search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
835 stars 1.53k forks source link

credstash lookup plugin examples are incorrect #5141

Open hmoffatt opened 2 years ago

hmoffatt commented 2 years ago

Summary

The example uses of the community.general.credstash lookup are incorrect; it does not accept a parameter named context, but uses **kwarg.

  - name: "Test credstash lookup plugin -- get the password with a context passed as a variable"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', context=context) }}"

should be:

  - name: "Test credstash lookup plugin -- get the password with a context passed as a variable"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', **context) }}"

and

  - name: "Test credstash lookup plugin -- get the password with a context defined here"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', context=dict(app='my_app', environment='production')) }}"

should be

  - name: "Test credstash lookup plugin -- get the password with a context defined here"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', app='my_app', environment='production') }}"

Issue Type

Bug Report

Component Name

community.general.credstash

Ansible Version

$ ansible --version
ansible [core 2.13.1]
  config file = /home/hamish/dev/ansible/ansible.cfg
  configured module search path = ['/home/hamish/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/hamish/dev/ansible/.pyvenv/lib/python3.9/site-packages/ansible
  ansible collection location = /home/hamish/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/hamish/dev/ansible/.pyvenv/bin/ansible
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
  jinja version = 3.0.1
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

# /home/hamish/dev/ansible/.pyvenv/lib/python3.9/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 5.0.2

Configuration

$ ansible-config dump --only-changed
DEFAULT_HOST_LIST(/home/hamish/dev/ansible/ansible.cfg) = ['/home/hamish/dev/ansible/hosts.ini']
INTERPRETER_PYTHON(/home/hamish/dev/ansible/ansible.cfg) = auto

OS / Environment

Debian bullseye

Steps to Reproduce

Mostly, code review. But you'll need to set up credstash with a secret using an encryption context. Then a playbook as per the documentation.

Expected Results

Secret should be fetched.

Actual Results

Exception is thrown due to the invalid context variable.

fatal: [vm-dbx]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'community.general.credstash'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Encountered exception while fetching some-password: Parameter validation failed:\nInvalid type for parameter EncryptionContext.context, value: {'app': 'my_app', 'environment': 'production'}, type: <class 'dict'>, valid types: <class 'str'>. Encountered exception while fetching some-password: Parameter validation failed:\nInvalid type for parameter EncryptionContext.context, value: {'app': 'my_app', 'environment': 'production'}, type: <class 'dict'>, valid types: <class 'str'>"}

Code of Conduct

ansibullbot commented 2 years ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help