Add smart_proxy_chef plugin support

manifests/plugin/chef.pp

@@ -0,0 +1,37 @@
+# = Foreman Proxy Chef plugin
+#
+# This class installs chef plugin
+#
+# === Parameters:
+#
+# $group::        group owner of the configuration file
+#
+# $enabled::      enables/disables the plugin
+#
+# $server_url::   chef server url
+#
+# $client_name::  chef client name used for authentication of other client requests
+#
+# $private_key::  path to file containing private key for $client_name client
+#
+# $ssl_verify::   should we perform chef server ssl cert verification? this requires
+#                 CA certificate installed and trusted
+#                 type:boolean
+#
+# $ssl_pem_file:: if $ssl_verify is true you can specify a path to a file which
+#                 contains certificate and related private key if the certificate
+#                 is not globally trusted
+#
+class foreman_proxy::plugin::chef (
+  $enabled      = $::foreman_proxy::plugin::chef::params::enabled,
+  $group        = $::foreman_proxy::plugin::chef::params::group,
+  $server_url   = $::foreman_proxy::plugin::chef::params::server_url,
+  $client_name  = $::foreman_proxy::plugin::chef::params::client_name,
+  $private_key  = $::foreman_proxy::plugin::chef::params::private_key,
+  $ssl_verify   = $::foreman_proxy::plugin::chef::params::ssl_verify,
+  $ssl_pem_file = $::foreman_proxy::plugin::chef::params::ssl_pem_file,
+) inherits foreman_proxy::plugin::chef::params {
+
+  foreman_proxy::plugin {'chef': } ->
+  foreman_proxy::settings_fule { 'chef': }
+}

manifests/plugin/chef/params.pp

@@ -0,0 +1,10 @@
+# Default parameters for the Chef smart proxy plugin
+class foreman_proxy::plugin::chef::params {
+  $enabled      = true
+  $group        = undef
+  $server_url   = "https://${::fqdn}"
+  $client_name  = $::fqdn
+  $private_key  = '/etc/chef/client.pem'
+  $ssl_verify   = true
+  $ssl_pem_file = undef
+}

spec/classes/foreman_proxy__plugin__chef.spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe 'foreman_proxy::plugin::chef' do
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      context 'chef plugin is enabled' do
+        let :params do
+          {
+            :enabled => true
+          }
+        end
+
+        it 'should call the plugin' do
+          should contain_foreman_proxy__plugin('chef')
+        end
+
+        it 'should install configuration file' do
+          should contain_foreman_proxy__settings_file('chef')
+          content = subject.resource('file', '/etc/foreman-proxy/settings.d/chef.yml').send(:parameters)[:content]
+          content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [
+            '---',
+            ':enabled: https',
+          ]
+        end
+      end
+
+      context 'chef plugin is disabled' do
+        let :params do
+          {
+            :enabled => false
+          }
+        end
+
+        it 'should call the plugin' do
+          should contain_foreman_proxy__plugin('chef')
+        end
+
+        it 'should install configuration file' do
+          should contain_foreman_proxy__settings_file('chef')
+          content = subject.resource('file', '/etc/foreman-proxy/settings.d/chef.yml').send(:parameters)[:content]
+          content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [
+            '---',
+            ':enabled: false',
+          ]
+        end
+      end
+    end
+  end
+end

templates/plugin/chef.yml.erb

@@ -0,0 +1,23 @@
+---
+:enabled: <%= scope.lookupvar("foreman_proxy::plugin::chef::enabled") %>
+:chef_authenticate_nodes: true
+:chef_server_url: <%= scope.lookupvar("foreman_proxy::plugin::chef::server_url") %>
+# smart-proxy client node needs to have some admin right on chef-server
+# in order to retrive all nodes public keys
+# e.g. 'host.example.net'
+:chef_smartproxy_clientname: <%= scope.lookupvar("foreman_proxy::plugin::chef::client_name") %>
+# e.g. /etc/chef/client.pem
+:chef_smartproxy_privatekey: <%= scope.lookupvar("foreman_proxy::plugin::chef::private_key") %>
+
+# turning of chef_ssl_verify is not recommended as it turn off authentication
+# you can try set path to chef server certificate by chef_ssl_pem_file
+# before setting chef_ssl_verify to false
+# note that chef_ssl_pem_file must contain both private key and certificate
+# because chef-api 0.5 requires it
+:chef_ssl_verify: <%= scope.lookupvar("foreman_proxy::plugin::chef::ssl_verify") %>
+<% custom_pem = scope.lookupvar("foreman_proxy::plugin::chef::ssl_pem_file") -%>
+<% if !custom_pem.nil? && !custom_pem.empty? && ![:undef, :undefined].include?(custom_pem) -%>
+:chef_ssl_pem_file: <%= custom_pem %>
+<% else -%>
+# :chef_ssl_pem_file: /path
+<% end -%>