search

jhaals / ansible-vault

ansible lookup plugin for secrets stored in Vault(by HashiCorp)
BSD 3-Clause "New" or "Revised" License
347 stars 65 forks source link

Failing AppRole Authentication #73

Closed BenCoffeed closed 6 years ago

BenCoffeed commented 6 years ago
ISSUE TYPE
ANSIBLE VERSION
ansible 2.4.3.0
  config file = /Users/btennant/GitHub/DevOps_bencoffeed/ansible.cfg
  configured module search path = [u'/Users/btennant/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Library/Python/2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.10 (default, Oct  6 2017, 22:29:07) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.31)]

AND

ansible 2.5.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
CONFIGURATION
ANSIBLE_SSH_ARGS(/var/lib/awx/projects/_7__test/ansible.cfg) = -C -o ControlMaster=auto -o ControlPe
DEFAULT_HOST_LIST(/var/lib/awx/projects/_7__test/ansible.cfg) = [u'/var/lib/awx/projects/_7__test/.a
DEFAULT_LOOKUP_PLUGIN_PATH(/var/lib/awx/projects/_7__test/ansible.cfg) = [u'/var/lib/awx/projects/_7
DEFAULT_ROLES_PATH(/var/lib/awx/projects/_7__test/ansible.cfg) = [u'/var/lib/awx/projects/_7__test/.
DEFAULT_SCP_IF_SSH(/var/lib/awx/projects/_7__test/ansible.cfg) = True
DEFAULT_STDOUT_CALLBACK(/var/lib/awx/projects/_7__test/ansible.cfg) = actionable
HOST_KEY_CHECKING(/var/lib/awx/projects/_7__test/ansible.cfg) = False
PARAMIKO_HOST_KEY_AUTO_ADD(/var/lib/awx/projects/_7__test/ansible.cfg) = True
PARAMIKO_LOOK_FOR_KEYS(/var/lib/awx/projects/_7__test/ansible.cfg) = False
OS / ENVIRONMENT

Tested from CLI using Vagrant/Ansible on OS X High Sierra as well as via a hosted AWX container.

SUMMARY

I'm attempting to follow instructions to use AppRole authentication. I've set the environment variables mentioned in README.md ANSIBLE_HASHICORP_VAULT_ROLE_ID and ANSIBLE_HASHICORP_VAULT_SECRET_ID

I've confirmed that I'm able to use the vault CLI to retrieve an approle token using the same role_id and secret_id. Additionally, i've ensured that I've set my secred_id ttl and max_num_uses to 0(infinite).

I've reproduced via Vagrant/Ansible locally on OS X High Sierra as well as via AWX containers.

EXPECTED RESULTS
ACTUAL RESULTS

OS X

TASK [users : Set SSH Keys for Ops Users and Task Users] ***********************
task path: /Users/btennant/GitHub/DevOps_bencoffeed/roles/users/tasks/main.yml:79
fatal: [ben-sandbox01]: FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.AttributeError'>, original message: 'exceptions.AttributeError' object has no attribute 'code'"
}

AWX

fatal: [10.5.0.41]: FAILED! => {
    "changed": false, 
    "msg": "AnsibleError: An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.AttributeError'>, original message: 'exceptions.AttributeError' object has no attribute 'code'"
}