ansible-modules-hashivault
ansible-modules-hashivault copied to clipboard
TerryHowe
Creating approles is broken because of deprecated methods in hvac
This seems to be related to a lot of methods being deprecated as of HVAC 1.0. Revering to 0.11.2 fixes the issues.
We're creating approles with the following tasks:
hashivault_approle_role:
authtype: token
url: "{{ vault_url }}"
name: "{{ item.name }}"
token_policies: "{{ item.token_policies }}"
token_explicit_max_ttl: "{{ item.token_explicit_max_ttl | default('600') }}"
with_items: "{{ vault_auth_roles }}"
The error message is:
failed: [localhost] (item={'name': 'policy1', 'bound_claims': {'project_path': 'xx'}, 'token_policies': ['policy1']}) => {"ansible_loop_var": "item", "changed": false, "item": {"bound_claims": {"project_path": "xx"}, "name": "policy1", "token_policies": ["policy1"]}, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_hashivault_approle_role_payload_zc8rz6pj/ansible_hashivault_approle_role_payload.zip/ansible/modules/hashivault/hashivault_approle_role.py\", line 173, in hashivault_approle_role\n File \"/usr/local/lib/python3.8/dist-packages/hvac/v1/__init__.py\", line 112, in __getattr__\n return utils.getattr_with_deprecated_properties(\n File \"/usr/local/lib/python3.8/dist-packages/hvac/utils.py\", line 154, in getattr_with_deprecated_properties\n raise AttributeError(\nAttributeError: 'Client' has no attribute 'get_role'\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/home/xx/.ansible/tmp/ansible-tmp-1663598628.9708514-2559-179092349986148/AnsiballZ_hashivault_approle_role.py\", line 107, in <module>\n _ansiballz_main()\n File \"/home/xx/.ansible/tmp/ansible-tmp-1663598628.9708514-2559-179092349986148/AnsiballZ_hashivault_approle_role.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/xx/.ansible/tmp/ansible-tmp-1663598628.9708514-2559-179092349986148/AnsiballZ_hashivault_approle_role.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible.modules.hashivault.hashivault_approle_role', init_globals=dict(_module_fqn='ansible.modules.hashivault.hashivault_approle_role', _modlib_path=modlib_path),\n File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_hashivault_approle_role_payload_zc8rz6pj/ansible_hashivault_approle_role_payload.zip/ansible/modules/hashivault/hashivault_approle_role.py\", line 207, in <module>\n File \"/tmp/ansible_hashivault_approle_role_payload_zc8rz6pj/ansible_hashivault_approle_role_payload.zip/ansible/modules/hashivault/hashivault_approle_role.py\", line 120, in main\n File \"/tmp/ansible_hashivault_approle_role_payload_zc8rz6pj/ansible_hashivault_approle_role_payload.zip/ansible/module_utils/hashivault.py\", line 127, in wrapper\n File \"/tmp/ansible_hashivault_approle_role_payload_zc8rz6pj/ansible_hashivault_approle_role_payload.zip/ansible/modules/hashivault/hashivault_approle_role.py\", line 176, in hashivault_approle_role\n File \"/usr/local/lib/python3.8/dist-packages/hvac/v1/__init__.py\", line 112, in __getattr__\n return utils.getattr_with_deprecated_properties(\n File \"/usr/local/lib/python3.8/dist-packages/hvac/utils.py\", line 154, in getattr_with_deprecated_properties\n raise AttributeError(\nAttributeError: 'Client' has no attribute 'create_role'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
okay, thanks. I'm not going to have the bandwidth for this any time real soon though
