TerryHowe / ansible-modules-hashivault

Ansible module for Hashicorp Vault.
https://pypi.python.org/pypi/ansible-modules-hashivault
MIT License
454 stars 155 forks source link

hashivault_read_to_file MODULE FAILURE #271

Closed AndrewSav closed 4 years ago

AndrewSav commented 4 years ago

Running this in awx:

- hosts: localhost
  tasks:
  - name: test
    hashivault_read_to_file:
      secret: 'octomerge/homelab_packer_ubuntu-2004'
      key: 'vars.toml'
      dest: 'vars.toml'

Getting this:

task path: /tmp/awx_345_4w756tz1/project/test.yml:3
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773 && echo ansible-tmp-1595677673.2323604-6682-75077371670773="` echo /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773 `" ) && sleep 0'
Using module file /var/lib/awx/.ansible/plugins/modules/hashivault/hashivault_read_to_file.py
<localhost> PUT /var/lib/awx/.ansible/tmp/ansible-local-66198_zlwy4g/tmp_lwu1x1p TO /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/AnsiballZ_hashivault_read_to_file.py
<localhost> PUT /var/lib/awx/.ansible/tmp/ansible-local-66198_zlwy4g/tmpxu_sjue8 TO /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/args
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/ /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/AnsiballZ_hashivault_read_to_file.py /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/args && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/AnsiballZ_hashivault_read_to_file.py /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/args && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1595677673.2323604-6682-75077371670773/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": false,
    "module_stderr": "",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 0
}

Same secret / key works with hashivault_read. I was not able to get anything but MODULE FAILURE with empty output out of hashivault_read_to_file

AndrewSav commented 4 years ago

My guess why it failed would be that the content of the secret I'm trying to read is not base64 encoded. If that's the reason I suggest the following changes:

TerryHowe commented 4 years ago

Well, that is a particularly odd module because it uses the copy module.

TerryHowe commented 4 years ago

When I run with -v I get a message that says to use -vvv for full stack trace and it does work with -vvv:

The full traceback is:
Traceback (most recent call last):
  File "/home/terry/.venvs/hashivault/lib/python3.6/site-packages/ansible/executor/task_executor.py", line 146, in run
    res = self._execute()
  File "/home/terry/.venvs/hashivault/lib/python3.6/site-packages/ansible/executor/task_executor.py", line 645, in _execute
    result = self._handler.run(task_vars=variables)
  File "/home/terry/.venvs/hashivault/lib/python3.6/site-packages/ansible/plugins/action/hashivault_read_to_file.py", line 74, in run
    local_tmp.write(base64.b64decode(content))
  File "/home/terry/.venvs/hashivault/lib/python3.6/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
AndrewSav commented 4 years ago

I'm not sure where this message about -vvv comes from. I run it under awx and there is no such message. Having said that, it is possible to increase the log level in awx, it's just not obvious thing to do.

TerryHowe commented 4 years ago

I haven't messed with awx, but I've noticed with Tavis for example, I don't get all the messages I get when I run in a terminal session. I assume somewhere someone isn't routing stderr and it just gets lost.