Credstash Plugin Lookup Failure with Variable

[Rilindo Foster]

I am trying to lookup a secret through Ansible's credstash plugin by first setting the variable of the table (since I have multiple credstash tables) and then looking it up - , something like this:

    credstash_table: "foo_credstash_{{ bar }}""
    password: "{{ lookup('credstash', 'password', table={{ credstash_table }} ) }}"

Somehow, it doesn't seem to like this:

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleError: {{ lookup('credstash', 'password', table={{ credstashtable }} ) }}: template error while templating string: expected token ':', got '}'. String: {{ lookup('credstash', 'password', table={{ credstashtable }} ) }}"}

I tried this approach:

    credstash_table: "foo_credstash_{{ bar }}""
    password: "{{ lookup('credstash', 'password', table='{{ credstash_table }}' ) }}"

Only to get this:

 amazon-ebs: fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleError: {{ lookup('credstash', 'password', table='{{ credstashtable }}' ) }}: An unhandled exception occurred while running the lookup plugin 'credstash'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Encountered exception while fetching password: An error occurred (ValidationException) when calling the Query operation: 1 validation error detected: Value '{{ credstashtable }}' at 'tableName' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z0-9_.-]+"}

At the moment, I am using a combination of a bash wrappr script and pipes to pull that info. It works, but I am not liking that approach.

What would be the right way to look up the table set as a variable in the plugin? Or am I doing it wrong?

- Rilindo