How to provide a condition within Chef recipe to see if it running under test kitchen?

Question

I am using encrypted data bags within Chef and I want to add a condition within my Chef recipe as follows:

If (test kitchen) then
  encryptkey = data_bag_item("tokens", "encryptkey")

If ( not test kitchen ) then
  secret = Chef::EncryptedDataBagItem.load_secret("/etc/chef/encrypted_data_bag_secret")
  encryptkey = Chef::EncryptedDataBagItem.load("tokens", "encryptkey", secret)

I have added data_bags_path and encrypted_data_bag_secret_key_path within kitchen.yml as follows:

provisioner:
  name: chef_zero
  chef_omnibus_url: omni-url/chef/install.sh
  roles_path: 'test/integration/default/roles'
  data_bags_path: "test/integration/default/data_bags"
  encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret"

See https://github.com/test-kitchen/test-kitchen/issues/458 for chef's official non-answer. — chicks, Apr 17 '18 at 21:02

Shamik · Answer 1 · 2016-07-18T06:07:11.503

2

Use the attributes in your kitchen.yaml.

  suites:
  - name: default
    data_bags_path: 'databags'
    run_list:
      - recipe[x::y]
    attributes: {'kitchen' : 'true' }

Inside your recipe put if condition using the value of node['chef-mode'].

if node['kitchen'] == 'true'
    #something
else
   #else 
end

edited Jul 18 '16 at 06:07

answered Jul 18 '16 at 05:52

Shamik

1,591
2
16
36

score 0 · Answer 2 · answered Jul 10 '16 at 15:29

0

Just use data_bag_item("tokens", "encryptkey") for both. It will take care of decryption for you automatically.

answered Jul 10 '16 at 15:29

coderanger

52,400
4
52
75

But, if it is not kitchen test and the recipe is running directly on the server node, then how the node will know about the secret encryption key. Remember, in case of kitchen test I specifying the encryption key as `encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret"` within `kitchen.yml ` – meallhour Jul 10 '16 at 17:53
1

The path to the secret is configured in your `client.rb` but what you have there is the default I'm pretty sure. Chef handles loading the secret for you internally. – coderanger Jul 10 '16 at 19:28
I am getting this error `ERROR: No secret specified and no secret found at /etc/chef/encrypted_data_bag_secret` when I use `data_bag_item("tokens", "encryptkey")` – meallhour Jul 11 '16 at 15:56
do you think i should do `data_bag_item("tokens", "encryptkey", "secret")` instead? – meallhour Jul 11 '16 at 16:47
Is your secret in that file? If not, put it there. – coderanger Jul 12 '16 at 01:24

How to provide a condition within Chef recipe to see if it running under test kitchen?

2 Answers2

Linked