community.hashi_vault icon indicating copy to clipboard operation
community.hashi_vault copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Config via Ansible vars not resolving templating

Open onefourfive opened this issue 7 months ago • 1 comments

SUMMARY

When I set ansible_hashi_vault_ variables as below, they are taken literally and not templated:

ansible_hashi_vault_url: "{{ vault_fqdn }}"
ansible_hashi_vault_token_path: "{{ lookup('env', 'HOME') }}/.vault-ansible/"
ansible_hashi_vault_token_file: "token-{{ zone }}"

In a case where all but url is specified as lookup keywords, and we intentionally omit the scheme, you can see the templating makes it into the error message:

localhost | FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.hashi_vault'. 
Error was a <class 'requests.exceptions.MissingSchema'>, original message: 
Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?. 
Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?"
}
ISSUE TYPE
  • Bug Report
COMPONENT NAME

hashi_vault

ANSIBLE VERSION
ansible [core 2.17.1]
  config file = /home/iivv/vault-tools/vault-ansible/ansible.cfg
  configured module search path = ['/home/iivv/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/iivv/.virtualenvs/vault-ansible/lib/python3.12/site-packages/ansible
  ansible collection location = /home/iivv/vault-tools/vault-ansible/collections
  executable location = /home/iivv/.virtualenvs/vault-ansible/bin/ansible
  python version = 3.12.3 (main, Apr 10 2024, 05:33:47) [GCC 13.2.0] (/home/iivv/.virtualenvs/vault-ansible/bin/python)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
Collection            Version
--------------------- -------
community.hashi_vault 6.2.0
CONFIGURATION
n/a
OS / ENVIRONMENT

n/a

STEPS TO REPRODUCE
  1. Create a vars file specifying config with templating.
  2. Try to perform a lookup without specifying config keywords.
EXPECTED RESULTS

Templating should work so that I can work with different vault clusters and configs in a playbook run as necessary.

ACTUAL RESULTS

Errors result from template attempts. Only literal values are used.

localhost | FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.hashi_vault'. Error was a <class 'requests.exceptions.MissingSchema'>, original message: Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?. Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?"
}

onefourfive avatar Jul 24 '24 23:07 onefourfive