Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test play using vault plugin fails #66

Open
bru2code opened this issue Feb 16, 2018 · 1 comment
Open

Test play using vault plugin fails #66

bru2code opened this issue Feb 16, 2018 · 1 comment

Comments

@bru2code
Copy link

bru2code commented Feb 16, 2018
edited
Loading

Hi,

Trailing this and it seem to be failing with below error message, when using with vault.

script ran snip below

`
curl -s -X GET -H "X-Vault-Token:$VAULT_TOKEN"
https://$VAULT_ADDR/v1/secret/hello
| jq .data.bar
"baz"

ansible-playbook plugin_test.yml
[WARNING]: provided hosts list is empty, only localhost is available

PLAY [localhost] ****************************************************************************************************************************************************************************************************************************

TASK [Get a secret from Vault] **************************************************************************************************************************************************************************************************************
Friday 16 February 2018 12:07:27 +0000 (0:00:00.115) 0:00:00.115 *******
fatal: [localhost]: FAILED! => {"failed": true, "msg": "An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Unable to retrieve personal token from vault: unknown url type: v1/auth/approle/login"}
[WARNING]: Failure using method (v2_runner_on_failed) in callback plugin (</usr/lib/python2.7/site-packages/ansible/plugins/callback/mail.CallbackModule object at 0x30d9e10>): [Errno 113] No route to host

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1

`

Playbook

``

  • hosts: localhost
    connection: local
    gather_facts: False
    vars:
    • vault_skip_verify: true
      tasks:
    • name: Get a secret from Vault
      debug: msg="{{ lookup('vault', 'secret/hello', 'bar') }}"
    • name: Get a secret from using with_vault
      debug: msg="{{ item.bar }}"
      with_vault:
      • secret/hello
        ``

script with playbook invocation

``
export VAULT_ADDR='vault.apps.ocpt.local'
export ANSIBLE_HASHICORP_VAULT_ROLE_ID=${ROLE_ID}
echo ${ANSIBLE_HASHICORP_VAULT_ROLE_ID}
export ANSIBLE_HASHICORP_VAULT_SECRET_ID=${SECRET_ID}
echo ${ANSIBLE_HASHICORP_VAULT_SECRET_ID}
curl -s -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"bar":"baz"}'
https://$VAULT_ADDR/v1/secret/hello

curl -s -X GET -H "X-Vault-Token:$VAULT_TOKEN"
https://$VAULT_ADDR/v1/secret/hello
| jq .data.bar

ansible-playbook plugin_test.yml
``
Actual curl displays the secret as you can see in error, however the play fails !
@jhaals
Copy link
Owner

jhaals commented Mar 27, 2018

Hi, thanks for submitting this, there's currently no tests for fetching secrets using approle as authentication method. We'll have to add some tests to ensure that it works in it's current form, looks like there's something wrong with how the URL is constructed by reading your error message No route to host

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhaals @bru2code