cookbook 'conjur-host-identity', '~> 1.0.2'
conjur-host-identity (2) Versions 1.0.2 Follow0
Obtains and installs the Conjur host identity from Chef attributes
cookbook 'conjur-host-identity', '~> 1.0.2', :supermarket
knife supermarket install conjur-host-identity
knife supermarket download conjur-host-identity
Description
Creates and installs Conjur host identity using Chef attributes and the Conjur
host factory.
Attributes
See the Chef metadata.rb for detailed information about the attributes used by this recipe.
Basically, you should populate Chef attributes which configure the connection to Conjur:
- Appliance URL
- Organization account name
- SSL certificate
The cookbook will auto-detect a SSL certificate at /etc/conjur-#{account}.pem
.
You also need to provide two other pieces of information:
- Host factory token.
- Id for the host. You can use some data from OHAI (such as the AWS instance id), or the Chef node name, or whatever you like. It needs to be unique across your Conjur system.
Conjur gem installation
The Conjur API and Conjur CLI gems are installed by chef_gem.
Therefore they can be used in any other subsequent cookbook as well.
This is very handy for fetching secrets from Conjur. You can find an example in our
asgard config demo cookbook.
Conjur configuration
This cookbook builds /etc/conjur.conf
from the Conjur connection information. This configuration will be used
by all the downstream Conjur functionality.
File permissions are 0644
.
Conjur host identity
This cookbook looks for a host identity in /etc/conjur.identity
. If that file exists, it's left intact.
If it doesn't exist, the host factory token is used to provision a new host identity, which is then saved to the file.
File permissions are 0600
.
The netrc_path
entry in conjur.conf
points to /etc/conjur.identity
. Therefore, downstream Conjur tools such as the
Conjur CLI will automatically pick up the host identity from this file and use it.
Testing
Once the cookbook has run, you can verify the host identity by running conjur authn whoami
. For example:
# /opt/chef/embedded/bin/conjur authn whoami
{"account":"demo","username":"host/kgilpin@spudling.local/chef-tutorial-1-0/vagrant/ff849c12-95d7-4720-9fb7-2c2be88582f7"}
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
1.0.2 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.2 failed this metric
FC046: Attribute assignment uses assign unless nil: conjur-host-identity/attributes/default.rb:1
FC064: Ensure issues_url is set in metadata: conjur-host-identity/metadata.rb:1
FC065: Ensure source_url is set in metadata: conjur-host-identity/metadata.rb:1
FC066: Ensure chef_version is set in metadata: conjur-host-identity/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: conjur-host-identity/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.2 passed this metric
Testing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.2 failed this metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.2 failed this metric
FC046: Attribute assignment uses assign unless nil: conjur-host-identity/attributes/default.rb:1
FC064: Ensure issues_url is set in metadata: conjur-host-identity/metadata.rb:1
FC065: Ensure source_url is set in metadata: conjur-host-identity/metadata.rb:1
FC066: Ensure chef_version is set in metadata: conjur-host-identity/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: conjur-host-identity/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.2 passed this metric
Testing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.2 failed this metric
FC064: Ensure issues_url is set in metadata: conjur-host-identity/metadata.rb:1
FC065: Ensure source_url is set in metadata: conjur-host-identity/metadata.rb:1
FC066: Ensure chef_version is set in metadata: conjur-host-identity/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: conjur-host-identity/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
1.0.2 passed this metric
Testing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.2 failed this metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number