For several levels of loops I often split things out to separate files,
which are then included with 'include_tasks' in a loop.
It helps to name the files properly, ie according to their function.
On Mon, 17 Aug 2020 at 23:15, Nick-H <houillo...@gmail.com> wrote:
> so basically I *just *need to loop over extra variables in an inline way
> to construct the unique name and the unique policy template, then, the
> usual loop for the module will create the resources in aws.
> - should using *Lookup *a good start for inline loop ?
> - as *nested *and *subelements *can't seem to achieve this, what other
> solution I can explore ?
> cheers
> Le lundi 17 août 2020 à 11:52:15 UTC-7, Nick-H a écrit :
>
>> Thanks Racke, I should have had some context. policy_name can vary,
>> actually in the real task I have other policies with other names, hence the
>> use of a loop for item.name and item.policy .
>> Just this specific one named rds_foo_bar needs the nested arguments from
>> my vars list(or dict I am not sure) .
>> Although I can create a dedicate task just for that policy if that is too
>> complicated, I just thought I could do some nested loop over variables.
>> Interesting facts, with nested it actually loop over each character in
>> the key:value
>> *Couldn't create policy rds-dev-[[u'r', u'e', u'g', u'i', u'o', u'n',
>> u's'], [u'r', u'o', u'l', u'e']]*
>>
>> the actual play looks like:
>>
>> iam_managed_policy:
>> policy_name: "{{ item.name }}"
>> policy: "{{ item.policy }}"
>> state: present
>> loop:
>> - { name:
>> "rds-prod-{{ lookup('dict', mysql_privilege[0].value ) }} ",
>> policy: "{{ lookup('template', rds-prod.json.j2) }}" }
>> # - { name: "rds-dev-{{ lookup('nested',mysql_privilege )",
>> policy: "{{ lookup('template', rds_dev.json.j2) }}" }
>>
>> # - { name: cloudwatch, policy: "{{
>> lookup('template','cloudwatch.json.j2') }}" }
>> # other policies with name and policy
>> vars:
>> mysql_privilege:
>> role:
>> - rw
>> - ro
>> rds_region:
>> - us-west-1
>> - us-west-2
>>
>> And rds-prod.json.j2 also reuses the variables from mysql_privilege dict
>> as:
>> ...
>> "Action": [
>> "rds-db:connect"
>> ],
>> "Resource": "arn:aws:rds-db:{{ rds_region }}{{ aws_id
>> }}:dbuser:*/username-{{ role }}"
>> ...
>>
>>
>> Le jeudi 13 août 2020 à 11:39:26 UTC-7, brae...@gmail.com a écrit :
>>
>>> On 8/13/20 8:00 PM, Nick-H wrote:
>>>
>>>
>>> > so, I have been trying with lookup('dict') but still not quite close
>>> to the expected result
>>>
>>>
>>> > I get: " An unhandled exception occurred while running the lookup
>>> plugin 'dict'. Error was a <class
>>>
>>>
>>> > 'ansible.errors.AnsibleError'>, original message: with_dict expects a
>>> dict"
>>>
>>>
>>> > her is the last code :
>>>
>>>
>>> >
>>>
>>>
>>> > iam_managed_policy:
>>>
>>>
>>> > policy_name: "{{ item.name }}"
>>>
>>>
>>> > policy: "{{ item.policy }}"
>>>
>>>
>>> > state: present
>>>
>>>
>>> > loop:
>>>
>>>
>>> >
>>> - { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ",
>>> policy: "{{ lookup('template', 'template.json.j2') }}" }
>>>
>>>
>>> >
>>> # - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ",
>>> policy: "{{ lookup('template', 'template.json.j2') }}" }
>>>
>>>
>>> > vars:
>>>
>>>
>>> > mysql_privilege:
>>>
>>>
>>> > role:
>>>
>>>
>>> > - rw
>>>
>>>
>>> > - ro
>>>
>>>
>>> > regions:
>>>
>>>
>>> > - us-west-1
>>>
>>>
>>> > - us-west-2
>>>
>>>
>>> >
>>>
>>>
>>>
>>>
>>>
>>> What are the possible values for policy_name? The value for the "policy"
>>> seems to the same lookup so you don't need in
>>>
>>>
>>> the loop.
>>>
>>>
>>>
>>>
>>>
>>> I'm pretty sure that you are running into brick walls for a possibly
>>> simple problem.
>>>
>>>
>>>
>>>
>>>
>>> So please explain / give examples how the policy_name is constructed.
>>>
>>>
>>>
>>>
>>>
>>> Regards
>>>
>>>
>>> Racke
>>>
>>>
>>>
>>>
>>>
>>> >
>>>
>>>
>>> >
>>>
>>>
>>> >
>>>
>>>
>>> > Le mercredi 12 août 2020 à 17:27:22 UTC-7, Nick-H a écrit :
>>>
>>>
>>> >
>>>
>>>
>>> > Hi, I have been looking into /nested /, /subelements /and other
>>> /lookups /with no luck to make this working , using
>>>
>>>
>>> > ansible 2.8.
>>>
>>>
>>> > Basically , I'd like to construct a loop than can itself iterate over
>>> other variables (list or dict).
>>>
>>>
>>> > * iam_managed_policy:*
>>>
>>>
>>> > * policy_name: "{{ item.name <http://item.name> }}"*
>>>
>>>
>>> > * policy: "{{ item.policy }}"*
>>>
>>>
>>> > * state: present*
>>>
>>>
>>> > * loop:*
>>>
>>>
>>> > * - { name: "rds-{{mysql_privilege}}-{{regions}}", policy:
>>> "{{ lookup('template', template.json.j2') }}" }*
>>>
>>>
>>> > * vars:*
>>>
>>>
>>> > * mysql_privilege:** *
>>>
>>>
>>> > * - rw*
>>>
>>>
>>> > * - ro*
>>>
>>>
>>> > * regions: *
>>>
>>>
>>> > * - us-west-1*
>>>
>>>
>>> > * - us-west-2*
>>>
>>>
>>> >
>>>
>>>
>>> > but it end up with such result:
>>>
>>>
>>> > "Couldn't create policy rds-prod-[u'rw', u'ro'] - [u'ca-central-1',
>>> u'us-west-1']"
>>>
>>>
>>> >
>>>
>>>
>>> > What i d like is each loop would build a 2 dimensions array with the
>>> vars elements ( rw-us-west-1 , rw-us-west-2,
>>>
>>>
>>> > ro-us-west-1, ro-us-west-2)
>>>
>>>
>>> >
>>>
>>>
>>> > Is that even possible to achieve with ansible ?
>>>
>>>
>>> > thanks
>>>
>>>
>>> >
>>>
>>>
>>> > --
>>>
>>>
>>> > You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>>
>>>
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an email to
>>>
>>>
>>> > ansible-proje...@googlegroups.com <mailto:
>>> ansible-proje...@googlegroups.com>.
>>>
>>>
>>> > To view this discussion on the web visit
>>>
>>>
>>> >
>>> https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com
>>>
>>>
>>> > <
>>> https://groups.google.com/d/msgid/ansible-project/bacb4345-c3a7-4663-9931-91b3f0225175n%40googlegroups.com?utm_medium=email&utm_source=footer
>>> >.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>> Ecommerce and Linux consulting + Perl and web application programming.
>>>
>>>
>>> Debian and Sympa administration. Provisioning with Ansible.
>>>
>>>
>>>
>>>
>>>
>>>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5fbcc30f-c17f-4416-8f05-06cd320f2d4dn%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/5fbcc30f-c17f-4416-8f05-06cd320f2d4dn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
> --
Sent from a mobile device - please excuse the brevity, spelling and
punctuation.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAL8fbwPgKPhD5USrHMO-bX5_7T-p6A__KDjm9O5r1gWTy0L%2BYg%40mail.gmail.com.
