search

chef-boneyard / chef-vault

chef-vault cookbook
https://supermarket.chef.io/cookbooks/chef-vault
Apache License 2.0
60 stars 53 forks source link

Document use of databags_fallback for chef-vault in kitchen #64

Open tquid opened 6 years ago

tquid commented 6 years ago

The databags_fallback flag appears to be undocumented. I have an example excerpt of .kitchen.yml in issue 59 that should serve the purpose.

tquid commented 6 years ago

Ported here for convenience:

suites:
  - name: default
    run_list:
      - recipe[foo::bar]
      ...
    data_bags_path: 'test/integration/data_bags' # This is relative to the directory with .kitchen.yml
    attributes:
      chef-vault:
        databags_fallback: true
thommay commented 6 years ago

thanks @tquid

jakereps commented 4 years ago

I'm having some issues trying to use this feature of chef-vault. I've set it up as suggested in this, and other threads, and it seems to be failing with a 404 regardless of my databag failover setting. I've attached some output to help with any debugging that may be required:

suites:
  - name: default
    verifier:
      inspec_tests:
        - test/integration/default
    run_list:
        - recipe[...]
    data_bags_path: 'test/integration/data_bags'
    attributes:
        ...
        chef-vault:
            databag_fallback: true
       Net::HTTPServerException
       ------------------------
       404 "Not Found"

       Cookbook Trace:
       ---------------
         /tmp/kitchen/cache/cookbooks/chef-vault/libraries/helpers.rb:37:in `chef_vault_item'
         /tmp/kitchen/cache/cookbooks/x/recipes/configuration.rb:??:in `block in from_file'
         /tmp/kitchen/cache/cookbooks/x/recipes/configuration.rb:??:in `from_file'
         /tmp/kitchen/cache/cookbooks/x/recipes/default.rb:??:in `from_file'

       Relevant File Content:
       ----------------------
       /tmp/kitchen/cache/cookbooks/chef-vault/libraries/helpers.rb:

        30:    # +node['chef-vault']['databag_fallback']+.
        31:    # @example
        32:    # item = chef_vault_item('secrets', 'bacon')
        33:    # log 'Yeah buddy!' if item['_default']['type']
        34:    # @param [String] bag Name of the data bag to load from.
        35:    # @param [String] id Identifier of the data bag item to load.
        36:    def chef_vault_item(bag, id)
        37>>     if ChefVault::Item.vault?(bag, id)
        38:        ChefVault::Item.load(bag, id)
        39:      elsif node['chef-vault']['databag_fallback']
        40:        data_bag_item(bag, id)
        41:      else
        42:        raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled"
        43:      end
        44:    end
        45:
        46:    # Helper method that allows for listing the ids of a vault in a recipe.

       System Info:
       ------------
       chef_version=14.15.6
       platform=centos
       platform_version=7.8.2003
       ruby=ruby 2.5.8p224 (2020-03-31 revision 67882) [x86_64-linux]
       program_name=/opt/chef/bin/chef-client
       executable=/opt/chef/bin/chef-client