Closed tonk closed 1 year ago
Hi @tonk !
This is possible with errors
parameter that's built in to every lookup in Ansible, see https://docs.ansible.com/ansible/latest/plugins/lookup.html
By setting errors='ignore'
(or errors='warn'
) the lookup will not fail, and you can pipe it to the default filter that way.
You might have to set the second parameter of the default filter to True for this to work.
Thanks, missed that. I'll give that a try.
Yes, this works. Thanks a lot!!
SUMMARY
We use the
vault_read
lookup plugin for retrieving passwords from our Vault. Our initial setup uses theroot
user with a default password. During the first provisioning run, the Ansible user is created with a new password and theroot
password is also changed. This means that a second run will fail.When I try to read the new path during the first run, I will get an error, because this does not exist (yet) and with a second run I cannot login, because the
root
password was changed.I would like to have an extra flag added to the lookup plugin
community.hashi_vault.vault_read
that allows for thedefault
filter, so that no exception is generated.ISSUE TYPE
COMPONENT NAME
The
community.hashi_vault.vault_read
lookup pluginADDITIONAL INFORMATION
At the bottom I would like to change:
into
This feature would solve the fact that I can retrieve the user and password from the Vault through the Inventory without running into exceptions when a path does not exist.