hashivault_secret fails to delete secret permanently if latest version was deleted

[pezhovski]

Hello, thank you for your work, this is nice module we are using for some time.

Recently I've encountered the following problem while using hashivault_secret At first I was trying to delete my secret in kv-v2 secret engine without defining permanent option and it deleted last version as far as i'm understand. Then I tried to delete the secret entirely with permanent: true and it finished successfully but nothing happened, in logs I've found this Secret my/secret nonexistent

Seems to me it happens because of this check https://github.com/TerryHowe/ansible-modules-hashivault/blob/main/ansible/modules/hashivault/hashivault_secret.py#L94 client.secrets.kv.v2.read_secret_version(secret, mount_point=mount_point) tries to get latest version, which does not exist already and fails

[TerryHowe]

What are your thoughts on how this should be handled? I'm not sure if permanent should be treated like a force.

[pezhovski]

Maybe it would be better to request for secret metadata and additionally check for version (when version is passed as parameter to the module), and read secret data after this whole try section