See chef/chef#3956 for some discussion
Running the nested-ubuntu-1604 TK test in the iptables cookbook shows an example of the failure:
chef-cookbooks/iptables#37 (comment)
All that zap 'sees' is the iptables_rule resource that is called in the outermost recipe context, the two resources that are created in the nested and the doubly_nested sub-resources are omitted.
Also note that if this bug gets fixed it would simplify zap's use case, since then all zap has to search for is a file or template resource in /etc/iptables.d -- since iptables_rule uses a template resource to place files in there, if zap can descend into sub-resource-collections then it picks that up automatically and there's no need to inject the wrapping resource type into the klass array in zap. The fact that you have to do that is symptomatic of a bug.
See chef/chef#3956 for some discussion
Running the nested-ubuntu-1604 TK test in the iptables cookbook shows an example of the failure:
chef-cookbooks/iptables#37 (comment)
All that zap 'sees' is the iptables_rule resource that is called in the outermost recipe context, the two resources that are created in the nested and the doubly_nested sub-resources are omitted.
Also note that if this bug gets fixed it would simplify zap's use case, since then all zap has to search for is a file or template resource in /etc/iptables.d -- since iptables_rule uses a template resource to place files in there, if zap can descend into sub-resource-collections then it picks that up automatically and there's no need to inject the wrapping resource type into the klass array in zap. The fact that you have to do that is symptomatic of a bug.