hashi_vault returns Fatal error when the secret does not exist

Question

hashi_vault returns Fatal error when the secret does not exist

Closed this issue 8 years ago · 2 comments

michalmedvecky commented 8 years ago

ISSUE TYPE

Bug Report

COMPONENT NAME

lookup/hashi_vault.py

ANSIBLE VERSION

latest dev

OS / ENVIRONMENT

N/A

SUMMARY

When you lookup a nonexistent secret, lookup() function returns a fatal error.

STEPS TO REPRODUCE

set_fact: 
  secret: "{{ lookup('hashi_vault', 'secret=secret/path/to/nonexistent:key') }}"

The actual code in hashi_vault.py:

        if data is None:
            raise AnsibleError("The secret %s doesn't seem to exist" % self.secret)

EXPECTED RESULTS

lookup() shouldn't crash the playbook; one might want to continue the play even if the secret does not exist.

ACTUAL RESULTS

TASK [set_fact] ****************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: The secret secret/path/to/nonexistent doesn't seem to exist"}
	to retry, use: --limit @/home/ubuntu/devel/roles/test.retry

Answer 1 · 2017-03-01T14:54:56.000Z

I suggest using skip parameter as in first_found.py module.

Answer 2 · 2017-03-02T14:20:45.000Z

Meh, this can be simply workaround by using ignore_errors: yes