Policy_name? policy_group?

Chef Infra (archive)
1

Been away from chef exploring the other tools as my job demands. Chef seems to have a lot of bells and whistles recently. A knife node edit node_name

shows things like below:

{
“name”: “webserver1”,
“chef_environment”: “dev”,
“normal”: {
“tags”: [

]

},
“policy_name”: null,
“policy_group”: null,
“run_list”: [
“role[web]”
]

}

  1. What are these policy_name & policy_group?? Where can i read about them? i guess they may fall under chef compliance (which is also new to me).
  2. IS chef compliance also known as “INSPEC” now? Seems like some videos/tutorial doc have gone obsolete as certain testing measure which was document doesn’t work with the latest chefdk. OR at-least the latest chefDK’s "chef generate cookbook " seem to generate a new directory structure as compared to older version of chefdk.
  3. is inspec a unit testing tool/framework (/chef-repo/cookbooks/nginx/spec/unit/recipes/default_spec.rb) or is it an integration testing (e,g, chef-repo/cookbooks/nginx/test/recipes/default_test.rb)

Thank you!

Note: i can google and i did, but swimming in this information ocean will be much more easier when i know what i am looking for. googling just for everything is a little overwhelming :smile:

2

InSpec is the framework that lets you write code to express your security controls as code. It's Open Source. Chef Compliance is a server application that can run InSpec code against systems and report the results in aggregate. It's a paid application.

InSpec is designed to test functioning systems (integration testing). Use ChefSpec for unit tests.

NOTE: You usually don't need a lot of unit testing of Chef code, unless you write custom resources or add a lot of conditional logic for cross-platform functionality. A combination of linting and maybe the default ChefSpec test should be fine most of the time.