puppet-eid/manifests/oidf_service.pp

35 lines
1.4 KiB
ObjectPascal
Raw Normal View History

2025-04-23 11:34:14 +02:00
# oidcfedservice
2025-04-23 11:43:27 +02:00
class eidas::oidf_service(
2025-04-23 11:34:14 +02:00
String $image_tag,
2025-04-23 12:40:45 +02:00
Enum['sandbox'] $enviroment,
2025-04-23 12:53:48 +02:00
Integer $service_port = 2000,
2025-04-23 12:51:07 +02:00
String $server_fqdn = $facts['networking']['fqdn'],
2025-04-23 13:15:00 +02:00
String $keystore_file = "/opt/oidf_service/oidf_service.p12",
2025-04-23 12:51:07 +02:00
2025-04-23 11:34:14 +02:00
) {
2025-04-23 12:40:45 +02:00
2025-04-23 12:51:07 +02:00
$keystore_password = lookup('keystore_password', String, undef, undef)
2025-04-23 12:41:39 +02:00
ensure_resource('sunet::misc::create_dir', '/opt/oidf_service/config/', { owner => 'root', group => 'root', mode => '0750'})
2025-04-23 12:40:45 +02:00
file { '/opt/oidf_service/config/application.yml':
2025-04-23 12:43:04 +02:00
content => template("eidas/oidf_service/application-${enviroment}.yml.erb"),
2025-04-23 12:40:45 +02:00
mode => '0755',
2025-04-23 12:43:17 +02:00
}
2025-04-23 12:40:45 +02:00
2025-04-23 13:09:17 +02:00
if lookup("oidf_service_key", undef, undef, undef) != undef {
sunet::snippets::secret_file { "/opt/oidf_service/oidf_service.key": hiera_key => "oidf_service_key" }
# assume cert is in cosmos repo
} else {
# make key pair
sunet::snippets::keygen {"oidf_service_key":
key_file => "/opt/oidf_service/oidf_service.key",
cert_file => "/opt/oidf_service/oidf_service.pem"
}
2025-04-23 13:13:15 +02:00
exec { "build_oidf_service_key.p12":
command => "openssl pkcs12 -export -in '/opt/oidf_service/oidf_service.pem' -inkey '/opt/oidf_service/oidf_service.key' -name '1' -out '/opt/oidf_service/oidf_service.p12' -passin pass:'${keystore_password}' -passout pass:'${keystore_password}'",
onlyif => "test ! -f /opt/oidf_service/oidf_service.p12"
}
2025-04-23 13:09:17 +02:00
}
2025-04-23 11:34:14 +02:00
}