Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure_keyvault_secret lookup might be broken #1777

Open
pat-s opened this issue Dec 4, 2024 · 4 comments
Open

azure_keyvault_secret lookup might be broken #1777

pat-s opened this issue Dec 4, 2024 · 4 comments
Labels
medium_priority Medium priority question Further information is requested work in In trying to solve, or in working with contributors

Comments

@pat-s
Copy link

pat-s commented Dec 4, 2024

SUMMARY

lookup('azure.azcollection.azure_keyvault_secret' doesn't seem to work, no matter the auth method.

ISSUE TYPE
  • Bug Report
COMPONENT NAME
ANSIBLE VERSION
ansible [core 2.18.1]
COLLECTION VERSION
3.1.0
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE

Tried to authenticate via az login, via explicit credentials (client_id, secret, tenant_id`) or env vars. All fail. Each of them with slighltly different methods

lookup('azure.azcollection.azure_keyvault_secret', 'secret', vault_url='<vault url>')

lookup('azure.azcollection.azure_keyvault_secret', 'secret', client_id='<client_id>',tenant_id='<tenant_id>',secret='<secret>',vault_url='<vault url>')

Yes, I can query secrets in the respective key vault and the credentials are correct.
I am Key vault admin and the credentials are used in other automation workflows.

EXPECTED RESULTS

Authentication works and secrets are returned.

ACTUAL RESULTS
# env var auth
FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'azure.azcollection.azure_keyvault_secret'. Error was a <class 'NameError'>, original message: name 'DefaultAzureCredential' is not defined. name 'DefaultAzureCredential' is not defined"}

# keyword auth
FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'azure.azcollection.azure_keyvault_secret'. Error was a <class 'NameError'>, original message: name 'ClientSecretCredential' is not defined. name 'ClientSecretCredential' is not defined"}
@Fred-sun Fred-sun added the work in In trying to solve, or in working with contributors label Dec 9, 2024
@kandrew5
Copy link

kandrew5 commented Dec 9, 2024

I facing the same problem

@olljanat
Copy link
Contributor

FYI, I ended up to this issue because having two versions of azure.azcollection installed and had installed requirements from old one.

You can easily check if that is the case in your environment with command ansible-galaxy collection list

@pat-s
Copy link
Author

pat-s commented Dec 20, 2024

So, what are the problematic downstream dependencies then which need to be updated? Didn't have a change yet to test again but will do again soonish.

@Fred-sun
Copy link
Collaborator

@pat-s @olljanat According to the error, the 'DefaultAzureCredential' and 'ClientSecretCredential' was not imported successfully, Can you check whether ‘azure-identity'’ is installed in your environment? Thank you very much!

@Fred-sun Fred-sun added question Further information is requested medium_priority Medium priority labels Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
medium_priority Medium priority question Further information is requested work in In trying to solve, or in working with contributors
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@olljanat @pat-s @Fred-sun @kandrew5