I am trying to use the chef_vault_secret resource to create a secret during the compile-time phase of a Chef run. This lets me create a secret and use it in the same Chef run as it will be available in the converge phase. Specifically the :create_if_missing action is failing.
2. Using the `kitchen.yml` in this cookbook run the `secret-resource-centos-7` test-kitchen suite
3. See the resource fail during the `:create_if_missing` action.
### Expected Result:
I am expecting the secret to be created in the test-kitchen environment and the kitchen busser tests to pass.
### Actual Result:
The run fails at Chef compile-time with a `NameError`. Full output of error:
that should be current_resource and not current_value and this is an unintentional side effect of an intentional Chef-14 breaking change and cookbooks need to get updated for it.
Cookbook version
3.1.0
Chef-client version
14.3.37
Platform Details
CentOS 7
Scenario:
I am trying to use the
chef_vault_secret
resource to create a secret during the compile-time phase of a Chef run. This lets me create a secret and use it in the same Chef run as it will be available in the converge phase. Specifically the:create_if_missing
action is failing.This behavior works in Chef 13
It appears that the
current_value
chef function used in the:create_if_missing
action does not work at compile time in Chef 14 https://github.com/chef-cookbooks/chef-vault/blob/2ea10defe187904e112ce6a8ef5daaf5402daf5e/resources/secret.rb#L51Steps to Reproduce:
test/fixtures/cookbooks/test/recipes/chef_vault_secret.rb
test-kitchen recipe to create secrets at compile time:chef_data_bag 'green'
chef_vault_secret 'clean-energy' do data_bag 'green' raw_data('auth' => 'Forged in a mold') admins 'hydroelectric' search ':' action :nothing end.run_action(:create)
chef_vault_secret 'dirty-energy' do environment '_default' data_bag 'green' raw_data('auth' => 'carbon-credits') admins 'hydroelectric' action :nothing end.run_action(:create_if_missing)
chef_vault_secret[dirty-energy] action create_if_missing