Authentication issues

[isopy]

Firstly, thanks so much for writing these modules. I'm currently automating host scans within Tenable using the uri module extensively and would love to convert it over to use these modules. However, as the title mentions I'm running into an issue authenticating.

Here's my task:

- name: Get credentials
  valkiriaaquatica.tenable.list_managed_credentials:
    access_key: "{{ sc_access_key }}"
    secret_key: "{{ sc_secret_key }}"
  register: get_credential_output

Here is the error that I receive:

fatal: [localhost]: FAILED! => changed=false 
  msg: Authentication failure. Please check your API keys.
  status_code: 401

I've confirmed that the credentials that i'm passing are correct. I can use the same credentials to successfully hit the API via the uri module.

(I also get the same error when I try to pass the credentials via environment variable as well)

[valkiriaaquatica]

Hey @isopy really nice to have first issue :) and really habppy you are using the collection!

Some questions before examples

• Are you using delegate_to: localhost or running the playbook against hosts: localhost or again an inventory that is localhsot (such Ansible Automation Platform or AWX default inventory on localhost)?
• Have you set the credentials on the variables sc_access_key and sc_secret_key ? I f you make a debug of those variable as follows it returns the keys?

So I have tested in a new dployed ubuntu machine with enviroment variables as follows:
1 Option

export TENABLE_ACCESS_KEY=123455
export TENABLE_SECRET_KEY=54321

and in playbook

- name: test
  hosts: localhost
  gather_facts: false
  tasks:
   - name: List managed credential  types file filters with enviroment creds
     valkiriaaquatica.tenable.list_managed_credentials:

or against an inventory but running the task with delegate_to: localhost

- name: test
  hosts: all
  gather_facts: false
  tasks:
   - name: List managed credential  types file filters with enviroment creds
     valkiriaaquatica.tenable.list_managed_credentials:
     delegate_to: localhost

2 Option not using enviroment variables
and then without enviroment variables as is shown below

- name: test
  hosts: localhost
  gather_facts: false
  tasks:
   - name: List managed credential  types file filters with enviroment creds
     valkiriaaquatica.tenable.list_managed_credentials:
        access_key: "123456"
        secret_key:  "54321"

or against an inventory but running the task with delegate_to: localhost

- name: test
  hosts: all
  gather_facts: false
  tasks:
   - name: List managed credential  types file filters with enviroment creds
     valkiriaaquatica.tenable.list_managed_credentials:
        access_key: "123456"
        secret_key:  "54321"
     delegate_to: localhost

3 Option defining the credentials as vars (your example)

- name: test
  hosts: localhost
  gather_facts: false 
  vars: 
    - sc_access_key: "123456"
    - sc_secret_key: "654321"
  tasks: 
    - name: Get credentials
      valkiriaaquatica.tenable.list_managed_credentials:
        access_key: "{{ sc_access_key }}"
        secret_key: "{{ sc_secret_key }}"
      register: get_credential_output

or against an inventory but running the task with delegate_to: localhost

- name: test
  hosts: all
  gather_facts: false 
  vars: 
    - sc_access_key: "123456"
    - sc_secret_key: "654321"
  tasks: 
    - name: Get credentials
      valkiriaaquatica.tenable.list_managed_credentials:
        access_key: "{{ sc_access_key }}"
        secret_key: "{{ sc_secret_key }}"
      register: get_credential_output
      delegate_to: localhost

[isopy]

@valkiriaaquatica Wow I must have been working too hard before I submitted the issue, because I see the issue now 😆 I don't have a way to pass my tenable hostname to your module. I'm running this from my localhost to test (which is my laptop) but it will eventually run in AAP in an execution environment so I need a way to specify the tenable hostname so it knows where to hit the API.

For example, this is how my task is written that uses the uri module, which works:

- name: Get credentials
  ansible.builtin.uri:
    url: "https://{{ tenable_sc_hostname }}/rest/credential?filter=usable&fields=name,id"
    headers:
      x-apikey: "accesskey={{ sc_access_key }}; secretkey={{ sc_secret_key }}"
    validate_certs: false
    return_content: true
    method: GET
  register: get_credential_output

It doesn't look like your module(s) accept a hostname as a parameter which I think is what I'd need to make this work for me.

[isopy]

Sorry, for the double post but dug into your code a bit and I see that these modules are meant to work against cloud hosted Tenable. We are actually self hosting 😓 Also, the endpoints for cloud and self hosted are different so it would take a lot more than just adding a hostname parameter to make these work for me. Maybe thats a project that I can tackle a different day. 😄 In any case, sorry for all the noise.

[valkiriaaquatica]

No worries @isopy !! Thats a really good point btw to be include module from self hosted Tenable. For the moment I dont't have access to a private hosted Tenable server, but maybe some vulunteer or me in the future has access and can develop it!
For the moment I will update documentation indicating is for Public (not self hosted Tenable) and will add as a posible contributionn to inlude modules from self hosted!
Thanks!