hashivault_db_secret_engine_config error using vault server 1.12.x and 1.13.x

TerryHowe / ansible-modules-hashivault

Ansible module for Hashicorp Vault.

https://pypi.python.org/pypi/ansible-modules-hashivault

MIT License

454 stars 158 forks source link

hashivault_db_secret_engine_config error using vault server 1.12.x and 1.13.x #442

Closed ghost closed 1 year ago

ghost commented 1 year ago

Hi @TerryHowe I upgrade vault server from 1.9.2 up to 1.13.2 but had to downgrade to 1.11.10 because hashi_vault module got an error using this ansible module scpecific: hashivault_db_secret_engine_config

i'm using:

Collection Version community.hashi_vault 4.2.0

And locals

/collections/ansible_collections Collection Version community.hashi_vault 1.1.3

The ouput error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: '**plugin_version**'
fatal: [localhost]: FAILED! => changed=false
  module_stderr: |-
    Traceback (most recent call last):

In the API doc for 1.12.x and 1.13.x version appears this new Key: plugin_version , in the 1.11.x not exist this new key.

https://developer.hashicorp.com/vault/api-docs/secret/databases

the strange thing is in the document say "optional" not required.

any idea to when implement or update this module ?

thanks in advance

TerryHowe commented 1 year ago

Tests run with latest, so I'm a bit surprised you are seeing this although there were some changes recently in that area I think

TerryHowe commented 1 year ago

I just kicked off the automated functional tests to see if anything shows up.

TerryHowe commented 1 year ago

Yeh, tests completely pass with latest which is 1.13.2 although there might not be test coverage for this.

Roxyrob commented 1 year ago

Hi there, some news on this ? I had the same issue. I urgently need to perform vault upgrade (need new functionality) and cannot do that without losing possibility to use Hashivault ansible tasks.

TerryHowe commented 1 year ago

I'm not sure I'm reading this right, but does plugin_version need to be added https://github.com/TerryHowe/ansible-modules-hashivault/blob/main/ansible/modules/hashivault/hashivault_db_secret_engine_config.py#L84 like it is a new manditory key?

ghost commented 1 year ago

Hi @TerryHowe

yes, plugin_version seams mandatory

vault api doc: https://developer.hashicorp.com/vault/api-docs/secret/databases

[plugin_version](https://developer.hashicorp.com/vault/api-docs/secret/databases#plugin_version) (string: "") - Specifies the semantic version of the plugin to use for this connection.

if you can change the code in the module in testing I can test to see if the error goes away.

Roxyrob commented 1 year ago

Hi @TerryHowe, some news on this ?

rtudo commented 1 year ago

quickly copy pasted to get this working in my local.

https://github.com/TerryHowe/ansible-modules-hashivault/pull/444

ps - One can update the same changes in their local ansible modules file and unblock themselves

ghost commented 1 year ago

Hi @TerryHowe thanks i saw the new version 5.1.1 and test it, now works fine thanks for the effort, thanks to you too @rtudo