I've added an issue to the Ansible github project for this:
https://github.com/ansible/ansible/issues/31705
For what it's worth, if I convert the variable to a dictionary (instead of
a list) and pass that through the list Jinja2 filter it works as a list:
---
- hosts: localhost
gather_facts: false
# Run like this:
# ./test01.yml --ask-vault-pass
# (Enter "test" for the password)
vars:
userlist:
user1:
password: "user1pwd"
user2:
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62613930343865373434316635616466383633396539303135666565363539396662386636303763
3237393664306333333063363863366239323733336432350a396337393861363463613734306339
34393165343861363534656533383834353233323464626461393031623265373537353732356337
3634353837343363370a366531633331333462333261376633636662323131356366653566646239
3830
user3:
password: "user3pwd"
tasks:
- name: "Dict variable"
debug:
msg: "name: {{item.key}}, password: {{item.value.password}}"
with_dict: "{{ userlist }}"
- name: "List variable"
debug:
msg: "name: {{item}}, password: {{item.password}}"
with_items: "{{ userlist.values() | list }}"
On Wednesday, October 11, 2017 at 9:24:57 PM UTC-5, Dan Linder wrote:
> I've have a dictionary variable setup that has accounts and passwords:
>
> password_list:
> - { name: "user1",
> password: "user1pwd"
> }
> - { name: "user2",
> password: "user2pwd"
> }
> - { name: "user3",
> password: "user3pwd"
> }
>
>
>
> This variable it works as expected. When I update one of the passwords to
> a vaulted version like this:
>
> password_list:
> - { name: "user1",
> password: "user1pwd"
> }
> - { name: "user2",
> password: !vault |
> $ANSIBLE_VAULT;1.1;AES256
>
> 66366265333266666432626431646631356664663262326535346265353939383239626634636331
>
> 6462666364303539336132346430346432333564346663300a623333613666333330626330643735
>
> 64613664383733333839313434303433663164363030383663336663656432613965663862656237
>
> 3631366664646332610a636230616334306232336263313139623264663338613538643163356239
> 3732
> }
> - { name: "user3",
> password: "user3pwd"
> }
>
>
>
>
> ...the ansible-playbook complains about it with this message:
>
> The offending line appears to be:
>
> - { name: "user2",
> password: !vault |
> ^ here
>
> exception type: <class 'yaml.scanner.ScannerError'>
> exception: while scanning for the next token
> found character that cannot start any token
> in "<unicode string>", line 30, column 28
>
>
>
> I've tried variations such as removing the "|" and putting everything from
> "!vault" through "3732" on the same line (removing spaces), using a "<"
> instead of the "|", etc.
>
> Am I doing it wrong? Is this a bug in the vault string handling that I
> should report? Or is this a "not yet implemented" variation on vault data
> that I should put in for a feature request?
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2c6e74a2-a3a0-4631-b6e0-66a56235adcb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
