33 lines
1.3 KiB
Puppet
33 lines
1.3 KiB
Puppet
# oidcfedservice
|
|
class eidas::oidf_service(
|
|
String $image_tag,
|
|
Enum['sandbox'] $enviroment,
|
|
Integer $service_port = 2000,
|
|
String $server_fqdn = $facts['networking']['fqdn'],
|
|
|
|
) {
|
|
|
|
$keystore_password = lookup('keystore_password', String, undef, undef)
|
|
|
|
|
|
ensure_resource('sunet::misc::create_dir', '/opt/oidf_service/config/', { owner => 'root', group => 'root', mode => '0750'})
|
|
file { '/opt/oidf_service/config/application.yml':
|
|
content => template("eidas/oidf_service/application-${enviroment}.yml.erb"),
|
|
mode => '0755',
|
|
}
|
|
|
|
if lookup("oidf_service_key", undef, undef, undef) != undef {
|
|
sunet::snippets::secret_file { "/opt/oidf_service/oidf_service.key": hiera_key => "oidf_service_key" }
|
|
# assume cert is in cosmos repo
|
|
} else {
|
|
# make key pair
|
|
sunet::snippets::keygen {"oidf_service_key":
|
|
key_file => "/opt/oidf_service/oidf_service.key",
|
|
cert_file => "/opt/oidf_service/oidf_service.pem"
|
|
}
|
|
exec { "build_oidf_service_key.p12":
|
|
command => "openssl pkcs12 -export -in '/opt/oidf_service/oidf_service.pem' -inkey '/opt/oidf_service/oidf_service.key' -name '1' -out '/opt/oidf_service/oidf_service.p12' -passin pass:'${keystore_password}' -passout pass:'${keystore_password}'",
|
|
onlyif => "test ! -f /opt/oidf_service/oidf_service.p12"
|
|
}
|
|
}
|
|
}
|