search

chef-boneyard / delivery-sugar

DEPRECATED: Library cookbook that adds sugar to build cookbooks for Chef Delivery
Apache License 2.0
12 stars 26 forks source link

Use secrets at the enterprise/organization level does not appear to work #16

Closed mattstratton closed 7 years ago

mattstratton commented 7 years ago

I have an enterprise called "bluth", and an org called "bluth".

I have created an encrypted databag called delivery-secrets/bluth-bluth, but when I attempt the following code:

my_secrets = get_project_secrets
ssh-user = my_secrets['ssh-user'] # chef-Delivery-Build-Cookbooks-delivery-truck
ssh-private_key = my_secrets['ssh-private-key']

I get the following error:

[2016-12-02T15:42:33+00:00] ERROR: Failed to load data bag item: "delivery-secrets" "bluth-bluth-bluth_linux_base"
[2016-12-02T15:42:33+00:00] WARN: Secrets Not Found for project_slug[bluth-bluth-bluth_linux_base]

(bluth_linux_base is the name of the cookbook I am pushing through Automate)

It seems like delivery-sugar is not bothering to try to check for the org-level databag but only querying for the project-level one.

afiune commented 7 years ago

Hey @mattstratton !! I see where the problem is coming from, in Workflow the phases that runs on the build-nodes are chef-zero runs. They dont know about the chef-server unless you tell them to point to them. You can use the DSL resource with_server_config to do the following:

with_server_config do
  my_secrets = get_project_secrets
  ssh-user = my_secrets['ssh-user'] # chef-Delivery-Build-Cookbooks-delivery-truck
  ssh-private_key = my_secrets['ssh-private-key']
end
mattstratton commented 7 years ago

That did it!

Although as I mentioned in Slack, once I got it working, the "info" message that is was using the org-level secrets does not show up. NBD.