Chef Product Feedback

Here you can create your product feature requests for the Chef engineering teams. You can comment and vote on your own requests, as well as those created by other members of the user community. Over time, we will update the status of your requests to one of the following:

Community feedback desired: Collecting comments and gauging community support for this idea
Acknowledged: This idea is now being evaluated for possible placement on the Chef product roadmap
Planned: A team within Chef has been assigned and work is expected to begin in the near term
Started: Work is in progress
Open RFC: A Chef Community RFC related to this idea has been opened; we encourage you to engage via the Chef community RFC process

Your votes are returned when the status of an idea moves to:

RFC accepted: A related RFC has been accepted for implementation by a member of the Chef Community
Completed: Work is complete
Declined: Chef has chosen not to add this idea to the product roadmap

Note that declined ideas are not dismissed with prejudice; declined status just means that even when ideas have merit, there are only enough engineering resources to complete a small subset of those good ideas in a timely fashion. Rather than leaving many ideas open to linger on the board, we decline items that we know will not receive the attention they deserve in an acceptable timeframe.

All interactions when using the customer feedback forums are subject to the Chef community guidelines. Please remember:

  • Be welcoming, inclusive, friendly, and patient.
  • Be considerate.
  • Be respectful.
  • Be professional.
  • Be careful in the words that you choose.
  • When we disagree, let’s all work together to understand why.

Requests for support should be directed to support@chef.io, or submit support requests by using our web-based ticket interface as described here.

How can we improve Chef?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable automated artifact mirroring from packages.chef.io

    Many companies run Chef on networks that either partially or completely limit outbound access to the internet. These companies need to re-host chef client on internal artifact repos. Many of these companies use tools like Artifactory or Sonatype Nexus to automatically proxy requests for external vendor packages, and mirror them internally.

    At the moment, directory browsing isn't allowed for https://packages.chef.io/files/stable/chef, but I think it is required in order to automatically determine when new versions are released.

    This idea is about ensuring that automatic mirroring/proxying tools are able to easily provide their services for Chef's products that are released on…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Add an ability to temporarily suspend organization and client keys

      The use case is primarily on hosted.

      There are times when we want to "suspend" an organization or client key similar to how AWS allows you to deactive an access/secret key pair.

      The idea is to be able to create a new key, use the new key while you rotate through your infrastructure but still allow for the existing key to be used.

      Finally you can 'deactivate' the old key but it still exists (and see if stuff breaks).

      After a burn-in period then you can delete the old key.

      This helps if you want to rotate the key but…

      2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        completed  ·  1 comment  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
      • Provide method to protect secrets in chef server config files

        Currently the Chef Server requires that some secrets are stored in a plain text config file.

        For instance, the chef-server.rb file can store the value for a key called ldap['bind_password'], which would be a sensitive field.

        This idea is about providing a way to protect that data when it is stored on the disk, in order to decrease the attack surface of the chef server configuration.

        17 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          3 comments  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
        • 1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            completed  ·  1 comment  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
          • UX for clickables on tutorials is deceiving

            As a newbie to chef, I was following the tutorials to familiarize myself and all went well as documented until I missed to click "If you're bootstrapping a Microsoft Azure instance >>" and proceeded further. I ran into an issue and didn't realized I missed something in the documentation until @jhudson (thank you.!) has pointed it out.

            At a quick glance, it didn't look like a clickable and that's how I might have missed it.

            This could be visually enhanced to same both learners time and chef expert's time trying to find what we missed in following the tutorials.!

            Thank…

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              completed  ·  2 comments  ·  Chef Documentation  ·  Flag idea as inappropriate…  ·  Admin →
            • Improve and Consolidate Test Kitchen Documentation

              Currently the documentation for Test Kitchen is spread across several different locations:

              - Kitchen.ci
              - Various repos in the http://github.com/test-kitchen/ organization
              - Docs.chef.io

              No one location appears to be canonical. Kitchen.ci contains a getting started guide, while the full documentation on the base kitchen.yml config file lives at https://docs.chef.io/config_yml_kitchen.html, and docs on how to use the vagrant driver live at https://github.com/test-kitchen/kitchen-vagrant.

              A task such as figuring out how to customize the settings for a Vagrant VM can involve hitting 3 sites for documentation (4 or 5 if you also need to look into the vagrant docs and the…

              6 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                completed  ·  2 comments  ·  Chef Documentation  ·  Flag idea as inappropriate…  ·  Admin →
              • Chef/Ohai ec2 metadata plugin should use persistent http connections

                The ec2 metadata plugin in Chef/Ohai performs http requests to fetch ec2 metadata. The way it is done right now is to create a new tcp connection for each http request, which is inefficient and does not scale well in Openstack environments. (The Openstack plugin of Ohai uses the EC2 API instead of the openstack API to collect metadata)

                https://github.com/chef/ohai/blob/master/lib/ohai/plugins/openstack.rb
                https://github.com/chef/ohai/blob/master/lib/ohai/mixin/ec2_metadata.rb

                Proposal:
                There are a couple of alternatives:
                1. rewrite the openstack plugin, to use the config-drive to fetch metadata (when available), and fall-back to the openstack api
                2. modify the ec2_metadata.rb plugin to reuse the tcp connection, instead of…

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  completed  ·  3 comments  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
                • Chef Shell with Chef Zero (local client mode) support/workflow

                  Chef Shell does not seem to be able to talk to Chef Zero properly. Chef Shell can be run in solo mode, or against a server, but when the server is a Chef Zero instance, Chef Shell complains about missing client and validation PEM files. Since Chef Zero fakes all the auth and does not actually generate PEM files that can be properly pointed out, it seems that Chef Shell needs direct support for running against Chef Zero. This would be very useful for people using local client mode, who want to setup a Chef Shell testing environment that accurately…

                  13 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    3 comments  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
                    completed  ·  Charles JohnsonCharles Johnson responded

                    Thanks for taking the time to contact us about this issue! We read all of your ideas and comments.

                    As of Chef 13, in April, the default for chef-shell in Solo mode will be to use local mode. This mirrors the way that chef-solo now behaves in Chef-client itself.

                    People will still be able to access the legacy chef-solo mode in chef-shell by starting with a new command-line switch.

                    Thanks again for the great suggestion, we’re happy to have it in Chef!

                  • Better error message when knife has a certificate error trying to upload

                    Setting up a knew chef server today I ran into the following situation when trying to use knife with a pem file that didn't match what was on the server.

                    knife upload
                    ERROR: roles failed to children: HTTP error retrieving children: 401 "Unauthorized"

                    If I try to send up roles on their own there is a better error message:

                    knife role from file roles/*.json
                    ERROR: Failed to authenticate to https://trogdor.sandbox.local/organizations/trogdor_sandbox as administrator with key /opt/bitnami/apps/jenkins/jenkins_home/jobs/Chef-Cookbooks trogdor-sandbox - publish/workspace/.chef/administrator.pem
                    Response: Invalid signature for user or client 'administrator'

                    6 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      completed  ·  0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                    • Make push-jobs client easier to install on Windows

                      Right now it's very difficult to install the standalone push-jobs client on Windows for a couple of reasons:

                      1. The push-jobs cookbook requires people to supply a package url/shasum for the push-jobs client as an attribute.
                      2. The push-jobs client package is not easily accessible via downloads.chef.io.

                      Cookbook fixes and download site fixes would go a long way toward making it easier to use.

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        completed  ·  1 comment  ·  Push Jobs  ·  Flag idea as inappropriate…  ·  Admin →
                      • Bootstrap a node avoiding Internet access

                        When I try to bootstrap a node, it usually connect to Internet to download omnitruck installer and other resources, as shown in the attached figure. It could be very useful to let the administrator to configure an internal machine to be used during the bootstrap of the node, for example the Chef Server itself. Is it possible right now?

                        Regards,
                        Rosario

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          4 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                          completed  ·  Charles JohnsonCharles Johnson responded

                          Thanks for your question and thanks to our community for chiming in to help! We are closing this idea as there’s no need for a new feature to support your use case. As Jörg recommended, please join the discussions in Discourse or our Community Slack channels to get a little help from your friends.

                        • Berkshelf should support chef's trusted_certs mechanism

                          Chef utils (chefdk/chef-client/etc) utilize an embedded SSL CA bundle for their ssl validation.

                          If you are using internal resources (supermarket, chefsrever, etc) that are signed using an internal self-signed CA, the standard mechanism for chef utils to trust those certs is to use 'knife ssl fetch' which puts copies of the ssl certs into .chef/trusted_certs.

                          This is great! because it persists our internal CA information across upgrades of the chef software and is relatively maintenance free

                          Berkshelf however does not support this mechanism, instead it relies solely on the CA bundle that is shipped with chef.

                          A documented-on-the-internet work around…

                          10 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                            completed  ·  Charles JohnsonCharles Johnson responded

                            Thanks for contacting us! We read each and every one of the ideas that comes through this site.

                            We’re happy to announce that as of the January 2017 release of ChefDK, Berkshelf will now automatically use Chef’s trusted_certs mechanism.

                          • Combine Manage, Reporting, and Analytics for Enterprise Offering

                            Why not combine the enterprise UI features like reporting, analytics and manage into one feature instead of multiple components?

                            A unified component would solve many problems of software upgrades and maintenance and easier to use. I would like to upgrade all my chef UI add ons in a single shot as as singe component than relying on multiple releases.

                            At the same time, information provided by these components go hand in hand and easier to have a single endpoint than multiple endpoints to access overlapping information.

                            6 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Chef Management Console  ·  Flag idea as inappropriate…  ·  Admin →
                              completed  ·  Charles JohnsonCharles Johnson responded

                              Thanks for taking the time to contact us about this issue! We read all of your ideas and comments.

                              We agree that having a single location to manage Chef workflows, and find information about Chef-managed infrastructure is an extremely valuable idea!

                              That’s why we’ve created Chef Automate, which provides a single location to manage Chef workflows and find information about Chef-managed infrastructure, as well as compliance data and more.

                              By marking this idea completed, we are releasing the votes tied to this idea.

                            • All in one server Chef/manage/reporting/analytics/supermarket

                              Allow for an all in one hosted chef environment. Similar to the AWS Marketplace instance that incorporates analytics but also add supermarket support. This would be especially handy for smaller organizations that aren't handling thousands of clients and scalability isn't a big issue. Would even help them save money in cloud environments not having to have seperate instances for analytics and supermarket.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Chef Server  ·  Flag idea as inappropriate…  ·  Admin →
                                completed  ·  Charles JohnsonCharles Johnson responded

                                Thanks for taking the time to contact us! We read each and every one of the ideas submitted to our feedback forum.

                                With the release of Chef Automate as part of the Amazon Opsworks platform, it’s now possible to use an all-in-one version of Chef’s premium features on a single node. We’re really excited about this new offering, and believe it will provide the value this idea tries to express.

                                By marking this idea completed, we are releasing the votes attached to it.

                              • Field separator for knife flag

                                Knife uses "dot notation" for describing attribute hierarchy. EG to retrieve the value of node['foo']['bar'] from node 'unicorn' you can run

                                knife node show unicorn -a foo.bar

                                however if you have an attribute key that contains a period (several default populated ones do) it doesn't work EG to get the value of node['foo']['bar.baz'] from node unicorn the following doesn't work

                                knife node show unicorn -a foo.bar.baz

                                because it parses it as node['foo']['bar']['baz']

                                It would be nice if knife provided us with a "field separator" flag like awk where you can say something like: -f '/' and modify the "dot notation"…

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  completed  ·  1 comment  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
                                • 'chef' binary should be available as gem

                                  Since ChefDK is available to a limited number of platforms and it requires sudo to perform installation, 'chef' binary (https://github.com/chef/chef-dk/blob/master/bin/chef) should be available as a gem. Same as other tools.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    completed  ·  7 comments  ·  Chef DK  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Improvements to external user authentication and authorization (LDAP)

                                    External authentication (authn) is the ability for user identity to be provided by an external source, such as LDAP, or a SAML provider.

                                    External Authorization (authz) is the ability for user privileges & permissions to be managed via an external source, such as LDAP, or a SAML provider.

                                    Currently Chef Manage console supports external authn via LDAP sources. However, the Chef server API does not support external authn via any method.

                                    In addition, there is no mechanism in the Chef server for external authz in any context, neither via the server API or via the management console.

                                    This feedback request…

                                    191 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      29 comments  ·  Chef Management Console  ·  Flag idea as inappropriate…  ·  Admin →
                                      completed  ·  Charles JohnsonCharles Johnson responded

                                      With the release of Chef Automate in July 2016, we are very excited to be marking this idea as “Completed.”

                                      This idea has received more support than any other since we started the site. Many people have added comments about their own use cases, and told us how important this is for you. We want to thank all of you for your valuable input.

                                      The Chef Automate server now supports login via SAML from external IdP providers. External SAML IdPs which support two-factor authentication (2FA) are also be supported by the Chef Automate server.

                                      In addition, the Chef Automate server also acts as an IdP gateway for the Chef Management Console. This means that the Chef Automate server can provide SAML-based login to multiple Management Console instances.

                                      No changes to the existing LDAP support for Chef products are planned at this time.

                                      While Chef may continue to work on…

                                    • implement sensitive flag for remote_directory

                                      When copying over an entire directory using the remote_directory resource, I'd like the "sensitive" option to hide the diff output.

                                      The resource allows the option to be there, but doesn't hide the diff. This is actually a problem for me because the massive diff crashes my session, but it would also be useful for anyone wanting to hide sensitive file contents.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        3 comments  ·  Chef Client  ·  Flag idea as inappropriate…  ·  Admin →
                                        completed  ·  Charles JohnsonCharles Johnson responded

                                        Thanks for taking the time to contact us about this issue! We read all of your ideas and comments.

                                        We’re pleased to announce that this change has been merged, and will be released as part of chef-client 12.12 in July, 2016.

                                      • Log resource that does not show in the updated resource count

                                        A 'log' resource already exists, but it's updating the executed resources count. Since the resource is not making any changes to the server, it shouldn't be counted. We should allow users to keep the updated count to 0(ideally) if log resources are the only resources that fire, because no change to the system configuration have been made.

                                        6 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          5 comments  ·  Chef DSL  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow Manage Users to update their Full Name value when LDAP does not provide displayname value

                                          (Per https://getchef.zendesk.com/hc/requests/8730) Our LDAP provider does not have displayname, which causes Chef to record a value of "unknown" for the user's Full Name field. This should be a user-editable field.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Chef Management Console  ·  Flag idea as inappropriate…  ·  Admin →
                                            completed  ·  Charles JohnsonCharles Johnson responded

                                            Thanks for taking the time to contact us about this issue! We read all of your ideas and comments.

                                            This issue has been resolved in the most recent release of Chef Manage.

                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base