Today, I’m excited to announce the release of Chef Infra Client 17. Chef Infra Client 17 builds upon our efforts to make Chef Infra easier to use for a wider range of audiences and use cases. Chef Infra Client 17 includes increased platform coverage, improved cloud support, and improvements to our Chef Infra language.
One of the key ways we are striving to make Chef Infra easier for enterprises to adopt and scale is by building integrations across the Chef product portfolio that reduce the time and effort needed to be successful. For Chef Infra Client 17 we’re including our Infra Compliance Phase bringing Infra and Compliance into a single workflow.
Chef Infra Compliance Phase
Chef Infra Client Compliance Phase replaces the existing audit cookbook, enabling compliance and audit reporting using our Chef InSpec engine as part of any Chef Infra Client run. In short, this enables you to not only run your existing infrastructure management code but also your Chef InSpec compliance code using a single client, pipeline, and development process.
The Chef Infra Compliance Phase is part of a shift from traditional Infrastructure as Code to what we’re calling Policy as Code. With Policy as Code and Chef Infra Client, all the teams in your organization can work together in a common framework. Develop and test infrastructure and compliance policy locally using Chef Workstation, enforce infrastructure and compliance in your infrastructure using Chef Infra Client, and aggregate data and view your overall status using Chef Automate.
For more information about Chef Compliance Phase view the on-demand webinar or view the usage documentation.
User Experience Improvements
Chef Infra Client 17 includes more improvements to Chef Infra resources and helpers. We’ve slimmed down the Chef Infra Client while expanding its capabilities, making running commands more straightforward and intuitive. We’ve also made improvements to Chef Cookstyle, which checks your code and can autocorrect common errors. We’ve continued to focus on performance by upgrading core libraries and improving how Chef Infra Client determines system state. These changes have allowed us to deliver large performance gains for many key resources.
Test-Driven Development Improvements
In addition to Chef Infra Client 17, we’ve spent much of the past year focusing on improving the Test Driven Development experience in Chef Workstation. Key testing tools such as Chef Cookstyle, Test Kitchen, and Chef InSpec have all seen significant improvements. These changes make it easier to test infrastructure and compliance policy locally or in CI/CD pipelines, reducing risk as organizations increase change velocity.
Chef Cookstyle is a code analysis tool built upon RuboCop that replaced Foodcritic in September 2019. Cookstyle helps users write better Chef Infra cookbooks by detecting issues and automatically correcting cookbook code. Cookstyle includes cops to automatically improve code readability, reduce failures, adopt new and improved patterns, and to fix deprecations necessary for Chef Infra Client upgrades. Cookstyle also integrates directly with VSCode using the Chef VS Code extension giving you code feedback right as you type.
Over the past year Cookstyle has seen large improvements:
- Nearly 40 new cops added, bringing the total to 224.
- Improved autocorrection for easier code modernization
- New per-cop documentation available on https://docs.chef.io
- Numerous other updates to improve overall reliability, performance, and integration with external tools
A comprehensive list of Chef Cookstyle cops can be found here.
Test Kitchen
Test Kitchen allows you to execute and validate your infrastructure code on one or more platforms in isolation. This gives you the power to test infrastructure changes locally or in CI/CD pipelines automatically reducing the risk of bad deployments. Test Kitchen along with plugins for major hypervisors and clouds ships in Chef Workstation, allowing you to test your infrastructure wherever you need.
Test Kitchen improvements and plugins introduced over the last year include:
- Enhanced Windows support creating instances in cloud environments, working with local hypervisors, and running Chef Infra Client
- Improved support for running tests in parallel
- Significant feature improvements to running on Azure, AWS, OpenStack, Vagrant, Docker, DigitalOcean, Google Cloud, and VMware vSphere allowing you to use the latest technologies in these clouds and hypervisors
- Improved test granularity and functionality with file uploads, improved lifecycle hooks, and improvements to our InSpec plugins
- New Docker containers as well as multi-hypervisor Vagrant images for testing on the latest operating systems.
Chef Compliance Extensibility
Chef InSpec is a powerful testing framework with a human- and machine-readable language for defining compliance, security, and policy requirements in code. If you’re already a Chef Compliance customer, you can utilize the same language used in your compliance profiles to test your infrastructure code. With Test Kitchen and InSpec you can automatically validate your infrastructure changes without the need to learn a new tool. You can even test your compliance policy with Test Kitchen and InSpec using the same processes used for your Infra policy, giving organizations a single pipeline and process for validating change.
The Chef InSpec team has also been hard at work over the last year rolling out a number of new enhancements including:
- Customer reporters to control how InSpec reports findings
- New built-in html2 and junit2 reporters for better reporting for humans and machines
- Support for sensitive values in InSpec profiles
- 30 new and updated resources for making compliance and infrastructure testing easier than ever
Expanded Cloud Support
Chef has long supported all the popular cloud providers, and Chef Infra Client 17 includes additional improvements that let you take full advantage of your AWS and Azure environments. Now, you can use cloud variables like security groups, GEO location, and region when writing infrastructure policy, helping to ensure you’re properly securing and diversifying your critical workloads. Additionally, you can utilize the new, more secure, AWS IMDSv2 metadata endpoints to provide metadata to Chef Infra Client in the most secure way possible.
With everything new in Chef Infra Client 17 and Chef Workstation, this is our best launch ever. From improved cloud and OS detection, expanded compliance integration, and Infra Language improvements there’s something for everyone. For a complete review of what’s new in Chef Infra Client 17 download the product guide.
In addition, be sure to check out our Chef Infra Client 17 release notes for a complete list of new features and enhancements. Also, make sure to download Chef Infra Client 17 as well as Chef Workstation.