:create_if_missing action fails at compile time in Chef 14

[petracvv]

Cookbook version

3.1.0

Chef-client version

14.3.37

Platform Details

CentOS 7

Scenario:

I am trying to use the chef_vault_secret resource to create a secret during the compile-time phase of a Chef run. This lets me create a secret and use it in the same Chef run as it will be available in the converge phase. Specifically the :create_if_missing action is failing.

This behavior works in Chef 13

It appears that the current_value chef function used in the :create_if_missing action does not work at compile time in Chef 14 https://github.com/chef-cookbooks/chef-vault/blob/2ea10defe187904e112ce6a8ef5daaf5402daf5e/resources/secret.rb#L51

Steps to Reproduce:

1. Modify the test/fixtures/cookbooks/test/recipes/chef_vault_secret.rb test-kitchen recipe to create secrets at compile time:

   
   require 'cheffish'

chef_data_bag 'green'

chef_vault_secret 'clean-energy' do data_bag 'green' raw_data('auth' => 'Forged in a mold') admins 'hydroelectric' search ':' action :nothing end.run_action(:create)

chef_vault_secret 'dirty-energy' do environment '_default' data_bag 'green' raw_data('auth' => 'carbon-credits') admins 'hydroelectric' action :nothing end.run_action(:create_if_missing)

2. Using the `kitchen.yml` in this cookbook run the `secret-resource-centos-7` test-kitchen suite
3. See the resource fail during the `:create_if_missing` action.

### Expected Result:
I am expecting the secret to be created in the test-kitchen environment and the kitchen busser tests to pass.

### Actual Result:
The run fails at Chef compile-time with a `NameError`. Full output of error:

• chef_vault_secret[dirty-energy] action create_if_missing

     ================================================================================
     Error executing action `create_if_missing` on resource 'chef_vault_secret[dirty-energy]'
     ================================================================================
  
     NameError
     ---------
     undefined local variable or method `current_value' for #<#<Class:0x0000000003c65f40>:0x0000000002eb5008>
  
     Cookbook Trace:
     ---------------
     /tmp/kitchen/cache/cookbooks/chef-vault/resources/secret.rb:51:in `block in class_from_file'
     /tmp/kitchen/cache/cookbooks/test/recipes/chef_vault_secret.rb:37:in `from_file'
  
     Resource Declaration:
     ---------------------
     # In /tmp/kitchen/cache/cookbooks/test/recipes/chef_vault_secret.rb
  
      31: chef_vault_secret 'dirty-energy' do
      32:   environment '_default'
      33:   data_bag 'green'
      34:   raw_data('auth' => 'carbon-credits')
      35:   admins 'hydroelectric'
      36:   action :nothing
      37: end.run_action(:create_if_missing)
  
     Compiled Resource:
     ------------------
     # Declared in /tmp/kitchen/cache/cookbooks/test/recipes/chef_vault_secret.rb:31:in `from_file'
  
     chef_vault_secret("dirty-energy") do
       action [:nothing]
       default_guard_interpreter :default
       declared_type :chef_vault_secret
       cookbook_name "test"
       recipe_name "chef_vault_secret"
       data_bag "green"
       raw_data {"auth"=>"carbon-credits"}
       admins "hydroelectric"
       id "dirty-energy"
       environment "_default"
     end
  
     System Info:
     ------------
     chef_version=14.3.37
     platform=centos
     platform_version=7.4.1708
     ruby=ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
     program_name=/opt/chef/bin/chef-client
     executable=/opt/chef/bin/chef-client
  
   ================================================================================
   Recipe Compile Error in /tmp/kitchen/cache/cookbooks/test/recipes/chef_vault_secret.rb
   ================================================================================
  
   NameError
   ---------
   chef_vault_secret[dirty-energy] (test::chef_vault_secret line 31) had an error: NameError: undefined local variable or method `current_value' for #<#<Class:0x0000000003c65f40>:0x0000000002eb5008>
  
   Cookbook Trace:
   ---------------
     /tmp/kitchen/cache/cookbooks/chef-vault/resources/secret.rb:51:in `block in class_from_file'
     /tmp/kitchen/cache/cookbooks/test/recipes/chef_vault_secret.rb:37:in `from_file'
  
   Relevant File Content:
   ----------------------
   /tmp/kitchen/cache/cookbooks/chef-vault/resources/secret.rb:
  
    44:      Chef::Log.debug("#{new_resource.id} admins (users): '#{new_resource.admins}'")
    45:      item.admins([new_resource.admins].flatten.join(','))
    46:      item.save
    47:    end
    48:  end
    49:
    50:  action :create_if_missing do
    51>>   action_create if current_value.nil?
    52:  end
    53:
    54:  action :delete do
    55:    converge_by("remove #{new_resource.id} and #{new_resource.id}_keys from #{new_resource.data_bag}") do
    56:      chef_data_bag_item new_resource.id do
    57:        data_bag new_resource.data_bag
    58:        action :delete
    59:      end
    60:
  
   System Info:
   ------------
   chef_version=14.3.37
   platform=centos
   platform_version=7.4.1708
   ruby=ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
   program_name=/opt/chef/bin/chef-client
   executable=/opt/chef/bin/chef-client

[lamont-granquist]

that should be current_resource and not current_value and this is an unintentional side effect of an intentional Chef-14 breaking change and cookbooks need to get updated for it.