YeWDeH4Z8XQ4iEfXF +zrGm1cojfgcexf546gssCwAAF3WfY3gw0n/G1zkp5dZD9c7dypfwppAGdTwxJT/V +ayQ4oWnIqy9Y+GNDHTp/CJqaVmHLOfdIJsGfUnc+qDjfrp/Myov3VGrlZN+J+Z1U +/6zK8UAd2sh3qccJVxelKS0lk+ucY1y1kCFFof82IE+JBFAmqbe2PEPHsHE5Dgwo +gLxxQOVihE/c6QDv/DHSiQE+BBMBAgAoBQJSSvaiAhsDBQkB4TOABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAAKCRDXOtZDCtR41vdKB/9pw81jWa7jBZ0Ujn/eQ0wQ YmfLvNp5fcHjEIUtmcUWtVeWwRnLb+lwZURRIY5rNmx3IwiQL0TgHw3y72ByDe3/ N6O4lytSKpWA1rtfS/8Evc6I5WEvod3w6cMO1vPxqNjUZCC2gLvbp69LULFrMN7T @@ -95,24 +95,24 @@ YceR6EFkTc6OVsaIb+eHH/Zo3DKyB1Dq9CA5fjjnEQzti+KKSZYWzB0Fkt7qrfOS 6YM1zMjEUxUUwsl1qirx5DuByWLDX7ULU7H/xmPVhHUVZO8XEaFV2m+ICx8Y6B98 KMeJ0Qz8b8wp2g7vWEkwS2R6IjF0kMrRxnxUvwA6EUiZuFphhuY/lWCJusLl1olg OE+BKMEUStJWEi0s+pd8FL1vOLeNKbIUFro0+oZr9byABpkPNjMxKV36uj1dABEB -AAGJATwEGAEIACYCGwwWIQSKoJKBpBL8a+UK7uTXOtZDCtR41gUCYzwZNAUJEtJW -EgAKCRDXOtZDCtR41kLZCACHHrLT9XpqJr/tbIUwrPKlqXQbgHQUHKLHokTFF2mZ -Jhejr9olv2Sf2SiU9ie/P5DdnBOxG8NJ1VT/7pYIPzsD8UoGu8c9eGXKW93yohSc -33eUFooDTE2Pt94wbEDbq9En6GzMNmIwvWLLAy3gkC77SyNmJLf8ZuSCQ47DpUK5 -79Ym2p4ASsxV9afQ7bAwpKB4VGSMG26kFviIRf+e9HEROYIfz1W9eC2z/JjNjNiw -aHQjuNzi3covFF868ydaKc2AG9N3kzMOWjiEAh1nsmnDCmQr8ZAMfh9HvOYtAe0+ -8bdc9AYZbAQLt3hv707nLJU6+3M5kt0xJcdvBEBamQMVuQENBFJK920BCADVvB4g +AAGJATwEGAEIACYCGwwWIQSKoJKBpBL8a+UK7uTXOtZDCtR41gUCZR7R3AUJFLUO +ugAKCRDXOtZDCtR41jMlB/9Wz2Qsl/xCbrc/nzEQ5mmiL8nGcLIb0unMdbrODAYS +Usfix1iheAQVTOBBR9Pf0PW1rM0YdTgpvvykWIpP7IDoXx6DlboFz8Oe0eXjWQFg +31A3zRIsUn9SOLrZw4vwSr8bbK6gwUmb+AxdFDZ736/A3cppkXqo+CO16n1q4yid ++/AN4Z3Dz7zSD/vOetUG2PH4kyehfTw97nWjrAjSjOu/xJgBZvUWUXu8SYcVshPW +tdWz/bS/Ea+FpdmBXUGtSzSogX71G4ZJrrc8i75axwPLgBcytDrWk0HbfgtSqrSY +xqf4oA4TjZCGjxl8LUkHVqmFzBkosLlIROUxZzzosimiuQENBFJK920BCADVvB4g dJ6EWRmx8xUSxrhoUNnWxEf8ZwAqhzC1+7XBY/hSd/cbEotLB9gxgqt0CLW56VU4 FPLTw8snD8tgsyZN6KH1Da7UXno8oMk8tJdwLQM0Ggx3aWuztItkDfBc3Lfvq5T0 7YfphqJO7rcSGbS4QQdflXuOM9JLi6NStVao0ia4aE6Tj68pVVb3++XYvqvbU6Nt EICvkTxEY93YpnRSfeAi64hsbaqSTN4kpeltzoSD1Rikz2aQFtFXE03ZC48HtGGh dMFA/Ade6KWBDaXxHGARVQ9/UccfhaR2XSjVxSZ8FBNOzNsH4k9cQIb2ndkEOXZX njF5ZjdI4ZU0F+t7ABEBAAGJATwEGAEIACYCGyAWIQSKoJKBpBL8a+UK7uTXOtZD -CtR41gUCYzwZNAUJEtJVRwAKCRDXOtZDCtR41g35B/9+8i+Rb1rTANbAGdRypX/N -H9sF0ErvYPFRKuROUk0VJqc9X7yyhG4ExN2tZkdIM9/hbYxX2efPP4WAJdN2BDzo -6PJsIRso9va5dGnCp2Bg9D36wmfo8RUZ6eYSY7vpCMPFsso42pE4q+IHRQyoErm6 -Bm7hGX8zgg4Y6n3dcfi8w3tcG6vjS3Tyc+iRvETrjC3RiNmwItYwiPUGDzoX1sCQ -bSooGcNEFM2yvu4015ymBamn3jzFpHj5D5gVHGHZPF0oZtmn75slLsTcgnyfnPOj -RblmB7O7i2szAarIoc5n56zRkJABnAYDVss2MoYcvAjtfTVBgYIM8ha18eM5xKDC -=PbM5 +CtR41gUCZR7SCQUJFLUOHAAKCRDXOtZDCtR41sDrCACl7ezk7SWACOP30NVvoF1F +c6UyBKMrvBZihrvlsBB1ps8e5lQvYXfenw8Jbn8O8S7GmWyADSPRGSaSz9dmgYD9 +r4YD6vO3eL9TG4wl3tQqZOBmMviPqp9DN+/pssIpJ0Mch+abSk6SocNfiHgqKh3e +VwKaivtiTh1xrI3nL1/FBOTJLFd+QRM+NDHYeVcosWoxAygUrJ0qSpHM7IJ60Byg ++sSn9A4zYkiS01j2oY2BEW491ngcBy31D90y4ncMtnjuZiTCGRPSqiee3dxHXW+w +HhxaW3XhdPaGVv/oBfoDLE3hFLwpnf/cdIABO6Cyf8DzuPjUWcAtDuIpPkLbku41 +=Kc4m -----END PGP PUBLIC KEY BLOCK----- From 5152eb7b6865a307962de8127e258ab5272ab4cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstr=C3=B6m?= Date: Mon, 9 Oct 2023 12:54:13 +0200 Subject: [PATCH 2/5] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index a691dd3e..898fbe3b 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -192,7 +192,7 @@ classes: eid::dockerhost: {version: '5:23.0.6-1~ubuntu.20.04~focal'} eid::telegraf: null eidas_proxy: {hostname: qa.proxy.eidas.swedenconnect.se, spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION, - version: 1.4.8_hsm2} + version: 2.0.1_hsm2} entropyclient: null infra_ca_rp: null konsulter: null @@ -234,7 +234,7 @@ classes: eid::dockerhost: &id013 {version: '5:23.0.6-1~ubuntu.20.04~focal'} eid::telegraf: null eidas_proxy: &id014 {hostname: test.proxy.eidas.swedenconnect.se, spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION, - version: 1.4.8_hsm2} + version: 2.0.1_hsm2} entropyclient: null infra_ca_rp: null konsulter: null From 93d955a6ed261ae51eace90b061ae70d71089b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstr=C3=B6m?= Date: Mon, 9 Oct 2023 12:54:44 +0200 Subject: [PATCH 3/5] update proxy in qa and test to 2.0.1 --- .../overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties | 1 + .../overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties | 1 + global/overlay/etc/puppet/cosmos-rules.yaml | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 eidas-qa-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties create mode 100644 eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties diff --git a/eidas-qa-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties b/eidas-qa-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties new file mode 100644 index 00000000..c8c2057c --- /dev/null +++ b/eidas-qa-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties @@ -0,0 +1 @@ +oidc-enabled=false diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties new file mode 100644 index 00000000..c8c2057c --- /dev/null +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties @@ -0,0 +1 @@ +oidc-enabled=false diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 9ab274fb..96f124a0 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1073,7 +1073,7 @@ log-1.sveidas.se: autoupdate: proxy_eidas_metadata: eidas_proxy: - version: 1.4.8_hsm2 + version: 2.0.1_hsm2 hostname: qa.proxy.eidas.swedenconnect.se spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION sunet::frontend::register_sites: @@ -1094,7 +1094,7 @@ log-1.sveidas.se: autoupdate: proxy_eidas_metadata: eidas_proxy: - version: 1.4.8_hsm2 + version: 2.0.1_hsm2 hostname: test.proxy.eidas.swedenconnect.se spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION sunet::frontend::register_sites: From 44bfe99052e88bcbcac4a09ee01593c047098bd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstr=C3=B6m?= Date: Mon, 9 Oct 2023 14:39:39 +0200 Subject: [PATCH 4/5] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 898fbe3b..14c0ba2d 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -213,7 +213,7 @@ classes: common: null eid::dockerhost: &id010 {version: '5:23.0.6-1~ubuntu.20.04~focal'} eidas_proxy: &id011 {hostname: proxy.eidas.swedenconnect.se, spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION, - version: 1.4.8_hsm2} + version: 2.0.1_hsm2} entropyclient: null infra_ca_rp: null konsulter: null From 1e2741828acffcfc5570eab518e2018227803591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstr=C3=B6m?= Date: Mon, 9 Oct 2023 14:40:28 +0200 Subject: [PATCH 5/5] upgrade proxy to 2.0.1 in production --- .../overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties | 1 + global/overlay/etc/puppet/cosmos-rules.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties diff --git a/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties new file mode 100644 index 00000000..c8c2057c --- /dev/null +++ b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties @@ -0,0 +1 @@ +oidc-enabled=false diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 96f124a0..828cce26 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -988,7 +988,7 @@ validator-test-1.komreg.net: autoupdate: proxy_eidas_metadata: eidas_proxy: - version: 1.4.8_hsm2 + version: 2.0.1_hsm2 hostname: proxy.eidas.swedenconnect.se spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION sunet::frontend::register_sites: