Chef-Guard protects your Chef server from untested and uncommitted cookbooks
Go
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
examples
git
vendor
.gitignore
.travis.yml
CHANGELOG.md
LICENSE
README.md
VERSION
changes.go
checks.go
chef-guard.go
clients.go
config.go
contributing.md
cookbook.go
git.go
logging.go
supermarket.go
time.go
validations.go

README.md

Chef-Guard Build Status GoDoc

Chef-Guard is a feature rich Chef add-on that protects your Chef server from untested and uncommitted (i.e. potentially dangerous) cookbooks by running several validations and checks during the cookbook upload process. In addition Chef-Guard will also monitor, audit, save and email (including a diff with the actual change) all configuration changes and is even capable of validating certain changes before passing them through to Chef.

So installing Chef-Guard onto your Chef server(s) will give you a highly configurable component that enables you to configure and enforce a common workflow for all your colleagues working with Chef.

Technically you can think of Chef-Guard as an extremely smart reverse proxy server written in Go and located/installed right in between Nginx and the Chef Server (see the Installation section for more details). This means that Chef-Guard runs completely server-side and does not require any client-side changes! This gives you the freedom to use whatever tools you like (e.g. knife, berks, the webui) to work with your Chef server and Chef-Guard will make sure all these tools follow the same workflow.

Quickstart

Assuming enough Chef knowledge, it shouldn't take more than 30 minutes to get you started!

  • Read the Chef-Guard documentation explaining and describing what Chef-Guard is and how it works
  • Assuming you already have a running Chef environment, walk through the Chef-Guard prerequisites
  • Your now ready to follow the actual installation which (if you prefer) can be done using a cookbook in just a few minutes

Building

You don't need to build Chef-Guard yourself in order to use it. Pre-built binaries, instructions and a ready to use cookbook can all be found here. If however you would like to contribute to Chef-Guard and/or just feel adventurous and want to build Chef-Guard yourself, please see the contributing documentation to get you started.

Getting Help

Please read the docs first!

  • If you have an issue: report it on the issue tracker
  • If you have a question: visit the #chef-guard channel on irc.freenode.net

Author

Sander van Harmelen (sander@xanzy.io)

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0