summaryrefslogtreecommitdiff
path: root/sitemodules
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules')
-rw-r--r--sitemodules/profiles/manifests/cacert_selfservice.pp11
-rw-r--r--sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp8
2 files changed, 17 insertions, 2 deletions
diff --git a/sitemodules/profiles/manifests/cacert_selfservice.pp b/sitemodules/profiles/manifests/cacert_selfservice.pp
index 3aab8b8..3165c02 100644
--- a/sitemodules/profiles/manifests/cacert_selfservice.pp
+++ b/sitemodules/profiles/manifests/cacert_selfservice.pp
@@ -29,6 +29,11 @@
#
# @param api_endpoint_url backend API endpoint URL
#
+# @param jwt_private_key PEM encoded ECDSA private key for signing JWT
+# tokens
+#
+# @param jwt_validity_hours number of hours that JWT tokens will be valid
+#
# Examples
# --------
#
@@ -45,7 +50,7 @@
# Copyright
# ---------
#
-# Copyright 2019 Jan Dittberner
+# Copyright 2019, 2020 Jan Dittberner
#
class profiles::cacert_selfservice (
String $base_url = "https://selfservice.cacert.org",
@@ -58,6 +63,8 @@ class profiles::cacert_selfservice (
String $api_client_id,
String $api_private_key,
String $api_endpoint_url = "https://email.infra.cacert.org:9443/",
+ String $jwt_private_key,
+ Integer $jwt_validity_hours = 24,
) {
include profiles::cacert_debrepo
@@ -165,6 +172,8 @@ class profiles::cacert_selfservice (
api_signature_key_lines => split($api_private_key, "\n"),
api_endpoint_url => $api_endpoint_url,
log_directory => $log_directory,
+ jwt_private_key_lines => split($jwt_private_key, "\n"),
+ jwt_validity_hours => $jwt_validity_hours,
}),
require => Package[$service_name],
notify => Service[$service_name],
diff --git a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
index bdb3477..15d042b 100644
--- a/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
+++ b/sitemodules/profiles/templates/cacert_selfservice/config.yaml.epp
@@ -10,7 +10,9 @@
String $api_client_id,
String $api_cas,
String $api_endpoint_url,
- String $log_directory
+ String $log_directory,
+ Array[String] $jwt_private_key_lines,
+ Integer $jwt_validity_hours,
| -%>
---
client_ca_certificates: <%= $client_cas %>
@@ -29,3 +31,7 @@ api_client_id: <%= $api_client_id %>
api_ca_certificates: <%= $api_cas %>
api_endpoint_url: <%= $api_endpoint_url %>
access_log: <%= $log_directory %>/access.log
+jwt_private_key: |
+<% $jwt_private_key_lines.each |$key_line| { %> <%= $key_line %>
+<% } -%>
+jwt_validity_hours: $jwt_validity_hours