[chef] Custom node attribute discovery

[Sölvi Páll Ásgeirsson < >]

Hi everyone

I'm in the process of developing a cookbook for managing ssl certificates on Windows.

So far, it only contains a lwrp responsible for installing a certificate in the Windows cert store and managing permissions on private keys.

Other cookbooks however need to be able to look up certain attributes on certificates in the store.

For example, some_cookbook might need to find the certificate thumbprint for the certificate with the subject name "foo.bar.baz".

In a some_cookbook recipe I might have:

windows_certificate "foo.bar.baz" do

  action :install

  source "foo.bar.baz.pfx"

  password "foobar"

end

I would then like to be able to look up the thumbprint for a certificate:

cert_thumbprint = node[:windows_certificate][:foo.bar.baz][:thumbprint]

something_that_needs_thumbprint cert_thumbprint ....

So my question is - what is the best practice for populating custom node attributes like these?

I could simply make my lwrp call node.set for each certificate installed - is that kosher?

Should this rather be an ohai plugin?  Is there another approach that I'm missing?

With many thanks & regards,

Sölvi Páll Á.