Config via Ansible vars not resolving templating

[onefourfive]

SUMMARY

When I set ansible_hashi_vault_ variables as below, they are taken literally and not templated:

ansible_hashi_vault_url: "{{ vault_fqdn }}"
ansible_hashi_vault_token_path: "{{ lookup('env', 'HOME') }}/.vault-ansible/"
ansible_hashi_vault_token_file: "token-{{ zone }}"

In a case where all but url is specified as lookup keywords, and we intentionally omit the scheme, you can see the templating makes it into the error message:

localhost | FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.hashi_vault'. 
Error was a <class 'requests.exceptions.MissingSchema'>, original message: 
Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?. 
Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?"
}

ISSUE TYPE

• Bug Report

COMPONENT NAME

hashi_vault

ANSIBLE VERSION

ansible [core 2.17.1]
  config file = /home/iivv/vault-tools/vault-ansible/ansible.cfg
  configured module search path = ['/home/iivv/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/iivv/.virtualenvs/vault-ansible/lib/python3.12/site-packages/ansible
  ansible collection location = /home/iivv/vault-tools/vault-ansible/collections
  executable location = /home/iivv/.virtualenvs/vault-ansible/bin/ansible
  python version = 3.12.3 (main, Apr 10 2024, 05:33:47) [GCC 13.2.0] (/home/iivv/.virtualenvs/vault-ansible/bin/python)
  jinja version = 3.1.4
  libyaml = True

COLLECTION VERSION

Collection            Version
--------------------- -------
community.hashi_vault 6.2.0 

CONFIGURATION

n/a

OS / ENVIRONMENT

n/a

STEPS TO REPRODUCE

1. Create a vars file specifying config with templating.
2. Try to perform a lookup without specifying config keywords.

EXPECTED RESULTS

Templating should work so that I can work with different vault clusters and configs in a playbook run as necessary.

ACTUAL RESULTS

Errors result from template attempts. Only literal values are used.

localhost | FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.hashi_vault'. Error was a <class 'requests.exceptions.MissingSchema'>, original message: Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?. Invalid URL '{{ vault_fqdn }}/v1/internal/data/tf': No scheme supplied. Perhaps you meant https://{{ vault_fqdn }}/v1/internal/data/tf?"
}

[briantist]

Hi @onefourfive this is unfortunately expected as it's a behavior controlled by ansible-core.

See also:

• community.hashi_vault module not interpolate {{inventory_dir|basename}} #431
• vault_kv2_get lookup plugin variables interpolation #434
• Task variables not evaluated when used as vars arguments for a lookup plugin ansible/ansible#73268