Closed infamousjoeg closed 2 years ago
There is an optional parameter, validate_certs which can be set to false
to allow self-signed (invalid) certificates. The value of this parameter is passed to all calls to the Ansible open_url
function. However until Ansible 1.9.2 this was treated as false by default. This change is noted in the Ansible docs.
Here's a working example of the plugin working with an HTTP (no TLS proxy) setup.
The test can be run by cloning the git repo at that commit and running the command cd tests/conjur_variable && ./test.sh
Summary
When attempting to use the
conjur_variable
lookup plugin for Ansible with Conjur OSS in non-HTTPS mode for demo, POC, and lab testing, an error is returned.Steps to Reproduce
conjur_variable
to fetch a secret from Conjur OSS using HTTP.Expected Results
The secret should be successfully fetched and returned to the Ansible playbook by the
conjur_variable
lookup plugin.Actual Results
The following error is returned:
An attempt to explore Conjur OSS logs using
docker logs root_conjur_1
returns no connection attempted by Ansible to the service. The request does not make it past ourconjur_variable
lookup plugin.Here is the playbook that is being run:
Reproducible
Version/Tag number
Environment setup
It is running on a Google Cloud Platform VM. Using the Ubuntu version and Linux kernel version provided above.
Google Cloud Platform Compute Engine, Docker-Compose - versions provided above.
I believe I've provided sufficient information.
Additional Information
This problem has been recognized and reported by the community through CyberArk Commons. It was identified in July 2020 and was met with no resolution. The original poster apparently gave up on any support and moved to a different solution all together. You can see the original post at https://discuss.cyberarkcommons.org/t/ansible-fetching-secrets-from-conjur-faces-error-error-was-a-class-urllib2-httperror-original-message-http-error-404-not-found-which-is-fetched-by-api/861.