provisioners/chef: set `encrypted_data_bag_secret` to `nil` if it's not uploaded

/cc @shanegibbs Fixes #2984
2014-02-16 18:14:56 -03:00 · 2014-02-16 18:14:56 -03:00 · eea9c07029
parent ad34d474bc
commit eea9c07029
4 changed files with 18 additions and 8 deletions
--- a/plugins/provisioners/chef/provisioner/base.rb
+++ b/plugins/provisioners/chef/provisioner/base.rb
@ -107,12 +107,12 @@ module VagrantPlugins
        end

        def upload_encrypted_data_bag_secret
-          return if !@config.encrypted_data_bag_secret_key_path
+          remote_file = guest_encrypted_data_bag_secret_key_path
+          return if !remote_file

          @machine.env.ui.info I18n.t(
            "vagrant.provisioners.chef.upload_encrypted_data_bag_secret_key")

-          remote_file = guest_encrypted_data_bag_secret_key_path
          @machine.communicate.tap do |comm|
            comm.sudo("rm -f #{remote_file}", error_check: false)
            comm.upload(encrypted_data_bag_secret_key_path, remote_file)
@ -120,9 +120,10 @@ module VagrantPlugins
        end

        def delete_encrypted_data_bag_secret
-          @machine.communicate.sudo(
-            "rm -f #{guest_encrypted_data_bag_secret_key_path}",
-            error_check: false)
+          remote_file = guest_encrypted_data_bag_secret_key_path
+          if remote_file
+            @machine.communicate.sudo("rm -f #{remote_file}", error_check: false)
+          end
        end

        def encrypted_data_bag_secret_key_path
@ -131,7 +132,9 @@ module VagrantPlugins
        end

        def guest_encrypted_data_bag_secret_key_path
-          File.join(@config.provisioning_path, "encrypted_data_bag_secret_key")
+          if @config.encrypted_data_bag_secret_key_path
+            File.join(@config.provisioning_path, "encrypted_data_bag_secret_key")
+          end
        end
      end
    end
--- a/templates/provisioners/chef_client/client.erb
+++ b/templates/provisioners/chef_client/client.erb
@ -11,7 +11,7 @@ validation_client_name "<%= validation_client_name %>"
 validation_key         "<%= validation_key %>"
 client_key             "<%= client_key %>"

-encrypted_data_bag_secret "<%= encrypted_data_bag_secret %>"
+encrypted_data_bag_secret <%= encrypted_data_bag_secret.inspect %>

 <% if environment %>
 environment        "<%= environment %>"
--- a/templates/provisioners/chef_solo/solo.erb
+++ b/templates/provisioners/chef_solo/solo.erb
@ -10,7 +10,7 @@ role_path <%= roles_path.inspect %>
 log_level <%= log_level.inspect %>
 verbose_logging    <%= verbose_logging.inspect %>

-encrypted_data_bag_secret "<%= encrypted_data_bag_secret %>"
+encrypted_data_bag_secret <%= encrypted_data_bag_secret.inspect %>

 <% if data_bags_path -%>
 data_bag_path <%= data_bags_path.inspect %>
--- a/test/unit/plugins/provisioners/chef/provisioner/base_test.rb
+++ b/test/unit/plugins/provisioners/chef/provisioner/base_test.rb
@ -33,7 +33,14 @@ describe VagrantPlugins::Chef::Provisioner::Base do
  end

  describe "#guest_encrypted_data_bag_secret_key_path" do
+    it "returns nil if host path is not configured" do
+      config.stub(:encrypted_data_bag_secret_key_path).and_return(nil)
+      config.stub(:provisioning_path).and_return("/tmp/foo")
+      expect(subject.guest_encrypted_data_bag_secret_key_path).to be_nil
+    end
+
    it "returns path under config.provisioning_path" do
+      config.stub(:encrypted_data_bag_secret_key_path).and_return("secret")
      config.stub(:provisioning_path).and_return("/tmp/foo")
      expect(File.dirname(subject.guest_encrypted_data_bag_secret_key_path)).
        to eq "/tmp/foo"