Skip to end of metadata
Go to start of metadata


Overview

This page serves as an overview of the Chef Server REST API, and on managing API clients through this Server API.

API Clients can also be managed via Knife or the Open Source Chef Server Management Console, see API Clients for documentation on those approaches, and [LEG:Authentication] for the process of authentication and validation of the clients access to the server.

There are requirements in order to interact with the Chef Server REST API. In order to make any of these API calls, you will need to satisfy these pre-requisites:

  • Have Chef 0.9.x or above
  • Set your Accept header to "application/json"
  • Set your X-Chef-Version header to the version of the API you are using
  • Sign your request with Mixlib::Authentication

The easiest way to ensure a well formatted request is to use the Chef::REST library bundled with Chef. See the [LEG:Authentication] page for more information about Chef's authentication mechanism.


Clients

API Clients communicate with the Chef Server via REST, authenticates via Signed Header Authentication, and compiles and executes Cookbooks.

/clients

Manipulate or create API Clients.

HTTP Methods

GET

Returns a list of all the API clients. This includes the API Client registration for each Chef node, any other API users you may create, and the validation and webui clients.

Response
Response to a GET on /clients
  • Returns "200 OK".


Hosted and Private Chef
The Hosted and Private Chef APIs are compatible with the Chef Server API described in this article.

POST

Creates a new client.

The body for a POST to /clients

The name field should be the name of the client you want created. The admin field controls whether or not this is an "admin" client (meaning it can manipulate most objects in the system.)

Response
The response to a POST to /clients

You will want to make sure you store the contents of the private_key attribute after creation. You can then use this client name and private key to access the REST API.

  • Returns "201 Created".
  • Returns "401 Unauthorized" if you are not a recognized user.
  • Returns "403 Forbidden" if the user is not authorized to create a client.
  • Returns "409 Conflict" if you try and create a client that already exists.

/clients/CLIENT_NAME

HTTP Methods

GET

Returns the client.

Response
The response to a GET of /clients/CLIENT_NAME
  • Returns "200 OK".
  • Returns "401 Unauthorized" if you are not a recognized user.
  • Returns "403 Forbidden" if the client is not allowed to view the client.
  • Returns "404 Not Found" if the client does not exist.

PUT

Updates the client.

The request body should be:

The response to a PUT to /clients/CLIENT_NAME

If private_key is set to true, a new key-pair for this client will be generated, and the new private key will be returned in the response body.

If admin is set, this client will be promoted to an administrator.

Response
The response to a PUT to /clients/CLIENT_NAME
  • Returns "200 OK".
  • Returns "401 Unauthorized" if you are not a recognized user.
  • Returns "403 Forbidden" if the user is not authorized to update the client.
  • Returns "404 Not Found" if the client does not exist.

DELETE

Removes the client. Request has no body.

Response
  • Returns "200 OK".
  • Returns "401 Unauthorized" if you are not a recognized user.
  • Returns "403 Forbidden" if the client is not authorized to delete the client.
  • Returns "404 Not Found" if the client does not exist.

Cookbooks

In Chef, cookbooks have one or more versions, which are manifests containing the version's metadata and information about its component files.

return to top of page

In order to minimize storage and the amount of time required to iterate in the modify-upload-test cycle, cookbooks only require that files with checksums the system has not yet seen be uploaded. To accomplish this, a cookbook version's component files (each with its own particular checksum) are uploaded using the sandbox API. These checksums are then used in the version's manifest in records that include the component file's description (name, specificity, etc.), as well as its checksum and a URL from which to retrieve the file's contents. This is why you will see only the files that you have updated get uploaded when doing a "knife cookbook upload COOKBOOK_NAME".

/cookbooks

HTTP Methods

GET

Chef 0.9.x:

Returns a list of all the cookbooks on this chef server. The request has no body, and returns a hash as follows:

Response
Response to GET /cookbooks
Chef 0.10.0 or above:

Returns a hash of all the cookbooks and their versions. Query parameter num_versions can be used to set the number of versions being returned. For example, GET to /cookbooks?num_versions=3 returns 3 latest versions, in descending order (high to low); /cookbooks?num_versions=all returns all available versions, in descending order (high to low). If num_versions is not specified, it defaults to 1. Note that 0 is a valid input that returns an empty array for the versions of each cookbooks.

The request has no body, and returns a hash as follows:

Response
Example response to GET /cookbooks?num_versions=all
  • Returns "200 OK" normally.
  • Returns "401 Unauthorized" if you are not a recognized client.
  • Returns "403 Forbidden" if you do not have permission to see the cookbook list.

/cookbooks/COOKBOOK_NAME

HTTP Methods

GET

Chef 0.9.x

Returns a listing of the versions of the cookbook.

Response
Response to GET /cookbooks/unicorn
Chef 0.10.0 and above

Returns a hash in the same format as the /cookbooks API endpoint. The hash contains one key-value pair corresponding to the cookbook requested. The same query parameters as the /cookbooks endpoint apply. The num_versions query parameter defaults to "all".

Response to GET /cookbooks
  • Returns "200 OK" normally.
  • Returns "401 Unauthorized" if you are not a recognized client.
  • Returns "403 Forbidden" if you do not have permission to see the cookbook.

/cookbooks/COOKBOOK_NAME/COOKBOOK_VERSION

HTTP Methods

GET

Returns a description of the cookbook, including its metadata and links to all of its component files. COOKBOOK_VERSION can be "_latest" in order to float to head. It requires no request body.

Response
Response to GET /cookbooks/unicorn/0.1.0
  • "200 OK".
  • "401 Unauthorized".
  • "403 Forbidden".
  • "404 Not Found" if the cookbook or version does not exist.

PUT

Creates or updates the cookbook version. The payload is the cookbook version's manifest, which is identical to the response of a cookbook version GET except without the URL fields for each component. Note that all checksums must have been uploaded by the user at some point via the sandbox mechanism; however, once a file with a particular checksum has been uploaded by the user, redundant uploads are not necessary.

Response
  • Returns "200 OK" normally.
  • Returns "401 Unauthorized" if you are not a recognized client.
  • Returns "403 Forbidden".

DELETE

Deletes a cookbook version.

Response
  • Returns "200 OK" normally.
  • Returns "401 Unauthorized" if you are not a recognized client.
  • Returns "403 Forbidden".
  • Returns "404 Not Found" if the cookbook or version does not exist.


Data Bags

Data Bags allow you to store arbitrary data about your infrastructure.

return to top of page

/data

Data Bags can be used for all sorts of things, for example, application configuration and user data, etc.

HTTP Methods

GET

Returns a list of all the data bags.

Response
Response to GET /data

The key is the name of the data bag, and the value is the URI for that data bag.

  • Returns "200 OK".

POST

Creates a new data bag.

Request body for a POST to /data
Response
Response to a POST on /data
  • Returns "201 Created".
  • Returns "409 Conflict" if the bag already exists.
  • Returns "401 Unauthorized" if the user is not authorized to create a new bag.

/data/DATA_BAG_NAME

HTTP Methods

GET

Returns a hash of all the entries in the given bag.

Response
Response to a GET on /data/DATA_BAG_NAME
  • Returns "200 OK".
  • Returns "401 Unauthorized" if the user is not allowed to view the bag.
  • Returns "404 Not Found" if the bag does not exist.

POST

Creates a new data bag item. The request must contain an "id" field:

Request body for a POST to /data/DATA_BAG_NAME
Response
  • Returns "200 OK".
  • Returns "401 Unauthorized"
  • Returns "404 Not Found"
  • Returns "409 Conflict" if the user already exists.

/data/DATA_BAG_NAME/DATA_BAG_ITEM_ID

This endpoint allows you to show/manipulate data bag items within a bag. The data bag item itself can be any arbitrary JSON you construct.

HTTP Methods

GET

Returns the data bag item in the bag.

Response
Response to a GET on /data/DATA_BAG_NAME/DATA_BAG_ITEM_ID
  • Returns "200 OK"
  • Returns "401 Unauthorized"
  • Returns "404 Not Found"

PUT

Updates the data bag item in the bag. The request body must contain an "id" field, besides that, you can use any JSON you wish.

Request body for a PUT to /data/DATA_BAG_NAME/DATA_BAG_ITEM_ID
Response

The response body will be the current value of the item - which should be identical to your request.

  • Returns "200 OK".
  • Returns "401 Unauthorized" if the user is not authorized to update the entry.
  • Returns "404 Not Found".

DELETE

Removes a data bag item from the bag. Takes no request body, and returns the last state of the item in the response.

Response
Response to a DELETE on /data/DATA_BAG_NAME/DATA_BAG_ITEM_ID
  • Returns "200 OK"
  • Returns "401 Unauthorized"
  • Returns "404 Not Found"


Nodes

Nodes are systems that run the chef client.

return to top of page

/nodes

HTTP Methods

GET

Returns a hash of uri's for the nodes.

Response Codes
Response to GET /nodes

The key is the name of the node, and the value is the URI where it can be retrieved.

  • Responds with a "200 OK".

POST

A POST request to /nodes will create a new node. A sample request body:

Request body for a POST to /nodes

The name should be the name of the node you want created. The attributes hash should contain any attributes you want set for this node - overrides and defaults correspond to override and default attributes. The run_list should be an array containing recipes and roles. Note that order matters in the run_list array.

Response

In response you should receive:

Response to a POST on /nodes
  • Responds with a "201 Created"
  • Returns "401 Unauthorized"
  • Responds with a "409 Conflict" if the node already exists.

/nodes/NODE_NAME

GET

A GET request to /nodes/NODE will return the node.

Response
Response to a GET /nodes/NODE
  • Responds with a "200 OK"
  • Responds with a "401 Unauthorized"
  • Responds with a "404 Not Found"

PUT

A PUT request to /nodes/NODE will update the node. The request body should be the Node:

Request body for a PUT to /nodes/NODE
Response

The response will be the updated node.

  • Responds with a "200 OK" if the node is updated.
  • Responds with a "404 Not Found" if the node does not already exist.

DELETE

A DELETE request to /nodes/NODE will delete the node. It requires no request body, and returns the last known state of the node.

Request body for a DELETE to /nodes/NODE
Response Codes
  • Responds with a "200 OK" if the node is deleted.
  • Responds with a "404 Not Found" if the node does not exist.

/nodes/NODE_NAME/cookbooks

HTTP Methods

GET

Returns the complete list of cookbook attributes, definitions, libraries and recipes that are required for this node. The request body should be blank, and the response will look like:

Response
Response to a /nodes/NODE/cookbooks request
  • Responds with a "200 OK"
  • Responds with a "401 Unauthorized"
  • Responds with a "404 Not Found"


Roles

A role provides a means of grouping similar features of similar nodes, providing a mechanism for easily composing sets of functionality.

return to top of page

/roles

HTTP Methods

GET

A GET call to /roles returns a data structure that contains links to each available role.

Response
Response to GET /roles
  • Responds with a "200 OK".

POST

A POST call to /roles creates a new role. The request body should contain the JSON representation of the role.

Request body for a POST to /roles
Response

In response, you will receive:

Response to a POST on /roles
  • Responds with a "201 Created" if the Role is created.
  • Responds with a "409 Conflict" if the Role already exists.

/roles/ROLE_NAME

HTTP Methods

GET

A GET to /roles/ROLE returns the JSON representation of the role.

Response
Response to GET /roles/ROLE
  • Responds with a "200 OK" if the role exists.
  • Responds with a "404 Not Found" if the role does not exist.

PUT

A PUT to /roles/ROLE updates the Role.

Request body for a PUT to /roles/ROLE
Response

The response will be the updated role.

  • Responds with a "200 OK" if the role is updated.
  • Responds with a "404 Not Found" if the role does not exist.

DELETE

A DELETE to /roles/ROLE_NAME deletes the role. This request has no body.

Response

The response to a DELETE request is the role's state just before it was removed.

Response to DELETE /roles/ROLE_NAME
  • Responds with a "200 OK"
  • Responds with a "404 Not Found" if the role does not exist.


Environments

Environments in Chef provide a mechanism for managing different environments such as production, staging, development, and testing, etc with one Chef setup (or one organization on Hosted Chef).

return to top of page

Chef 0.10 Feature
The Environments APIs are only available in Chef 0.10.0 or above.

/environments

HTTP Methods

GET

A GET call to /environments returns a data structure that contains links to each available environment.

Response
Response to GET /environments
  • Responds with a "200 OK".

POST

A POST call to /environments creates a new environment. The request body should contain the JSON representation of the environment.

Request body for a POST to /environments
Response

In response, you will receive:

Response to a POST on /environments
  • Responds with a "201 Created" if the Environment is created.
  • Responds with a "409 Conflict" if the Environment already exists.

/environments/ENVIRONMENT_NAME

HTTP Methods

GET

A GET to /environments/ENVIRONMENT returns the JSON representation of the environment.

Response
Response to GET /environments/ENVIRONMENT
  • Responds with a "200 OK" if the environment exists.
  • Responds with a "404 Not Found" if the environment does not exist.

PUT

A PUT to /environments/ENVIRONMENT updates the Environment.

Request body for a PUT to /environments/ENVIRONMENT
Response

The response will be the updated environment.

  • Responds with a "200 OK" if the environment is updated.
  • Responds with a "404 Not Found" if the environment does not exist.

DELETE

A DELETE to /environments/ENVIRONMENT_NAME deletes the environment. This request has no body.

Response

The response to a DELETE request is the environment's state just before it was removed.

Response to DELETE /environments/ENVIRONMENT_NAME
  • Responds with a "200 OK"
  • Responds with a "404 Not Found" if the environment does not exist.

/environments/:environment_id/cookbooks

HTTP Methods

GET

Returns a list of all the cookbooks and their versions that are available to the specified Environment. Query parameter num_versions can be used to set the number of versions being returned. For example, GET to /environment/production/cookbooks?num_versions=3 returns 3 latest versions, in descending order (high to low); /environments/production/cookbooks?num_versions=all returns all available versions in this environment, in descending order (high to low). If num_versions is not specified, it defaults to 1. Note that 0 is a valid input that returns an empty array for the versions of each cookbooks.

The request has no body, and returns a hash as follows:

Response
Response to GET /cookbooks
  • Returns "200 OK" normally.
  • Returns "401 Unauthorized" if you are not a recognized client.
  • Returns "403 Forbidden" if you do not have permission to see the cookbook list.

/environments/:environment_id/cookbook_versions

HTTP Methods

POST

Returns a hash of the required versions of cookbooks and their dependencies for the given run_list array. Version constraints may be specified by using the '@' symbol after the cookbook name as a delimiter.

/environments/:environment_id/cookbooks/COOKBOOK_NAME

HTTP Methods

GET

Returns a hash in the same format as the /environments/:env_id/cookbooks API endpoint. The hash contains one key-value pair corresponding to the cookbook requested. The versions displayed are filtered based on the environment specified. The same query parameters as the /environments/:env_id/cookbooks endpoint apply. The num_versions query parameter defaults to "all".

Response to GET /cookbooks
  • Returns "200 OK" normally.
  • Returns "401 Unauthorized" if you are not a recognized client.
  • Returns "403 Forbidden" if you do not have permission to see the cookbook.


Search

Searches are built by the Chef Server, and allow you to query arbitrary data about your infrastructure.

return to top of page

/search

This endpoint allows you to search your entire organizations nodes, roles, and data bags.

HTTP Methods

GET

A GET call to /search returns a data structure that contains links to each available search index.

By default, the "role", "node" and "client" indexes will always be available.

Note that the search indexes may lag behind the most current data by at least 10 seconds at any given time. If you need to write data and immediately query it, you likely need to produce an artificial delay (or simply retry until the data is available.)

Response
Response to GET /search
  • Responds with a "200 OK".

/search/INDEX

HTTP Methods

GET

A GET call to /search/INDEX without any request parameters will return all of the data within the index.

Response
Response to GET /search/node

The response contains the total number of rows that matched your request, the position this result set returns (useful for paging) and the rows themselves.

You can modify the search results with the following request parameters:

Param Description
q A valid search string.
sort A sort string, such as 'name DESC'
rows How many rows to return
start The result number to start from

See the Search Query Syntax for help on composing search strings.

  • Responds with "200 OK".
  • Responds with "404 Not Found" if the index does not exist.


Sandboxes

Sandboxes are used to commit files so that they only have to be uploaded once, as opposed to each time a cookbook is uploaded, even if only one file has changed.

return to top of page

/sandboxes

Create or list sandboxes.

HTTP Methods

POST

Creates a new sandbox. It accepts a list of checksums as input and returns the URLs against which to PUT files that need to be uploaded.

Request
Request body for a POST to /sandboxes
Response
Response to a POST to /sandboxes
  • Returns "200 OK" with a hash mapping each checksum to a hash that contains a boolean "needs_upload" field and a URL if "needs_upload" is true.
  • Returns "400 Bad Request" if the payload does not contain a well-formed "checksums" parameter that is a hash containing a key for each checksum.

/sandboxes/SANDBOX_ID

HTTP Methods

PUT

Commits the files the sandbox to their final location so that proceeding cookbook changes will not require re-uploading the same data.

Request
Request body for a PUT to /sandboxes/SANDBOX_ID
Response
  • Returns "200 OK" if all checksums have been uploaded and the contents have the proper checksums.
  • Returns "400 Bad Request" if the sandbox has already been committed or one or more of the checksums were not properly uploaded.
  • Returns "404 Not Found" if the sandbox does not exist.

/sandboxes/SANDBOX_ID/CHECKSUM

HTTP Methods

PUT

Request

The contents of the file whose checksum is CHECKSUM.


Response
  • Returns "200 OK".
  • Returns "400" if the file's contents do not have the correct checksum.


Client Libraries

return to top of page

pychef

Opscode Team Member Noah Kantrowitz (coderanger) has written PyChef, a Python API allowing interaction with the Chef REST interface. While only a subset of Chef is currently wrapped as objects, any of the API calls below can be made via the api_request mechanism:


Migrating to Hosted Chef from an Open Source Chef Server implementation


Cookbook Site API



Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

1 Comment

comments.show.hide

  1. Jul 21, 2010

    Pascal Rettig

    Doesn't seem like setting "attributes" on a put does anything in the current version of Chef - setting
    "normal" seems to set the node attributes though, e.g.:

    {
    "name": "latte",
    "chef_type": "node",
    "json_class": "Chef::Node",
    "normal": {
    "hardware_type": "laptop"
    },
    "overrides": {
    },
    "defaults": {
    },
    "run_list": [ "recipe[unicorn]" ]
    }

    Actually results in the hardware_type getting permanently added to the node's attributes.