From d7e968ba9c64db765bc5f1bd6798977e3bdd6306 Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Wed, 5 Mar 2025 12:46:51 +0100 Subject: [PATCH] First draft of new test_my_eid class, SC-2840 --- .../modules/eid/manifests/test_my_eid.pp | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp diff --git a/global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp b/global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp new file mode 100644 index 00000000..9bcc7b40 --- /dev/null +++ b/global/overlay/etc/puppet/modules/eid/manifests/test_my_eid.pp @@ -0,0 +1,30 @@ +# This puppet manifest is used to configure Sweden Connect "test my eid" servers +# https://github.com/swedenconnect/docker-eidas-test + +# @param environment The environment that the server belongs to. (referenced in compose file) +# @param version Version of the docker image to use. (referenced in compose file) +# @param service_name The name of the service, ex test.test.swedenconnect.se (referenced in compose file) +# @param server_fqdn The FQDN of the server. (referenced in compose file) +# @param service_dir The directory where all app related config and files are stored. (referenced in compose file) +class eid::test_my_eid ( + Enum['test', 'qa', 'prod'] $environment, + String $version = '', + String $service_name = '', + String $server_fqdn = $facts['networking']['fqdn'], + String $service_dir = '/opt/test-my-eid', +) { + + # Allow HTTP/HTTPS from load balancer servers + $lb_ips = hiera_array("lb_${environment}_servers",[]) + sunet::nftables::allow { 'allow-http-from-lbs': + from => $lb_ips, + port => 80, + } + sunet::nftables::allow { 'allow-https-from-lbs': + from => $lb_ips, + port => 443, + } + + file {["${service_dir}",'/var/log/test-my-eid','/etc/ssl']: ensure => directory } + +}