theforeman · domcleal · Feb 23, 2015 · Feb 22, 2015 · ekohl · Feb 18, 2015
diff --git a/manifests/plugin/chef.pp b/manifests/plugin/chef.pp
@@ -0,0 +1,54 @@
+# = Foreman Proxy Chef plugin
+#
+# This class installs chef plugin
+#
+# === Parameters:
+#
+# $group::        group owner of the configuration file
+#
+# $version::      plugin package version, it's passed to ensure parameter of package resource
+#                 can be set to specific version number, 'latest', 'present' etc.
+#
+# $enabled::      enables/disables the plugin
+#
+# $listen_on::    Proxy feature listens on http, https, or both
+#
+# $server_url::   chef server url
+#
+# $client_name::  chef client name used for authentication of other client requests
+#
+# $private_key::  path to file containing private key for $client_name client
+#
+# $ssl_verify::   should we perform chef server ssl cert verification? this requires
+#                 CA certificate installed and trusted
+#                 type:boolean
+#
+# $ssl_pem_file:: if $ssl_verify is true you can specify a path to a file which
+#                 contains certificate and related private key if the certificate
+#                 is not globally trusted
+#
+class foreman_proxy::plugin::chef (
+  $enabled      = $::foreman_proxy::plugin::chef::params::enabled,
+  $listen_on    = $::foreman_proxy::plugin::chef::params::listen_on,
+  $version      = $::foreman_proxy::plugin::chef::params::version,
+  $group        = $::foreman_proxy::plugin::chef::params::group,
+  $server_url   = $::foreman_proxy::plugin::chef::params::server_url,
+  $client_name  = $::foreman_proxy::plugin::chef::params::client_name,
+  $private_key  = $::foreman_proxy::plugin::chef::params::private_key,
+  $ssl_verify   = $::foreman_proxy::plugin::chef::params::ssl_verify,
+  $ssl_pem_file = $::foreman_proxy::plugin::chef::params::ssl_pem_file,
+) inherits foreman_proxy::plugin::chef::params {
+
+  validate_bool($enabled)
+  validate_listen_on($listen_on)
+
+  foreman_proxy::plugin {'chef':
+    version => $version,
+  } ->
+  foreman_proxy::settings_file { 'chef':
+    listen_on     => $listen_on,
+    enabled       => $enabled,
+    group         => $group,
+    template_path => 'foreman_proxy/plugin/chef.yml.erb',
+  }
+}
diff --git a/manifests/plugin/chef/params.pp b/manifests/plugin/chef/params.pp
@@ -0,0 +1,12 @@
+# Default parameters for the Chef smart proxy plugin
+class foreman_proxy::plugin::chef::params {
+  $enabled      = true
+  $group        = undef
+  $listen_on    = 'https'
+  $version      = undef
+  $server_url   = "https://${::fqdn}"
+  $client_name  = $::fqdn
+  $private_key  = '/etc/chef/client.pem'
+  $ssl_verify   = true
+  $ssl_pem_file = undef
+}
diff --git a/spec/classes/foreman_proxy__plugin__chef__spec.rb b/spec/classes/foreman_proxy__plugin__chef__spec.rb
@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe 'foreman_proxy::plugin::chef' do
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      context 'chef plugin is enabled' do
+        let :params do
+          {
+            :enabled => true
+          }
+        end
+
+        it 'should call the plugin' do
+          should contain_foreman_proxy__plugin('chef')
+        end
+
+        it 'should install configuration file' do
+          should contain_foreman_proxy__settings_file('chef')
+          should contain_file('/etc/foreman-proxy/settings.d/chef.yml').with_content(/:enabled: true/)
+        end
+      end
+
+      context 'chef plugin is disabled' do
+        let :params do
+          {
+            :enabled => false
+          }
+        end
+
+        it 'should call the plugin' do
+          should contain_foreman_proxy__plugin('chef')
+        end
+
+        it 'should install configuration file' do
+          should contain_foreman_proxy__settings_file('chef')
+          should contain_file('/etc/foreman-proxy/settings.d/chef.yml').with_content(/:enabled: false/)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/module_spec_helper.rb b/spec/lib/module_spec_helper.rb
@@ -1,4 +1,8 @@
 def verify_exact_contents(subject, title, expected_lines)
+  get_content(subject, title).should == expected_lines
+end
+
+def get_content(subject, title)
   content = subject.resource('file', title).send(:parameters)[:content]
-  content.split(/\n/).reject { |line| line =~ /(^#|^$|^\s+#)/ }.should == expected_lines
+  content.split(/\n/).reject { |line| line =~ /(^#|^$|^\s+#)/ }
 end
diff --git a/templates/plugin/chef.yml.erb b/templates/plugin/chef.yml.erb
@@ -0,0 +1,23 @@
+---
+:enabled: <%= scope.lookupvar("foreman_proxy::plugin::chef::enabled") %>
+:chef_authenticate_nodes: true
+:chef_server_url: <%= scope.lookupvar("foreman_proxy::plugin::chef::server_url") %>
+# smart-proxy client node needs to have some admin right on chef-server
+# in order to retrive all nodes public keys
+# e.g. 'host.example.net'
+:chef_smartproxy_clientname: <%= scope.lookupvar("foreman_proxy::plugin::chef::client_name") %>
+# e.g. /etc/chef/client.pem
+:chef_smartproxy_privatekey: <%= scope.lookupvar("foreman_proxy::plugin::chef::private_key") %>
+
+# turning of chef_ssl_verify is not recommended as it turn off authentication
+# you can try set path to chef server certificate by chef_ssl_pem_file
+# before setting chef_ssl_verify to false
+# note that chef_ssl_pem_file must contain both private key and certificate
+# because chef-api 0.5 requires it
+:chef_ssl_verify: <%= scope.lookupvar("foreman_proxy::plugin::chef::ssl_verify") %>
+<% custom_pem = scope.lookupvar("foreman_proxy::plugin::chef::ssl_pem_file") -%>
+<% if !custom_pem.nil? && !['', :undef, :undefined].include?(custom_pem)-%>
+:chef_ssl_pem_file: <%= custom_pem %>
+<% else -%>
+# :chef_ssl_pem_file: /path
+<% end -%>