Yep only last value
On Thu, Feb 9, 2023 at 2:52 PM Todd Lewis <uto...@gmail.com> wrote:
> Here's an idea: Register the result, and show us the output from
> `ansible-playbook -vv`.
> Based on what you said before about it replacing rather than adding to,
> I'm going to guess you're only getting the last value. (?)
>
> On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote:
>
>> trying my loop but its only putting in one value . any idea?
>>
>> ---
>> - name: test
>> hosts: localhost
>> tasks:
>> - name: Create IAM Managed Policy
>> amazon.aws.iam_policy:
>> iam_type: role
>> iam_name: "aws_test_role"
>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>> policy_json:
>> Version: "2012-10-17"
>> Statement:
>> - Action: "{{ item }}"
>> Effect: "Allow"
>> Resource: "*"
>> state: present
>> loop:
>> - acm-pca:ListTags
>> - acm-pca:GetPolicy
>> - acm-pca:GetPolicy
>>
>> On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <tdub...@gmail.com> wrote:
>>
>>> ok I tried doing it this way and it worked but wiped out my existing
>>> policy. any idea how to append instead of replace?
>>>
>>> ---
>>> - name: test
>>> hosts: localhost
>>> tasks:
>>> - name: Create IAM Managed Policy
>>> amazon.aws.iam_policy:
>>> iam_type: role
>>> iam_name: "aws_test_role"
>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>> policy_json:
>>> Version: "2012-10-17"
>>> Statement:
>>> - Action: ["appstream:DescribeStacks"]
>>> Effect: "Allow"
>>> Resource: "*"
>>> state: present
>>>
>>> On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <tdub...@gmail.com> wrote:
>>>
>>>> yes it does
>>>>
>>>> On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible
>>>> Project <ansible...@googlegroups.com> wrote:
>>>>
>>> Does your AWS user ID used by the task have rights to modify IAM
>>>>> policies?
>>>>>
>>>>> Walter
>>>>> --
>>>>> Walter Rowe, Division Chief
>>>>> Infrastructure Services, OISM
>>>>> Mobile: 202.355.4123 <(202)%20355-4123>
>>>>>
>>>>
>>>>> On Feb 9, 2023, at 2:46 PM, Tony Wong <tdub...@gmail.com> wrote:
>>>>>
>>>>> I am trying to add or modify an iam policy with below. it ran but did
>>>>> not modify anything
>>>>>
>>>>> any idea?
>>>>>
>>>>> ---
>>>>> - name: test
>>>>> hosts: localhost
>>>>> tasks:
>>>>> - name: Create IAM Managed Policy
>>>>> community.aws.iam_managed_policy:
>>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>>> policy:
>>>>> Version: "2012-10-17"
>>>>> Statement:
>>>>> - Effect: "Allow"
>>>>> "Action": "appstream:DescribeStacks"
>>>>> Resource: "*"
>>>>> make_default: false
>>>>> state: present
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Ansible Project" group.
>>>>>
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to ansible-proje...@googlegroups.com.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com
>>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0>
>>>>> .
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "Ansible Project" group.
>>>>> To unsubscribe from this topic, visit
>>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>>>> .
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> ansible-proje...@googlegroups.com.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov
>>>>> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com.
