How can I set a pillar to the value returned from module.run

Dennis Muller

unread,

Feb 5, 2025, 4:17:43 PMFeb 5

to Salt-users

I am trying to use the azurerm_keyvault_secret.get_secret module to pull a secret and use the value within my state.

I have the get_secret working, but I am not seeing how to assign the value from the return so that I can use it later in my states.

Dennis Muller

unread,

Feb 5, 2025, 4:48:34 PMFeb 5

to Salt-users

So for example, I have this

{% set authprofile = {"subscription_id" : "xxx", "tenant": "x", "secret": "xxx", "client_id": "xxxx" } %}

get_secret:
module.run:
- name: azurerm_keyvault_secret.get_secret
- vault_url: xxx
- m_name: xxx
- resource_group: xxx
- location: xxx
- tenant_id: xxxx
- sku: Standard
- connection_auth: {{ authprofile }}

When I run the state I get this output, and in the get_secret I see the value for the secret.

I just cant figure out how to capture the value and assign it for later use.

sudo salt-call state.apply states.azkv
local:
----------
ID: Ensure key vault exists
Function: azurerm_keyvault_vault.present
Name: xxx
Result: True
Comment: xxx
Started: 14:14:10.838650
Duration: 10881.969 ms
Changes:
----------
tags:
----------
old:
----------
app:
xxx
env:
xxx
owneremail:
xxx
servicetier:
zxxxx
----------
ID: get_secret
Function: module.run
Name: azurerm_keyvault_secret.get_secret
Result: True
Comment: Module function azurerm_keyvault_secret.get_secret executed
Started: 14:14:21.722054
Duration: 506.676 ms
Changes:
----------
ret:
----------
id:
xxx
name:
xxx
properties:
----------
content_type:
None
created_on:
   xxx
enabled:
True
expires_on:
None
id:
   xxx
key_id:
None
name:
   xxx
not_before:
None
recovery_level:
   xxx
tags:
None
updated_on:
   xxx
vault_url:
   xxx
version:
   xxx
value:
   xxx

Summary for local
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 11.389 s

Phipps, Thomas

unread,

Feb 5, 2025, 6:19:01 PMFeb 5

to salt-...@googlegroups.com

the short answer is. you don’t

if it happens in the states the information isn’t available in jinja or in pillar.

if you want to use it in jinja it needs to happen in jinja. in your example
now this can happen on the minion in a state. or it can happen on the master as pillar.
{% set aws_secret_sauce = salt["azurem_keyvault_secret.get_secret"](valut_url=xxx, name=xxx, resource_group=xxx, location=xxx, tenant_id=xxx, sku="Standard", connection_auth=authprofile)%}

if you need to happen after the jinja is rendered during the state run for some reason. you can call it with slots. https://docs.saltproject.io/en/3006/topics/slots/index.html but slots are really limited in what they can do or go.

On Wed, Feb 5, 2025 at 1:17 PM Dennis Muller <redran...@gmail.com> wrote:

I am trying to use the azurerm_keyvault_secret.get_secret module to pull a secret and use the value within my state.
I have the get_secret working, but I am not seeing how to assign the value from the return so that I can use it later in my states.

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/salt-users/87f42884-daa0-40d2-a48c-ba2e1fe731c0n%40googlegroups.com.

Dennis Muller

unread,

Feb 6, 2025, 6:28:18 AMFeb 6

to Salt-users

Thank you for your response. After posting this initially I thought to try with jinja but got stuck on the syntax. I have tried it both with and without the ['value'] but the error is the same.

I would actually prefer to use the jinja.

{% set authprofile = {"subscription_id" : "xxx", "tenant": "xxx", "secret": "xxx", "client_id": "xxx" } %}

{% set return = salt['azurerm_keyvault_secret.get_secret'](vault_url="xxxx",name="xxxt",resource_group="xxxxx",location="xxxxx",tenant_id="xxxx",connection_auth={{ authprofile }} )[value'] %}

sudo salt-call state.apply states.azkv4
[ERROR ] Rendering exception occurred
Traceback (most recent call last):
File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/templates.py", line 467, in render_jinja_tmpl
template = jinja_env.from_string(tmplstr)
File "/opt/saltstack/salt/lib/python3.10/site-packages/jinja2/environment.py", line 1108, in from_string
return cls.from_code(self, self.compile(source), gs, None)
File "/opt/saltstack/salt/lib/python3.10/site-packages/jinja2/environment.py", line 768, in compile
self.handle_exception(source=source_hint)
File "/opt/saltstack/salt/lib/python3.10/site-packages/jinja2/environment.py", line 939, in handle_exception
raise rewrite_traceback_stack(source=source)
File "<unknown>", line 38, in template
jinja2.exceptions.TemplateSyntaxError: expected token ':', got '}'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/templates.py", line 211, in render_tmpl
output = render_str(tmplstr, context, tmplpath)
File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/templates.py", line 484, in render_jinja_tmpl
raise SaltRenderError(f"Jinja syntax error: {exc}{out}", line, tmplstr)
salt.exceptions.SaltRenderError: Jinja syntax error: expected token ':', got '}'; line 38

---
[...]

- location: xxx
- tenant_id: xxx

- sku: xxx
- connection_auth: {{ authprofile }}

{% set return = salt['azurerm_keyvault_secret.get_secret'](vault_url="xxx",name="xxxx",resource_group="xxxxx",location="xxx",tenant_id="x",connection_auth={{ authprofile }} )[value'] %} <======================
---
[CRITICAL] Rendering SLS 'sbxpoc:states.azkv4' failed: Jinja syntax error: expected token ':', got '}'; line 38

---
[...]

- location: xxx
- tenant_id: xxx

- sku: xxx
- connection_auth: {{ authprofile }}

{% set return = salt['azurerm_keyvault_secret.get_secret'](vault_url="xxx",name="xxxx",resource_group="xxxxx",location="xxx",tenant_id="x",connection_auth={{ authprofile }} )[value'] %} <======================
---
local:
Data failed to compile:
----------
Rendering SLS 'sbxpoc:states.azkv4' failed: Jinja syntax error: expected token ':', got '}'; line 38

---
[...]

- location: xxx
- tenant_id: xxx

- sku: xxx
- connection_auth: {{ authprofile }}

{% set return = salt['azurerm_keyvault_secret.get_secret'](vault_url="xxx",name="xxxx",resource_group="xxxxx",location="xxx",tenant_id="x",connection_auth={{ authprofile }} )[value'] %} <======================

Phipps, Thomas

unread,

Feb 6, 2025, 7:08:35 AMFeb 6

to salt-...@googlegroups.com

the problem is not the use or not use of value. it is your use of {{}} {{}} is shorthand for enter jinja and output result. you don’t need that from within a jinja block.
this is why in my example i did not put the {{}} you just pass the variable as is.

{% set return = salt['azurerm_keyvault_secret.get_secret'](vault_url="xxxx",name="xxxt",resource_group="xxxxx",location="xxxxx",tenant_id="xxxx",connection_auth=authprofile )[value'] %}

To view this discussion visit https://groups.google.com/d/msgid/salt-users/f02f652b-599e-426b-ab70-b5a3e75829a7n%40googlegroups.com.

Dennis Muller

unread,

Feb 6, 2025, 7:26:47 AMFeb 6

to Salt-users

Thank you for your prompt response. I had run across a post about using pillar values in this manner, and had tried it the way you suggested but that syntax did not work either.

I looked at it closer and found I had a syntax error.

Thank you for your assistance, I was able to get it working as I needed.

I really appreciate your assistance and patience.

Reply all

Reply to author

Forward