Whilst you already saw the audit cookbook working with the Chef Server there is another way that was implemented by public demand. Some people have separated departments or just want to test their cookbooks against Chef Compliance using the audit cookbook without a Chef Server. When we have a look back on out .kitchen.yml file you may already added the audit cookbook to the run_list:
If not, just add it after downloading it from GitHub into your cookbooks folder (where your Atom cookbook resides as well):
Now you have to add the audit cookbook to your Berksfile (as it is local) and not on a Chef Server:
The configuration of the audit cookbook is done with attributes where you have to add the Chef Compliance server, it´s token and the profile to check against. Since this could change from cookbook to cookbook it makes sense to add the attributes to the Atom cookbook (attributes/default.rb):
ProTip: Please ensure that you copied the full token from the UI as “-” or “.” may end your selection.
As you may have noticed I added a piece of code to call the profile based on the platform as my test-kitchen Ubuntu Linux will not have an exe file installed 🙂
Remember that we had to run a “kitchen verify” to check against the local integration test last time? Now this is already done when calling:
While you could set the option:
to have more visibility, the reports should be available in Chef Compliance now:
VirtualBox_compliance-demo_chef-compliance_1464003288587_74206_27_05_2016_18_22_34
ProTip: If you receive a “glib zip” error in your run, your token is invalid (lease time or length from copy).
As you can see this is really powerful, especially in Enterprise environments where deployments have to match certain compliance and security while they are written and tested. Please note that there is also an integration with Chef Delivery available when you´ve reached that maturity level.