First checkin

Author: varunsharma5

.gitignore

@@ -0,0 +1,14 @@
+.vagrant
+/cookbooks
+
+# Bundler
+bin/*
+.bundle/*
+
+.kitchen/
+.kitchen.local.yml
+
+*.lock.json
+Policyfile.lock.json
+
+.DS_Store

CHANGELOG.md

@@ -0,0 +1,7 @@
+# chef-cookbook-enroll CHANGELOG
+
+This file is used to list changes made in each version of the chef-cookbook-enroll cookbook.
+
+## 1.0.0
+
+- First Release

LICENSE

@@ -0,0 +1,3 @@
+Copyright 2024 The Authors
+
+All rights reserved, do not redistribute.

Policyfile.rb

@@ -0,0 +1,16 @@
+# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
+#
+# For more information on the Policyfile feature, visit
+# https://docs.chef.io/policyfile/
+
+# A name that describes what the system you're building with Chef does.
+name 'chef-cookbook-enroll'
+
+# Where to find external cookbooks:
+default_source :supermarket
+
+# run_list: chef-client will run these recipes in the order specified.
+run_list 'chef-cookbook-enroll::default'
+
+# Specify a custom source for a single cookbook:
+cookbook 'chef-cookbook-enroll', path: '.'

README.md

@@ -0,0 +1,107 @@
+### Overview
+
+The `node_management_enroll` custom resource is designed to streamline the process of enrolling nodes into a Chef-360 platform. This resource automates the configuration and setup required to ensure nodes are properly registered and managed by the Chef platform's node management service.
+
+### Enrollment and Enrollment Levels
+Enrollment is the process that enables Chef 360 to interact with and potentially manage your node. The enrollment status level determines the extent of management and control Chef 360 has over the node. This level indicates the type and degree of management capabilities available.
+
+The `node_management_enroll` resource supports two levels of enrollment:
+
+1. **Full Enrollment**: Chef 360 has both Node Management and Habitat installed on the node, running as a Habitat supervised service. This level allows Chef 360 to manage skill credentials, settings, installation, upgrades, and removal.
+
+2. **Partial Enrollment**: Chef 360 has Node Management running on the node, but as a native service (not under the Habitat supervisor or package manager). This level allows for the detection of native skills and skill credential management but does not support skill installation, upgrades, or configuration. This is suitable for nodes that do not support Habitat but require a specific skill like Courier Runner.
+
+### Resource Parameters
+
+| Parameter          | Description                                                                                                      | Valid Value                                           | Default Value                  |
+|--------------------|------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------|--------------------------------|
+| `chef_platform_url`| The fully qualified domain name (FQDN) URL for the Chef 360 platform.                                             | A FQDN which must be accessible from the client node. | None                           |
+| `api_port`         | The API port configured in the Chef 360 platform.                                                                 | A valid port number.                                  | `31000`                        |
+| `access_key`       | Access key for secure communication with Chef 360. Store securely (e.g., Encrypted Chef data bags, Vault).       | valid token                                                  | None                           |
+| `secret_key`       | Secret key for secure communication with Chef 360. Store securely (e.g., Encrypted Chef data bags, Vault).       | valid token                                                  | None                           |
+| `cohort_id`        | A UUID representing a cohort. It provides all required skills and settings to the assigned node.                | UUID                                                  | None                           |
+| `hab_builder_url`  | URL for the Chef Habitat builder in your organization.                                                           | Valid URL                                             | `https://bldr.habitat.sh`      |
+| `working_dir_path` | Temporary working directory path where all required builds are downloaded. Specify a valid path based on the OS. | A valid directory with read and write permission.     | `/tmp`                         |
+| `upgrade_skills`   | For partial enrollment. If true, checks for the latest skill version and installs it if found.                  | `'true'` or `'false'`                                 | `false`                        |
+
+
+### Example Usage
+
+```ruby
+node_management_enroll 'Enroll Node' do
+  chef_platform_url '<CHEF-360-FQDN>'
+  enroll_type 'full/partial'
+  api_port '<API_PORT>'
+  access_key '<ACCESS_KEY>'
+  secret_key '<SECRET_KEY>'
+  cohort_id '<COHORT_ID>'
+  hab_builder_url '<HABITAT_BUILDER_URL>'
+  working_dir_path '<VALID_DIR_PATH>'
+  upgrade_skills false
+end
+```
+## Using the `node_management_enroll` Custom Resource
+
+The `node_management_enroll` custom resource is designed to simplify the process of enrolling nodes into a Chef-managed environment. Follow these steps to use this resource:
+
+### 1. Upload the Custom Resource Cookbook to the Chef Server
+
+First, upload the cookbook containing the `node_management_enroll` resource to the Chef server. Replace `COOKBOOK_DIR_PATH` with the path to your cookbook directory:
+
+```bash
+knife cookbook upload chef-cookbook-enroll --cookbook-path COOKBOOK_DIR_PATH
+```
+
+### 2. Create a Wrapper Cookbook
+
+Next, create a wrapper cookbook to manage the custom resource's usage. In the `metadata.rb` file of your wrapper cookbook, add the following dependency to include the `chef-cookbook-enroll` cookbook:
+
+```ruby
+depends 'chef-cookbook-enroll', '~> 1.0.0'
+```
+
+### 3. Update the Wrapper Cookbook's Recipe with the Custom Resource
+
+In your wrapper cookbook's recipe, configure the `node_management_enroll` resource as follows:
+
+```ruby
+node_management_enroll 'Enroll Node' do
+  chef_platform_url '<CHEF-360-FQDN>'
+  enroll_type 'full/partial'
+  api_port '<API_PORT>'
+  access_key '<ACCESS_KEY>'
+  secret_key '<SECRET_KEY>'
+  cohort_id '<COHORT_ID>'
+  hab_builder_url '<HABITAT_BUILDER_URL>'
+  working_dir_path '<VALID_DIR_PATH>'
+  upgrade_skills false
+end
+```
+
+Replace the placeholders with the actual values for your environment.
+
+### 4. Push the Wrapper Cookbook or Policy to the Chef Server
+
+Depending on whether you are using a role or a policy, follow the appropriate steps:
+
+#### a) If Using a Role
+
+Push the wrapper cookbook to the Chef server using the following command:
+
+```bash
+knife cookbook upload YOUR_WRAPPER_COOKBOOK_NAME --cookbook-path WRAPPER_COOKBOOK_DIR_PATH
+```
+
+#### b) If Using a Policy
+
+Push the policy to the Chef server using the following commands:
+
+```bash
+chef install
+chef push <POLICY_GROUP> <POLICY_NAME>
+```
+
+### 5. Apply the Wrapper Cookbook in Role/Policy
+
+Finally, ensure that the wrapper cookbook is included in your node's run-list by adding it to a role or policy. This will execute the `node_management_enroll` resource during the Chef run.
+

attributes/default.rb

@@ -0,0 +1,13 @@
+default['enroll']['node_role_id'] = '633daf9a-7aa8-4851-9b7d-88b12be9a87b'
+default['enroll']['tools'] = %w(chef-gohai courier-client inspec_interpreter node-management-agent restart-interpreter shell-interpreter chef-client-interpreter)
+default['enroll']['interpreters'] = %w(shell-interpreter inspec-interpreter restart-interpreter chef-client-interpreter)
+default['enroll']['nodeman_pkg'] = 'node-management-agent'
+default['enroll']['runner_pkg'] = 'courier-runner'
+default['enroll']['gohai_pkg'] = 'chef-gohai'
+default['enroll']['cookbook_name'] = 'chef-cookbook-enroll'
+
+default['enroll']['node_guid_file'] = if platform?('windows')
+                                        "c:\\hab\\svc\\#{node['enroll']['nodeman_pkg']}\\data\\node_guid"
+                                      else
+                                        "/hab/svc/#{node['enroll']['nodeman_pkg']}/data/node_guid"
+                                      end

chefignore

@@ -0,0 +1,115 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a Chef Infra Server or Supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+ehthumbs.db
+Icon?
+nohup.out
+Thumbs.db
+.envrc
+
+# EDITORS #
+###########
+.#*
+.project
+.settings
+*_flymake
+*_flymake.*
+*.bak
+*.sw[a-z]
+*.tmproj
+*~
+\#*
+REVISION
+TAGS*
+tmtags
+.vscode
+.editorconfig
+
+## COMPILED ##
+##############
+*.class
+*.com
+*.dll
+*.exe
+*.o
+*.pyc
+*.so
+*/rdoc/
+a.out
+mkmf.log
+
+# Testing #
+###########
+.circleci/*
+.codeclimate.yml
+.delivery/*
+.foodcritic
+.kitchen*
+.mdlrc
+.overcommit.yml
+.rspec
+.rubocop.yml
+.travis.yml
+.watchr
+.yamllint
+azure-pipelines.yml
+Dangerfile
+examples/*
+features/*
+Guardfile
+kitchen.yml*
+mlc_config.json
+Procfile
+Rakefile
+spec/*
+test/*
+
+# SCM #
+#######
+.git
+.gitattributes
+.gitconfig
+.github/*
+.gitignore
+.gitkeep
+.gitmodules
+.svn
+*/.bzr/*
+*/.git
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+Gemfile
+Gemfile.lock
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Documentation #
+#############
+CODE_OF_CONDUCT*
+CONTRIBUTING*
+documentation/*
+TESTING*
+UPGRADING*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

compliance/README.md

@@ -0,0 +1,25 @@
+# compliance
+
+This directory contains Chef InSpec profile, waiver and input objects which are used with the Chef Infra Compliance Phase.
+
+Detailed information on the Chef Infra Compliance Phase can be found in the [Chef Documentation](https://docs.chef.io/chef_compliance_phase/).
+
+```plain
+./compliance
+├── inputs
+├── profiles
+└── waivers
+```
+
+Use the `chef generate` command from Chef Workstation to create content for these directories:
+
+```sh
+# Generate a Chef InSpec profile
+chef generate profile PROFILE_NAME
+
+# Generate a Chef InSpec waiver file
+chef generate waiver WAIVER_NAME
+
+# Generate a Chef InSpec input file
+chef generate input INPUT_NAME
+```

files/test_default.txt

@@ -0,0 +1,31 @@
+---
+driver:
+  name: vagrant
+
+## The forwarded_port port feature lets you connect to ports on the VM guest
+## via localhost on the host.
+## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
+
+#  network:
+#    - ["forwarded_port", {guest: 80, host: 8080}]
+
+provisioner:
+  name: chef_zero
+
+  ## product_name and product_version specifies a specific Chef product and version to install.
+  ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
+  #  product_name: chef
+  #  product_version: 17
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: ubuntu-20.04
+  - name: centos-8
+
+suites:
+  - name: default
+    verifier:
+      inspec_tests:
+        - test/integration/default