jhaals
commented
6 years ago Hi, thanks for submitting this, there's currently no tests for fetching secrets using approle as authentication method. We'll have to add some tests to ensure that it works in it's current form, looks like there's something wrong with how the URL is constructed by reading your error message No route to host
Hi,
Trailing this and it seem to be failing with below error message, when using with vault.
script ran snip below
` curl -s -X GET -H "X-Vault-Token:$VAULT_TOKEN" \ https://$VAULT_ADDR/v1/secret/hello \ | jq .data.bar "baz"
ansible-playbook plugin_test.yml [WARNING]: provided hosts list is empty, only localhost is available
PLAY [localhost] ****
TASK [Get a secret from Vault] ** Friday 16 February 2018 12:07:27 +0000 (0:00:00.115) 0:00:00.115 *** fatal: [localhost]: FAILED! => {"failed": true, "msg": "An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Unable to retrieve personal token from vault: unknown url type: v1/auth/approle/login"} [WARNING]: Failure using method (v2_runner_on_failed) in callback plugin (</usr/lib/python2.7/site-packages/ansible/plugins/callback/mail.CallbackModule object at 0x30d9e10>): [Errno 113] No route to host
PLAY RECAP ** localhost : ok=0 changed=0 unreachable=0 failed=1
`
Playbook
``
script with playbook invocation
`` export VAULT_ADDR='vault.apps.ocpt.local' export ANSIBLE_HASHICORP_VAULT_ROLE_ID=${ROLE_ID} echo ${ANSIBLE_HASHICORP_VAULT_ROLE_ID} export ANSIBLE_HASHICORP_VAULT_SECRET_ID=${SECRET_ID} echo ${ANSIBLE_HASHICORP_VAULT_SECRET_ID} curl -s -X POST -H "X-Vault-Token:$VAULT_TOKEN" -d '{"bar":"baz"}' \ https://$VAULT_ADDR/v1/secret/hello
curl -s -X GET -H "X-Vault-Token:$VAULT_TOKEN" \ https://$VAULT_ADDR/v1/secret/hello \ | jq .data.bar
ansible-playbook plugin_test.yml `` Actual curl displays the secret as you can see in error, however the play fails !