Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Promote existing Policyfile into Policy Group

Similar to hab pkg promote, I want to be able to promote a "known" Policyfile into a Policy Group .. Yes, I am aware of chef push and chef push-archive , but since I don't store my Policyfile.lock.json file in SCM or as an artifact in my artifact repo, I want to be able to simply promote a known Policyfile from one Policy Group into another ..

For example:

chef promote httpd --src-pg uat --dest-pg prod

This would discover the current Policyfile for Policy Name httpd in Policy Group uat and promote it to Policy Group prod

That is just my example, you all might have a cleaner way to define this

  • Gregory Spranger
  • Aug 23 2019
  • Currently Declined
  • Attach files
  • Gregory Spranger commented
    8 Oct, 2019 05:04pm

    My apologies for not being more clear earlier ..


    When I create a cookbook using `chef generate` -- by default the `Policyfile.lock.json` is added to `.gitignore` .. This means when I `chef install` -- tho the file gets created, by default it is not stored anywhere for re-use ..


    Why would I want to re-use that file ?? Because when I run `chef push <policy-group>` -- it is looking for a`Policyfile.lock.json` .. As you are aware, one of the goals of Policyfiles is to have the ability to "promote" the final "bundle" through the policy groups -- AKA environments ..


    # for the httpd policyfile

    `chef push dev`

    `chef push stage`

    `chef push prod`


    The reality is, many implementers of Chef Infra do this in a non-linear way // have fragmented pipelines .. That means follow on `chef push` command is likely to happen in isolation, and have no context of previous `chef push` commands << and possibly even cookbook caches, given how many of the CI/CD tools supports the concept of workers, which can be ephemeral  .. And since we are not storing the `Policyfile.lock.json` anywhere -- again, because it has been added to `.gitignore` -- what I would prefer is to have the ability to "upload" the `Policyfile.lock.json` (and its related cookbook dependencies) once (which we can with `chef push`) -- and then have the ability to `promote` that "bundle" to other policy groups without having to rely on a local `Policyfile.lock.json` file ..


    My assumption is that this is possible because we will know a successful `chef push` has already happened, which means all dependent cookbooks have already been uploaded to the Chef Server .. And since we know all the dependent cookbooks already exist on the Chef Server for a Policyfile hash -- in theory the promotion of that Policyfile hash to other policy groups could happen entirely on the Chef Server ..


    If I am drawing out what the CLIs would look like, it would be something like this (assuming we have DEV, STAGE, and PROD policy groups):


    # again, for the httpd policyfile

    `chef install` << needs to have local `Polifyfile.rb` and access to Chef Server

    `chef push dev` << needs to have local `Polifyfile.lock.json` and access to Chef Server

    `chef promote httpd --src-pg dev --dest-pg stage` << needs only to have access to Chef Server

    `chef promote httpd --src-pg stage --dest-pg prod` << needs only to have access to Chef Server


    I hope this clears things up, adds some context and clarification .. If not, please feel free to ping me direct ..




  • Jessica Yan commented
    4 Oct, 2019 07:53pm

    Can you provide some clarification on this idea?