Implement a verification API

[ekohl]

The goal of this is to have an end-to-end verification of compatibility or provide concrete pointers to what failed.

[ekohl]

Depends on theforeman/foreman#9423

[ekohl]

templates has a template_url setting while registration uses the global foreman_url setting.

[ekohl]

I'm thinking about the format. Perhaps it should have some global status and then a hash for modules.

{
  "global": {},
  "modules": {
    "templates": {
      "status": true,
      "reverse_proxy": true,
    },
    "registration": {
      "status": true,
    }
  }
}

Perhaps also a summary?

What if it doesn't? Should we use error codes? Human readable strings? both?

[ehelms]

How do you see this being different than if we were to implement a status API which is a common endpoint?

[ekohl]

I started with this because it was hard to verify if request.remote_ip inside Foreman was set correctly. That's how I came to /verify. Hadn't considered a status API.

I think a status API shouldn't reach out to external sources unless they're critical. Reaching out can be expensive.

That does make me think about more things. For example, if a plugin (or provider) has an external connection (think Puppet -> Puppetserver or isc_dhcp -> dhcpd) that should be verified. So this endpoint should be pluggable and the plugin API should provide some DSL to verify.

But this PR is the start of a discussion IMHO: what do we need to verify to say "this Smart Proxy works" and how can we provide hints if it doesn't.

We should also consider if this endpoint should be authenticated. Probably yes if it reaches out to external services. Otherwise it may be used for DoS attacks.