token auth does not handle a case of `vault_file` being a directory - Githubissues

ansible-collections / community.hashi_vault

Ansible collection for managing and working with HashiCorp Vault.

https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/index.html

GNU General Public License v3.0

80 stars 59 forks source link

token auth does not handle a case of `vault_file` being a directory #152

Closed briantist closed 2 years ago

briantist commented 2 years ago

SUMMARY

Will need to do a little more testing/evaluation, but it appears that there are two issues:

When token auth validation happens, and it looks for the token from disk (via token_path and token_file), if the token_file exists and is a directory, that condition is not properly handled and it raises an exception.
~The above seems to occur even when auth_method != token; which shouldn't be the case.~

Will confirm both cases and post a PR to fix.

ISSUE TYPE

Bug Report

COMPONENT NAME

module_utils/auth_methods

ANSIBLE VERSION

N/A

COLLECTION VERSION

1.3.2

CONFIGURATION

N/A

OS / ENVIRONMENT

N/A

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

briantist commented 2 years ago

I was not able to confirm the second point; that the issue occurs when auth_method != token. For me, that didn't seem to happen. That also matches the expectations of the code as written; can't find a way where that could have been the case.

I think something in my local environment where this popped up was obfuscating the fact that token auth was selected for.

However the main issue, which ultimately is an unhandled exception, is confirmed. If that code path is reached, it's already the last resort, and would have raised an exception anyway, it's just the wrong one.