Chef cooks up Policy as Code with Infra Client 17 release

Lovely cake

Chef Infra Client 17 is out, bringing increased platform coverage, better cloud support, and improvements to the Chef Infra language.

One of the key changes in this release was the inclusion of Infra Compliance Phase, bringing Infra and Compliance into a single workflow. Chef Infra Client Compliance Phase has replaced the existing audit cookbook, enabling compliance and audit reporting using Chef InSpec engine as part of any Chef Infra Client run.

Tim Smith, product manager for Chef Infra, said this would enable users to not only run existing infrastructure management code but also Chef InSpec compliance code using a single client, pipeline, and development process. 

The move is part of a shift from the existing Infrastructure as Code ethos of Chef to what Smith called Policy as Code.

“With Policy as Code and Chef Infra Client, all the teams in your organisation can work together in a common framework. Develop and test infrastructure and compliance policy locally using Chef Workstation, enforce infrastructure and compliance in your infrastructure using Chef Infra Client, and aggregate data and view your overall status using Chef Automate,” he explained.

Other improvements in this release include slimming down the Chef Infra Client while expanding its capabilities, and making running commands more straightforward and intuitive. Performance has been tweaked by upgrades to core libraries and enhancements in how Chef Infra Client determines system state. There are also updates to Chef Cookstyle, which checks code and can autocorrect common errors.

Chef Infra Client 17 also features improvements in its cloud support to take greater advantage of AWS and Azure environments. This includes the ability to use cloud variables like security groups, geolocation and region when writing infrastructure policy, which can help with securing and diversifying critical workloads.  On AWS, users have been given support for the new Instance Metadata Service, IMDSv2, which provides even greater security to protect metadata.

In addition to Chef Infra Client 17, there were also improvements to the Test Driven Development experience in Chef Workstation, with tools such as Chef Cookstyle, Test Kitchen, and Chef InSpec all seeing significant enhancements.

For full details of the new Chef Infra Client 17 release, readers can pop along to the Chef Blog and the Chef Infra Client 17 release notes.