added prid ufw rules

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -244,6 +244,7 @@ md-eu1.qa.komreg.net:
    servicemonitor:
    prid:
       version: 1.0.1
+      clients: 'prid_prod_clients'
 
 '^eidas-proxy-[0-9]+\.sveidas\.se$':
    eid::dockerhost:
@@ -313,6 +314,7 @@ md-eu1.qa.komreg.net:
    servicemonitor:
    prid:
       version: 1.0.1
+      clients: 'prid_qa_clients'
 
 '^validator-[0-9]+\.qa\.komreg\.net$':
    openstack_dockerhost:

global/overlay/etc/puppet/manifests/cosmos-site.pp

@@ -291,9 +291,10 @@ class eidas_proxy($version='1.0.0',$country='se',$hostname='localhost') {
    class {'https_server': }
 }
 
-class prid($version="1.0.0") {
+class prid($version="1.0.0",$clients) {
    $_version = safe_hiera('eidas_prid_version',$version)
    $hostname = $::fqdn
+   $_allow_clients = safe_hiera($clients)
    sunet::docker_run {'prid':
       image     => 'docker.sunet.se/prid-service',
       imagetag  => $_version,
@@ -304,7 +305,10 @@ class prid($version="1.0.0") {
       env       => ["PRID_SERVICE_POLICY_CONFIGURATION=file:///etc/prid-service/policy.properties",
                     "CERTNAME=${hostname}_infra"]
    } ->
-   class {'webserver': } ->
+   sunet::misc::ufw_allow {'allow-prid':
+      from   => $_allow_clients,
+      port   => 443
+   } ->
    class {'https_server': }
 }