[英]jinja2 Ansible filter dictionary
我已經做了一段時間了,但是最近開始做一些更高級的事情,例如提取數據以推動外部來源的行動。 這導致我不得不更深入地研究Ansible如何允許邏輯和變量解析,這需要我深入研究jinja2。
在我的劇本中,我試圖從etcd中提取數據,允許我構造授權的sudo spec文件,然后將其傳遞給角色以添加到適當的系統中。
我的數據源除了存儲構建規范所需的數據外,還具有用於審計和日志記錄目的的元數據。
我的數據源的一個關鍵方面是,在刪除訪問權限后,不應刪除任何元數據,即用戶XYZ在10天內的sudo密碼少。 如此多的方面都有一個狀態字段,該狀態字段可能處於活動狀態,也可能處於 非活動狀態,或者在sudo spec 授予或撤銷的情況下。
我已經成功構建了一個查找,該查找可以拉回類似於以下內容的字典-然后使用后續的ansible語句對其進行解析。 我能夠成功處理和提取所有數據,但其規格處於授予狀態的組/用戶除外。
當規范處於“ grant”狀態時,我需要提取linuxName字段,並將其傳遞給配置sudo的角色。
我嘗試了多種過濾器變體,其中大多數最終導致我得到拒絕或類似消息,或者是NULL值而不是所需的值列表。
有人對如何實現這一目標有想法嗎?
提前致謝。
樣本數據
ok: [serverName] => {
"sudoInfraSpecs": [
{
"infra_admins": {
"addedBy": "someUser",
"commands": "FULL_SUDO",
"comment": "platform support admins",
"dateAdded": "20180720",
"defaults": "!requiretty",
"hosts": "SERVERS",
"name": "infra_admins",
"operators": "ROOT",
"state": "active",
"tags": "PASSWD",
"users": {
"admingroup1": {
"addedBy": "someUser",
"dateAdded": "20180719",
"linuxName": "%admingroup1",
"name": "admingroup1",
"state": "grant"
},
"admingroup2": {
"addedBy": "someUser",
"dateAdded": "20180719",
"linuxName": "%admingroup2",
"name": "admingroup2",
"state": "grant"
}
}
},
"ucp_service_account": {
"addedBy": "someUser",
"commands": "FULL_SUDO",
"comment": "platform service account",
"dateAdded": "20180720",
"defaults": "!requiretty",
"hosts": "SERVERS",
"name": "platform_service_account",
"operators": "ROOT",
"state": "active",
"tags": "NOPASSWD,LOG_OUTPUT",
"users": {
"platformUser": {
"addedBy": "someUser",
"dateAdded": "20180719",
"linuxName": "platformUser",
"name": "platformUser",
"state": "grant"
}
}
}
}
]
}
Ansible摘要
- name: Translate infraAdmins sudoers specs from etcd into a list for processing [1]
set_fact:
tempInfraSpecs:
name: "{{ item.value.name}}"
comment: "{{ item.value.comment }}"
users: "{{ item.value.users | list }}"
hosts: "{{ item.value.hosts.split(',') }}"
operators: "{{ item.value.operators.split(',') }}"
tags: "{{ item.value.tags.split(',') }}"
commands: "{{ item.value.commands.split(',') }}"
defaults: "{{ item.value.defaults.split(',') }}"
with_dict: "{{ sudoInfraSpecs }}"
when: item.value.state == 'active'
register: tempsudoInfraSpecs
- name: Translate infraAdmins sudoers specs from etcd into a list for processing [2]
set_fact:
sudoInfraSpecs_fact: "{{ tempsudoInfraSpecs.results | selectattr('ansible_facts','defined')| map(attribute='ansible_facts.tempInfraSpecs') | list }}"
所需的粗略輸出字典:
sudoInfraSpecs:
- infra_admins:
addedBy: someUser
commands: FULL_SUDO
comment: platform support admins
dateAdded: '20180720'
defaults: "!requiretty"
hosts: SERVERS
name: infra_admins
operators: ROOT
state: active
tags: PASSWD
users:
"%admingroup1"
"%admingroup2"
- ucp_service_account:
addedBy: someUser
commands: FULL_SUDO
comment: platform service account
dateAdded: '20180720'
defaults: "!requiretty"
hosts: SERVERS
name: platform_service_account
operators: ROOT
state: active
tags: NOPASSWD,LOG_OUTPUT
users:
"platformUser"
最后,我通過創建一個自定義過濾器以供在我的劇本中使用,該劇本解析構成用戶的嵌套字典,最終完成了這一點:
#!/usr/bin/python
def getSpecActiveMembers(my_dict):
thisSpecActiveMembers = []
for i, value in my_dict.iteritems():
if value['state'] == 'grant':
thisSpecActiveMembers.append(value['linuxName'])
return thisSpecActiveMembers
class FilterModule(object):
def filters(self):
return {
'getSpecActiveMembers': getSpecActiveMembers
}
最終使用戶從上面列出的源平坦化到所需的輸出。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.