I suspect the issue is introduced by the copy/pasting. Can you pipe it directly to yamllint and tell us what that says?
DIck On Tue, 8 Jan 2019 at 11:06, Kishore Ponniah <[email protected]> wrote: > > Please find my code below: I checked the code using YAML validator and looks > like it is valid. But still complaining about Line 12 column 6. > > Any help please? > > --- > # This playbook builds IAM infrastructure in all configured accounts > - name: Install/Update RXGT Identity account CF templates > hosts: infrastructure > tasks: > > - name: Install/Update RXGT PS cross account CF templates > hosts: infrastructure > tasks: > # Support using STS temporary creds (optional) > # See readme.md > - name: get sts session token > sts_session_token: > duration_seconds: "{{ sts_session_duration | default(3600) }}" > # Support role policy with mandatory MFA > mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}" > mfa_token: "{{ sts_mfa_token | default(omit) }}" > register: sts_session_token > when: with_sts > tags: > rxgt-ps-identity-stack-deploy > > - name: retrieve sts credentials > set_fact: > sts_access_key: "{{ sts_session_token.sts_creds.access_key }}" > sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}" > sts_session_token: "{{ sts_session_token.sts_creds.session_token }}" > when: with_sts > tags: > rxgt-ps-identity-stack-deploy > > - name: debug role arns > debug: > msg: "Assuming role: {{ account_config.sts_role_arn }}" > verbosity: 1 > loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract', > rxgt_identity_account['account_config'])|list }}" > loop_control: > loop_var: account_config > label: "{{ account_config.sts_role_arn }}" > tags: > rxgt-ps-identity-stack-deploy > > - name: assume cross account roles > sts_assume_role: > role_arn: "{{ account_config.sts_role_arn }}" > role_session_name: "ansibledeploy" > duration_seconds: "{{ sts_session_duration | default(3600) }}" > # Use STS temporary creds or fallback to aws cli/boto creds - see readme.md > aws_access_key: "{{ sts_access_key | default(omit) }}" > aws_secret_key: "{{ sts_secret_key | default(omit) }}" > security_token: "{{ sts_session_token | default(omit) }}" > # Support role policy with mandatory MFA > mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}" > mfa_token: "{{ sts_mfa_token | default(omit) }}" > loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract', > rxgt_identity_account['account_config'])|list }}" > loop_control: > loop_var: account_config > label: "{{ account_config.sts_role_arn }}" > # > https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#using-register-with-a-loop > register: assumed_roles_with_account_config > tags: > rxgt-ps-identity-stack-deploy > > - name: create rxgt-ps-cross-account-iam-atlas-developer-roles changeset > cloudformation: > stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles" > state: present > region: "{{ account_config.1 }}" > aws_access_key: "{{ account_config.0.sts_creds.access_key }}" > aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}" > security_token: "{{ account_config.0.sts_creds.session_token }}" > create_changeset: true > changeset_name: "{{ cf_changeset_name }}" > # Don't pass the cd-deploy-role to CF due to [possible privilege > escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html) > # for anyone able to perform stack updates. > # role_arn: "{{ account_config.0.account_config.pass_role_arn }}" > template_url: > "https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml"; > template_parameters: "{{ > account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params > }}" > termination_protection: no > tags: "{{ global_tags | > combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags, > recursive=True) }}" > # Convert to a list of dicts duplicated per region. See > https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter > loop: "{{ > assumed_roles_with_account_config.results|subelements('account_config.regions', > skip_missing=True) }}" > loop_control: > loop_var: account_config > label: "{{ account_config.0.account_config.account_alias }}:{{ > account_config.1 }}" > tags: > rxgt-ps-identity-stack-deploy > > - name: create rxgt-ps-cross-account-iam-atlas-developer-roles stack > cloudformation: > stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles" > state: present > region: "{{ account_config.1 }}" > aws_access_key: "{{ account_config.0.sts_creds.access_key }}" > aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}" > security_token: "{{ account_config.0.sts_creds.session_token }}" > create_changeset: false > changeset_name: "{{ cf_changeset_name }}" > # Don't pass the cd-deploy-role to CF due to [possible privilege > escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html) > # for anyone able to perform stack updates. > # role_arn: "{{ account_config.0.account_config.pass_role_arn }}" > template_url: > "https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml"; > template_parameters: "{{ > account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params > }}" > termination_protection: no > tags: "{{ global_tags | > combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags, > recursive=True) }}" > # Convert to a list of dicts duplicated per region. See > https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter > loop: "{{ > assumed_roles_with_account_config.results|subelements('account_config.regions', > skip_missing=True) }}" > loop_control: > loop_var: account_config > label: "{{ account_config.0.account_config.account_alias }}:{{ > account_config.1 }}" > when: with_stack_deploy > tags: > rxgt-ps-identity-stack-deploy > > On Tuesday, January 8, 2019 at 1:37:43 AM UTC, goforawalktwice wrote: >> >> ooops ... the error was due to me copy/paste formatting - the second '-name' >> got indented too far - fixing that indentation makes it valid YAML according >> to that site >> >> >> On Tuesday, January 8, 2019 at 2:04:24 PM UTC+13, Karl Auer wrote: >>> >>> What is the problem that it reports on line 22? >>> >>> When posting code, please post in a fixed-width font if you can. Makes it >>> easier to check indentation. >>> >>> Regards, K. >>> >>> >>> On Tue, Jan 8, 2019 at 11:58 AM goforawalktwice <[email protected]> wrote: >>>> >>>> hi, when I paste that YAML to >>>> >>>> https://jsonformatter.org/yaml-validator >>>> >>>> it reckons line 22 is a problem - the second -name entry. When I remove >>>> from line 22 down it reckons it's valid YAML. >>>> >>>> Regards, Straff >>>> >>>> >>>> >>>> On Tuesday, January 8, 2019 at 5:34:25 AM UTC+13, Kishore Ponniah wrote: >>>>> >>>>> Hi all, >>>>> >>>>> My cloudformation template has exceeded the template body limit more than >>>>> 51200 bytes and I am trying to upload to s3 and deploy using cross >>>>> account. I used template_url parameter in the playbook but giving an >>>>> error. Before adding template_url, I had template_body which was working >>>>> fine. I have only replaced template_body to template_url. >>>>> >>>>> Please find the playbook below: >>>>> >>>>> - name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles changeset >>>>> cloudformation: >>>>> stack_name: "xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles" >>>>> state: present >>>>> region: "{{ account_config.1 }}" >>>>> aws_access_key: "{{ account_config.0.sts_creds.access_key }}" >>>>> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}" >>>>> security_token: "{{ account_config.0.sts_creds.session_token }}" >>>>> create_changeset: true >>>>> changeset_name: "{{ cf_changeset_name }}" >>>>> template_url: >>>>> "https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml"; >>>>> template_parameters: "{{ account_config.0.account_config.stacks[' >>>>> xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].params }}" >>>>> termination_protection: no >>>>> tags: "{{ global_tags | >>>>> combine(account_config.0.account_config.stacks[' >>>>> xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].override_tags, >>>>> recursive=True) }}" >>>>> loop: "{{ >>>>> assumed_roles_with_account_config.results|subelements('account_config.regions', >>>>> skip_missing=True) }}" >>>>> loop_control: >>>>> loop_var: account_config >>>>> label: "{{ account_config.0.account_config.account_alias }}:{{ >>>>> account_config.1 }}" >>>>> tags: >>>>> rxgt-ps-identity-stack-deploy >>>>> >>>>> - name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles stack >>>>> cloudformation: >>>>> stack_name: "xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles" >>>>> state: present >>>>> region: "{{ account_config.1 }}" >>>>> aws_access_key: "{{ account_config.0.sts_creds.access_key }}" >>>>> aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}" >>>>> security_token: "{{ account_config.0.sts_creds.session_token }}" >>>>> create_changeset: false >>>>> changeset_name: "{{ cf_changeset_name }}" >>>>> template_url: >>>>> "https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml"; >>>>> template_parameters: "{{ >>>>> account_config.0.account_config.stacks['xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].params >>>>> }}" >>>>> termination_protection: no >>>>> tags: "{{ global_tags | >>>>> combine(account_config.0.account_config.stacks['xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].override_tags, >>>>> recursive=True) }}" >>>>> # Convert to a list of dicts duplicated per region. See >>>>> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter >>>>> loop: "{{ >>>>> assumed_roles_with_account_config.results|subelements('account_config.regions', >>>>> skip_missing=True) }}" >>>>> loop_control: >>>>> loop_var: account_config >>>>> label: "{{ account_config.0.account_config.account_alias }}:{{ >>>>> account_config.1 }}" >>>>> when: with_stack_deploy >>>>> tags: >>>>> rxgt-ps-identity-stack-deploy >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/c8fce4d7-b3f2-4495-9604-d554187f7ea0%40googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> -- >>> Karl Auer >>> >>> Email : [email protected] >>> Website: http://2pisoftware.com >>> >>> GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816 >>> Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/28a0aea4-ce8c-4d6a-bda8-e33824808a19%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Dick Visser Trust & Identity Service Operations Manager GÉANT -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwOoMSwVKy9Fn_iLRot2cAQvYMY8EfFR5t%2BN2uwtT1155Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
