Merge pull request #2999 from chef/pr-2988

Pr 2988

2 files changed, 16 insertions, 1 deletions

diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb
index f23c15fa70..e168a6bd9b 100644
--- a/lib/chef/knife/bootstrap.rb
+++ b/lib/chef/knife/bootstrap.rb
@@ -313,7 +313,8 @@ class Chef
 
         # chef-vault integration must use the new client-side hawtness, otherwise to use the
         # new client-side hawtness, just delete your validation key.
-        if chef_vault_handler.doing_chef_vault? || !File.exist?(File.expand_path(Chef::Config[:validation_key]))
+        if chef_vault_handler.doing_chef_vault? || 
+            (Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key])))
           client_builder.run
 
           chef_vault_handler.run(node_name: config[:chef_node_name])
diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb
index 5a2e1f1c96..848af11db5 100644
--- a/spec/unit/knife/bootstrap_spec.rb
+++ b/spec/unit/knife/bootstrap_spec.rb
@@ -593,6 +593,20 @@ describe Chef::Knife::Bootstrap do
         knife.run
       end
     end
+
+    context "when the validation_key is nil" do
+      before do
+        # this tests runs the old code path where we have a validation key, so we need to pass that check for some plugins
+        Chef::Config[:validation_key] = nil
+      end
+
+      it "creates the client and does not run client_builder or the chef_vault_handler" do
+        expect(knife_ssh).to receive(:run)
+        expect(knife.client_builder).not_to receive(:run)
+        expect(knife.chef_vault_handler).not_to receive(:run)
+        knife.run
+      end
+    end
   end
 
   describe "specifying ssl verification" do