lookup plugin not functioning

See original GitHub issue

Learning to use this great plugin. Not sure if im using it wrong or if there is a bug. Notice, im able to read the value when i use hashivault_read but not when i use the lookup('hashivault') method

ansible --version: 2.5.2 vault version: 0.10.1

Playbook:

tasks:

## USE hashivault_read module ## WORKS!
  - name: read value
    hashivault_read:
      secret: test
      key: password
    register: mypass

  - name: output pass
    debug:
      var: mypass

## USE lookup plugin ## DOES NOT WORK
  - name: look up value
    debug:
      msg: "{{ lookup('hashivault', 'test', 'password') }}"

Output:

TASK [read value] **************************
ok: [localhost]

TASK [output pass] *************************
ok: [localhost] =>
  mypass:
    changed: false
    failed: false
    rc: 0
    value: P@ssw0rd

TASK [look up value] ***********************
fatal: [localhost]: FAILED! =>
  msg: |-
    An unhandled exception occurred while running the lookup plugin 'hashivault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Error reading vault test/password: Exception: <HTML><HEAD>
                    <TITLE>Network Error</TITLE>
                    </HEAD>
                    <BODY>
                    <FONT face="Helvetica">
                    <big><strong></strong></big><br />
                    </FONT>
                    <blockquote>
                    <TABLE border=0 cellPadding=1 width="80%">
                    <TR><TD>
                    <FONT face="Helvetica">
                    <big>Network Error (dns_server_failure)</big>
                    <br />
                    <br />
                    </FONT>
                    </TD></TR>
                    <TR><TD>
                    <FONT face="Helvetica">
                    Please confirm you typed your URL correctly.<P> Your request could not be processed because an error occurred contacting the DNS server.
                    </FONT>
                    </TD></TR>
                    <TR><TD>
                    <FONT face="Helvetica">
                    The DNS server may be temporarily unavailable, or there could be a network problem.
                    </FONT>
                    </TD></TR>
                    <TR><TD>
                    <FONT face="Helvetica" SIZE=2>
                    <br />
                    For assistance, contact your network support team.
                    </FONT>
                    </TD></TR>
                    </TABLE>
                    </blockquote>
                    </FONT>

Also, just a comment on the documentation: looky: "{{lookup('hashivault', 'giant', 'foo')}}"

is looky a module you provide? If not, it was confusing to me and you may want to update to use a debug example instead.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:10 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
nferchcommented, Jun 27, 2018

This works for me as a workaround:

- debug: msg="Looking {{ lookup('hashivault', 'data/mysql/test_db', 'data')[\"value\"] }}"

1reaction
ecraycommented, May 15, 2018

I also am seeing issues with running on the Vault v.0.10 KV v2 changes:

    - debug: msg="Looking {{ lookup('hashivault', 'data/mysql/test_db', '') }}"

    - name: set password fact
      set_fact:
        mysql_pass: "{{ lookup('hashivault', 'data/mysql/test_db') }}"

    - name: show facts
      debug: var=mysql_pass.data.value

task path: vault_test.yml:13
ok: [localhost] => {
    "msg": "Looking {'data': {'value': 'PppaaaAsSSwWWooRRddD'}, 'metadata': {'created_time': '2018-04-27T22:50:44.148309991Z', 'deletion_time': '', 'destroyed': False, 'version': 2}}"
}

TASK [set password fact] ************************************************************************************************************
task path: vault_test.yml:15
ok: [localhost] => {
    "ansible_facts": {
        "mysql_pass": {
            "data": {
                "value": "PppaaaAsSSwWWooRRddD"
            },
            "metadata": {
                "created_time": "2018-04-27T22:50:44.148309991Z",
                "deletion_time": "",
                "destroyed": false,
                "version": 2
            }
        }
    },
    "changed": false
}

TASK [show facts] ************************************************************************************************************************
task path: vault_test.yml:19
ok: [localhost] => {
    "mysql_pass.data.value": "PppaaaAsSSwWWooRRddD"
}

Version 2 uses secret/data/mysql/test_db address but client can use old kv v1 style

vault kv get secret/mysql/test_db
====== Metadata ======
Key              Value
---              -----
created_time     2018-04-27T22:50:44.148309991Z
deletion_time    n/a
destroyed        false
version          2

==== Data ====
Key      Value
---      -----
value    PppaaaAsSSwWWooRRddD

Documented use case of hashivault fails when trying to lookup ‘value’ - debug: msg="Looking {{ lookup('hashivault', 'data/mysql/test_db', 'value') }}" Fails:

TASK [debug] *****************************************************************************************************************************
task path: vault_test.yml:13
fatal: [localhost]: FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'hashivault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Error reading vault data/mysql/test_db/value: Key value is not in secret data/mysql/test_db\n"
}

I believe it may be a bug with hvac than with ansible-modules-hashivault as it looks like hvac hasnt been updated in a while.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Error: Lookup plugin <plugin> not found · Issue #1017 - GitHub
Hi, I try to bring ansible-runner up for AWX. I rebuild the container with two extra pip packages: FROM quay.io/ansible/awx-ee:latest USER ...
Read more >
Lookup plugins - Ansible Documentation
Lookup plugins are an Ansible-specific extension to the Jinja2 templating language ... Lookups are executed with a working directory relative to the role...
Read more >
Troubleshooting lookup plug-ins - TechDocs - Broadcom Inc.
To troubleshoot lookup plug-in errors · Navigate to the · On the Enforce Server host, open the log file · Troubleshoot errors that...
Read more >
Ansible not picking up custom module - Stack Overflow
It's a lookup plugin (not a module), so it should go into a directory named lookup_plugins (not library ). Alternatively, add the path...
Read more >
Ansible 2 lookup plugin not found - Google Groups
I am trying to convert from ansible 1.9 to 2.0 and am getting a lookup plugin not found error. I have all of...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found