Kerberos error winrm

Hi there.
I’m not an administrator of Secret Management, just user.
So I’ve got a problem with HashiCorp Vault within WinRM protocol and Kerberos.
I’m using Jenkins task, which run Ansible playbook, which get a credentials from Secret Management via hvac (lookup(‘hashi_vault’…)) and further trying to connect with Windows host throught WinRM.
Main problem is conflict between hvac and kerberos.
Details: “kerberos: function takes at most 2 arguments (3 given)”.

Ansible vars:
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_winrm_kinit_mode: managed
ansible_winrm_server_cert_validation: ignore
ansible_winrm_operation_timeout_sec: 200
ansible_winrm_read_timeout_sec: 240
ansible_user: “{{ lookup(‘hashi_vault’, ‘secret=secret/username/test:ansible_user validate_certs=false url=https://vault_server.com’)}}”
ansible_password: “{{ lookup(‘hashi_vault’, ‘secret=secret/username/test:ansible_pass validate_certs=false url=https://vault_server.com’)}}”

Ansible playbook:

  • name: test
    hosts: Dev
    tasks:
    • name: Say hello
      win_shell: echo “Hello world!”
      register: test
    • debug: msg="{{test.stdout_lines}}"

Please help us with this issue…

Your error doesn’t seem to have anything to do wit Vault. Vault doesn’t employ or implement kerberos.

Not at all.
When I use an encrypted string ansible_user/password through ansible-vault and then decrypt it - it will work.
But only when I use hvac this problem give me error like “kerberos: function takes at most 2 arguments (3 given)”.
Same username, same password, same values, no more.

Interesting, maybe they snuck it in and I had no idea.
Try running a debug to see if you’re getting a value from your lookup.