summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-06-04 22:51:46 +0200
committerJan Dittberner <jandd@cacert.org>2020-06-04 22:51:46 +0200
commiteefc20115b512ed9c34d852a6eea245e7db54295 (patch)
tree7c13aceea61b3b00cdd69dc2eb41fd8bc432e3cf
parente19b0451d3f692b11f13657406e818f7fc93c7f8 (diff)
downloadcacert-puppet-eefc20115b512ed9c34d852a6eea245e7db54295.tar.gz
cacert-puppet-eefc20115b512ed9c34d852a6eea245e7db54295.tar.xz
cacert-puppet-eefc20115b512ed9c34d852a6eea245e7db54295.zip
Add new parameters for cacert-selfservice 0.2.0
-rw-r--r--hieradata/nodes/community.yaml15
-rw-r--r--sitemodules/profiles/manifests/cacert_selfservice.pp11
-rw-r--r--sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp8
3 files changed, 32 insertions, 2 deletions
diff --git a/hieradata/nodes/community.yaml b/hieradata/nodes/community.yaml
index 8103ee2..b5d72bd 100644
--- a/hieradata/nodes/community.yaml
+++ b/hieradata/nodes/community.yaml
@@ -329,3 +329,18 @@ profiles::cacert_selfservice::server_private_key: >
meSzL66S0bE3fMQW7PHJBEJfd1rF7Lzc1zyYOuEEKxKuZTAv0oNJa7boRFWN
b7xfkInLzKPfTfNlY9txwOqlGWYfZxa4d6fBKbVxdspf8WnTIrXgWshjWYcV
/r8P6g==]
+profiles::cacert_selfservice::jwt_private_key: >
+ ENC[PKCS7,MIICXAYJKoZIhvcNAQcDoIICTTCCAkkCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAqkP3W1VRWy1uh8R6lGuqFXDVf+B0HhrFHmvn
+ FtxQWRVlQZzudoQnWJsLR/J41qk7bX/eOmv8S5nKIwRIvovwb7tI+T9TaJ33
+ hXUMZ9TBTjkz3OD6Pv/dsp/2zvGFHICEwIcUaJD2tBAqFPM1JhlJqXAwRNCK
+ d2r8787fglChU/EpMhA45FvXvkCDxBE9W+L+aMzMlV6DcnQPCqKZwADQuBDS
+ qw41j/hvmPzjconmV8aknXBdTaKUqKuspmn3tLIQGMRHUnKxq80AV5kdqlTy
+ 1PwhN6FdFqBfosJuemV6eM6B0wupa4NK5iYvuRN/htQXJOjw562KUPDE1oe3
+ PXqK0DCCAR0GCSqGSIb3DQEHATAdBglghkgBZQMEASoEECj13+wuFOeVRqiX
+ d/s4ZZSAgfAx98UDQlEtcfX+5fCgw2ofqTD1K1KBzpGemGD9UbK0AI+sFhpY
+ SyeuzhXS+s/XP9MYtlHgZiVgt7B95+EnCoGNGWfY5gWFzSvu63zikEGTT9tf
+ 6iPS/A4sYu+HFPuE/ryHrCBJi0e1yaf2pa5IctFhpeWF++Dw3pmYC3c3sZb6
+ ieCxxZ4r+NiPvS3xnAE+q3P7z5R3OTVYZkmLCupzBtnqi8Ne/TdvmUBWDtw4
+ 2v8bs97vfnguWiynjekfeZgjO28SWiJYwLFuQUtV+kvYl9baPpORFTfuI3Rs
+ dCF8snPWlLs3m+PXsz2HoiGe0s2tBKM=]
diff --git a/sitemodules/profiles/manifests/cacert_selfservice.pp b/sitemodules/profiles/manifests/cacert_selfservice.pp
index 3aab8b8..3165c02 100644
--- a/sitemodules/profiles/manifests/cacert_selfservice.pp
+++ b/sitemodules/profiles/manifests/cacert_selfservice.pp
@@ -29,6 +29,11 @@
#
# @param api_endpoint_url backend API endpoint URL
#
+# @param jwt_private_key PEM encoded ECDSA private key for signing JWT
+# tokens
+#
+# @param jwt_validity_hours number of hours that JWT tokens will be valid
+#
# Examples
# --------
#
@@ -45,7 +50,7 @@
# Copyright
# ---------
#
-# Copyright 2019 Jan Dittberner
+# Copyright 2019, 2020 Jan Dittberner
#
class profiles::cacert_selfservice (
String $base_url = "https://selfservice.cacert.org",
@@ -58,6 +63,8 @@ class profiles::cacert_selfservice (
String $api_client_id,
String $api_private_key,
String $api_endpoint_url = "https://email.infra.cacert.org:9443/",
+ String $jwt_private_key,
+ Integer $jwt_validity_hours = 24,
) {
include profiles::cacert_debrepo
@@ -165,6 +172,8 @@ class profiles::cacert_selfservice (
api_signature_key_lines => split($api_private_key, "\n"),
api_endpoint_url => $api_endpoint_url,
log_directory => $log_directory,
+ jwt_private_key_lines => split($jwt_private_key, "\n"),
+ jwt_validity_hours => $jwt_validity_hours,
}),
require => Package[$service_name],
notify => Service[$service_name],
diff --git a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
index bdb3477..15d042b 100644
--- a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
+++ b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
@@ -10,7 +10,9 @@
String $api_client_id,
String $api_cas,
String $api_endpoint_url,
- String $log_directory
+ String $log_directory,
+ Array[String] $jwt_private_key_lines,
+ Integer $jwt_validity_hours,
| -%>
---
client_ca_certificates: <%= $client_cas %>
@@ -29,3 +31,7 @@ api_client_id: <%= $api_client_id %>
api_ca_certificates: <%= $api_cas %>
api_endpoint_url: <%= $api_endpoint_url %>
access_log: <%= $log_directory %>/access.log
+jwt_private_key: |
+<% $jwt_private_key_lines.each |$key_line| { %> <%= $key_line %>
+<% } -%>
+jwt_validity_hours: $jwt_validity_hours