First draft of new test_my_eid class, SC-2840

global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp

@@ -0,0 +1,30 @@
+# This puppet manifest is used to configure Sweden Connect "test my eid" servers
+# https://github.com/swedenconnect/docker-eidas-test
+
+# @param environment          The environment that the server belongs to. (referenced in compose file)
+# @param version              Version of the docker image to use. (referenced in compose file)
+# @param service_name         The name of the service, ex test.test.swedenconnect.se (referenced in compose file)
+# @param server_fqdn          The FQDN of the server. (referenced in compose file)
+# @param service_dir          The directory where all app related config and files are stored. (referenced in compose file)
+class eid::test_my_eid (
+  Enum['test', 'qa', 'prod'] $environment,
+  String                     $version = '',
+  String                     $service_name = '',
+  String                     $server_fqdn = $facts['networking']['fqdn'],
+  String                     $service_dir = '/opt/test-my-eid',
+) {
+
+  # Allow HTTP/HTTPS from load balancer servers
+  $lb_ips = hiera_array("lb_${environment}_servers",[])
+  sunet::nftables::allow { 'allow-http-from-lbs':
+    from => $lb_ips,
+    port => 80,
+  }
+  sunet::nftables::allow { 'allow-https-from-lbs':
+    from => $lb_ips,
+    port => 443,
+  }
+
+  file {["${service_dir}",'/var/log/test-my-eid','/etc/ssl']: ensure => directory }
+
+}