From 54a020bfd6e1e2a6fb569b4df3d5b58ea7f8b3b9 Mon Sep 17 00:00:00 2001
From: mamo <mamo>
Date: Mon, 11 Nov 2024 10:31:24 +0000
Subject: [PATCH] new configuration version

---
 .../k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml     |  4 +++-
 ...ic-key-store-92e282d1dc2b69d9e4f91fc0.yaml | 18 +++++++++++++++
 ...-trust-store-92e282d1dc2b69d9e4f91fc0.yaml | 12 ++++++++++
 .../WEB-INF/web.xml                           | 22 ++++++++++++++++++-
 4 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-key-store-92e282d1dc2b69d9e4f91fc0.yaml
 create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-trust-store-92e282d1dc2b69d9e4f91fc0.yaml

diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
index d8e374e..c8210e1 100644
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
@@ -46,14 +46,16 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-037e6dff11b107c9a9ce0551a345b013cfe756dd"
+    tag: "r-4fb5275ec4c9d183bf1a4df388ebf867cbd8f1c9"
     dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi"
     credentials: "git-credentials"
   keystores:
   - "npi-3b41ca4ca1c4028117d16f5b"
   - "npi-23dc4a9fcc79a12d82662747"
+  - "npi-new-automatic-key-store"
   - "npi-cossa-realm-identity"
   truststores:
+  - "npi-new-automatic-trust-store"
   - "npi-cossa-realm-signer-trust"
   - "npi-cossa-realm-tls-trust"
   ingresses:
diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-key-store-92e282d1dc2b69d9e4f91fc0.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-key-store-92e282d1dc2b69d9e4f91fc0.yaml
new file mode 100644
index 0000000..4c2f3ce
--- /dev/null
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-key-store-92e282d1dc2b69d9e4f91fc0.yaml
@@ -0,0 +1,18 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisKeyStore"
+metadata:
+  name: "npi-new-automatic-key-store"
+  namespace: "adn-postit-tknxchng-01-dev"
+  labels:
+    deploymentTarget: "npi"
+  annotations:
+    projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
+    patternId: "92e282d1dc2b69d9e4f91fc0"
+spec:
+  cn: "npi"
+  usage: "<reserved for future use>"
+  san:
+    dns:
+    - "npi"
+    - "npi.adn-postit-tknxchng-01-dev"
+    email: []
diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-trust-store-92e282d1dc2b69d9e4f91fc0.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-trust-store-92e282d1dc2b69d9e4f91fc0.yaml
new file mode 100644
index 0000000..b8e93ec
--- /dev/null
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-new-automatic-trust-store-92e282d1dc2b69d9e4f91fc0.yaml
@@ -0,0 +1,12 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "npi-new-automatic-trust-store"
+  namespace: "adn-postit-tknxchng-01-dev"
+  labels:
+    deploymentTarget: "npi"
+  annotations:
+    projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
+    patternId: "92e282d1dc2b69d9e4f91fc0"
+spec:
+  keystores: []
diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml
index e8fa0bc..9d79581 100644
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -273,7 +273,7 @@
             <param-value>/var/opt/keys/own/npi-cossa-realm-identity/key.pem</param-value>
         </init-param>
     </servlet>
-    <!-- source: pattern://cc0434226c610ad74ffbf1d1, pattern://cc0434226c610ad74ffbf1d1#allowedMethods, pattern://cc0434226c610ad74ffbf1d1#backends, pattern://cc0434226c610ad74ffbf1d1#responseRewrite -->
+    <!-- source: pattern://cc0434226c610ad74ffbf1d1, pattern://cc0434226c610ad74ffbf1d1#allowedMethods, pattern://cc0434226c610ad74ffbf1d1#backends, pattern://cc0434226c610ad74ffbf1d1#keystore, pattern://cc0434226c610ad74ffbf1d1#responseRewrite, pattern://cc0434226c610ad74ffbf1d1#truststore -->
     <servlet>
         <servlet-name>Connector_cossa_realm_REST2</servlet-name>
         <!-- source: pattern://cc0434226c610ad74ffbf1d1 -->
@@ -323,6 +323,26 @@
             <param-name>ResourceManager.RetryTimeout</param-name>
             <param-value>0</param-value>
         </init-param>
+        <!-- source: pattern://cc0434226c610ad74ffbf1d1#truststore -->
+        <init-param>
+            <param-name>SSLCACertificateFile</param-name>
+            <param-value>/var/opt/keys/trust/npi-new-automatic-trust-store/truststore.pem</param-value>
+        </init-param>
+        <!-- source: pattern://cc0434226c610ad74ffbf1d1#keystore -->
+        <init-param>
+            <param-name>SSLClientCertificateFile</param-name>
+            <param-value>/var/opt/keys/own/npi-new-automatic-key-store/cert.pem</param-value>
+        </init-param>
+        <!-- source: pattern://cc0434226c610ad74ffbf1d1#keystore -->
+        <init-param>
+            <param-name>SSLClientKeyFile</param-name>
+            <param-value>/var/opt/keys/own/npi-new-automatic-key-store/key.pem</param-value>
+        </init-param>
+        <!-- source: pattern://cc0434226c610ad74ffbf1d1 -->
+        <init-param>
+            <param-name>SSLSNISupport</param-name>
+            <param-value>true</param-value>
+        </init-param>
         <!-- source: pattern://cc0434226c610ad74ffbf1d1 -->
         <init-param>
             <param-name>URIPrefix</param-name>