Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

algosec (7) Versions 1.1.0

Leverage AlgoSec's business-driven security policy management solution.

Berkshelf
Policyfile
Knife
cookbook 'algosec', '~> 1.1.0'
cookbook 'algosec', '~> 1.1.0', :supermarket
knife cookbook site install algosec
knife cookbook site download algosec
README
Dependencies
Quality 88%

AlgoSec Chef Cookbook

Cookbook Version Coverage Status Build Status

Chef Cookbook to DevOps-ify network security management, leveraging AlgoSec's business-driven security policy management solution.

Maintaining compatibility between applications and their network connectivity requirements can be a challenging task for many organizations. This Cookbook together with AlgoSec's solution and Chef automation infrastructure will make it as easy as committing a simple json file for each application. DevOps made simple...Engineers love it!

SCOPE

This cookbook is concerned with all AlgoSec services:

  • AlgoSec BusinessFlow
  • AlgoSec FireFlow
  • AlgoSec Firewall Analyzer

Requirements

  • Chef 12.7+
  • AlgoSec Ruby SDK >= 0.1.0 (automatically installed upon first execution)

Usage

This cookbook is not intended to include any recipes. Use it by specifying a dependency on this cookbook in your own cookbook and using the custom resources that are defined in this cookbook.

Custom Resources

Currently, the AlgoSec Chef Cookbook include only one custom resource which is highly useful: The algosec_application_flows.

algosec_application_flows

This custom resource is used to define a set of application flows for a given application on AlgoSec BusinessFlow. The resource will delete/modify/create flows as needed to make the list of application flows on the server match the exact request made by the Chef cookbook (defined by you).

The application flows and application flows for this resource can be defined in an external flows.json file which be loaded with the Chef Zero run.

Common Use Case

  • A team of engineers in your company are developing an application that is frequently deployed within the network. With some of the changes, new requirements for network connectivity are presented. Leveraging AlgoSec BusinessFlow and Chef using the algosec_application_flows, all they need to do is ship a flows.json file along with their code. This file will be loaded onto AlgoSec BusinessFlow by Chef and AlgoSec solution would deploy it to the network.

Usage Examples

To see an example of how to use this custom resource you can choose from a few options based on your level of familiarity with AlgoSec Chef Cookbook and Chef in general:

  • See the quick example in the section below.
  • See the Examples README.md for a full step-by-step guide that will show you how to use this cookbook and its resources. The README file will walk you through all the steps from installing Chef and its dependencies, to running a live example.
How to execute
$ chef-client -z -o <cookbook_name>::<recipe_name> -j /full/path/to/flows.json
Cookbook Example
# my_cookbook/metadata.rb
depends 'algosec'

algosec = { host: 'local.algosec.com', user: 'admin', password: 'algosec123' }

# Example: Define the application flows for application defined in the json file
# Note that the application name and application flows are loaded from the external json file 
node['applications'].each do |application|
  algosec_application_flows "define new application #{application['app_name']} flows using a json file" do
    algosec_options algosec
    application_name application['app_name']
    application_flows application['app_flows']
  end
end
flow.json flows definition example
   {
      "applications": [
        {
          "app_name": "TEST",
          "app_flows": {
            "flow1": {
              "sources": ["HR Payroll server", "192.168.0.0/16"],
              "destinations": ["16.47.71.62"],
              "services": ["HTTPS"]
            },
            "flow2": {
              "sources": ["10.0.0.1"],
              "destinations": ["10.0.0.2"],
              "services": ["udp/501"]
            },
            "flow3": {
              "sources": ["1.2.3.4"],
              "destinations": ["3.4.5.6"],
              "services": ["SSH"]
            }
          }
        },
        {
          "app_name": "ANOTHER-APP",
          "app_flows": {
            "new-flow": {
              "sources": ["1.2.3.4"],
              "destinations": ["3.4.5.6"],
              "services": ["SSH"]
            }
          }
        }
      ]
    }

Testing

For more details look at the TESTING.md.

All static code tests are simply run by: bundle exec rake

To actually test the cookbook in action, please refer to the examples/README.md file and apply against a test app in your AlgoSec Demo VM machine.

License & Authors

If you would like to see the detailed LICENSE click here.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric
            

1.1.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.1.0 passed this metric

Foodcritic Metric
            

1.1.0 passed this metric

No Binaries Metric
            

1.1.0 passed this metric

Publish Metric
            

1.1.0 passed this metric

Supported Platforms Metric
            

1.1.0 passed this metric

Testing File Metric
            

1.1.0 passed this metric

Version Tag Metric
            

1.1.0 passed this metric