Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

vault_resources (11) Versions 0.1.1

Configures Vault resources

Policyfile
Berkshelf
Knife
cookbook 'vault_resources', '= 0.1.1', :supermarket
cookbook 'vault_resources', '= 0.1.1'
knife supermarket install vault_resources
knife supermarket download vault_resources
README
Dependencies
Quality 33%

vault_resources

A Chef cookbook to manage Hashicorp Vault post install configuration

Cookbook Inspiration

When it came time to setup and configure Vault as a POC, many Chef supermarket cookbooks were examined. They all focused on installing the binary in some fashion and then setting up the initial vault configuration file. As we all know, this is actually a very small part of setting up Vault instances. This cookbook's intention is to automate and bring under configuration management the authentication, secret backends, audit and other resources. What this cookbook does not do is install Vault. There are many good options out there for installation (cookbooks, docker images, etc... ) and there is no use in re-inventing the wheel.

High level tasks

The resources in this cookbook do a wide variety of tasks. There is a resource to participate in the unseal process. There is a resource to initialize your Vault instances and then store you secret init data (keys and root token). There are resources to configure and manage Consul, Database, RabbitMQ and KV secret backends. This cookbook includes a test reference cookbook implementation. This is a great place to start, just run kitchen converge. It does the following steps:
- Creates a vagrant kitchen test instance (vagrant and chef test kitchen required)
- Starts a Vault docker container
- Initializes Vault to generate unseal keys and root token if not already initialized
- Loads previous unseal keys and root token if already initialized
- Configures ruby Vault client with appropriate access
- Creates policies
- Sets up LDAP authentication
- Creates approles
- Enables syslog auditing
- Creates multiple kv store backends
- Generates an end of run report

The reference implementation is driven by a chef recipe that works off of node attributes found in the reference implementation kitchen yaml file. There are other resources as well. Those were not put in the reference implementation, as it would require setting up too many external services.

Chef Resources

At the initial implementation, there are a decent number of Cookbook Chef Resources created to manage various Vault components. There may be others added in the future. Pull requests and Issues are always welcome. Issues requesting new resources will be examined and implemented based on general community need, and of course developer availability.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric
            

0.1.1 passed this metric

Contributing File Metric
            

0.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.1.1 failed this metric

FC069: Ensure standardized license defined in metadata: vault_resources/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.1.1 passed this metric

Testing File Metric
            

0.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number