cookbook 'vault_resources', '= 0.3.1'
vault_resources (11) Versions 0.3.1 Follow1
Configures Vault resources
cookbook 'vault_resources', '= 0.3.1', :supermarket
knife supermarket install vault_resources
knife supermarket download vault_resources
vault_resources
A Chef cookbook to manage Hashicorp Vault post install configuration
Cookbook Inspiration
When it came time to setup and configure Vault as a POC, many Chef supermarket cookbooks were examined. They all focused on installing the binary in some fashion and then setting up the initial vault configuration file. As we all know, this is actually a very small part of setting up Vault instances. This cookbook's intention is to automate and bring under configuration management the authentication, secret backends, audit and other resources. What this cookbook does not do is install Vault. There are many good options out there for installation (cookbooks, docker images, etc... ) and there is no use in re-inventing the wheel.
High level tasks
The resources in this cookbook do a wide variety of tasks. There is a resource to participate in the unseal process. There is a resource to initialize your Vault instances and then store you secret init data (keys and root token). There are resources to configure and manage Consul, Database, RabbitMQ and KV secret backends. This cookbook includes a test reference cookbook implementation. This is a great place to start, just run kitchen converge
. It does the following steps:
- Creates a vagrant kitchen test instance (vagrant and chef test kitchen required)
- Starts a Vault docker container
- Initializes Vault to generate unseal keys and root token if not already initialized
- Loads previous unseal keys and root token if already initialized
- Configures ruby Vault client with appropriate access
- Creates policies
- Sets up LDAP authentication
- Sets up OIDC authentication
- Sets up OIDC roles, groups, and group aliases
- Creates approles
- Enables syslog auditing
- Creates multiple kv store backends
- Generates an end of run report
The reference implementation is driven by a chef recipe that works off of node attributes found in the reference implementation kitchen yaml file. There are other resources as well. Those were not put in the reference implementation, as it would require setting up too many external services.
Chef Resources
At the initial implementation, there are a decent number of Cookbook Chef Resources created to manage various Vault components. There may be others added in the future. Pull requests and Issues are always welcome. Issues requesting new resources will be examined and implemented based on general community need, and of course developer availability.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.3.1 passed this metric
Contributing File Metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.1 failed this metric
FC069: Ensure standardized license defined in metadata: vault_resources/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.3.1 passed this metric
Testing File Metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.1 passed this metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.1 failed this metric
FC069: Ensure standardized license defined in metadata: vault_resources/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.3.1 passed this metric
Testing File Metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.1 failed this metric
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.3.1 passed this metric
Testing File Metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.1 failed this metric
0.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number