search

Azure / azure_preview_modules

Azure preview modules for Ansible
https://galaxy.ansible.com/azure/azure_preview_modules
43 stars 49 forks source link

Lookup not working on AzureChinaCloud #382

Open masterphenix opened 4 years ago

masterphenix commented 4 years ago

Hello, I tried using this lookup on a Vault created on AzureChinaCloud, but it fails with error "Invalid credentials provided".

Playbook :

- name: "Play with Azure Key Vault"
  connection: local
  hosts: localhost
  gather_facts: false

  tasks:
  - name: Look up Azure Key Vault secret
    vars:
      url: 'https://mytestvault.vault.azure.cn'
      secretname: 'mysecret'
      client_id: "{{ lookup('env','AZURE_CLIENT_ID') }}"
      secret: "{{ lookup('env','AZURE_SECRET') }}"
      tenant: "{{ lookup('env','AZURE_TENANT') }}"
    debug: msg="secret: {{ lookup('azure_keyvault_secret', secretname,vault_url=url, client_id=client_id, secret=secret, tenant_id=tenant) }}"

In order to pinpoint the root cause of this error, I slightly changed the code from :

    except AuthenticationError:
        raise AnsibleError('Invalid credentials provided')

to 

    except AuthenticationError as err:
        raise AnsibleError('Invalid credentials provided: ' + err.message)

Which results in :

$ AZURE_CLIENT_ID='xxx' AZURE_TENANT='yyy' AZURE_SECRET='zzz' ansible-playbook -i localhost, az_kv-secret.yml

PLAY [Play with Azure Key Vault] **********************************************************************************************************

TASK [Look up Azure Key Vault secret] **********************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'azure_keyvault_secret'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Invalid credentials provided: , AdalError: Get Token request returned http error: 400 and server response: {\"error\":\"invalid_request\",\"error_description\":\"AADSTS90002: Tenant 'yyy' not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct tenant ID. Check with your subscription administrator.\\r\\nTrace ID: e7929e78-7d1f-48de-a82c-dc8f1305a000\\r\\nCorrelation ID: f1e7867c-0f4d-4063-8185-c859aa6e1317\\r\\nTimestamp: 2020-05-26 12:29:37Z\",\"error_codes\":[90002],\"timestamp\":\"2020-05-26 12:29:37Z\",\"trace_id\":\"e7929e78-7d1f-48de-a82c-dc8f1305a000\",\"correlation_id\":\"f1e7867c-0f4d-4063-8185-c859aa6e1317\",\"error_uri\":\"https://login.microsoftonline.com/error?code=90002\"}"}

PLAY RECAP **********************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

It seems to me from the error above that the wrong Azure cloud is queried.