diff options
author | Jan Dittberner <jandd@cacert.org> | 2020-06-04 22:51:46 +0200 |
---|---|---|
committer | Jan Dittberner <jandd@cacert.org> | 2020-06-04 22:51:46 +0200 |
commit | eefc20115b512ed9c34d852a6eea245e7db54295 (patch) | |
tree | 7c13aceea61b3b00cdd69dc2eb41fd8bc432e3cf | |
parent | e19b0451d3f692b11f13657406e818f7fc93c7f8 (diff) | |
download | cacert-puppet-eefc20115b512ed9c34d852a6eea245e7db54295.tar.gz cacert-puppet-eefc20115b512ed9c34d852a6eea245e7db54295.tar.xz cacert-puppet-eefc20115b512ed9c34d852a6eea245e7db54295.zip |
Add new parameters for cacert-selfservice 0.2.0
-rw-r--r-- | hieradata/nodes/community.yaml | 15 | ||||
-rw-r--r-- | sitemodules/profiles/manifests/cacert_selfservice.pp | 11 | ||||
-rw-r--r-- | sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp | 8 |
3 files changed, 32 insertions, 2 deletions
diff --git a/hieradata/nodes/community.yaml b/hieradata/nodes/community.yaml index 8103ee2..b5d72bd 100644 --- a/hieradata/nodes/community.yaml +++ b/hieradata/nodes/community.yaml @@ -329,3 +329,18 @@ profiles::cacert_selfservice::server_private_key: > meSzL66S0bE3fMQW7PHJBEJfd1rF7Lzc1zyYOuEEKxKuZTAv0oNJa7boRFWN b7xfkInLzKPfTfNlY9txwOqlGWYfZxa4d6fBKbVxdspf8WnTIrXgWshjWYcV /r8P6g==] +profiles::cacert_selfservice::jwt_private_key: > + ENC[PKCS7,MIICXAYJKoZIhvcNAQcDoIICTTCCAkkCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAqkP3W1VRWy1uh8R6lGuqFXDVf+B0HhrFHmvn + FtxQWRVlQZzudoQnWJsLR/J41qk7bX/eOmv8S5nKIwRIvovwb7tI+T9TaJ33 + hXUMZ9TBTjkz3OD6Pv/dsp/2zvGFHICEwIcUaJD2tBAqFPM1JhlJqXAwRNCK + d2r8787fglChU/EpMhA45FvXvkCDxBE9W+L+aMzMlV6DcnQPCqKZwADQuBDS + qw41j/hvmPzjconmV8aknXBdTaKUqKuspmn3tLIQGMRHUnKxq80AV5kdqlTy + 1PwhN6FdFqBfosJuemV6eM6B0wupa4NK5iYvuRN/htQXJOjw562KUPDE1oe3 + PXqK0DCCAR0GCSqGSIb3DQEHATAdBglghkgBZQMEASoEECj13+wuFOeVRqiX + d/s4ZZSAgfAx98UDQlEtcfX+5fCgw2ofqTD1K1KBzpGemGD9UbK0AI+sFhpY + SyeuzhXS+s/XP9MYtlHgZiVgt7B95+EnCoGNGWfY5gWFzSvu63zikEGTT9tf + 6iPS/A4sYu+HFPuE/ryHrCBJi0e1yaf2pa5IctFhpeWF++Dw3pmYC3c3sZb6 + ieCxxZ4r+NiPvS3xnAE+q3P7z5R3OTVYZkmLCupzBtnqi8Ne/TdvmUBWDtw4 + 2v8bs97vfnguWiynjekfeZgjO28SWiJYwLFuQUtV+kvYl9baPpORFTfuI3Rs + dCF8snPWlLs3m+PXsz2HoiGe0s2tBKM=] diff --git a/sitemodules/profiles/manifests/cacert_selfservice.pp b/sitemodules/profiles/manifests/cacert_selfservice.pp index 3aab8b8..3165c02 100644 --- a/sitemodules/profiles/manifests/cacert_selfservice.pp +++ b/sitemodules/profiles/manifests/cacert_selfservice.pp @@ -29,6 +29,11 @@ # # @param api_endpoint_url backend API endpoint URL # +# @param jwt_private_key PEM encoded ECDSA private key for signing JWT +# tokens +# +# @param jwt_validity_hours number of hours that JWT tokens will be valid +# # Examples # -------- # @@ -45,7 +50,7 @@ # Copyright # --------- # -# Copyright 2019 Jan Dittberner +# Copyright 2019, 2020 Jan Dittberner # class profiles::cacert_selfservice ( String $base_url = "https://selfservice.cacert.org", @@ -58,6 +63,8 @@ class profiles::cacert_selfservice ( String $api_client_id, String $api_private_key, String $api_endpoint_url = "https://email.infra.cacert.org:9443/", + String $jwt_private_key, + Integer $jwt_validity_hours = 24, ) { include profiles::cacert_debrepo @@ -165,6 +172,8 @@ class profiles::cacert_selfservice ( api_signature_key_lines => split($api_private_key, "\n"), api_endpoint_url => $api_endpoint_url, log_directory => $log_directory, + jwt_private_key_lines => split($jwt_private_key, "\n"), + jwt_validity_hours => $jwt_validity_hours, }), require => Package[$service_name], notify => Service[$service_name], diff --git a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp index bdb3477..15d042b 100644 --- a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp +++ b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp @@ -10,7 +10,9 @@ String $api_client_id, String $api_cas, String $api_endpoint_url, - String $log_directory + String $log_directory, + Array[String] $jwt_private_key_lines, + Integer $jwt_validity_hours, | -%> --- client_ca_certificates: <%= $client_cas %> @@ -29,3 +31,7 @@ api_client_id: <%= $api_client_id %> api_ca_certificates: <%= $api_cas %> api_endpoint_url: <%= $api_endpoint_url %> access_log: <%= $log_directory %>/access.log +jwt_private_key: | +<% $jwt_private_key_lines.each |$key_line| { %> <%= $key_line %> +<% } -%> +jwt_validity_hours: $jwt_validity_hours |