search

cyberark / ansible-conjur-collection

Ansible Collection for Conjur
https://conjur.org
Apache License 2.0
5 stars 15 forks source link

Release new version that encodes spaces correctly #14

Closed orenbm closed 4 years ago

orenbm commented 4 years ago

We lately fixed an issue where we now encode spaces correctly. We should release a new version that has this capability.

It is best to first close this PR and then release so the new version has that fix.

DoD:

izgeri commented 4 years ago

@orenbm just wanted to update that Srdjan is scheduled to work on this and the puppet release, but he's working on cyberark/conjur-puppet#73 first and he's OOO today.

hopefully we can get them both done tomorrow, but we'll keep you posted.

sgnn7 commented 4 years ago

@Tovli / @orenbm I started work on figuring out the release and how to test this in an e2e manner but I haven't been able to get enough time today to work on it given puppet integration release. This is definitely in my queue to be worked on next but I'm also on the hook for helm chart release (scheduled tomorrow) so my time may be split tomorrow as I continue work on it.

orenbm commented 4 years ago

@sgnn7 this is already tested e2e here: https://github.com/cyberark/ansible-conjur-collection/blob/master/tests/test_cases/retrieve-variable-with-spaces-secret/playbook.yml

The playbook above is being run as part of the integration test.

Am i missing something?

sgnn7 commented 4 years ago

That sadly not a real e2e/smoke test (rather it's an integration test). A full e2e test is taking this code and using it exactly as the customer would to ensure that our release didn't break without the pytest bootstrap. We have been trying to do that more to prevent releases that are broken before they even go out and it's especially important for repos like this that have not had consistent development efforts on them in recent months.

sgnn7 commented 4 years ago

Update:

izgeri commented 4 years ago

Noting that this is blocked until we can publish the tagged artifact to galaxy

sgnn7 commented 4 years ago

Update: This version is now pushed to Galaxy

https://galaxy.ansible.com/cyberark/conjur as v1.0.5

TheSecMaven commented 4 years ago

i think this issue is breaking our conjur implementation, are spaces supposed to be encoded as a "+"? or did this fix that and get them to be encoded as a "%20"?

izgeri commented 4 years ago

@mkkeffeler you can see how to handle this in practice in this example we use in our automated testing: https://github.com/cyberark/ansible-conjur-collection/blob/8f464ae71fd867fec5de84145500eb7ecb627f7e/tests/test_cases/retrieve-variable-with-spaces-secret/playbook.yml#L13

Essentially, you don't need to encode anything - the lookup plugin in this collection will handle that for you.

To be clear, in order to benefit from this you likely need to reference this collection directly. The Ansible core lookup plugin will reference this collection in Ansible 2.10, but for earlier Ansible versions we recommend updating your workflows to use this collection instead, when possible.

If you are still experiencing issues, please file a separate issue in this repo and we'll do what we can to help.

TheSecMaven commented 4 years ago

can we install this collection directly with ansible-galaxy? or do we need to get the code base from here and stick it in the plugins directory or something else? any docs?

TheSecMaven commented 4 years ago

we downloaded the role from ansible-galaxy and used it and still had a space issue

<14>1 2020-07-17T14:40:39.000+00:00 8b117ffb7cc7 conjur-possum 297 - [meta sequenceId="44"] [origin=10.202.76.252] [request_id=901215a7-53f6-43fc-abd6-eee68c881a85] [tid=3297] Completed 404 Not Found in 5ms (Views: 0.4ms) <13>1 2020-07-17T14:40:39.445+00:00 8b117ffb7cc7 nginx - - [meta sequenceId="45"] 10.202.76.252 "POST /authn/autozone/host%2Funix-awx/authenticate HTTP/1.1" 200 592 "-" "Python-urllib/2.7" 0.021 0.018 <13>1 2020-07-17T14:40:39.445+00:00 8b117ffb7cc7 nginx - - [meta sequenceId="46"] 10.202.76.252 "GET /secrets/autozone/variable/AZ%2FNonprod%2FN_A_NIX_RHLK_SPA_UNIX_NH%2FOperating+System-N_A_NIX_RHLK_NH-dv-wildcat-dx01.autozone.com-tugrnaut%2Fpassword HTTP/1.1" 404 424 "-" "Python-urllib/2.7" 0.011 0.010 see the 404 above with a + as the space that is encoded.
izgeri commented 4 years ago

@mkkeffeler can you share how you invoked the lookup plugin to retrieve that secret? What was the exact command?

TheSecMaven commented 4 years ago

check out https://github.com/cyberark/ansible-conjur-collection/issues/29, im gonna put it there