Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set insecure_addon_compat to true by default #1174

Merged
merged 1 commit into from
Mar 24, 2017
Merged

Set insecure_addon_compat to true by default #1174

merged 1 commit into from
Mar 24, 2017

Conversation

stevendanna
Copy link
Contributor

This change has the potential to break a lot of existing automation.
Setting this to true for now will give users time to update.

Signed-off-by: Steven Danna [email protected]

@stevendanna
Set insecure_addon_compat to true by default
ec85963 
This change has the potential to break a lot of existing automation.
Setting this to true for now will give users time to update.

Signed-off-by: Steven Danna <[email protected]>
marcparadise
marcparadise reviewed Mar 23, 2017
View reviewed changes
omnibus/files/private-chef-cookbooks/private-chef/libraries/private_chef.rb
@@ -571,7 +571,8 @@ def warn_if_cred_mismatch(opts)
#
def save_credentials_to_config
credentials.legacy_credentials_hash.each do |service, creds|
next if service == "chef-server"
# Ignore secrets added by add-ons and the keys
next if PrivateChef[service].nil?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this do the right thing for opscode-erchef vs opscode_erchef?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think any problems with that need to be cleared up before we get here, otherwise it would blow up with a NoMethodError [] on NilClass. However, this is a good thing to double check on.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marcparadise I've discussed and double-checked this with @stevendanna, it's catching a bug we had earlier when you'd do the following:

  1. install (a current package of) chef-server, set insecure_addon_compat true, reconfigure
  2. install a current addon, run its reconfigure
  3. run chef-server-ctl reconfigure again

it would then try to ingest all the secrets from veil into PrivateChef (to end up writing them to running.json), and it would fail when a service didn't exist with a key in PrivateChef.

@srenatus srenatus mentioned this pull request Mar 23, 2017
Merged
@srenatus srenatus merged commit 4f1fef6 into master Mar 24, 2017
@srenatus srenatus deleted the ssd/default-to-backcompat branch March 24, 2017 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcparadise marcparadise marcparadise approved these changes

@srenatus srenatus srenatus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stevendanna @srenatus @marcparadise