Chef Identity

chef_identity.rb

orgs = {}
jenkins_home = node['jenkins']['master']['home']

chef_orgs.each do |org|

  # Create a has with org info so we can create the chef-identity
  # configuration file.
  org_info = {
#    'name' => org['id'],
    'key' => org['pem'],
    'knife' => "#{jenkins_home}/knife-#{org['id']}.rb"
  }
  orgs[org['id']] = org_info

  # Create knife.rb files for each org.  These aren't directly used,
  # but are Base64 encoded and put in the chef-identity configuration file
  template "#{jenkins_home}/knife-#{org['id']}.rb" do
    source 'knife.rb.erb'
    variables(
      :chef_server_url => org['chef_server_url'],
      :client_node_name => org['client']
    )
    action :create
    notifies :execute, 'jenkins_command[safe-restart]'
  end
end

# Create the chef-identity configuration file. All chef credentials are stored
# in this file.
template "#{jenkins_home}/io.chef.jenkins.ChefIdentityBuildWrapper.xml" do
  source 'chef_identity.xml.erb'
  variables(
    :orgs => orgs
  )
  notifies :execute, 'jenkins_command[safe-restart]'
end

chef_identity.xml.erb

<?xml version='1.0' encoding='UTF-8'?>
<io.chef.jenkins.ChefIdentityBuildWrapper_-DescriptorImpl plugin="chef-identity@0.1.2">
	<chefIdentities>
		<% @orgs.each do |org, org_data| -%>
		<io.chef.jenkins.ChefIdentity>
			<idName><%= org %></idName>
			<pemKey><%= Base64.strict_encode64(org_data['key']) %></pemKey>
			<knifeRb><%= Base64.strict_encode64(File.open(org_data['knife'], 'r').read) %></knifeRb>
		</io.chef.jenkins.ChefIdentity>
		<% end -%>
	</chefIdentities>
</io.chef.jenkins.ChefIdentityBuildWrapper_-DescriptorImpl>

knife.rb.erb

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "<%= @client_node_name %>"
client_key               "#{current_dir}/user.pem"
chef_server_url          "<%= @chef_server_url %>"
cache_type               'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )