ssl_certificate-cookbook icon indicating copy to clipboard operation
ssl_certificate-cookbook copied to clipboard

Published 20 hours ago verified publisher icon zuazo

ssl_certificate resource fires notifications when resource is not executed

Open jayhendren opened this issue 7 years ago • 0 comments

ssl_certificate 2.1.0 running on Chef 12.21.20.

Minimum verifiable example:

node.default['example.com']['ssl_cert']['source'] = 'self-signed'
node.default['example.com']['ssl_key']['source'] = 'self-signed'

ssl_certificate 'example.com' do
  common_name 'example.com'
  namespace node['example.com']
  notifies :run, 'ruby_block[foo]', :delayed
  not_if { true }
end

ruby_block 'foo' do
  block { nil }
  action :nothing
end

In theory, the ruby_block should never execute. It has action :nothing, and although it's triggered via notification from ssl_certificate, ssl_certificate has not_if { true }. However, we can see from a chef-client run that ssl_certificate does not run (skipped due to not_if) but the notification is fired off anyway and the ruby_block is executed:

       Compiling Cookbooks...
       [2018-02-21T12:00:22-07:00] INFO: HTTP Request Returned 404 Not Found: Object not found: 
       Converging 2 resources
       Recipe: ssl_certificate_test::default
         * ssl_certificate[example.com] action create[2018-02-21T12:00:22-07:00] INFO: Processing ssl_certificate[example.com] action create (ssl_certificate_test::default line 4)
        (skipped due to not_if)
         * ruby_block[foo] action nothing[2018-02-21T12:00:22-07:00] INFO: Processing ruby_block[foo] action nothing (ssl_certificate_test::default line 11)
        (skipped due to action :nothing)
       [2018-02-21T12:00:22-07:00] INFO: ssl_certificate[example.com] sending run action to ruby_block[foo] (delayed)
         * ruby_block[foo] action run[2018-02-21T12:00:22-07:00] INFO: Processing ruby_block[foo] action run (ssl_certificate_test::default line 11)
       [2018-02-21T12:00:22-07:00] INFO: ruby_block[foo] called
       
           - execute the ruby block foo
       [2018-02-21T12:00:22-07:00] INFO: Chef Run complete in 21.660891891 seconds
       
       Running handlers:
       [2018-02-21T12:00:23-07:00] INFO: Running report handlers
       Running handlers complete
       [2018-02-21T12:00:23-07:00] INFO: Report handlers complete
       Chef Client finished, 1/3 resources updated in 23 seconds

Using action :nothing instead of not_if { true } displays similar erroneous behavior:

       Compiling Cookbooks...
       [2018-02-21T12:08:05-07:00] INFO: HTTP Request Returned 404 Not Found: Object not found: 
       Converging 2 resources
       Recipe: ssl_certificate_test::default
         * ssl_certificate[example.com] action nothing[2018-02-21T12:08:05-07:00] INFO: Processing ssl_certificate[example.com] action nothing (ssl_certificate_test::default line 4)
        (skipped due to action :nothing)
         * ruby_block[foo] action nothing[2018-02-21T12:08:05-07:00] INFO: Processing ruby_block[foo] action nothing (ssl_certificate_test::default line 11)
        (skipped due to action :nothing)
       [2018-02-21T12:08:05-07:00] INFO: ssl_certificate[example.com] sending run action to ruby_block[foo] (delayed)
         * ruby_block[foo] action run[2018-02-21T12:08:05-07:00] INFO: Processing ruby_block[foo] action run (ssl_certificate_test::default line 11)
       [2018-02-21T12:08:05-07:00] INFO: ruby_block[foo] called
       
           - execute the ruby block foo
       [2018-02-21T12:08:05-07:00] INFO: Chef Run complete in 1.59575882 seconds
       
       Running handlers:
       [2018-02-21T12:08:05-07:00] INFO: Running report handlers
       Running handlers complete
       [2018-02-21T12:08:05-07:00] INFO: Report handlers complete
       Chef Client finished, 1/3 resources updated in 03 seconds
       Finished converging <default-cub-rh7> (0m6.62s).

Compare this to the following similar recipe that uses a second ruby_block instead of ssl_certificate, where the notification is well-behaved, and no notification is fired and neither resource executes:

ruby_block 'bar' do
  block { nil }
  notifies :run, 'ruby_block[foo]', :delayed
  not_if { true }
end

ruby_block 'foo' do
  block { nil }
  action :nothing
end

       Compiling Cookbooks...
       [2018-02-21T12:05:18-07:00] INFO: HTTP Request Returned 404 Not Found: Object not found: 
       Converging 2 resources
       Recipe: ssl_certificate_test::default
         * ruby_block[bar] action run[2018-02-21T12:05:18-07:00] INFO: Processing ruby_block[bar] action run (ssl_certificate_test::default line 1)
        (skipped due to not_if)
         * ruby_block[foo] action nothing[2018-02-21T12:05:18-07:00] INFO: Processing ruby_block[foo] action nothing (ssl_certificate_test::default line 7)
        (skipped due to action :nothing)
       [2018-02-21T12:05:18-07:00] INFO: Chef Run complete in 21.50287029 seconds
       
       Running handlers:
       [2018-02-21T12:05:18-07:00] INFO: Running report handlers
       Running handlers complete
       [2018-02-21T12:05:18-07:00] INFO: Report handlers complete
       Chef Client finished, 0/2 resources updated in 23 seconds
       Finished converging <default-cub-rh7> (0m26.52s).

jayhendren avatar Feb 21 '18 19:02 jayhendren