- name: Write a value to the cubbyhole via the remote host with userpass auth
community.hashi_vault.vault_write:
url: http://localhost:1234
path: test/mysecret
data:
key1: val1
key2: val2
auth_method: token
token: myroot
EXPECTED RESULTS
To work same as with engine kv v1.
ACTUAL RESULTS
Following is the result if the path does not contain /data/
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_community.hashi_vault.vault_write_payload_6ivp1ah_/ansible_community.hashi_vault.vault_write_payload.zip/ansible_collections/community/hashi_vault/plugins/modules/vault_write.py", line 143, in run_module
File "/usr/local/lib/python3.8/dist-packages/hvac/v1/__init__.py", line 269, in write
return self._adapter.post(
File "/usr/local/lib/python3.8/dist-packages/hvac/adapters.py", line 126, in post
return self.request("post", url, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/hvac/adapters.py", line 364, in request
response = super(JSONAdapter, self).request(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/hvac/adapters.py", line 330, in request
utils.raise_for_error(
File "/usr/local/lib/python3.8/dist-packages/hvac/utils.py", line 43, in raise_for_error
raise exceptions.InvalidPath(message, errors=errors, method=method, url=url)
hvac.exceptions.InvalidPath: {"request_id":"f6117bb5-ca83-361f-575a-33a06781bddf","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation."],"auth":null}, on post http://localhost:1234/v1/test/mysecret
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"auth_method": "token",
"aws_access_key": null,
"aws_iam_server_id": null,
"aws_profile": null,
"aws_secret_key": null,
"aws_security_token": null,
"ca_cert": true,
"cert_auth_private_key": null,
"cert_auth_public_key": null,
"data": {
"key1": "val1",
"key2": "val2"
},
"jwt": null,
"mount_point": null,
"namespace": null,
"password": null,
"path": "test/mysecret",
"proxies": null,
"region": null,
"retries": null,
"retry_action": "warn",
"role_id": null,
"secret_id": null,
"timeout": null,
"token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"token_file": ".vault-token",
"token_path": "/home/ubuntu",
"token_validate": true,
"url": "http://localhost:1234",
"username": null,
"validate_certs": null,
"wrap_ttl": null
}
},
"msg": "The path 'test/mysecret' doesn't seem to exist."
}
And this is the output when /data/ is in the path.
The full traceback is:
Traceback (most recent call last):
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1648810709.482914-188483715772837/AnsiballZ_vault_write.py", line 102, in <module>
_ansiballz_main()
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1648810709.482914-188483715772837/AnsiballZ_vault_write.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1648810709.482914-188483715772837/AnsiballZ_vault_write.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible_collections.community.hashi_vault.plugins.modules.vault_write', init_globals=None, run_name='__main__', alter_sys=True)
File "/usr/lib/python3.8/runpy.py", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib/python3.8/runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/tmp/ansible_community.hashi_vault.vault_write_payload_88ui8vo0/ansible_community.hashi_vault.vault_write_payload.zip/ansible_collections/community/hashi_vault/plugins/modules/vault_write.py", line 174, in <module>
File "/tmp/ansible_community.hashi_vault.vault_write_payload_88ui8vo0/ansible_community.hashi_vault.vault_write_payload.zip/ansible_collections/community/hashi_vault/plugins/modules/vault_write.py", line 170, in main
File "/tmp/ansible_community.hashi_vault.vault_write_payload_88ui8vo0/ansible_community.hashi_vault.vault_write_payload.zip/ansible_collections/community/hashi_vault/plugins/modules/vault_write.py", line 143, in run_module
File "/usr/local/lib/python3.8/dist-packages/hvac/v1/__init__.py", line 269, in write
return self._adapter.post(
File "/usr/local/lib/python3.8/dist-packages/hvac/adapters.py", line 126, in post
return self.request("post", url, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/hvac/adapters.py", line 364, in request
response = super(JSONAdapter, self).request(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/hvac/adapters.py", line 330, in request
utils.raise_for_error(
File "/usr/local/lib/python3.8/dist-packages/hvac/utils.py", line 37, in raise_for_error
raise exceptions.InvalidRequest(message, errors=errors, method=method, url=url)
hvac.exceptions.InvalidRequest: no data provided, on post http://localhost:1234/v1/test/data/mysecret
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/home/ubuntu/.ansible/tmp/ansible-tmp-1648810709.482914-188483715772837/AnsiballZ_vault_write.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/ubuntu/.ansible/tmp/ansible-tmp-1648810709.482914-188483715772837/AnsiballZ_vault_write.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/ubuntu/.ansible/tmp/ansible-tmp-1648810709.482914-188483715772837/AnsiballZ_vault_write.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.community.hashi_vault.plugins.modules.vault_write', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_community.hashi_vault.vault_write_payload_88ui8vo0/ansible_community.hashi_vault.vault_write_payload.zip/ansible_collections/community/hashi_vault/plugins/modules/vault_write.py\", line 174, in <module>\n File \"/tmp/ansible_community.hashi_vault.vault_write_payload_88ui8vo0/ansible_community.hashi_vault.vault_write_payload.zip/ansible_collections/community/hashi_vault/plugins/modules/vault_write.py\", line 170, in main\n File \"/tmp/ansible_community.hashi_vault.vault_write_payload_88ui8vo0/ansible_community.hashi_vault.vault_write_payload.zip/ansible_collections/community/hashi_vault/plugins/modules/vault_write.py\", line 143, in run_module\n File \"/usr/local/lib/python3.8/dist-packages/hvac/v1/__init__.py\", line 269, in write\n return self._adapter.post(\n File \"/usr/local/lib/python3.8/dist-packages/hvac/adapters.py\", line 126, in post\n return self.request(\"post\", url, **kwargs)\n File \"/usr/local/lib/python3.8/dist-packages/hvac/adapters.py\", line 364, in request\n response = super(JSONAdapter, self).request(*args, **kwargs)\n File \"/usr/local/lib/python3.8/dist-packages/hvac/adapters.py\", line 330, in request\n utils.raise_for_error(\n File \"/usr/local/lib/python3.8/dist-packages/hvac/utils.py\", line 37, in raise_for_error\n raise exceptions.InvalidRequest(message, errors=errors, method=method, url=url)\nhvac.exceptions.InvalidRequest: no data provided, on post http://localhost:1234/v1/test/data/mysecret\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
SUMMARY
Tried to write to engine kv v2 but without success. It works properly against kv v1 and cubbyhole.
ISSUE TYPE
COMPONENT NAME
module vault_write.py
ANSIBLE VERSION
COLLECTION VERSION
OS / ENVIRONMENT
Vault 1.8.2
STEPS TO REPRODUCE
EXPECTED RESULTS
To work same as with engine kv v1.
ACTUAL RESULTS
Following is the result if the path does not contain /data/
And this is the output when /data/ is in the path.