From abc5895d8cd614fc4c201bdec4a6a38402b8475c Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@nordu.net>
Date: Thu, 24 Mar 2022 17:24:09 +0100
Subject: [PATCH] Validator test FE instance

---
 .../overlay/etc/hiera/data/group.yaml         | 19 ++++++++++++++++
 .../frontend/config/validatortest/haproxy.j2  | 22 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 fe-test-common/overlay/opt/frontend/config/validatortest/haproxy.j2

diff --git a/fe-test-common/overlay/etc/hiera/data/group.yaml b/fe-test-common/overlay/etc/hiera/data/group.yaml
index 8a79bac4..959e3f01 100644
--- a/fe-test-common/overlay/etc/hiera/data/group.yaml
+++ b/fe-test-common/overlay/etc/hiera/data/group.yaml
@@ -135,3 +135,22 @@ sunet_frontend:
         haproxy_image: docker.sunet.se/eduid/haproxy
         haproxy_imagetag: 'stable-tug'
         frontendtools_imagetag: 'stable'
+
+      'validatortest':
+        site_name: 'test.validator.swedenconnect.se'
+        frontends:
+          'fe-fre-1.test.komreg.net':
+            ips: ['94.176.226.138', '2001:6b0:65:2::138']
+          'fe-tug-1.test.komreg.net':
+            ips: ['94.176.226.139', '2001:6b0:65:2::139']
+        backends:
+          default:
+            'validator-test-1.komreg.net':
+              ips: ['89.45.237.45']
+              server_args: 'ssl check verify none'
+        allow_ports:
+          - 443
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_image: docker.sunet.se/eduid/haproxy
+        haproxy_imagetag: 'stable-tug'
+        frontendtools_imagetag: 'stable'
diff --git a/fe-test-common/overlay/opt/frontend/config/validatortest/haproxy.j2 b/fe-test-common/overlay/opt/frontend/config/validatortest/haproxy.j2
new file mode 100644
index 00000000..f3c3826a
--- /dev/null
+++ b/fe-test-common/overlay/opt/frontend/config/validatortest/haproxy.j2
@@ -0,0 +1,22 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    stats enable
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+