puppet-eid/manifests/oidf_service.pp

# oidcfedservice
class eidas::oidf_service(
  String $image_tag,
  Enum['sandbox'] $enviroment,
  Integer $service_port = 2000,
  String $server_fqdn = $facts['networking']['fqdn'],
  String $keystore_file = "/opt/oidf_service/oidf_service.p12",

) {

    $keystore_password = lookup('keystore_password', String, undef, undef)


    ensure_resource('sunet::misc::create_dir', '/opt/oidf_service/config/', { owner => 'root', group => 'root', mode => '0750'})
    file { '/opt/oidf_service/config/application.yml':
      content => template("eidas/oidf_service/application-${enviroment}.yml.erb"),
      mode    => '0755',
    }

    if lookup("oidf_service_key", undef, undef, undef) != undef {
      sunet::snippets::secret_file { "/opt/oidf_service/oidf_service.key": hiera_key => "oidf_service_key" }
      # assume cert is in cosmos repo
    } else {
      # make key pair
      sunet::snippets::keygen {"oidf_service_key":
        key_file  => "/opt/oidf_service/oidf_service.key",
        cert_file => "/opt/oidf_service/oidf_service.pem"
      }
      exec { "build_oidf_service_key.p12":
        command => "openssl pkcs12 -export -in '/opt/oidf_service/oidf_service.pem' -inkey '/opt/oidf_service/oidf_service.key' -name '1' -out '/opt/oidf_service/oidf_service.p12' -passin pass:'${keystore_password}' -passout pass:'${keystore_password}'",
        onlyif  => "test ! -f /opt/oidf_service/oidf_service.p12"
      }
    }
}
New class 2025-04-23 11:34:14 +02:00			`# oidcfedservice`
Better name 2025-04-23 11:43:27 +02:00			`class eidas::oidf_service(`
New class 2025-04-23 11:34:14 +02:00			`String $image_tag,`
Put files in place 2025-04-23 12:40:45 +02:00			`Enum['sandbox'] $enviroment,`
Syntax error 2025-04-23 12:53:48 +02:00			`Integer $service_port = 2000,`
Configuration 2025-04-23 12:51:07 +02:00			`String $server_fqdn = $facts['networking']['fqdn'],`
Use our new p12 2025-04-23 13:15:00 +02:00			`String $keystore_file = "/opt/oidf_service/oidf_service.p12",`
Configuration 2025-04-23 12:51:07 +02:00
New class 2025-04-23 11:34:14 +02:00			`) {`
Put files in place 2025-04-23 12:40:45 +02:00
Configuration 2025-04-23 12:51:07 +02:00			`$keystore_password = lookup('keystore_password', String, undef, undef)`


Create correct directory 2025-04-23 12:41:39 +02:00			`ensure_resource('sunet::misc::create_dir', '/opt/oidf_service/config/', { owner => 'root', group => 'root', mode => '0750'})`
Put files in place 2025-04-23 12:40:45 +02:00			`file { '/opt/oidf_service/config/application.yml':`
Wrong path 2025-04-23 12:43:04 +02:00			`content => template("eidas/oidf_service/application-${enviroment}.yml.erb"),`
Put files in place 2025-04-23 12:40:45 +02:00			`mode => '0755',`
Syntax error 2025-04-23 12:43:17 +02:00			`}`
Put files in place 2025-04-23 12:40:45 +02:00
Create key pair 2025-04-23 13:09:17 +02:00			`if lookup("oidf_service_key", undef, undef, undef) != undef {`
			`sunet::snippets::secret_file { "/opt/oidf_service/oidf_service.key": hiera_key => "oidf_service_key" }`
			`# assume cert is in cosmos repo`
			`} else {`
			`# make key pair`
			`sunet::snippets::keygen {"oidf_service_key":`
			`key_file => "/opt/oidf_service/oidf_service.key",`
			`cert_file => "/opt/oidf_service/oidf_service.pem"`
			`}`
Make sure of p12 2025-04-23 13:13:15 +02:00			`exec { "build_oidf_service_key.p12":`
			`command => "openssl pkcs12 -export -in '/opt/oidf_service/oidf_service.pem' -inkey '/opt/oidf_service/oidf_service.key' -name '1' -out '/opt/oidf_service/oidf_service.p12' -passin pass:'${keystore_password}' -passout pass:'${keystore_password}'",`
			`onlyif => "test ! -f /opt/oidf_service/oidf_service.p12"`
			`}`
Create key pair 2025-04-23 13:09:17 +02:00			`}`
New class 2025-04-23 11:34:14 +02:00			`}`