Chapter 4. Controlling Access to Resources
So you decided that you were going to set up a Chef server and configure your infrastructure in a smart way. Good for you! However, once you've moved past this stage, the next stage that will come and haunt most organizations is: How do we ensure that everyone is able to contribute towards using Chef, while ensuring that no big mess up happens when everyone is busy modifying the Chef code? Above all, how to ensure that anybody who is not supposed to access resources on the Chef server is denied access?
Chef provides a very fine-grained, role-based access to resources through Enterprise Chef.
Any system that has to provide for such a mechanism has to have two components included in it:
Authentication
Authorization
All communication with the Chef server is through the Chef Server API. The API provided by Chef is a REST API, and the access to the API is restricted using authentication mechanisms. Public key encryption is used in both Enterprise and Open...