VAULT_ADDR regression #438
Comments
|
Thanks for reporting @sc68cal. Are you able to see which version of the collection works and which one doesn't? |
|
|
|
I tried to look in the code, I think the error is thrown at this line because the adapter gets a URL that has double quotes in it ( |
|
Thank you! I see from your output that there are quotes in the URL but I don't believe it's due to that line. The adapter is an object, and the only quotes there are for string literals in selecting the protocol. At that point in the code, there is no URL yet since it's constructing the Somehow you've got quotes embedded in your URL, I don't think this was due to a regression in this collection but I'm not ruling it out yet. I'm suspecting that before we introduced the retries, the way the session was being constructed by default may have masked the issue with your Can you show the exact shell lines you're running to export the variable, and to run ansible? Also the playbook (MVCE) content? If you add an |
|
I set |
Ansible 7.5Ansible 9.4.0 |
|
I think the most important thing to note, is notice how setting ANSIBLE_HASHI_VAULT_ADDR=$VAULT_ADDRMakes it work. It's the exact same value. |
|
Both Ansible version use |
|
Thank you for the detailed troubleshooting! I will try to step through and figure out what's going as soon as I can. |
|
Happy to help. If there's anything you want me to try, it's very easy to reproduce and I can also test patches too. In the past I've tried to attach the python debugger to Ansible modules and plugins but it's quite a pain. If you have any tips I can help debug that way too |
|
@sc68cal so far I've been unable to replicate it, the only way I can get that error is if I intentionally put double quotes in the env var value, but then those quotes show in the I don't have good debugging instructions right now, here's a {
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Python Debugger: Current File with Arguments",
"type": "debugpy",
"request": "launch",
"program": "/home/briantist/.a216/bin/ansible",
// ^ output of `which ansible`
"console": "integratedTerminal",
//"args": "${command:pickArgs}",
"args": [
"localhost",
"-m",
"debug",
"-a",
"msg=\"{{ lookup('community.hashi_vault.vault_read', 'zzzz') }}\""
],
"stopOnEntry": true,
"env": {
"VAULT_ADDR": "http://vault"
}
}
]
}There's additional configuration needed to be able to set breakpoints, and you'll want to ensure that the collection is checked out into a collection path (like This article may be of help but I haven't fully tried it: |
|
Ok. I have gotten pulled in a different direction so the upgrade to a more recent version of Ansible has been put on hold, so I will have to come back to this at a later date |
I have noticed issues after upgrading from
ansible==7.5.0and the version ofhashi_vaultthat was included, to more recent versions.When
VAULT_ADDRis setexport VAULT_ADDR=https://vault.mysite.com{"msg": "An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.vault_read'. Error was a <class 'requests.exceptions.InvalidSchema'>, original message: No connection adapters were found for '\"https://vault.mysite.com\"/v1/secret/myorg/my-path/myapp'. No connection adapters were found for '\"https://vault.mysite.com\"/v1/secret/myorg/my-path/myapp'"}While setting
export ANSIBLE_HASHI_VAULT_ADDR=https://vault.mysite.comDoes in fact work, but we have a lot of infrastructure that sets
VAULT_ADDRand this regression is quite painful.Originally posted by @sc68cal in #368 (comment)
The text was updated successfully, but these errors were encountered: