Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

conjur-host-identity (2) Versions 1.0.2

Obtains and installs the Conjur host identity from Chef attributes

Policyfile
Berkshelf
Knife
cookbook 'conjur-host-identity', '~> 1.0.2', :supermarket
cookbook 'conjur-host-identity', '~> 1.0.2'
knife supermarket install conjur-host-identity
knife supermarket download conjur-host-identity
README
Dependencies
Quality 17%

Description

Creates and installs Conjur host identity using Chef attributes and the Conjur
host factory.

Attributes

See the Chef metadata.rb for detailed information about the attributes used by this recipe.

Basically, you should populate Chef attributes which configure the connection to Conjur:

  • Appliance URL
  • Organization account name
  • SSL certificate

The cookbook will auto-detect a SSL certificate at /etc/conjur-#{account}.pem.

You also need to provide two other pieces of information:

  • Host factory token.
  • Id for the host. You can use some data from OHAI (such as the AWS instance id), or the Chef node name, or whatever you like. It needs to be unique across your Conjur system.

Conjur gem installation

The Conjur API and Conjur CLI gems are installed by chef_gem.
Therefore they can be used in any other subsequent cookbook as well.

This is very handy for fetching secrets from Conjur. You can find an example in our
asgard config demo cookbook.

Conjur configuration

This cookbook builds /etc/conjur.conf from the Conjur connection information. This configuration will be used
by all the downstream Conjur functionality.

File permissions are 0644.

Conjur host identity

This cookbook looks for a host identity in /etc/conjur.identity. If that file exists, it's left intact.

If it doesn't exist, the host factory token is used to provision a new host identity, which is then saved to the file.
File permissions are 0600.

The netrc_path entry in conjur.conf points to /etc/conjur.identity. Therefore, downstream Conjur tools such as the
Conjur CLI will automatically pick up the host identity from this file and use it.

Testing

Once the cookbook has run, you can verify the host identity by running conjur authn whoami. For example:

# /opt/chef/embedded/bin/conjur authn whoami
{"account":"demo","username":"host/kgilpin@spudling.local/chef-tutorial-1-0/vagrant/ff849c12-95d7-4720-9fb7-2c2be88582f7"}

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric
            

1.0.2 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.0.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

1.0.2 failed this metric

FC046: Attribute assignment uses assign unless nil: conjur-host-identity/attributes/default.rb:1
FC064: Ensure issues_url is set in metadata: conjur-host-identity/metadata.rb:1
FC065: Ensure source_url is set in metadata: conjur-host-identity/metadata.rb:1
FC066: Ensure chef_version is set in metadata: conjur-host-identity/metadata.rb:1
FC072: Metadata should not contain "attribute" keyword: conjur-host-identity/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

1.0.2 passed this metric

Testing File Metric
            

1.0.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

1.0.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number