chef-guard

command module
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 13, 2014 License: Apache-2.0 Imports: 36 Imported by: 0

README

Chef-Guard Build Status

NOTE: Even while the code is considered to be stable, Chef-Guard is still in BETA! So there will be some rapid changes to the code until version 1.0.0 is released!

Chef-Guard is a feature rich Chef add-on that protects your Chef server from untested and uncommitted (i.e. potentially dangerous) cookbooks by running several validations and checks during the cookbook upload process. In addition Chef-Guard will also monitor, audit, save and email (including a diff with the actual change) all configuration changes and is even capable of validating certain changes before passing them through to Chef.

So installing Chef-Guard onto your Chef server(s) will give you a highly configurable component that enables you to configure and enforce a common workflow for all your colleagues working with Chef.

Technically you can think of Chef-Guard as an extremely smart reverse proxy server written in Go and located/installed right in between Nginx and the Chef Server (see the Installation section for more details). This means that Chef-Guard runs completely server-side and does not require any client-side changes! This gives you the freedom to use whatever tools you like (e.g. knife, berks, the webui) to work with your Chef server and Chef-Guard will make sure all these tools follow the same workflow.

Quickstart

Assuming enough Chef knowledge, it shouldn't take more than 30 minutes to get you started!

  • Read the Chef-Guard documentation explaining and describing what Chef-Guard is and how it works
  • Assuming you already have a running Chef environment, walk through the Chef-Guard prerequisites
  • Your now ready to follow the actual installation which (if you prefer) can be done using a cookbook in just a few minutes

Building

You don't need to build Chef-Guard yourself in order to use it. Pre-built binaries, instructions and a ready to use cookbook can all be found here. If however you would like to contribute to Chef-Guard and/or just feel adventurous and want to build CHef-Guard yourself, please see the contributing documentation to get you started.

Getting Help

Please read the docs first!

  • If you have an issue: report it on the issue tracker
  • If you have a question: visit the #chef-guard channel on irc.freenode.net

Author

Sander van Harmelen (sander@xanzy.io)

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
Godeps
_workspace/src/bitbucket.org/kardianos/osext
Extensions to the standard "os" package.
Extensions to the standard "os" package.
_workspace/src/code.google.com/p/gcfg
Package gcfg reads "INI-style" text-based configuration files with "name=value" pairs grouped into sections (gcfg files).
Package gcfg reads "INI-style" text-based configuration files with "name=value" pairs grouped into sections (gcfg files).
_workspace/src/code.google.com/p/gcfg/scanner
Package scanner implements a scanner for gcfg configuration text.
Package scanner implements a scanner for gcfg configuration text.
_workspace/src/code.google.com/p/gcfg/token
Package token defines constants representing the lexical tokens of the gcfg configuration syntax and basic operations on tokens (printing, predicates).
Package token defines constants representing the lexical tokens of the gcfg configuration syntax and basic operations on tokens (printing, predicates).
_workspace/src/code.google.com/p/gcfg/types
Package types defines helpers for type conversions.
Package types defines helpers for type conversions.
_workspace/src/code.google.com/p/goauth2/oauth
The oauth package provides support for making OAuth2-authenticated HTTP requests.
The oauth package provides support for making OAuth2-authenticated HTTP requests.
_workspace/src/code.google.com/p/goauth2/oauth/example
This program makes a call to the specified API, authenticated with OAuth2.
This program makes a call to the specified API, authenticated with OAuth2.
_workspace/src/code.google.com/p/goauth2/oauth/jwt
The jwt package provides support for creating credentials for OAuth2 service account requests.
The jwt package provides support for creating credentials for OAuth2 service account requests.
_workspace/src/code.google.com/p/goauth2/oauth/jwt/example
This program makes a read only call to the Google Cloud Storage API, authenticated with OAuth2.
This program makes a read only call to the Google Cloud Storage API, authenticated with OAuth2.
_workspace/src/github.com/google/go-github/github
Package github provides a client for using the GitHub API.
Package github provides a client for using the GitHub API.
_workspace/src/github.com/google/go-querystring/query
Package query implements encoding of structs into URL query parameters.
Package query implements encoding of structs into URL query parameters.
_workspace/src/github.com/gorilla/context
Package context stores values shared during a request lifetime.
Package context stores values shared during a request lifetime.
_workspace/src/github.com/gorilla/mux
Package gorilla/mux implements a request router and dispatcher.
Package gorilla/mux implements a request router and dispatcher.
_workspace/src/github.com/marpaia/chef-golang
This is a Go client for Opscode's Chef.
This is a Go client for Opscode's Chef.
_workspace/src/github.com/marpaia/graphite-golang
Example of using the graphiteNop feature in action: package mylib import ( "github.com/marpaia/graphite-golang" "log" ) func init() { // load your configuration file / mechanism config := newConfig() // try to connect a graphite server if config.GraphiteEnabled { Graphite, err = graphite.NewGraphite(config.Graphite.Host, config.Graphite.Port) } else { Graphite = graphite.NewGraphiteNop(config.Graphite.Host, config.Graphite.Port) } // if you couldn't connect to graphite, use a nop if err != nil { Graphite = graphite.NewGraphiteNop(config.Graphite.Host, config.Graphite.Port) } log.Printf("Loaded Graphite connection: %#v", Graphite) Graphite.SimpleSend("stats.graphite_loaded", 1) } func doWork() { // this will work just fine, regardless of if you're working with a graphite // nop or not Graphite.SimpleSend("stats.doing_work", 1) }
Example of using the graphiteNop feature in action: package mylib import ( "github.com/marpaia/graphite-golang" "log" ) func init() { // load your configuration file / mechanism config := newConfig() // try to connect a graphite server if config.GraphiteEnabled { Graphite, err = graphite.NewGraphite(config.Graphite.Host, config.Graphite.Port) } else { Graphite = graphite.NewGraphiteNop(config.Graphite.Host, config.Graphite.Port) } // if you couldn't connect to graphite, use a nop if err != nil { Graphite = graphite.NewGraphiteNop(config.Graphite.Host, config.Graphite.Port) } log.Printf("Loaded Graphite connection: %#v", Graphite) Graphite.SimpleSend("stats.graphite_loaded", 1) } func doWork() { // this will work just fine, regardless of if you're working with a graphite // nop or not Graphite.SimpleSend("stats.doing_work", 1) }

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL