# oidcfedservice
class eidas::oidf_service(
  String $image_tag,
  Enum['sandbox'] $enviroment,
  Integer $service_port = 2000,
  String $server_fqdn = $facts['networking']['fqdn'],

) {

    $keystore_password = lookup('keystore_password', String, undef, undef)


    ensure_resource('sunet::misc::create_dir', '/opt/oidf_service/config/', { owner => 'root', group => 'root', mode => '0750'})
    file { '/opt/oidf_service/config/application.yml':
      content => template("eidas/oidf_service/application-${enviroment}.yml.erb"),
      mode    => '0755',
    }

    if lookup("oidf_service_key", undef, undef, undef) != undef {
      sunet::snippets::secret_file { "/opt/oidf_service/oidf_service.key": hiera_key => "oidf_service_key" }
      # assume cert is in cosmos repo
    } else {
      # make key pair
      sunet::snippets::keygen {"oidf_service_key":
        key_file  => "/opt/oidf_service/oidf_service.key",
        cert_file => "/opt/oidf_service/oidf_service.pem"
      }
      exec { "build_oidf_service_key.p12":
        command => "openssl pkcs12 -export -in '/opt/oidf_service/oidf_service.pem' -inkey '/opt/oidf_service/oidf_service.key' -name '1' -out '/opt/oidf_service/oidf_service.p12' -passin pass:'${keystore_password}' -passout pass:'${keystore_password}'",
        onlyif  => "test ! -f /opt/oidf_service/oidf_service.p12"
      }
    }
}