-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
database secrets engine config #133
Conversation
include required_one_of to AnsiMod call
shoot. thats going to fail until this is merged: hvac/hvac#459 this should be included in the 9.2 release |
nvm. thats not why the doc job is failing... |
@TerryHowe any advice on how to read the build issue travis is catching? |
We are still waiting on hvac 9.2 here, right? If you have changes not dependent on that, throw them in another PR if you like. Either way, thanks. |
im fine waiting since most of this content will rely on 9.2 release. just trying to figure out why the travis job keeps failing on documentation (not functional testing) i cant seem to find a true error message in the stdout |
@TerryHowe not sure if im missing something but the output from the doc builder is garbage as far as i can tell. all these modules work so im in favor of disabling the test until we can tune it to get better output hvac 9.2 was released saturday btw so once we get past this doc hurdle we should be good to release |
I'll look at the log issue sometime today |
default: present | ||
config_file: | ||
description: | ||
- optional: location of file containing relevant db configuration info. use either this or the following ansible params in your play |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't really hijack username
and password
, probably should be database_user
and database_password
or some such
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah. the userpass auth method...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so based on my understanding of the db engine... it may HAVE to hijack it https://www.vaultproject.io/docs/secrets/databases/index.html
username and password appear to be reserved words for the engine to interpolate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so what i will try is set the ansible param to db_username
/ db_password
and after the client is authed, they will overwrite the values in desired state
module.exit_json(**result) | ||
|
||
|
||
@hashiwrapper |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if the document problem is this should be named hashivault_secret_engine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this has got to be it. now that 9.2 is released i can enable to test too
description = params.get('description') | ||
config = params.get('config') | ||
state = params.get('state') | ||
options = params.get('options') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This desired_state isn't used and probably current_state should be set here
sadly didnt fix the doc issue. im looking into the python issue right now... weird because these work locally for me... im wondering if its because my venv is 3.7.x |
interesting... so 3.6 is the problem... trying an upgrade to 3.7 and we'll see what breaks... |
1eb369b
to
2cf0803
Compare
upgrade python3 revert
2cf0803
to
41d0101
Compare
okay so the new tests are enabled and passing.
the ansible engine didnt like how many values were in the docs are still failing though |
revert 37
2bacb47
to
0fc7868
Compare
@TerryHowe is there any way to get a better output or some kind of error message? ive probably spent more time on this than writing an entire other module |
I doubt you'd see more if you installed sphinx locally. All I'm seeing is this and it isn't clear if these errors are fatal:
But the real fatal error which may or may not be caused by the above:
I'll kick a build with no change and see if it fails in case some other change is triggering the problem |
Build on master has the same problem, it is something else: https://travis-ci.org/TerryHowe/ansible-modules-hashivault/jobs/543942010 |
@TerryHowe can we just disable the doc check? i get what youre going for with the tool but this seems to be more trouble than its worth. id also like to start using this code soon :D |
The last merge the docs built fine, so it is probably a change in ansible or sphinx that is causing the problem. I'm hoping I can get far enough on the $day_job today to see if I can fix that. |
thank you for helping and taking a look |
I have been unable to reproduce the problem locally |
thoughts on next steps? |
Created a makedoc.sh script to make it easier to test locally. Created an issue #137 |
It is still broken, but just because I'm ignoring the failure from make. I assume either ansible, sphinxx, or Travis changed and that is what is causing the problem. |
@TerryHowe can you publish some notes on how to run the docs locally? |
On the master branch is a |
thanks for clarifying. i saw your comment about that file but didnt see a PR so i missed the actual file. yeah, its succeeding for me too... hmm |
@@ -71,6 +71,7 @@ | |||
config: | |||
description: | |||
- configuration set on auth method. expects a dict |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This document seems wrong to me like this should be a yaml dictionary rather than a string.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you talking about the default
line? yeah, interestingly it works either way. when i first submitted the PR it was in standard {}
format but after i started getting the sphinx issues i was messing with the format because i didnt know what was borking it.
i agree though, the doc example should show without the "
, though it does work either way
@@ -133,9 +133,9 @@ def main(): | |||
argspec['num_uses'] = dict(required=False, type='int', default=0) | |||
|
|||
supports_check_mode=True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this really be gone?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so for some reason, python 36 and 27 fail on this line... something about "too many arguments". however, 37 it works... i removed it but left it for future re-integration. i probably should have included a note on that though
@@ -105,9 +105,10 @@ def main(): | |||
argspec['client_secret'] = dict(required=False, type='str') | |||
argspec['environment'] = dict(required=False, type='str', default='AzurePublicCloud') | |||
argspec['config_file'] = dict(required=False, type='str', default=None) | |||
supports_check_mode=True | |||
required_together=[['subscription_id', 'client_id', 'client_secret', 'tenant_id']] | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
required_together is actually the 4th arg, so I'm going to change this back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Connect with me on https://www.linkedin.com/in/terrylhowe/ if you like
Sorry it took me so long to get this merged, smaller PRs would help me so if I have a concern with X and doesn't stop Y getting in the code. Thanks! |
yeah, no problem man. sorry i pushed a whole bunch at once lol... theres just a lot im trying to do atm and as i was writing some i found some issues and i just decided to resolve them hopefully that wont happen again in the future if you're interested, we should consider putting this into its own github org and i can help with maintenance! i was also considering asking you what you thought about making this into a new Ansible Collection. thats a new design pattern they provided but thats how they want users to manage their code going forward |
Yes, help with maintenance would be good. I'll have to look at the options, thanks! |
new module
hashivault_db_secret_engine_config
for enabling a db config. can optionally take a file as inputnew module
hashivault_db_secret_engine_role
for enabling a db role. can optionally take a file as inputnew module
hashivault_secret_engine
for enabling or disabling a secret engine. this module is idempotent on the mount and its tuned values, takesstate
as a param, is compatible with check mode.deprecate: still usable but should be removed eventually. deprecated by prepending_
to module namehashivault_secret_enablehashivault_secret_disablehashivault_auth_enablesee final comment below
tests included but disabled because they require connection to actual db
both require a new hvac module with some fixes pending PR. I was told they'll cut the 9.2 release next week. issues: hvac/hvac#456 , hvac/hvac#454 , hvac/hvac#453, hvac/hvac#459. PR: hvac/hvac#457, https://github.com/hvac/hvac/pull/461/files
fixes for #129, #134
configuration idempotence fixes for
hashivault_auth_method
,hashivault_azure_secret_engine_config
, andhashivault_azure_auth_config