Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hashi_vault should report secret when an error occurs #54

Closed
onitake opened this issue Mar 26, 2020 · 5 comments · Fixed by #23
Closed

hashi_vault should report secret when an error occurs #54

onitake opened this issue Mar 26, 2020 · 5 comments · Fixed by #23
Labels
feature This issue/PR relates to a feature request has_pr lookup lookup plugin

Comments

@onitake
Copy link

onitake commented Mar 26, 2020

Migrated from ansible/ansible#65734

SUMMARY

Currently, hashi_vault only reports a very basic exception when it can't access a secret. On large playbooks, where many secrets are accessed, this gives no indication which secret was failing.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

hashi_vault

ADDITIONAL INFORMATION

The error reported by hashi_vault currently looks like this:

failed: [localhost] (item=example) => {
    "changed": false, 
    "item": "example", 
    "msg": "AnsibleError: An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'hvac.exceptions.Forbidden'>, original message: 1 error occurred:\n\t* permission denied\n\n"
}

This should be more like:

failed: [localhost] (item=example) => {
    "changed": false, 
    "item": "example", 
    "msg": "AnsibleError: An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'hvac.exceptions.Forbidden'>, original message: 1 error occurred:\n\t* permission denied on secret secret=secret/example:secret\n\n"
}

Or, the hvac.exceptions.Forbidden exception should be caught by the module and handled with a proper error message.
@briantist briantist mentioned this issue Mar 28, 2020
Merged
@briantist
Copy link
Contributor

Hi @onitake this is one of many things fixed in #23 (sorry I missed your issue in the old repo when my PR was still over there, or I would have linked it then).

@onitake
Copy link
Author

onitake commented Mar 28, 2020

Sounds good, thanks for the heads up!

@onitake onitake closed this as completed Mar 28, 2020
@briantist
Copy link
Contributor

@onitake I didn't mean to close this one! That PR is not accepted/merged yet so this should stay open. If my PR gets merged this will be closed automatically

@onitake
Copy link
Author

onitake commented Mar 28, 2020

Ah sorry I misunderstood. Keeping it open, then.

@onitake onitake reopened this Mar 28, 2020
@ansibullbot
Copy link
Collaborator

cc @samdoran
click here for bot help

@ansibullbot ansibullbot added affects_2.10 feature This issue/PR relates to a feature request has_pr lookup lookup plugin labels Apr 9, 2020
amenzhinsky pushed a commit to amenzhinsky/community.general that referenced this issue Nov 13, 2020
@rrey
ci: test multiple versions of grafana (ansible-collections#54)
633d14a 
* ci: test multiple versions of grafana

* Remove now useless role setup_grafana

* Test the last 3 minor versions
@notetiene notetiene mentioned this issue Oct 3, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature This issue/PR relates to a feature request has_pr lookup lookup plugin
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

hashi_vault refresh - Add AWS login methods, bugfixes, cleanup briantist/community.general
3 participants
@onitake @briantist @ansibullbot