结合 2 个字典:用 ansible 和 jinja2 循环
Combining 2 dictionairies: looping with ansible and jinja2
我正在尝试遍历包含 permission_type 的团队字典,然后遍历第二个字典以检索 permission_type
的值
团队名单:
teams:
- name: "A"
permission_type: admin_permissions
- name: "B"
permission_type: user_permissions
- name: "C"
permission_type: user_permissions
有权限的字典:
permission_list:
- admin_permissions:
- Scope: permission1
Rights: write
- Scope: permission2
Rights: write
- user_permissions:
- Scope: permission1
Rights: read
- Scope: permission2
Rights: read
具有以下角色的任务:
- name: Define role permissions
command:
chdir: "{{ bin_dir }}"
cmd: |
./myscript.sh -modify_role -name "{{ item.name }}-access-role" -add_permission
{% for permissions in permission_list if item.permission_type == permissions %} -auth_resource "{{ permissions.Scope }}" -operation "{{ permissions.Rights }}" {% endfor %}
loop: "{{ teams }}"
我得到的错误是 if 语句不匹配,这意味着 -add_permission 之后的所有内容都是空的
结果应该是:
./myscript.sh -modify_role -name "A-access-role" -add_permission -auth_resource permission1 -operation write -auth_resource permission2 -operation write
./myscript.sh -modify_role -name "B-access-role" -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read
./myscript.sh -modify_role -name "C-access-role" -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read
我怎样才能做到这一点?
编辑:感谢 matt_s 为我指明了正确的方向,这些是我必须做出的调整:
- 使用字典代替列表(基本上删除 admin_permissions 和 user_permissions
处的破折号“- ”
- 删除 for 循环中的引号 (
"{{ permissions.Scope }}")
您可以更改您的权限列表,以便您可以查找每种类型的权限。因此,不要使用列表,而是使用类型为键的字典:
permission_list:
admin_permissions:
- Scope: permission1
Rights: write
- Scope: permission2
Rights: write
user_permissions:
- Scope: permission1
Rights: read
- Scope: permission2
Rights: read
然后使用 with_items 查看您的团队:
- name: Test
debug:
msg: "{% for p in permission_list[item.permission_type]%} scope: {{ p.Scope }} rights: {{ p.Rights }} {% endfor %}"
with_items: "{{ teams }}"
结果是:
TASK [stack_overflow_1 : Test] *************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'name': u'A', u'permission_type': u'admin_permissions'}) => {
"msg": " scope: permission1 rights: write scope: permission2 rights: write "
}
ok: [localhost] => (item={u'name': u'B', u'permission_type': u'user_permissions'}) => {
"msg": " scope: permission1 rights: read scope: permission2 rights: read "
}
ok: [localhost] => (item={u'name': u'C', u'permission_type': u'user_permissions'}) => {
"msg": " scope: permission1 rights: read scope: permission2 rights: read "
}
首先将列表转换为字典。例如
- set_fact:
permission_dict: "{{ permission_dict|d({})|
combine({permission_type: auth_resource}) }}"
loop: "{{ permission_list }}"
vars:
permission_type: "{{ item.keys()|first }}"
auth_resource: |-
{% for p in item|json_query('*')|flatten %}
-auth_resource {{ p.Scope }} -operation {{ p.Rights }}
{%- endfor %}
给予
permission_dict:
admin_permissions: " -auth_resource permission1 -operation write -auth_resource permission2 -operation write"
user_permissions: " -auth_resource permission1 -operation read -auth_resource permission2 -operation read"
使用这个字典创建命令
- debug:
var: cmd
loop: "{{ teams }}"
vars:
cmd: >-
./myscript.sh -modify_role -name {{ item.name }}-access-role
-add_permission{{ permission_dict[item.permission_type] }}
给出(删节)
cmd: ./myscript.sh -modify_role -name A-access-role -add_permission -auth_resource permission1 -operation write -auth_resource permission2 -operation write
cmd: ./myscript.sh -modify_role -name B-access-role -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read
cmd: ./myscript.sh -modify_role -name C-access-role -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read
我正在尝试遍历包含 permission_type 的团队字典,然后遍历第二个字典以检索 permission_type
的值团队名单:
teams:
- name: "A"
permission_type: admin_permissions
- name: "B"
permission_type: user_permissions
- name: "C"
permission_type: user_permissions
有权限的字典:
permission_list:
- admin_permissions:
- Scope: permission1
Rights: write
- Scope: permission2
Rights: write
- user_permissions:
- Scope: permission1
Rights: read
- Scope: permission2
Rights: read
具有以下角色的任务:
- name: Define role permissions
command:
chdir: "{{ bin_dir }}"
cmd: |
./myscript.sh -modify_role -name "{{ item.name }}-access-role" -add_permission
{% for permissions in permission_list if item.permission_type == permissions %} -auth_resource "{{ permissions.Scope }}" -operation "{{ permissions.Rights }}" {% endfor %}
loop: "{{ teams }}"
我得到的错误是 if 语句不匹配,这意味着 -add_permission 之后的所有内容都是空的
结果应该是:
./myscript.sh -modify_role -name "A-access-role" -add_permission -auth_resource permission1 -operation write -auth_resource permission2 -operation write
./myscript.sh -modify_role -name "B-access-role" -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read
./myscript.sh -modify_role -name "C-access-role" -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read
我怎样才能做到这一点?
编辑:感谢 matt_s 为我指明了正确的方向,这些是我必须做出的调整:
- 使用字典代替列表(基本上删除 admin_permissions 和 user_permissions 处的破折号“
- 删除 for 循环中的引号 (
"{{ permissions.Scope }}")
- ”
您可以更改您的权限列表,以便您可以查找每种类型的权限。因此,不要使用列表,而是使用类型为键的字典:
permission_list:
admin_permissions:
- Scope: permission1
Rights: write
- Scope: permission2
Rights: write
user_permissions:
- Scope: permission1
Rights: read
- Scope: permission2
Rights: read
然后使用 with_items 查看您的团队:
- name: Test
debug:
msg: "{% for p in permission_list[item.permission_type]%} scope: {{ p.Scope }} rights: {{ p.Rights }} {% endfor %}"
with_items: "{{ teams }}"
结果是:
TASK [stack_overflow_1 : Test] *************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'name': u'A', u'permission_type': u'admin_permissions'}) => {
"msg": " scope: permission1 rights: write scope: permission2 rights: write "
}
ok: [localhost] => (item={u'name': u'B', u'permission_type': u'user_permissions'}) => {
"msg": " scope: permission1 rights: read scope: permission2 rights: read "
}
ok: [localhost] => (item={u'name': u'C', u'permission_type': u'user_permissions'}) => {
"msg": " scope: permission1 rights: read scope: permission2 rights: read "
}
首先将列表转换为字典。例如
- set_fact:
permission_dict: "{{ permission_dict|d({})|
combine({permission_type: auth_resource}) }}"
loop: "{{ permission_list }}"
vars:
permission_type: "{{ item.keys()|first }}"
auth_resource: |-
{% for p in item|json_query('*')|flatten %}
-auth_resource {{ p.Scope }} -operation {{ p.Rights }}
{%- endfor %}
给予
permission_dict:
admin_permissions: " -auth_resource permission1 -operation write -auth_resource permission2 -operation write"
user_permissions: " -auth_resource permission1 -operation read -auth_resource permission2 -operation read"
使用这个字典创建命令
- debug:
var: cmd
loop: "{{ teams }}"
vars:
cmd: >-
./myscript.sh -modify_role -name {{ item.name }}-access-role
-add_permission{{ permission_dict[item.permission_type] }}
给出(删节)
cmd: ./myscript.sh -modify_role -name A-access-role -add_permission -auth_resource permission1 -operation write -auth_resource permission2 -operation write
cmd: ./myscript.sh -modify_role -name B-access-role -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read
cmd: ./myscript.sh -modify_role -name C-access-role -add_permission -auth_resource permission1 -operation read -auth_resource permission2 -operation read