hashi_vault should report secret when an error occurs

[onitake]

Migrated from ansible/ansible#65734

SUMMARY

Currently, hashi_vault only reports a very basic exception when it can't access a secret. On large playbooks, where many secrets are accessed, this gives no indication which secret was failing.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

hashi_vault

ADDITIONAL INFORMATION

The error reported by hashi_vault currently looks like this:

failed: [localhost] (item=example) => {
    "changed": false, 
    "item": "example", 
    "msg": "AnsibleError: An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'hvac.exceptions.Forbidden'>, original message: 1 error occurred:\n\t* permission denied\n\n"
}

This should be more like:

failed: [localhost] (item=example) => {
    "changed": false, 
    "item": "example", 
    "msg": "AnsibleError: An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'hvac.exceptions.Forbidden'>, original message: 1 error occurred:\n\t* permission denied on secret secret=secret/example:secret\n\n"
}

Or, the hvac.exceptions.Forbidden exception should be caught by the module and handled with a proper error message.

[briantist]

Hi @onitake this is one of many things fixed in #23 (sorry I missed your issue in the old repo when my PR was still over there, or I would have linked it then).

[onitake]

Sounds good, thanks for the heads up!

[briantist]

@onitake I didn't mean to close this one! That PR is not accepted/merged yet so this should stay open. If my PR gets merged this will be closed automatically

[onitake]

Ah sorry I misunderstood. Keeping it open, then.

[ansibullbot]

cc @samdoran
click here for bot help