search

jhaals / ansible-vault

ansible lookup plugin for secrets stored in Vault(by HashiCorp)
BSD 3-Clause "New" or "Revised" License
347 stars 65 forks source link

Using Python 3.6.4 Unable to retrieve personal token from vault: POST data should be bytes, an iterable of bytes, or a file object. It cannot be of type str. #65

Closed snoby closed 6 years ago

snoby commented 6 years ago

My playbook being a simple hello world playbook:

---
#
# This playbook is making the assumption that VAULT_ADDR is exported in the environment.
#
- hosts: localhost
  gather_facts: false
  connection: local

  tasks:
    - debug: msg="The username secret is:{{ lookup('vault', 'secret/internal/CI/test', 'username') }}"

Works fine, as long as I work around the mac issue with fork https://github.com/jhaals/ansible-vault/issues/60. So I tried Updating to Python 3.6.4 from python.org and it has uncovered a problem with getting my access token through this plugin.

fatal: [localhost]: FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Unable to retrieve personal token from vault: POST data should be bytes, an iterable of bytes, or a file object. It cannot be of type str."
}

Here are my versions:

[:~/work/Official/lab-ops-ansible] integrate_vault(+14/-0)* ± ansible --version
ansible 2.4.3.0
  config file = /Users/snip/work/Official/lab-ops-ansible/ansible.cfg
  configured module search path = ['/Users/snip/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible
  executable location = /Library/Frameworks/Python.framework/Versions/3.6/bin/ansible
  python version = 3.6.4 (v3.6.4:d48ecebad5, Dec 18 2017, 21:07:28) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)]

It seems to have to do with the way the post is formed: https://github.com/jhaals/ansible-vault/blob/7c4aedce730c67fb013d0db471571353838fe28d/vault.py#L171

I think this stackoverflow makes a suggestion that perhaps instead of the urllib2 request we should use the request library : https://stackoverflow.com/questions/5440485/typeerror-post-data-should-be-bytes-or-an-iterable-of-bytes-it-cannot-be-str

groggemans commented 6 years ago

Running into a similar issue here. I use a token set by ~/.vault-token. Error was a <class 'TypeError'>, original message: the JSON object must be str, not 'bytes'"

Python version 3.5.2

jhaals commented 6 years ago

This module is not modified to work with python 3 yet. There's has historically been a lot of people with old python 2.6 asking for support. I'd be open to supporting just 2.7 and 3