Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault_token_create using wrap_ttl and role_name returns a token that is not wrapped #358

Open
blmhemu opened this issue Mar 26, 2023 · 2 comments
Open

vault_token_create using wrap_ttl and role_name returns a token that is not wrapped #358

blmhemu opened this issue Mar 26, 2023 · 2 comments
Assignees
@briantist
Labels
bug Something isn't working

Comments

@blmhemu
Copy link

blmhemu commented Mar 26, 2023
edited

SUMMARY

The template {{ lookup('community.hashi_vault.vault_token_create', url='https://100.72.58.16:8200/', wrap_ttl='1m', role_name='cluster-pki') }} does NOT create a wrapped token - just creates a normal token.

The equivalent cli command works fine with the same token (as above) vault token create -wrap-ttl=1m -role=cluster-pki and creates a wrapped token.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

community.hashi_vault.vault_token_create

ANSIBLE VERSION
ansible [core 2.14.3]
COLLECTION VERSION
4.1.0
OS / ENVIRONMENT

MacOS

STEPS TO REPRODUCE
{{ lookup('community.hashi_vault.vault_token_create', url='https://100.72.58.16:8200/', wrap_ttl='1m', role_name='cluster-pki' ) }}
EXPECTED RESULTS

It creates a wrapped token.

ACTUAL RESULTS

It creates a normal token (not wrapped).
@briantist briantist self-assigned this Mar 26, 2023
@briantist
Copy link
Collaborator

Hi @blmhemu thanks for reporting this! It looks like this is a bug in the hvac library instead, and I've opened an issue for it here:

@briantist briantist changed the title Exception using wrap_ttl. vault_token_create using wrap_ttl and role_name does returns a token that is not wrapped Mar 26, 2023
@briantist briantist added the bug Something isn't working label Mar 26, 2023
@briantist briantist changed the title vault_token_create using wrap_ttl and role_name does returns a token that is not wrapped vault_token_create using wrap_ttl and role_name returns a token that is not wrapped Mar 26, 2023
@briantist
Copy link
Collaborator

@blmhemu I have a PR up in hvac that should fix this:

In the meantime if you want to see if that fixes it with ansible as well, you can try installing hvac from my branch:

pip install https://github.com/briantist/hvac/archive/auth.token.create/wrapped-role-based.tar.gz

This should work with no changes to Ansible/this collection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@briantist briantist

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@briantist @blmhemu