Merge pull request #161 from chef/ap/automate-compliance

Add Compliance in Automate docs

chef_master/source/_templates/nav-docs.html

@@ -2301,6 +2301,11 @@
             "hasSubItems": false,
             "url": "/integrate_compliance_chef_server.html"
           },
+          {
+            "title": "Integrate w/Chef Automate",
+            "hasSubItems": false,
+            "url": "/integrate_compliance_chef_automate.html"
+          },
           {
             "title": "Upgrade Compliance",
             "hasSubItems": false,

chef_master/source/index.rst

@@ -321,6 +321,7 @@ Compliance scanner
 :doc:`Overview </compliance>` |
 :doc:`Installation Guide </install_compliance>` |
 :doc:`Integrate w/Chef Server </integrate_compliance_chef_server>` |
+:doc:`Integrate w/Chef Automate </integrate_compliance_chef_automate>` |
 :doc:`Upgrade Compliance </upgrade_compliance>` |
 :doc:`chef-compliance.rb </config_rb_compliance>` |
 :doc:`Chef Compliance API </api_compliance>`
@@ -497,6 +498,7 @@ Addenda
    install_windows
    integrate_chef_automate_saml
    integrate_compliance_chef_server
+   integrate_compliance_chef_automate
    integrate_delivery_bitbucket
    integrate_delivery_github
    integrate_delivery_ldap

chef_master/source/install_chef_automate.rst

@@ -30,6 +30,8 @@ A Chef Automate installation consists of a minimum of two nodes:
 
 * (Optional) Build nodes are optional components that perform the work of running builds, tests, and deployments out of Chef Automate and are only required when using the workflow capabilities of Chef Automate.
 
+* (Optional) Chef Compliance server for use in conjunction with the ``audit cookbook``.
+
 Prerequisites
 =====================================================
 
@@ -420,6 +422,11 @@ Any host that needs to make outgoing http or https connections will require thes
 
 For more details on the proxy setup, please see `About Proxies <https://docs.chef.io/proxies.html>`__.
 
+Compliance scanning
+===================================================================
+
+Allows nodes to execute infrastructure tests or compliance profiles as part of the chef-client runs. For more details see the `Compliance scanning w/ Chef Automate guide </integrate_compliance_chef_automate>`_.
+
 Troubleshooting
 ===================================================================
 

chef_master/source/integrate_compliance_chef_automate.rst

@@ -0,0 +1,53 @@
+=====================================================
+Compliance scanning with Chef Automate
+=====================================================
+
+.. tag chef_automate_mark
+
+.. image:: ../../images/chef_automate_full.png
+   :width: 40px
+   :height: 17px
+
+.. end_tag
+
+This page describes how to run compliance scanning when using Chef Automate:
+
+To make it easy to retrieve profiles, execute and report results via chef converges, we created the ``audit`` cookbook. It's available in the Chef Supermarket or as a public GitHub `repo <https://github.com/chef-cookbooks/audit>`_. The cookbook depends on ``InSpec`` and uses attributes to support a few different ways of retrieving profiles and reporting the scan results:
+
+Collector: ``chef-visibility``
+=====================================================
+
+This method is compatible with Chef Server managed nodes or Chef Solo (commonly referred to as "Chef client local mode")
+
+When setting the ``node['audit]['collector']`` attribute to ``chef-visibility``, the ``audit`` cookbook can retrieve profiles from the following sources: ``Chef Supermarket``, ``local filesystem`` and ``git repository``.
+
+The profiles execution result will be sent to Chef Automate using the ``data_collector`` url and ``token``. For more details, see the README file of the `audit <https://github.com/chef-cookbooks/audit>` cookbook.
+
+Collector: ``chef-compliance``
+=====================================================
+
+This method is compatible with Chef Server managed nodes or Chef Solo.
+
+When setting the ``node['audit]['collector']`` attribute to ``chef-compliance``, the ``audit`` cookbook can retrieve profiles from the following sources: ``Chef Compliance server``, ``Chef Supermarket``, ``local filesystem`` and ``git repository``.
+
+The profiles execution result will be sent to Chef Compliance. Attributes to specify the Chef Compliance API sever and authentication token are required. For more details, see the README file of the `audit <https://github.com/chef-cookbooks/audit>` cookbook.
+
+Collector: ``chef-server``
+=====================================================
+
+This method is compatible with nodes managed by a Chef server integrated with `Chef Compliance <https://docs.chef.io/compliance.html>`_.
+
+Integration instructions can be found `here
+<https://docs.chef.io/integrate_compliance_chef_server.html>`_.
+
+Integrating Chef Compliance with Chef server allows:
+
+* Users of Chef Compliance to log in using their Chef Server credentials
+
+* Nodes under management by Chef to download Chef Compliance profiles, run them on nodes, and then send the results back to Chef Compliance
+
+When setting the ``node['audit]['collector']`` attribute to ``chef-server``, the ``audit`` cookbook can retrieve profiles from the following sources: ``Chef Compliance server``, ``Chef Supermarket``, ``local filesystem`` and ``git repository``.
+
+The profiles execution result will be sent to Chef Compliance. For more details, see the README file of the `audit <https://github.com/chef-cookbooks/audit>` cookbook.
+
+No Chef Compliance url or token attributes are required by this setup as Chef Server is acting as a proxy.