Add new parameters for cacert-selfservice 0.2.0

3 files changed, 32 insertions, 2 deletions

diff --git a/hieradata/nodes/community.yaml b/hieradata/nodes/community.yaml
index 8103ee2..b5d72bd 100644
--- a/hieradata/nodes/community.yaml
+++ b/hieradata/nodes/community.yaml
@@ -329,3 +329,18 @@ profiles::cacert_selfservice::server_private_key: >
     meSzL66S0bE3fMQW7PHJBEJfd1rF7Lzc1zyYOuEEKxKuZTAv0oNJa7boRFWN
     b7xfkInLzKPfTfNlY9txwOqlGWYfZxa4d6fBKbVxdspf8WnTIrXgWshjWYcV
     /r8P6g==]
+profiles::cacert_selfservice::jwt_private_key: >
+    ENC[PKCS7,MIICXAYJKoZIhvcNAQcDoIICTTCCAkkCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEAqkP3W1VRWy1uh8R6lGuqFXDVf+B0HhrFHmvn
+    FtxQWRVlQZzudoQnWJsLR/J41qk7bX/eOmv8S5nKIwRIvovwb7tI+T9TaJ33
+    hXUMZ9TBTjkz3OD6Pv/dsp/2zvGFHICEwIcUaJD2tBAqFPM1JhlJqXAwRNCK
+    d2r8787fglChU/EpMhA45FvXvkCDxBE9W+L+aMzMlV6DcnQPCqKZwADQuBDS
+    qw41j/hvmPzjconmV8aknXBdTaKUqKuspmn3tLIQGMRHUnKxq80AV5kdqlTy
+    1PwhN6FdFqBfosJuemV6eM6B0wupa4NK5iYvuRN/htQXJOjw562KUPDE1oe3
+    PXqK0DCCAR0GCSqGSIb3DQEHATAdBglghkgBZQMEASoEECj13+wuFOeVRqiX
+    d/s4ZZSAgfAx98UDQlEtcfX+5fCgw2ofqTD1K1KBzpGemGD9UbK0AI+sFhpY
+    SyeuzhXS+s/XP9MYtlHgZiVgt7B95+EnCoGNGWfY5gWFzSvu63zikEGTT9tf
+    6iPS/A4sYu+HFPuE/ryHrCBJi0e1yaf2pa5IctFhpeWF++Dw3pmYC3c3sZb6
+    ieCxxZ4r+NiPvS3xnAE+q3P7z5R3OTVYZkmLCupzBtnqi8Ne/TdvmUBWDtw4
+    2v8bs97vfnguWiynjekfeZgjO28SWiJYwLFuQUtV+kvYl9baPpORFTfuI3Rs
+    dCF8snPWlLs3m+PXsz2HoiGe0s2tBKM=]
diff --git a/sitemodules/profiles/manifests/cacert_selfservice.pp b/sitemodules/profiles/manifests/cacert_selfservice.pp
index 3aab8b8..3165c02 100644
--- a/sitemodules/profiles/manifests/cacert_selfservice.pp
+++ b/sitemodules/profiles/manifests/cacert_selfservice.pp
@@ -29,6 +29,11 @@
 #
 # @param api_endpoint_url    backend API endpoint URL
 #
+# @param jwt_private_key     PEM encoded ECDSA private key for signing JWT
+#                            tokens
+#
+# @param jwt_validity_hours  number of hours that JWT tokens will be valid
+#
 # Examples
 # --------
 #
@@ -45,7 +50,7 @@
 # Copyright
 # ---------
 #
-# Copyright 2019 Jan Dittberner
+# Copyright 2019, 2020 Jan Dittberner
 #
 class profiles::cacert_selfservice (
   String $base_url = "https://selfservice.cacert.org",
@@ -58,6 +63,8 @@ class profiles::cacert_selfservice (
   String $api_client_id,
   String $api_private_key,
   String $api_endpoint_url = "https://email.infra.cacert.org:9443/",
+  String $jwt_private_key,
+  Integer $jwt_validity_hours = 24,
 ) {
   include profiles::cacert_debrepo
 
@@ -165,6 +172,8 @@ class profiles::cacert_selfservice (
       api_signature_key_lines => split($api_private_key, "\n"),
       api_endpoint_url        => $api_endpoint_url,
       log_directory           => $log_directory,
+      jwt_private_key_lines   => split($jwt_private_key, "\n"),
+      jwt_validity_hours      => $jwt_validity_hours,
     }),
     require => Package[$service_name],
     notify  => Service[$service_name],
diff --git a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
index bdb3477..15d042b 100644
--- a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
+++ b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
@@ -10,7 +10,9 @@
       String $api_client_id,
       String $api_cas,
       String $api_endpoint_url,
-      String $log_directory
+      String $log_directory,
+      Array[String] $jwt_private_key_lines,
+      Integer $jwt_validity_hours,
 | -%>
 ---
 client_ca_certificates: <%= $client_cas %>
@@ -29,3 +31,7 @@ api_client_id: <%= $api_client_id %>
 api_ca_certificates: <%= $api_cas %>
 api_endpoint_url: <%= $api_endpoint_url %>
 access_log: <%= $log_directory %>/access.log
+jwt_private_key: |
+<% $jwt_private_key_lines.each |$key_line| { %>  <%= $key_line %>
+<% } -%>
+jwt_validity_hours: $jwt_validity_hours