azure
azure copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
azure_keyvault_secret lookup does not work with USGovCloud
SUMMARY
The azure_keyvault_secret lookup does not work with USGovCloud, presumably because the resource url is hard-coded to https://vault.azure.net.
https://github.com/ansible-collections/azure/blob/591655247667adc6ee3adad8639220fd17316a7d/plugins/lookup/azure_keyvault_secret.py#L132
After manually modifying this to https://vault.usgovcloudapi.net, my lookup works.
ISSUE TYPE
- Bug Report
COMPONENT NAME
azure_keyvault_secret
ANSIBLE VERSION
ansible [core 2.14.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/net_home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.11/site-packages/ansible
ansible collection location = /net_home/ansible/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.11.2 (main, Jun 6 2023, 07:39:01) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/usr/bin/python3.11)
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /net_home/ansible/.ansible/collections/ansible_collections
Collection Version
------------------ -------
azure.azcollection 1.16.0
CONFIGURATION
CONFIG_FILE() = /etc/ansible/ansible.cfg
OS / ENVIRONMENT
RHEL8 VM in Azure USGovCloud (USGovVirginia)
STEPS TO REPRODUCE
- name: Look up secret when ansible host is MSI enabled Azure VM
debug:
msg: "the value of this secret is {{
lookup(
'azure.azcollection.azure_keyvault_secret',
'mysecret',
vault_url='https://<vaultname>.vault.usgovcloudapi.net'
)
}}"
EXPECTED RESULTS
ok: [localhost] =>
msg: the value of this secret is myvalue
ACTUAL RESULTS
fatal: [localhost]: FAILED! =>
msg: 'An unhandled exception occurred while running the lookup plugin ''azure.azcollection.azure_keyvault_secret''. Error was a <class ''ansible.errors.AnsibleError''>, original message: Failed to fetch secret mysecret.. Failed to fetch secret mysecret.'
