Chef provisioner key/value validation happens too early and out of order

[ghost]

This issue was originally opened by @heathsnow as hashicorp/packer#8002. It was migrated here as a result of the Packer plugin split. The original body of the issue is below.

---

• Packer version: 1.4.3 and 1.3.3 (maybe all versions?)
• Host platform: Ubuntu
• Debug log output from PACKER_LOG=1 packer build template.json: https://gist.github.com/heathsnow/f8f4a3607d5caf158d9afca3398f3935

The provisioners documentation states that "The provisioners will be run in the order they are defined within the template.". I have a shell provisioner that creates the encrypted_data_bag_secret_path key value used by the chef-client provisioner.

However there seems to be some validation happening early on that checks to ensure the value entered for that key exists and it causes packer to fail with the error: "* Bad encrypted data bag secret '/etc/chef/encrypted_data_bag_secret': stat /etc/chef/encrypted_data_bag_secret: no such file or directory".

It doesn't exist because the shell provisioner right before the chef-client provisioner isn't getting a chance to run. I'd like to get my encrypted key from AWS Parameter Store with the shell script and then have the chef-client provisioner use it.

[nywilken]

With the archival of this repository all open issues will be marked as read-only. If you wish to further discuss this plugin or any of its open issues we invite you to open a discussion on the Packer community forum.

More details on the plugin archiving process for this provisioner can be found on the Plans to Archive Unmaintained Packer Provisioner Plugins blog post.