Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

conjur-host-identity (2) Versions 1.0.1

Obtains and installs the Conjur host identity from Chef attributes

Berkshelf/Librarian
Policyfile
Knife
cookbook 'conjur-host-identity', '= 1.0.1'
cookbook 'conjur-host-identity', '= 1.0.1', :supermarket
knife cookbook site install conjur-host-identity
knife cookbook site download conjur-host-identity
README
Dependencies
Quality

Description

Creates and installs Conjur host identity using Chef attributes and the Conjur host factory.

Attributes

See the Chef metadata.rb for detailed information about the attributes used by this recipe.

Basically, you should populate Chef attributes which configure the connection to Conjur:

  • Appliance URL
  • Organization account name
  • SSL certificate

You also need to provide two other pieces of information:

  • Host factory token.
  • Id for the host. You can use some data from OHAI (such as the AWS instance id), or the Chef node name, or whatever you like. It needs to be unique across your Conjur system.

Conjur gem installation

The Conjur API and Conjur CLI gems are installed by chef_gem. Therefore they can be used in any other subsequent cookbook as well.

This is very handy for fetching secrets from Conjur. You can find an example in our asgard config demo cookbook.

Conjur configuration

This cookbook builds /etc/conjur.conf from the Conjur connection information. This configuration will be used by all the downstream Conjur functionality.

File permissions are 0644.

Conjur host identity

This cookbook looks for a host identity in /etc/conjur.identity. If that file exists, it's left intact.

If it doesn't exist, the host factory token is used to provision a new host identity, which is then saved to the file. File permissions are 0600.

The netrc_path entry in conjur.conf points to /etc/conjur.identity. Therefore, downstream Conjur tools such as the Conjur CLI will automatically pick up the host identity from this file and use it.

Testing

Once the cookbook has run, you can verify the host identity by running conjur authn whoami. For example:

# /opt/chef/embedded/bin/conjur authn whoami
{"account":"demo","username":"host/kgilpin@spudling.local/chef-tutorial-1-0/vagrant/ff849c12-95d7-4720-9fb7-2c2be88582f7"}

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Foodcritic Metric
            

1.0.1 failed this metric

FC019: Access node attributes in a consistent manner: /tmp/cook/53c616e06a4aadd983b0dabd/conjur-host-identity/attributes/default.rb:1
FC019: Access node attributes in a consistent manner: /tmp/cook/53c616e06a4aadd983b0dabd/conjur-host-identity/attributes/default.rb:3
FC019: Access node attributes in a consistent manner: /tmp/cook/53c616e06a4aadd983b0dabd/conjur-host-identity/attributes/default.rb:4
FC046: Attribute assignment uses assign unless nil: /tmp/cook/53c616e06a4aadd983b0dabd/conjur-host-identity/attributes/default.rb:1