JCLOUDS-792: Configure chef-client security attributes

This commit also improves some internal behavior related to the
bootstrap configuration generation, and deprecated some methods that
will be removed in upcoming versions.

* Removes all methods that return the bootstrap DataBag or the raw
  configuration json to return the BootstrapConfig object instead.
* Deprecates all methods that provide support for old Chef versions.
* Formats the Enterprise Chef provider according to the jclouds
  formatting guidelines.
* Deprecates the ChefContext view. That view is not an abstraction and
  only provides access to the ChefService. It can be obtained from the
  ChefApi itself.

apis/chef/src/main/java/org/jclouds/chef/ChefApi.java

@@ -85,13 +85,21 @@
 import org.jclouds.rest.annotations.WrapWith;
 import org.jclouds.rest.binders.BindToJsonPayload;
 
+import com.google.inject.Provides;
+
 /**
  * Provides synchronous access to Chef.
  */
 @RequestFilters(SignedHeaderAuth.class)
 @Headers(keys = "X-Chef-Version", values = "{" + Constants.PROPERTY_API_VERSION + "}")
 @Consumes(MediaType.APPLICATION_JSON)
 public interface ChefApi extends Closeable {
+
+   /**
+    * Provides access to high level Chef features.
+    */
+   @Provides
+   ChefService chefService();
 
    // Clients
 

apis/chef/src/main/java/org/jclouds/chef/ChefContext.java

@@ -25,8 +25,13 @@
 
 /**
  * Provides an entry point to Chef features.
+ * 
+ * @deprecated Will be removed in next version. Directly create the
+ *             {@link ChefApi} instead and access the {@link ChefService} from
+ *             it.
  */
 @ImplementedBy(ChefContextImpl.class)
+@Deprecated
 public interface ChefContext extends View, Closeable {
 
    /**

apis/chef/src/main/java/org/jclouds/chef/ChefService.java

@@ -16,23 +16,26 @@
  */
 package org.jclouds.chef;
 
-import com.google.common.io.InputSupplier;
-import com.google.inject.ImplementedBy;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.concurrent.ExecutorService;
+
+import org.jclouds.chef.config.ChefProperties;
 import org.jclouds.chef.domain.BootstrapConfig;
 import org.jclouds.chef.domain.Client;
 import org.jclouds.chef.domain.CookbookVersion;
 import org.jclouds.chef.domain.Environment;
 import org.jclouds.chef.domain.Node;
 import org.jclouds.chef.internal.BaseChefService;
-import org.jclouds.domain.JsonBall;
+import org.jclouds.chef.util.ChefUtils;
 import org.jclouds.javax.annotation.Nullable;
+import org.jclouds.ohai.config.OhaiModule;
 import org.jclouds.rest.annotations.SinceApiVersion;
 import org.jclouds.scriptbuilder.domain.Statement;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-import java.util.concurrent.ExecutorService;
+import com.google.common.io.InputSupplier;
+import com.google.inject.ImplementedBy;
 
 /**
  * Provides high level Chef operations.
@@ -105,19 +108,18 @@ public interface ChefService {
     *
     * @param The group to get the configured run list for.
     * @return run list for all nodes bootstrapped with a certain group
+    * @deprecated USe {{@link #getBootstrapConfigForGroup(String)}.
     */
+   @Deprecated
    List<String> getRunListForGroup(String group);
 
    /**
     * Gets the bootstrap configuration for a given group.
-    * <p/>
-    * The bootstrap configuration is a Json object containing the run list and
-    * the configured attributes.
     *
     * @param group The name of the group.
     * @return The bootstrap configuration for the given group.
     */
-   JsonBall getBootstrapConfigForGroup(String group);
+   BootstrapConfig getBootstrapConfigForGroup(String group);
 
    // Nodes / Clients
 

apis/chef/src/main/java/org/jclouds/chef/config/BaseChefHttpApiModule.java

@@ -27,25 +27,23 @@
 import java.io.IOException;
 import java.security.PrivateKey;
 import java.security.spec.InvalidKeySpecException;
-import java.util.List;
 import java.util.concurrent.TimeUnit;
 
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.inject.Singleton;
 
+import org.jclouds.chef.domain.BootstrapConfig;
 import org.jclouds.chef.domain.Client;
 import org.jclouds.chef.functions.BootstrapConfigForGroup;
 import org.jclouds.chef.functions.ClientForGroup;
-import org.jclouds.chef.functions.RunListForGroup;
 import org.jclouds.chef.handlers.ChefApiErrorRetryHandler;
 import org.jclouds.chef.handlers.ChefErrorHandler;
 import org.jclouds.crypto.Crypto;
 import org.jclouds.crypto.Pems;
 import org.jclouds.date.DateService;
 import org.jclouds.date.TimeStamp;
 import org.jclouds.domain.Credentials;
-import org.jclouds.domain.JsonBall;
 import org.jclouds.http.HttpErrorHandler;
 import org.jclouds.http.HttpRetryHandler;
 import org.jclouds.http.annotation.ClientError;
@@ -177,13 +175,7 @@ public Optional<PrivateKey> provideValidatorCredential(Crypto crypto, Injector i
 
    @Provides
    @Singleton
-   CacheLoader<String, List<String>> runListForGroup(RunListForGroup runListForGroup) {
-      return CacheLoader.from(runListForGroup);
-   }
-
-   @Provides
-   @Singleton
-   CacheLoader<String, ? extends JsonBall> bootstrapConfigForGroup(BootstrapConfigForGroup bootstrapConfigForGroup) {
+   CacheLoader<String, BootstrapConfig> bootstrapConfigForGroup(BootstrapConfigForGroup bootstrapConfigForGroup) {
       return CacheLoader.from(bootstrapConfigForGroup);
    }
 

apis/chef/src/main/java/org/jclouds/chef/config/ChefParserModule.java

@@ -288,7 +288,7 @@ protected <K, V, T> TypeAdapter<T> newAdapter(TypeAdapter<K> keyAdapter, TypeAda
          return (TypeAdapter<T>) new KeepLastRepeatedKeyMapTypeAdapter<K, V>(keyAdapter, valueAdapter);
       }
    }
-
+   
    @Provides
    @Singleton
    public Map<Type, Object> provideCustomAdapterBindings(DataBagItemAdapter adapter, PrivateKeyAdapter privateAdapter,

apis/chef/src/main/java/org/jclouds/chef/config/CookbookParser.java

@@ -32,10 +32,12 @@
  * Chef Server version 0.9 and 0.10 return a different Json when rquesting the
  * cookbook definitions. This annotation can be used to setup the cookbook
  * parser.
+ * @deprecated Support for Chef 0.9 and 0.10 will be removed in upcoming versions.
  */
 @Target({ METHOD, PARAMETER, FIELD })
 @Retention(RUNTIME)
 @Qualifier
+@Deprecated
 public @interface CookbookParser {
 
 }

apis/chef/src/main/java/org/jclouds/chef/config/CookbookVersionsParser.java

@@ -32,10 +32,12 @@
  * Chef Server version 0.9 and 0.10 return a different Json when rquesting the
  * cookbook versions. This annotation can be used to setup the cookbook versions
  * parser.
+ * @deprecated Support for Chef 0.9 and 0.10 will be removed in upcoming versions.
  */
 @Target({ METHOD, PARAMETER, FIELD })
 @Retention(RUNTIME)
 @Qualifier
+@Deprecated
 public @interface CookbookVersionsParser {
 
 }

apis/chef/src/main/java/org/jclouds/chef/domain/BootstrapConfig.java

@@ -18,19 +18,31 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import java.beans.ConstructorProperties;
 import java.util.List;
 
 import org.jclouds.domain.JsonBall;
+import org.jclouds.javax.annotation.Nullable;
 
-import com.google.common.base.Optional;
 import com.google.common.collect.ImmutableList;
+import com.google.gson.annotations.SerializedName;
 
 /**
  * Configures how the nodes in a group will bootstrap.
  * 
  * @since 1.7
  */
 public class BootstrapConfig {
+
+   public static enum SSLVerifyMode {
+      NONE, PEER;
+
+      @Override
+      public String toString() {
+         return ":verify_" + name().toLowerCase();
+      }
+   }
+
    public static Builder builder() {
       return new Builder();
    }
@@ -39,6 +51,10 @@ public static class Builder {
       private ImmutableList.Builder<String> runList = ImmutableList.builder();
       private String environment;
       private JsonBall attribtues;
+      private String sslCAFile;
+      private String sslCAPath;
+      private SSLVerifyMode sslVerifyMode;
+      private Boolean verifyApiCert;
 
       /**
        * Sets the run list that will be executed in the nodes of the group.
@@ -64,32 +80,118 @@ public Builder attributes(JsonBall attributes) {
          return this;
       }
 
+      /**
+       * The file in which the OpenSSL key is saved. To be used by the Chef
+       * client to verify the certificate of the Chef Server.
+       */
+      public Builder sslCAFile(String sslCAFile) {
+         this.sslCAFile = checkNotNull(sslCAFile, "sslCAFile");
+         return this;
+      }
+
+      /**
+       * The path to where the OpenSSL keys that are used by the Chef client are
+       * located.
+       */
+      public Builder sslCAPath(String sslCAPath) {
+         this.sslCAPath = checkNotNull(sslCAPath, "sslCAPath");
+         return this;
+      }
+
+      /**
+       * The verify mode for HTTPS requests.
+       * <ul>
+       * <li>NONE - to do no validation of SSL certificates.</li>
+       * <li>PEER - to do validation of all SSL certificate, including the Chef
+       * server connections</li>
+       * </ul>
+       */
+      public Builder sslVerifyMode(SSLVerifyMode sslVerifyMode) {
+         this.sslVerifyMode = checkNotNull(sslVerifyMode, "sslVerifyMode");
+         return this;
+      }
+
+      /**
+       * Use to only do SSL validation of the Chef server connection; may be
+       * needed if the Chef client needs to talk to other services that have
+       * broken SSL certificates.
+       */
+      public Builder verifyApiCert(boolean verifyApiCert) {
+         this.verifyApiCert = verifyApiCert;
+         return this;
+      }
+
       public BootstrapConfig build() {
-         return new BootstrapConfig(runList.build(), Optional.fromNullable(environment),
-               Optional.fromNullable(attribtues));
+         return new BootstrapConfig(runList.build(), environment, attribtues, sslCAFile, sslCAPath, sslVerifyMode,
+               verifyApiCert);
       }
    }
 
+   @SerializedName("run_list")
    private final List<String> runList;
-   private final Optional<String> environment;
-   private final Optional<JsonBall> attribtues;
-
-   protected BootstrapConfig(List<String> runList, Optional<String> environment, Optional<JsonBall> attribtues) {
-      this.runList = checkNotNull(runList, "runList");
-      this.environment = checkNotNull(environment, "environment");
-      this.attribtues = checkNotNull(attribtues, "attributes");
+   @Nullable
+   private final String environment;
+   @Nullable
+   private final JsonBall attributes;
+   @SerializedName("ssl_ca_file")
+   @Nullable
+   private final String sslCAFile;
+   @SerializedName("ssl_ca_path")
+   @Nullable
+   private final String sslCAPath;
+   @SerializedName("ssl_verify_mode")
+   @Nullable
+   private final SSLVerifyMode sslVerifyMode;
+   @SerializedName("verify_api_cert")
+   @Nullable
+   private final Boolean verifyApiCert;
+
+   @ConstructorProperties({ "run_list", "environment", "attributes", "ssl_ca_file", "ssl_ca_path", "ssl_verify_mode",
+         "verify_api_cert" })
+   protected BootstrapConfig(List<String> runList, @Nullable String environment, @Nullable JsonBall attributes,
+         @Nullable String sslCAFile, @Nullable String sslCAPath, @Nullable SSLVerifyMode sslVerifyMode,
+         @Nullable Boolean verifyApiCert) {
+      this.runList = ImmutableList.copyOf(checkNotNull(runList, "runList"));
+      this.environment = environment;
+      this.attributes = attributes;
+      this.sslCAFile = sslCAFile;
+      this.sslCAPath = sslCAPath;
+      this.sslVerifyMode = sslVerifyMode;
+      this.verifyApiCert = verifyApiCert;
    }
 
    public List<String> getRunList() {
       return runList;
    }
 
-   public Optional<String> getEnvironment() {
+   @Nullable
+   public String getEnvironment() {
       return environment;
    }
 
-   public Optional<JsonBall> getAttribtues() {
-      return attribtues;
+   @Nullable
+   public JsonBall getAttributes() {
+      return attributes;
+   }
+
+   @Nullable
+   public String getSslCAFile() {
+      return sslCAFile;
+   }
+
+   @Nullable
+   public String getSslCAPath() {
+      return sslCAPath;
+   }
+
+   @Nullable
+   public SSLVerifyMode getSslVerifyMode() {
+      return sslVerifyMode;
+   }
+
+   @Nullable
+   public Boolean getVerifyApiCert() {
+      return verifyApiCert;
    }
 
 }