Improve behavior of chef_vault_item

* Check to see if we have a vault item before trying to laod it. * Only load chef-vault if we have a vault item to load * If we don't have a vault item, try loading a regular data bag instead
chef-boneyard · Mar 26, 2015 · 9622929 · 9622929 · mhenrixon · May 6, 2015
1 parent 09ff7ef
commit 9622929
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/libraries/chef_vault_item.rb b/libraries/chef_vault_item.rb
@@ -30,15 +30,16 @@ module ChefVaultItem
   # Falls back to normal data bag item loading if the item isn't actually a
   # vault item.
   def chef_vault_item(bag, item)
-    begin
-      require 'chef-vault'
-    rescue LoadError
-      Chef::Log.warn("Missing gem 'chef-vault', use recipe[chef-vault] to install it first.")
-    end
-
-    begin
+    if Chef::DataBag.load(bag).key?("#{item}_keys")
+      # We have a vault item
+      begin
+        require 'chef-vault'
+      rescue LoadError
+        raise("Missing gem 'chef-vault', use recipe[chef-vault] to install it first.")
+      end
       ChefVault::Item.load(bag, item)
-    rescue ChefVault::Exceptions::KeysNotFound, ChefVault::Exceptions::SecretDecryption
+    else
+      # We don't have a vault item, it must be a regular data bag
       Chef::DataBagItem.load(bag, item)
     end
   end