I am trying to amend secrets stored in a Hashicorp Vault server using ansible. To do this I need to pull the current secrets from the server with a rest call, combine the two dictionaries containing the old secrets data and the new data, and then make another rest call to post the changes.
Some of the secrets that are being received from the Vault server contains special characters that are causing errors (in my case a ']') after combining the two dictionaries. It seems as Ansible is combining the two dictionaries correctly but will cause an error when the new fact is called.
I am trying to amend secrets stored in a Hashicorp Vault server using ansible. To do this I need to pull the current secrets from the server with a rest call, combine the two dictionaries containing the old secrets data and the new data, and then make another rest call to post the changes.
Some of the secrets that are being received from the Vault server contains special characters that are causing errors (in my case a ']') after combining the two dictionaries. It seems as Ansible is combining the two dictionaries correctly but will cause an error when the new fact is called.
Error:
{"failed": true, "msg": "{u'oracle': u'[V/2R?-|U[xz5ZKCnPGr', u'item2': u'next item', u'password': u'y#Vfd16X0uCrQ{%]c;1!', u'item1': u'new item', u'user': u'oracle'}: template error while templating string: unexpected ']'. String: y#Vfd16X0uCrQ{%]c;1!"}
Playbook: `- hosts: vm_mgr vars: list1: item1: "new item" item2: "next item" tasks:
uri: url: "http://127.0.0.1:8200/v1/secret/path/{{ ansible_hostname }}" headers: X-Vault-Token: "{{ vault_token }}" register: secret_out
debug: msg: "{{ secret_out }}"
set_fact: secret_in: "{{ secret_out.json.data | combine(list1)}}"
uri: url: "http://127.0.0.1:8200/v1/secret/path/{{ ansible_hostname }}" headers: X-Vault-Token: "{{ vault_token }}" Content-Type: 'application/json' method: POST body: "{{ secret_in }}" body_format: json status_code: 204`
Output: `PLAYBOOK: test_playbook.yaml *** 1 plays in test_playbook.yaml
PLAY [vm_mgr] **
TASK [Gathering Facts] ***** ok: [10.80.14.19] META: ran handlers
TASK [uri] ***** task path: /Users/xbblz5p/PycharmProjects/ansible/test_playbook.yaml:12 ok: [10.80.14.19] => {"cache_control": "no-store", "changed": false, "connection": "close", "content_length": "247", "content_type": "application/json", "date": "Fri, 09 Jun 2017 21:14:49 GMT", "json": {"auth": null, "data": {"oracle": "[V/2R?-|U[xz5ZKCnPGr", "password": "y#Vfd16X0uCrQ{%]c;1!", "user": "oracle"}, "lease_duration": 2764800, "lease_id": "", "renewable": false, "request_id": "dcd570e1-56d7-89c9-4827-13b87ad94480", "warnings": null, "wrap_info": null}, "msg": "OK (247 bytes)", "redirected": false, "status": 200, "url": "http://127.0.0.1:8200/v1/secret/path/inno-mason01"}
TASK [debug] *** task path: /Users/xbblz5p/PycharmProjects/ansible/test_playbook.yaml:18 ok: [10.80.14.19] => { "changed": false, "msg": { "cache_control": "no-store", "changed": false, "connection": "close", "content_length": "247", "content_type": "application/json", "date": "Fri, 09 Jun 2017 21:14:49 GMT", "json": { "auth": null, "data": { "oracle": "[V/2R?-|U[xz5ZKCnPGr", "password": "y#Vfd16X0uCrQ{%]c;1!", "user": "oracle" }, "lease_duration": 2764800, "lease_id": "", "renewable": false, "request_id": "dcd570e1-56d7-89c9-4827-13b87ad94480", "warnings": null, "wrap_info": null }, "msg": "OK (247 bytes)", "redirected": false, "status": 200, "url": "http://127.0.0.1:8200/v1/secret/path/inno-mason01" } }
TASK [set_fact] **** task path: /Users/xbblz5p/PycharmProjects/ansible/test_playbook.yaml:21 ok: [10.80.14.19] => {"ansible_facts": {"secret_in": {"item1": "new item", "item2": "next item", "oracle": "[V/2R?-|U[xz5ZKCnPGr", "password": "y#Vfd16X0uCrQ{%]c;1!", "user": "oracle"}}, "changed": false}
TASK [uri] ***** task path: /Users/xbblz5p/PycharmProjects/ansible/test_playbook.yaml:24 fatal: [10.80.14.19]: FAILED! => {"failed": true, "msg": "{u'oracle': u'[V/2R?-|U[xz5ZKCnPGr', u'item2': u'next item', u'password': u'y#Vfd16X0uCrQ{%]c;1!', u'item1': u'new item', u'user': u'oracle'}: template error while templating string: unexpected ']'. String: y#Vfd16X0uCrQ{%]c;1!"} to retry, use: --limit @/Users/xbblz5p/PycharmProjects/ansible/test_playbook.retry
PLAY RECAP ***** 10.80.14.19 : ok=4 changed=0 unreachable=0 failed=1`
I do not get the error if I take the output of the GET call do not modify it and and push it back to Vault with a PUT call.