hashi_vault - Fix regression where VAULT_ADDR is ignored

[briantist]

SUMMARY

Fixes #60

Related:

• AWX and ANSIBLE_ prefixed environment variables - support a 2nd set of env vars? ansible vars? #49
• hashi_vault - lower VAULT_ADDR precedence #41

When lowering the precedence of the VAULT_ADDR env var, I failed to take into account that the default value in the option itself would prevent the low pref env var value from ever being used, as implemented.

This would affect any option that has both a default value and a "low preference env var", which at the moment only applies to url / VAULT_ADDR.

This PR fixes that.

First, a unit test catching this is being added, then I will push a commit with the fix.

Note: the unit test only covers this option specifically and could be expanded. This work is actually already in progress in #59 , and I would have surfaced this eventually because of that. I'm keeping this small for this bugfix, but better tests will absolutely be introduced via the refactor.

Affected Users

This bug will have affected version 1.0.0 and 1.1.0, since the env var priority change was released in 1.0.0 via #41 .

Fix Available

Version 1.1.1 of the collection contains this fix:

• Galaxy release: https://galaxy.ansible.com/community/hashi_vault
• GitHub release: https://github.com/ansible-collections/community.hashi_vault/releases/tag/1.1.1

Workarounds

If upgrading is not possible, the best workaround if you can is to switch to using ANSIBLE_HASHI_VAULT_ADDR or to set the address via ansible.cfg:

[lookup_hashi_vault]
url = https://myvault

If neither of those are possible, setting url explicitly on the plugin call can be done and the value can be read via the env lookup:

- hosts: localhost
  vars:
    vaddr: "{{ lookup('env', 'VAULT_ADDR') }}"
  tasks:
    - debug:
        msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=secret/whatever', url=vaddr) }}"

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

hashi_vault.py

ADDITIONAL INFORMATION

[codecov]

Codecov Report

Merging #61 (ad7c589) into main (1853b19) will increase coverage by 1.64%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main      #61      +/-   ##
==========================================
+ Coverage   66.58%   68.23%   +1.64%     
==========================================
  Files           9        9              
  Lines         425      447      +22     
  Branches       58       60       +2     
==========================================
+ Hits          283      305      +22     
  Misses        126      126              
  Partials       16       16              

Impacted Files	Coverage Δ
plugins/lookup/hashi_vault.py	66.12% <100.00%> (+0.70%)	⬆️
tests/unit/plugins/lookup/test_hashi_vault.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1853b19...2a63a23. Read the comment docs.

[briantist]

Link to the failed test correctly catching the problem:
https://github.com/ansible-collections/community.hashi_vault/pull/61/checks?check_run_id=1964885479#step:5:341

[briantist]

@elcomtik @transferkraM @erinn would any of you be interested in reviewing or testing this out?