Merge branch 'test' into 'production'

Test->production See merge request !4

Merge branch 'test' into 'production'
b6172701 · Magnus Toneby · dacbd3eb · 642f00fb · b6172701 · b6172701
Commit b6172701 authored 1 year ago by Magnus Toneby
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -3,6 +3,7 @@ require:
 - rubocop-performance
 - rubocop-rspec
 AllCops:
+  NewCops: enable
  DisplayCopNames: true
  TargetRubyVersion: '2.6'
  Include:
@@ -527,6 +528,8 @@ Lint/DuplicateBranch:
  Enabled: false
 Lint/DuplicateMagicComment:
  Enabled: false
+Lint/DuplicateMatchPattern:
+  Enabled: false
 Lint/DuplicateRegexpCharacterClassElement:
  Enabled: false
 Lint/EmptyBlock:
@@ -643,6 +646,8 @@ Style/ComparableClamp:
  Enabled: false
 Style/ConcatArrayLiterals:
  Enabled: false
+Style/DataInheritance:
+  Enabled: false
 Style/DirEmpty:
  Enabled: false
 Style/DocumentDynamicEvalDefinition:
@@ -711,6 +716,8 @@ Style/RedundantHeredocDelimiterQuotes:
  Enabled: false
 Style/RedundantInitialize:
  Enabled: false
+Style/RedundantLineContinuation:
+  Enabled: false
 Style/RedundantSelfAssignmentBranch:
  Enabled: false
 Style/RedundantStringEscape:

--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -5,5 +5,6 @@
    "ms-vscode.powershell",
    "EditorConfig.EditorConfig",
    "glenbuktenica.unicode-substitutions"
+    "Shopify.ruby-lsp"
  ]
 }
--- a/Gemfile
+++ b/Gemfile
@@ -20,30 +20,29 @@ group :development do
  gem "json", '= 2.6.1',                         require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
  gem "json", '= 2.6.3',                         require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
  gem "racc", '~> 1.4.0',                        require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "deep_merge", '~> 1.0',                    require: false
  gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
  gem "facterdb", '~> 1.18',                     require: false
-  gem "metadata-json-lint", '~> 3.0',            require: false
+  gem "metadata-json-lint", '~> 4.0',            require: false
-  gem "puppetlabs_spec_helper", '~> 6.0',        require: false
+  gem "rspec-puppet-facts", '~> 3.0',            require: false
-  gem "rspec-puppet-facts", '~> 2.0',            require: false
-  gem "codecov", '~> 0.2',                       require: false
  gem "dependency_checker", '~> 1.0.0',          require: false
  gem "parallel_tests", '= 3.12.1',              require: false
  gem "pry", '~> 0.10',                          require: false
-  gem "simplecov-console", '~> 0.5',             require: false
+  gem "simplecov-console", '~> 0.9',             require: false
  gem "puppet-debugger", '~> 1.0',               require: false
-  gem "rubocop", '= 1.48.1',                     require: false
+  gem "rubocop", '~> 1.50.0',                    require: false
  gem "rubocop-performance", '= 1.16.0',         require: false
  gem "rubocop-rspec", '= 2.19.0',               require: false
-  gem "puppet-strings", '~> 4.0',                require: false
  gem "rb-readline", '= 0.5.5',                  require: false, platforms: [:mswin, :mingw, :x64_mingw]
 end
-group :system_tests do
+group :development, :release_prep do
-  gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
-  gem "serverspec", '~> 2.41',   require: false
-end
-group :release_prep do
  gem "puppet-strings", '~> 4.0',         require: false
-  gem "puppetlabs_spec_helper", '~> 6.0', require: false
+  gem "puppetlabs_spec_helper", '~> 7.0', require: false
+end
+group :system_tests do
+  gem "puppet_litmus", '~> 1.0',   require: false, platforms: [:ruby, :x64_mingw]
+  gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "serverspec", '~> 2.41',     require: false
 end
 puppet_version = ENV['PUPPET_GEM_VERSION']

--- a/README.md
+++ b/README.md
-# folioscripts
+# ub_folio
-## Documentation ideas
+## encrypt configuration data
-For more ideas about what to document here see the [pdk template
+You need https://github.com/voxpupuli/hiera-eyaml
-readme](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot_init/README.md.erb).
+If you have ruby installed you can do 'gem install hiera-eyaml'
-For how to do it:
+In the 'encrypt' director is a small script to help you.
-https://puppet.com/docs/puppet/latest/puppet_strings.html
-https://puppet.com/docs/puppet/latest/puppet_strings_style.html
+./encrypt/eyaml-encrypt.sh --stdin       (ctrl-d once or twice to end the inputing)
+./encrypt/eyaml-encrypt.sh --password    (for encryption of singleline data)
+paste the block output into a 'FQDN.yaml' in data/nodes/
+##
+utgå från .env i /opt/liu/foliofront/foliofront-node-root på någon maskin med foliofront
+ändra datat och kryptera filen, och lägg in i data/nodes/*.yaml 
+add, commit and push
+kolla att puppetmodulen gick igenom CI-kedjan
+vänta ett tag
+kör puppet på folioservices01.test.it.liu.se
+se att ändringen skett i .env
--- a/Rakefile
+++ b/Rakefile
@@ -4,85 +4,6 @@ require 'bundler'
 require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
 require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-syntax/tasks/puppet-syntax'
-require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
 require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
-def changelog_user
-  return unless Rake.application.top_level_tasks.include? "changelog"
-  returnVal = nil || JSON.load(File.read('metadata.json'))['author']
-  raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
-  puts "GitHubChangelogGenerator user:#{returnVal}"
-  returnVal
-end
-def changelog_project
-  return unless Rake.application.top_level_tasks.include? "changelog"
-  returnVal = nil
-  returnVal ||= begin
-    metadata_source = JSON.load(File.read('metadata.json'))['source']
-    metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
-    metadata_source_match && metadata_source_match[1]
-  end
-  raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
-  puts "GitHubChangelogGenerator project:#{returnVal}"
-  returnVal
-end
-def changelog_future_release
-  return unless Rake.application.top_level_tasks.include? "changelog"
-  returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
-  raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
-  puts "GitHubChangelogGenerator future_release:#{returnVal}"
-  returnVal
-end
 PuppetLint.configuration.send('disable_relative')
-if Gem.loaded_specs.key? 'github_changelog_generator'
-  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
-    raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
-    config.user = "#{changelog_user}"
-    config.project = "#{changelog_project}"
-    config.future_release = "#{changelog_future_release}"
-    config.exclude_labels = ['maintenance']
-    config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
-    config.add_pr_wo_labels = true
-    config.issues = false
-    config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
-    config.configure_sections = {
-      "Changed" => {
-        "prefix" => "### Changed",
-        "labels" => ["backwards-incompatible"],
-      },
-      "Added" => {
-        "prefix" => "### Added",
-        "labels" => ["enhancement", "feature"],
-      },
-      "Fixed" => {
-        "prefix" => "### Fixed",
-        "labels" => ["bug", "documentation", "bugfix"],
-      },
-    }
-  end
-else
-  desc 'Generate a Changelog from GitHub'
-  task :changelog do
-    raise <<EOM
-The changelog tasks depends on recent features of the github_changelog_generator gem.
-Please manually add it to your .sync.yml for now, and run `pdk update`:
---
-Gemfile:
-  optional:
-    ':development':
-      - gem: 'github_changelog_generator'
-        version: '~> 1.15'
-        condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
-EOM
-  end
-end
--- a/data/nodes/folioservices01.test.it.liu.se.yaml
+++ b/data/nodes/folioservices01.test.it.liu.se.yaml
+---
+ub_folio::foliofront:
+  env: >
+    ENC[PKCS7,MIIO3QYJKoZIhvcNAQcDoIIOzjCCDsoCAQAxggEhMIIBHQIBAD
+    AFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAn0AsLfEkSiCNUc7UuJzKn1vcUp
+    yYItnkXrrlWQj+4FsjI4HrpOIe/NlNfqGuDJe6V5IvzX/aOmFBxvNHqZDu4V
+    jHyAXjpTE8dBwSLLkzNIMMszIbqkpjJyt3xMy3xG1aI9A8RhMl4zJhojzqkC
+    yfuTSaMHmkY5f/aJTjLK6o3hEpqa5vCo3vs1nCiGlCcUyG++Zd+IwgnoadeK
+    82RG6R2BM+ZRQLucQUn5u1ieGufNVskoNCpsTlQZtTL2dGG+InSrj7L55Oi1
+    672W6DhPvdrcJ/0rlred1YFL2OVJN/RRRCgsSJ/IpaiuhVKmBILWEDL5KJRo
+    foVdoWfNdTzDs/9zCCDZ4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEOCXZj
+    jE/SXhSu1Su/3Qgj6Agg1wbYrFQF0+05S7CjDIt9Ttf3Zogh2whQ7QwgXl+q
+    cW/tN+DN2RKkFlYlJo2DispO1ZWKH9K8RsTznOekgg+0iGXIq7vAf7D59XEt
+    cBif/HBZb1PdaUiuDf4H6hcf1Pvyjj7mUpIlqKpCerDw6MUQVMtX1TVkoTz7
+    /Hg3p0za29bnW2lXkxqilct3gvE5z1bPDUWuul7bDqkDWZeFCseBs6+o2u2H
+    XXHyP+OhrgKhc/UPahGvdH0AwLtI3mGEjF2y9PRWDMLwzQzAeaIqP/fg6Rhx
+    etvV050s8AbrlKWq3FDokqltOpV4NNp1XwGhb4yWPTH7MIgXOqiIwHejoP6y
+    xlJxk+zRVbfa2Rmx3eAxY0KdnHd20uupbfEsuSGfpVXiQ8H5YhApUNbttEy2
+    tzlXrrU9OWnHW1yv+gdSzF8DFE/YPUHIaHAGezIfEyVMDvn/ZQ3YzMDxkryf
+    mkXM1cTTagQhnbPeGaRMGs5e3O4lZvBUMc+hZ0Yof+VSmfm/O9Y+0HZFyuzI
+    CBP6VqbtawXTVwlvDaZUlyAosj91a0GWunOJToFfPA0IcPvspiO1Y8DgpplD
+    u0O84dy4dilD28jSxLLcXyxsq1h4LC3FIOZ8FcEUZckAdHUvzx7l5aF517js
+    y9+R75Tb0xpb4NYzHtp+Ga4Pn9D+jwNcn6Wox183NMG7M036YklX2JoKqle0
+    Cuyia7QysYnB+vO9dik9gWowa1n2cP0EqziT2m4vUTFI5GiM4mpKnhROJ2Qo
+    /inCYhVf4MNGPjYvh/sSC7OFS7CkuTb0ONTtO8CkQM1qVHG/YoCs1O59rjhe
+    bad19FRKSkjlMcC/n7LhTpFLfCp/lftFUgzwD6JHK3QfsZVn114tMcck62jJ
+    D//2sqF99bYiBItYMQZKmpubA6HcRqn7Ajg9HL/aAW/fgb3XOYOOTIPC+89l
+    F5Shf5cIyoD1Cx/yerNop8Eh0SZGE4yIzCYMr5UkOJCh9I6+gpARz55fWaqJ
+    11/8LF0HJ1gquRn3j2gyZz/V4TsBtyVuhnXEF9TW5zuFzCfdnL3lgOBm/n38
+    vBcZ9zIEkPi/L5Y2Zs0X47hR6lEykDrfYUddEMN0jMKMmrpI022OkPnMyX4U
+    KceamiHG3tx4SsVEM1rau/i6swGQJiiou9n3PFC8eU9pecAHDe1CYcp8fFxC
+    AcpIEeX1at/IGa0wqbvPeXyP7wtymd+WC4UO5FE63rLCAZxNfUTYsoEfzwhE
+    6GkgZ6OrQwhPfq/sWdL3Q/z+6uLhLrXZkaeuXTfTEjw/YRkkWp7nwBgP87B3
+    hlm/rraVl9tUGZmIFxiiTIhMARAs3oFy6RMlkbiRo+PNC2GuuaRQCqsaV8y9
+    SUfEc8XDwfRV3y2XVSWfi7FDuRVTupKVRL1VD3kD/jV8M08YX67cPUk5USPf
+    aP4ujUnegZVJ8y+VVNDvK6u0St+Nqt1C438fklPPvon+wArbLT1irEOcHW6P
+    2ZqJi5MR3VgEanG6spTlnjTrILjP/mAKoC/3X4IyDIhneaR7fyjjOTBwdPAw
+    L6ziapz8kbqba6c7D6sNTn7cE76CTwgS9VJBrnYIQZsnFqHca9Ggzo4CKZpV
+    vlva5NpgyN/qjCB4ytO+D/ib6Yxo7+YttGStl1B805xK8159XblLMMNITgnB
+    yOUIqCOJGvSi9j8adGmE64CHscZpeFOYrHMBjfT2JbQpgcxBOxzMYEetcHVv
+    XEbPrsi+Zy0/nDuFTPsZrCntwClYztaSxXnYiEjGkndGoiKlO52qBnZq9Trk
+    a3EduMP8C4ZluVIqF9nQ905EYKMotmga4cub3WPWQ2a7Jc6UB8Cl7nQFg0Cz
+    EIzCe2XpyHZxDcCR9jhb8ZUKsdSY/EwZUKc5ezgQTxtirpZIoqMBxEdgdtA8
+    x06Thtww0gMgpb6QngBP5PYPbTZmSxn26YE+7+KUY8X5QUf0vffCahr6V9EZ
+    7nS+2qP8D3LXGV0xKDNUO0Zs34ZcthC4d5XK5ZFoUyEnlijpbViTp5DM3vlj
+    SeMCLWMNmxduJw4/+91p8JWKmOyUXmoRoHca0EDbnratUDR7tu+x7YbsupWy
+    PB84gkEyLhGT9dD90TCU/vUfJL1+8ORQfBVHRoIQT2BvvbsJAMevIQHj8Onh
+    yAL6sS2nUzpg9EmieF3gKWj2lUWACMWXQ4avfR98jMbVuvB9VnCZVnIsYg8z
+    0Tu+E/pfX4xcyctB3Jr991cXdh4fsGJM7mb0wbUVSEQCO0XN2uxOy6b1MfPz
+    zqTItrB8OEimcTmhiozMZi7xUX8mzqVtMDgNdTEIgzmvWRStOc9shFyPYSP6
+    MU60pATKECr9XQ4XKzN9Y4o5JDXDlHnUOcxOaCd9G9gyoCNMmYLpsHsJAXRQ
+    EuWKwsQrjoSj2JFyaG3FW30gmVBeBHXE5cXaWJAmCwWGPjIeEIzNIQQ7Sn2W
+    zcsHriq5rXNiU2b/XNnnIzGkZbDCxG11EFEJJseWsg9TlPisEC7X5BIhfnh0
+    WLIBpTJ8MJPmN7EXXKVcOsdZk4DXbDuWIqYSvtbcJ/1o6b48dIzsO2n/9Ys4
+    HRTuVUb7/zC0WGVVB6Kj27g7iLtdLOd1zP5/HEPMfyZT4uUCzejgF7wZkQK1
+    Ioh49+5bc+ygfz3fV32MKa0xdEE7qFb0u698fpp49OCYXZNvDeiw72hKYg0L
+    Mijo9o9IGNf2myv82uyYBMuJI9RJapqNDuECZ84JRztDNgDDJCdRVg4O9wRd
+    CbTC9COik7L+/UXBew5Djf2BAXgf2cvqmYU3p/tpJY+hyhvfSOVXEXPOeVF6
+    T0sVKO0q598JWEnkRFaSw/SddcyHe4VRfVotM/gvB8dPYqnkSb6OYMbSN9uU
+    ky11pUT+okCmBRC7qf372aoP6zZ3x9o0n1xmkLy8/s0LSVeh4694VfcKaWtc
+    mU8sxBFROaLv76DpBEPe0PM5pNoy1Z40y7E/dgQ37lA5ZM+VvIugSkYMxQVN
+    a83gAP23DzUGaVshZlPPkRY0Kz7CZqG5DYH3nmE73T1ICvOQVF4G/osRZ4Sn
+    KKn0iovlaWcuFsxDZHMK30zRxDOjFUOXXfTQKcrXaaZmosbPYGyzkVfLQaFK
+    E846BXvpx1D9eGjqJ/Q8BMPn6RFS4OxmC8cdCGxohWL0TlX8HRdZalQYTBWA
+    kdVbqVZpbhWDjSPbNFbPkFBApAzo/JFlGjViztNLkXs84Kme7rVJlwMwowYx
+    /AMlThEzfEWe2r915Q0EKJ9xIkqORHAK0zvprIAc4QlRXDH9ktcjtwNVwxcy
+    MlcHTwdaCo+vAK7zKaFPfXaI+YTxLZUPNedgmMQhUY1woLp51b5CrL8mop0N
+    DYKwdWkQ868g+5i1T5iZmEC7N2S5FpWkB9KVcIEPkQBFf/q29VD8EEEadiLS
+    pLmiOTI9LLvnBKaML+p0NH6hlaIi90wrY0ez894aD16g1bOH+MRGvV6PZcdU
+    oApoHudVmodUlZ+6nsnDD55xO8EM2dVTO0fxucP+aIYjcTNDEAEVTwk1Z9/g
+    PubWsB2hCXBb+LIl4fDgsdE/4R6qS0Hk3TTl9GTBuO6NJSxi508FzsUPExhy
+    1d0p3iB7w4NfQiobfWq1r3Js8Wb3b8ad9c+X1fyzOkWKWp94nKZLWuD5IhNW
+    IUMvtxcfwEtEx2dzbJD4ehIdYGdeNqIcgEKAPMt4wZX01JmxetuHo0+1Spg1
+    pLrgKqWvh/IbwBRfLBdJhB0wb+7hd6H28vY9wVgoFRoOeg1ZNeAjmG3EotB8
+    +LzbNmwWSKFmwVwqoN+izyoC75+z7qsnmy4Ws7CSMcTWljwGebDntc59tNLc
+    pHHxdTnzHV7CjnEyQkHf7Zi4HAzCImdmUBq4hy2A+37IUZTXw4eVOCePPUQb
+    tt20HuT5wrDYYup74eCaZtFl2QsW7jfcdCm+UlDZEyvOCR+WtTH5QGnSgyht
+    BaOILixO44B84gDh5NowokdtqV2GMxON49dxpMiMn0rrpBeDR3k8UXXamwH5
+    4mtiE++CIY1szj84XIX+9j5G7bLBwxYuiNiearex6j+lc4hbb9ACjK2fVqqJ
+    j4VMP9i4vX8JbRlyzmL1lpNu9+yedL/a9m8fTfG7MRCo6GjwWErsDdHTSlu1
+    N7OPeugzwM7zYwIeSanDlob7B+XlnSheKbL+NSb286ayH9aO6VNZixVwLZ+M
+    cN0hBbvipvc9kVS2+CI/jtsHhEYOR7U/5G7sPiE4X2biVOxMSD+6bkW6Hew5
+    mwaBbJtcv6M0RAOYMLPKknamk5bs3E7m1WQ6e9uIwu53XGwGUCEr0nfXssL/
+    0EQBvF9nyp8wKuFG5ZBPD74hz5OrPfyZ56asRi9euXqgRl752NDwHUhuC849
+    dxuujXzDz8V6OrZUdp90hjQwtEsELlfuz6f3U53yd5UZgMlMmFN1SpEnz0DO
+    XiRcXZ40pUzIV862TflUechJhOBXuwSkPuKeHcfK6C5gfG6z8rP1is6IrM7S
+    0AIoxTL94Q7FUxNm2JgkeTD3a6ukZbp1+v5QkYYIMPUwboTyM5Hoh/6trkA3
+    fZpTbqrXglwAe/HexCRdvs4O64ATi+Yn3zBL5Qpqyj9NrNtFA=]
--- a/encrypt/eyaml-encrypt.sh
+++ b/encrypt/eyaml-encrypt.sh
+#! /bin/sh -eu
+encryptdir="$(dirname "$0")"
+encryptdir="$(cd "${encryptdir}"&& pwd)"
+exec eyaml encrypt --pkcs7-public-key "${encryptdir}/public-key.pkcs7.pem" "$@"
--- a/encrypt/public-key.pkcs7.pem
+++ b/encrypt/public-key.pkcs7.pem
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE1MDYwMzA5MDUx
+MloYDzIwNjUwNTIxMDkwNTEyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwh8REuonjpax1B3egJEHQ6FnrVPEhS8P1PftDVFlYrlpiualq2RX8ynz
+ZRigwRYqrFFpPJNooK1gXaFttpAMffUM7mFVPdXC3Tg4nihYncOOxGT3GqrbC7Oa
+GfXeUoEI7PIbRJhmcH/fJLLcsYrdIYyqferTgBGlVKbK2dSpqL9FGQCigcrmbalh
+3ZpIKKfmejZELNHY/7Mun1Gseoin5yuYMTGzI9xEmxBIEQzKpIJWrgvyfPs80ch3
+WTjufePl0PqlaVLKR8qk6H23LQMw0DcBjN+Dm1wG7kWIBK4CxHN7TSHPebiEwutH
+UG56w+2HKuf0J/loYRSQklcmlogNJQIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBTvBDJEU5YW0kgqu2YI0HVwNchshDAoBgNVHSMEITAfgBTvBDJE
+U5YW0kgqu2YI0HVwNchshKEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAdA8j
+RGF2rFXrGeOzurP6/1G1Yvi3adN9Adxnhe0ZKCYfsCzd+Ttuli11IGUWDeOsxTgf
+QkezGo6FPsyhv79yGMP5IOkToIXVyOeeGjQRDytRVAq2Q3dQa3/9xhabA88NfzdR
+S+VChWUWLgIKKtrrShiusGdvewpmo5lKvYNGTvmJchXPED9kXNJC8nmxBwcqk9fJ
+eUVmXyiMdvEcwHzzjZN8n0F9vRNAA9r0w2GeP5Bg5Ggxqldfnyt4TpBbcacdJLLt
+DWKsYYuI7wLPTTmXvMdAm/eC7zvrCLP9wMw1wN6Sh/SpG+CLiStJNTFigqu9vkmO
+4qJa9Cmm6QrZ6aGieQ==
+-----END CERTIFICATE-----
--- a/files/folio-cron
+++ b/files/folio-cron
+magto94 ALL=(folio-cron) ALL
+andfa93 ALL=(folio-cron) ALL
+thotr29 ALL=(folio-cron) ALL
+hakan95 ALL=(folio-cron) ALL
+hakjo91 ALL=(folio-cron) ALL
\ No newline at end of file
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -9,6 +9,9 @@ defaults:  # Used for any hierarchy level that omits these keys.
    pkcs7_public_key:  /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
 hierarchy:
+  - name: "Node data"
+    path: "nodes/%{trusted.certname}.yaml"
  - name: "Environment"
    path: "environment/%{::environment}.yaml"

--- a/manifests/foliofront.pp
+++ b/manifests/foliofront.pp
 # @summary Setup a front facing node for folio
-class folioscripts::foliofront {
+class ub_folio::foliofront {
  include profiles::letsencrypt
  include apache
  include apache::mod::proxy
-  package { 'nodejs':
+  $basedir='/opt/liu/foliofront'
+  exec { 'create private key for':
+    creates => "${$basedir}/privatekey.pem",
+    command => "/bin/openssl genrsa -out ${$basedir}/privatekey.pem 2048",
+  }
+  exec { 'create cert for':
+    creates => "${$basedir}/saml-cert.pem",
+    command => "/bin/openssl req -new -x509 -key ${$basedir}/privatekey.pem -out ${$basedir}/saml-cert.pem -days 3650 -subj '/C=SE/ST=Östergotland/L=Linköping/O=library.liu/OU=library/CN=saml.${$trusted['certname']}'",
+    require => [Exec['create private key for'],],
+  }
+  package { ['nodejs','nano']:
    ensure => 'installed',
  }
@@ -20,12 +33,6 @@ class folioscripts::foliofront {
      require => Exec['n-from-npm'];
  }
-  file { '/usr/bin/node':
-    ensure  => 'link',
-    source  => '/usr/local/bin/node', # lint:ignore:source_without_rights
-    require => Exec['nodejs-lts'],
-  }
  exec { 'install pm2':
    command => '/bin/npm install pm2 -g',
    unless  => '/bin/test -d /usr/local/lib/node_modules/pm2',
@@ -33,10 +40,12 @@ class folioscripts::foliofront {
  }
  user { 'pm2runner':
-    ensure  => 'present',
+    ensure     => 'present',
-    comment => 'pm2 owner',
+    comment    => 'pm2 owner',
-    system  => 'yes',
+    system     => 'yes',
+    managehome => 'yes',
  }
  group {
    default:
      ensure  => 'present';
@@ -48,17 +57,24 @@ class folioscripts::foliofront {
  Group <| title == 'ssl-cert' |> { members +> ['andfa93', 'pm2runner', 'hakan95', 'hakjo91'] }
-  file { '/opt/liu/foliofront':
+  file {
-    ensure => directory,
+    [
-    owner  => 'andfa93',
+      $basedir,
-    group  => 'api',
+      "${$basedir}/data",
-    mode   => '0775',
+      "${$basedir}/data/logs",
+      "${$basedir}/data/resetpintokens",
+    ]:
+      ensure => directory,
+      owner  => 'andfa93',
+      group  => 'api',
+      mode   => '0775',
  }
  vcsrepo { '/opt/liu/foliofront/foliofront-node-root':
    ensure   => latest,
    provider => git,
    source   => 'https://git:glpat-F5y74GSXSm6FrQBD5wM5@gitlab.liu.se/ub-utveckling/webb/folio-projekt/foliofront-node-root.git',
+    revision => 'develop',
    notify   => [Exec['do npm install of foliofront'],],
  }
@@ -75,15 +91,36 @@ class folioscripts::foliofront {
    require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
  }
+  file { '/opt/liu/foliofront/foliofront-node-root/.env':
+    ensure  => file,
+    group   => 'api',
+    mode    => '0750',
+    content => lookup('ub_folio::foliofront.env',undef,undef,'"env" key not found in hiera data'),
+    require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
+  }
  systemd::manage_unit { 'foliofront.service':
    unit_entry    => {
      'Description' => 'Run the foliofront node application',
    },
    service_entry => {
-      'Type'      => 'simple',
+      'Type'             => 'simple',
-      'ExecStart' => '',
+      'User'             => 'pm2runner',
-      'User'      => 'postgres',
+      'ExecStart'        => 'npm run start development',
+      'WorkingDirectory' => '/opt/liu/foliofront/foliofront-node-root',
    },
+    install_entry => {
+      'WantedBy' => 'multi-user.target',
+    },
+    enable        => true,
+    active        => true,
+    require       => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
+  }
+  service { 'foliofront':
+    ensure  => 'running',
+    enable  => true,
+    require => [Systemd::Manage_unit['foliofront.service'],],
  }
  user { 'folio-cron':
@@ -143,50 +180,38 @@ class folioscripts::foliofront {
    # lint:endignore
  }
-  if fact('server_firewall_provider') == 'firewalld' {
+  server_firewall::address_set { 'vpn':
-    server_firewall::address_set { 'vpn':
+    addresses => [
-      addresses => [
+      '130.236.110.0/24',
-        '130.236.110.0/24',
+      '10.240.0.0/12',
-        '10.240.0.0/12',
+    ],
-      ],
+  }
-    }
+  firewalld_rich_rule { 'Access ssh from VPN':
-    firewalld_rich_rule { 'Access ssh from VPN':
+    service => 'ssh',
-      service => 'ssh',
+    family  => 'ipv4',
-      family  => 'ipv4',
+    zone    => 'liu',
-      zone    => 'liu',
+    action  => 'accept',
-      action  => 'accept',
+    source  => { 'ipset' => 'vpn_v4', },
-      source  => { 'ipset' => 'vpn_v4', },
+  }
-    }
+  firewalld_service {
-    firewalld_service {
+    default:
-      default:
+      ensure => present,
-        ensure => present,
+      zone   => 'public';
-        zone   => 'public';
+    'Apache web http public access':
-      'Apache web http public access':
+      service => 'http';
-        service => 'http';
+    'Apache web https public access':
-      'Apache web https public access':
+      service => 'https';
-        service => 'https';
+  }
-    }
+  firewalld_service {
-    firewalld_service {
+    default:
-      default:
+      ensure => present,
-        ensure => present,
+      zone   => 'liu';
-        zone   => 'liu';
+    'Apache web http liu access':
-      'Apache web http liu access':
+      service => 'http';
-        service => 'http';
+    'Apache web https liu access':
-      'Apache web https liu access':
+      service => 'https';
-        service => 'https';
-    }
-  } else {
-    server_firewall::rules_file { '59-permit_vpn_ssh.rules':
-      content => file("${module_name}/permit_vpn_ssh.rules"),
-    }
-    server_firewall::rules_file { '58-permit_api.rules':
-      content => file("${module_name}/permit_api.rules"),
-    }
-    server_firewall::rules_file { '57-permit_www.rules':
-      content => file("${module_name}/permit_www.rules"),
-    }
  }
 }
--- a/metadata.json
+++ b/metadata.json
 {
-  "name": "liuit-folioscripts",
+  "name": "liuit-ub_folio",
  "version": "0.1.0",
  "author": "LiU-IT",
  "summary": "",
@@ -47,7 +47,7 @@
      "version_requirement": ">= 7.24 < 9.0.0"
    }
  ],
-  "pdk-version": "3.0.1",
+  "pdk-version": "3.2.0",
  "template-url": "https://gitlab.it.liu.se/puppet-infra/pdk-templates.git#liu",
-  "template-ref": "heads/liu-0-g522eb00"
+  "template-ref": "heads/liu-0-g4d4e981"
 }
--- a/spec/classes/foliofront_spec.rb
+++ b/spec/classes/foliofront_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-describe 'folioscripts::foliofront' do
+describe 'ub_folio::foliofront' do
  on_supported_os.each do |os, os_facts|
    context "on #{os}" do
      let(:facts) { os_facts }

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -28,7 +28,8 @@ default_fact_files.each do |f|
  next unless File.exist?(f) && File.readable?(f) && File.size?(f)
  begin
-    default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
+    require 'deep_merge'
+    default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
  rescue StandardError => e
    RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
  end
@@ -36,7 +37,7 @@ end
 # read default_facts and merge them over what is provided by facterdb
 default_facts.each do |fact, value|
-  add_custom_fact fact, value
+  add_custom_fact fact, value, merge_facts: true
 end
 RSpec.configure do |c|

--- a/templates/env.epp
+++ b/templates/env.epp
+<%- |
+    Stdlib::Absolutepath $basedirectory,
+    String[1]            $username,
+    Sensitive[String[1]] $password,
+    | -%>
+X_OKAPI_TENANT=liuaf
+SESSION_SECRET=session_secret
+admin_user=<%= $username %>
+admin_pwd=<%= $password %>
+ROOT_FOLDER="<%= $basedirectory %>"
+LOGS_FOLDER="data/logs/"
+TOKEN_FOLDER="data/resetpintokens/"