Hi there,
I created this sample playbook and based on the data you sent.
I used the mail field because that was not embedded in another key/value
pair like krbpasswordexpiration but the principle is basically the same.
The difference with your playbook is that I used a variable to register the
set_fact . Without that, it would just show the value of the last item in
the loop which will overwrite the previous values. By registering the
output , I can extract out all the values in the last task.
There are probably other methods but this one works.
tasks:
- name: lookup
set_fact:
fil: "{{ lookup('file', 'json.json') }}"
- name: set
set_fact:
users: "{{ fil |json_query('[*].json.result.result.uid')|flatten }}"
pwdexp: "{{ fil |json_query('[*].json.result.result.mail')|flatten
}}"
- name: sf1
set_fact:
factone: "{{ item.0 }} {{ item.1 }}"
with_together:
- "{{ users }}"
- "{{ pwdexp }}"
register: facttwo
- name: sf2
set_fact:
factthree: "{{ facttwo.results |
map(attribute='ansible_facts.factone')|list }}"
- name: debug
debug:
msg: "{{ factthree }}"
The Output is displayed below
ASK [sf1]
*********************************************************************************************************************************
ok: [localhost] => (item=['test.user1', '[email protected]'])
ok: [localhost] => (item=['test.user2', '[email protected]'])
TASK [sf2]
*********************************************************************************************************************************
ok: [localhost]
TASK [debug]
*******************************************************************************************************************************
ok: [localhost] => {
"msg": [
"test.user1 [email protected]",
"test.user2 [email protected]"
]
}
On Fri, Dec 10, 2021 at 8:08 AM [email protected] <[email protected]>
wrote:
> I'm including the playbook below, followed by the relevant output. I have
> redacted the real data values with dummy values, but it should give you an
> idea of what I'm trying and what I'm getting.
>
> Thanks,
> Harry
>
> Playbook:
>
> ---
> - name: Gather User Password Expiration information from IDM server
> hosts: ipaserver
> gather_facts: no
>
> pre_tasks:
> - setup:
> filter: 'ansible_date_time'
>
> vars_files:
> - /etc/ansible/vault.yml
>
> vars:
> idmfqdn: ipaserver.example.com
> binduser: 'admin'
> bindpasswd: '{{ secure_ipa_pass }}'
> cutoff_days: 180
>
> tasks:
>
> - name: Login to IDM use returned cookie to access the API in later tasks
> uri:
> url: "https://{{idmfqdn}}/ipa/session/login_password";
> method: POST
> headers:
> Referer: "https://{{idmfqdn}}/ipa";
> Content-Type: "application/x-www-form-urlencoded"
> Accept: "text/plain"
> body_format: form-urlencoded
> body:
> user: "{{binduser}}"
> password: "{{bindpasswd}}"
> status_code: 200
> register: login
>
> - name: Get IDM API version using previously stored session cookie
> uri:
> url: "https://{{idmfqdn}}/ipa/session/json";
> method: POST
> headers:
> Cookie: "{{ login.set_cookie }}"
> Referer: "https://{{idmfqdn}}/ipa";
> Content-Type: "application/json"
> Accept: "application/json"
> body_format: json
> body: '{"method": "ping","params": [[],{}]}'
> register: api_vers_out
>
> - name: Set fact for api version
> set_fact:
> api_vers: "{{
> api_vers_out.json.result.messages|json_query('[*].data.server_version')|join()
> }}"
>
> - name: Run user_find from IDM API using previously stored session cookie
> uri:
> url: "https://{{idmfqdn}}/ipa/session/json";
> method: POST
> headers:
> Cookie: "{{ login.set_cookie }}"
> Referer: "https://{{idmfqdn}}/ipa";
> Content-Type: "application/json"
> Accept: "application/json"
> body_format: json
> body: "{\"method\": \"user_find/1\",\"params\": [[],{\"version\":
> \"{{ api_vers }}\"}]}"
> no_log: true
> register: user_find
>
> - name: Set fact for users
> set_fact:
> uid: "{{ user_find.json.result.result|map(attribute='uid')|flatten
> }}"
>
> - name: Run user_show from IDM API using previously stored session cookie
> uri:
> url: "https://{{idmfqdn}}/ipa/session/json";
> method: POST
> headers:
> Cookie: "{{ login.set_cookie }}"
> Referer: "https://{{idmfqdn}}/ipa";
> Content-Type: "application/json"
> Accept: "application/json"
> body_format: json
> body: "{\"method\": \"user_show\",\"params\": [[ \"{{ uid[item|int]
> }}\"],{\"all\": true,\"version\": \"{{ api_vers }}\"}]}"
> register: user_show
> with_sequence: start=0 end=1
>
> - name: Print user_show variable
> debug:
> msg: "{{ user_show }}"
>
> - name: Set user_show fact
> set_fact:
> users: "{{
> user_show.results|json_query('[*].json.result.result.uid[0]')|flatten }}"
> pwdexp: "{{
> user_show.results|json_query('[*].json.result.result.krbpasswordexpiration[0]')|flatten
> }}"
>
> - name: Print users fact
> debug:
> msg: "{{ users }}"
>
> - name: Print pwdexp fact
> debug:
> msg: "{{ pwdexp }}"
>
> - name: Set userlist fact
> set_fact:
> userlist: "{{ item.0 }} {{ item.1 }} {{ (ansible_date_time.epoch|int
> - ((item.1['__datetime__'] |
> to_datetime('%Y%m%d%H%M%SZ')).strftime('%s'))|int) / (60*60*24) }}"
> with_together:
> - "{{ users }}"
> - "{{ pwdexp }}"
>
> - name: Print userlist fact
> debug:
> msg: "{{ userlist }}"
>
> The output is as follows:
>
> TASK [Print users fact]
> ***********************************************************************************************************
> ok: [ipaserver.example.com] => {
> "msg": [
> "test.user1",
> "test.user2"
> ]
> }
>
> TASK [Print pwdexp fact]
> **********************************************************************************************************
> ok: [ipaserver.example.com] => {
> "msg": [
> {
> "__datetime__": "20220103195934Z"
> },
> {
> "__datetime__": "20200218151047Z"
> }
> ]
> }
>
> TASK [Print user_show variable]
> ***************************************************************************************************
> ok: [ipaserver.example.com] => {
> "msg": {
> "changed": false,
> "msg": "All items completed",
> "results": [
> {
> "ansible_loop_var": "item",
> "cache_control": "no-cache, private",
> "changed": false,
> "connection": "close",
> "content_length": "1681",
> "content_security_policy": "frame-ancestors 'none'",
> "content_type": "application/json; charset=utf-8",
> "cookies": {},
> "cookies_string": "",
> "date": "Fri, 10 Dec 2021 12:49:38 GMT",
> "elapsed": 0,
> "failed": false,
> "invocation": {
> "module_args": {
> "attributes": null,
> "backup": null,
> "body": {
> "method": "user_show",
> "params": [
> [
> "test.user1"
> ],
> {
> "all": true,
> "version": "2.237"
> }
> ]
> },
> "body_format": "json",
> "client_cert": null,
> "client_key": null,
> "content": null,
> "creates": null,
> "delimiter": null,
> "dest": null,
> "directory_mode": null,
> "follow": false,
> "follow_redirects": "safe",
> "force": false,
> "force_basic_auth": false,
> "group": null,
> "headers": {
> "Accept": "application/json",
> "Content-Type": "application/json",
> "Cookie":
> "ipa_session=MagBearerToken=qaKkpuAqhB0hUfPPxewHikiD9j5wrInFi2%2b2AV%2bALxA8HHy28j5ajQUaZN%2fQj%2bnfvrZJFOYm4K9oLbw2jTWiVJ2DM1ZeKliRdy5IUCZm15DVfYmwVo8fFZQGdlamH9zS9MuuHYCx2cCkdCbaFO7UEpxceTfoa65l1Uu0KmUH4LD%2bY5ipyUnh7I2jcvviztT5wBmGWVEhTgvNSshtKoWPEg%3d%3d;path=/ipa;httponly;secure;",
> "Referer": "https://ipaserver.example.com/ipa";
> },
> "http_agent": "ansible-httpget",
> "method": "POST",
> "mode": null,
> "owner": null,
> "regexp": null,
> "remote_src": null,
> "removes": null,
> "return_content": false,
> "selevel": null,
> "serole": null,
> "setype": null,
> "seuser": null,
> "src": null,
> "status_code": [
> 200
> ],
> "timeout": 30,
> "unix_socket": null,
> "unsafe_writes": false,
> "url": "
> https://ipaserver.example.com/ipa/session/json";,
> "url_password": null,
> "url_username": null,
> "use_proxy": true,
> "validate_certs": true
> }
> },
> "item": "0",
> "json": {
> "error": null,
> "id": null,
> "principal": "[email protected]",
> "result": {
> "result": {
> "cn": [
> "Test User1"
> ],
> "displayname": [
> "Test User1"
> ],
> "dn":
> "uid=test.user1,cn=users,cn=accounts,dc=example,dc=com",
> "gecos": [
> "Test User1"
> ],
> "gidnumber": [
> "10000"
> ],
> "givenname": [
> "Test"
> ],
> "has_keytab": true,
> "has_password": true,
> "homedirectory": [
> "/home/test.user1"
> ],
> "initials": [
> "TU"
> ],
> "ipauniqueid": [
> "8982f708-d556-11e9-8432-001a4a160181"
> ],
> "ipauserauthtype": [
> "password"
> ],
> "krbcanonicalname": [
> "[email protected]"
> ],
> "krbextradata": [
> {
> "__base64__":
> "AAKmrlxhcm9vdC9hZG1pbkBTRUNVUkUtT1NFLkZBQS5HT1YA"
> }
> ],
> "krblastfailedauth": [
> {
> "__datetime__": "20211005195828Z"
> }
> ],
> "krblastpwdchange": [
> {
> "__datetime__": "20211005195934Z"
> }
> ],
> "krblastsuccessfulauth": [
> {
> "__datetime__": "20211122212918Z"
> }
> ],
> "krbloginfailedcount": [
> "0"
> ],
> "krbpasswordexpiration": [
> {
> "__datetime__": "20220103195934Z"
> }
> ],
> "krbprincipalname": [
> "[email protected]"
> ],
> "loginshell": [
> "/bin/bash"
> ],
> "mail": [
> "[email protected]"
> ],
> "memberof_group": [
> "ipausers"
> ],
> "memberofindirect_group": [
> "folderaccess"
> ],
> "nsaccountlock": false,
> "objectclass": [
> "ipasshgroupofpubkeys",
> "krbticketpolicyaux",
> "ipaobject",
> "organizationalperson",
> "top",
> "ipasshuser",
> "inetorgperson",
> "person",
> "ipauserauthtypeclass",
> "inetuser",
> "krbprincipalaux",
> "posixaccount"
> ],
> "preserved": false,
> "sn": [
> "User"
> ],
> "telephonenumber": [
> "(xxx) yyy-zzzz"
> ],
> "uid": [
> "test.user1"
> ],
> "uidnumber": [
> "1000"
> ]
> },
> "summary": null,
> "value": "test.user1"
> },
> "version": "4.6.8"
> },
> "msg": "OK (1681 bytes)",
> "redirected": false,
> "server": "Apache/2.4.6 (Red Hat Enterprise Linux)
> mod_auth_gssapi/1.5.1 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5",
> "status": 200,
> "url": "https://ipaserver.example.com/ipa/session/json";,
> "vary": "Accept-Encoding",
> "x_frame_options": "DENY"
> },
> {
> "ansible_loop_var": "item",
> "cache_control": "no-cache, private",
> "changed": false,
> "connection": "close",
> "content_length": "1368",
> "content_security_policy": "frame-ancestors 'none'",
> "content_type": "application/json; charset=utf-8",
> "cookies": {},
> "cookies_string": "",
> "date": "Fri, 10 Dec 2021 12:49:40 GMT",
> "elapsed": 0,
> "failed": false,
> "invocation": {
> "module_args": {
> "attributes": null,
> "backup": null,
> "body": {
> "method": "user_show",
> "params": [
> [
> "test.user2"
> ],
> {
> "all": true,
> "version": "2.237"
> }
> ]
> },
> "body_format": "json",
> "client_cert": null,
> "client_key": null,
> "content": null,
> "creates": null,
> "delimiter": null,
> "dest": null,
> "directory_mode": null,
> "follow": false,
> "follow_redirects": "safe",
> "force": false,
> "force_basic_auth": false,
> "group": null,
> "headers": {
> "Accept": "application/json",
> "Content-Type": "application/json",
> "Cookie":
> "ipa_session=MagBearerToken=qaKkpuAqhB0hUfPPxewHikiD9j5wrInFi2%2b2AV%2bALxA8HHy28j5ajQUaZN%2fQj%2bnfvrZJFOYm4K9oLbw2jTWiVJ2DM1ZeKliRdy5IUCZm15DVfYmwVo8fFZQGdlamH9zS9MuuHYCx2cCkdCbaFO7UEpxceTfoa65l1Uu0KmUH4LD%2bY5ipyUnh7I2jcvviztT5wBmGWVEhTgvNSshtKoWPEg%3d%3d;path=/ipa;httponly;secure;",
> "Referer": "https://ipaserver.example.com/ipa";
> },
> "http_agent": "ansible-httpget",
> "method": "POST",
> "mode": null,
> "owner": null,
> "regexp": null,
> "remote_src": null,
> "removes": null,
> "return_content": false,
> "selevel": null,
> "serole": null,
> "setype": null,
> "seuser": null,
> "src": null,
> "status_code": [
> 200
> ],
> "timeout": 30,
> "unix_socket": null,
> "unsafe_writes": false,
> "url": "
> https://ipaserver.example.com/ipa/session/json";,
> "url_password": null,
> "url_username": null,
> "use_proxy": true,
> "validate_certs": true
> }
> },
> "item": "1",
> "json": {
> "error": null,
> "id": null,
> "principal": "[email protected]",
> "result": {
> "result": {
> "cn": [
> "Test User2"
> ],
> "displayname": [
> "Test User2"
> ],
> "dn":
> "uid=test.user2,cn=users,cn=accounts,dc=example,dc=com",
> "gecos": [
> "Test User2"
> ],
> "gidnumber": [
> "10000"
> ],
> "givenname": [
> "Test"
> ],
> "has_keytab": true,
> "has_password": true,
> "homedirectory": [
> "/home/test.user2"
> ],
> "initials": [
> "TU"
> ],
> "ipauniqueid": [
> "60fe8b86-5282-11ea-ac93-001a4a160181"
> ],
> "krbcanonicalname": [
> "[email protected]"
> ],
> "krbextradata": [
> {
> "__base64__":
> "AAK6Nkxecm9vdC9hZG1pbkBTRUNVUkUtT1NFLkZBQS5HT1YA"
> }
> ],
> "krbpasswordexpiration": [
> {
> "__datetime__": "20200218151047Z"
> }
> ],
> "krbprincipalname": [
> "[email protected]"
> ],
> "loginshell": [
> "/bin/bash"
> ],
> "mail": [
> "[email protected]"
> ],
> "memberof_group": [
> "ipausers"
> ],
> "memberofindirect_group": [
> "folderaccess"
> ],
> "nsaccountlock": true,
> "objectclass": [
> "top",
> "person",
> "organizationalperson",
> "inetorgperson",
> "inetuser",
> "posixaccount",
> "krbprincipalaux",
> "krbticketpolicyaux",
> "ipaobject",
> "ipasshuser",
> "ipaSshGroupOfPubKeys"
> ],
> "preserved": false,
> "sn": [
> "User"
> ],
> "telephonenumber": [
> "(xxx)yyy-zzzz"
> ],
> "uid": [
> "test.user2"
> ],
> "uidnumber": [
> "1100"
> ]
> },
> "summary": null,
> "value": "test.user2"
> },
> "version": "4.6.8"
> },
> "msg": "OK (1368 bytes)",
> "redirected": false,
> "server": "Apache/2.4.6 (Red Hat Enterprise Linux)
> mod_auth_gssapi/1.5.1 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5",
> "status": 200,
> "url": "https://ipaserver.example.com/ipa/session/json";,
> "vary": "Accept-Encoding",
> "x_frame_options": "DENY"
> }
> ]
> }
> }
>
> TASK [Set userlist fact]
> **********************************************************************************************************
> ok: [ipaserver.example.com] => (item=[u'test.user1', {u'__datetime__':
> u'20220103195934Z'}])
> ok: [ipaserver.example.com] => (item=[u'test.user2', {u'__datetime__':
> u'20200218151047Z'}])
>
> TASK [Print userlist fact]
> ********************************************************************************************************
> ok: [ipaserver.example.com] => {
> "msg": "test.user2 {u'__datetime__': u'20200218151047Z'} 660.693483796"
> }
>
> PLAY RECAP
> ************************************************************************************************************************
> ipaserver.example.com : ok=12 changed=0 unreachable=0 failed=0
> skipped=0 rescued=0 ignored=0
>
> On Thursday, December 9, 2021 at 4:22:57 PM UTC-5 [email protected]
> wrote:
>
>> Can you show a sample of user_show.results
>>
>> On Thu, Dec 9, 2021 at 2:04 PM [email protected] <[email protected]>
>> wrote:
>>
>>> For my testing, I'm calling the user_show IPA API via uri for the first
>>> 5 items. The registered variable called "user_show" has the json value of
>>> "user_show.results[X].json.result.result.Y" (where X is 0 for the first
>>> user, 1 for the second, etc; and Y is the user property (uid, firstname,
>>> etc.). I don't know how to get/retrieve just the uid property of those 5
>>> users, or just the krbpasswordexpiration of those 5 users. I don't have to
>>> do a loop, but nothing I try seems to let me get past the fact that the
>>> results json is an array, and I need to reference the particular items of
>>> that array.
>>>
>>> Thanks,
>>> Harry
>>>
>>>
>>> On Thursday, December 9, 2021 at 12:00:49 PM UTC-5 [email protected]
>>> wrote:
>>>
>>>> Hi,
>>>> I wanted to know why you are using item to retrieve results - "{{
>>>> user_show.results[item|int].json.result.result.uid[0] }}" . since item is
>>>> useful when you have a loop running. Is it not possible to retrieve the
>>>> result using json_query or the map filter ?If that can be done , then we
>>>> won't need to bring in the loop_control variable.
>>>> From my experience, its better to get the basic stuff (with_X)to work
>>>> first before using the latest stuff- loop/zip (filter).
>>>>
>>>> On Wednesday, December 8, 2021 at 2:08:51 PM UTC-5 [email protected]
>>>> wrote:
>>>>
>>>>> So if I have this:
>>>>>
>>>>> - name: Set user_show fact
>>>>> set_fact:
>>>>> users: "{{ item.0 }}{{ item.1 }}{{ item.2 }}"
>>>>> with_together:
>>>>>
>>>>> - "{{ user_show.results[item|int].json.result.result.uid[0] }}"
>>>>> - "{{
>>>>> (user_show.results[item|int].json.result.result.krbpasswordexpiration[0]['__datetime__']
>>>>> | to_datetime('%Y%m%d%H%M%SZ')).strftime('%s') }}"
>>>>> - "{{ (ansible_date_time.epoch|int -
>>>>> ((user_show.results[item|int].json.result.result.krbpasswordexpiration[0]['__datetime__']
>>>>> | to_datetime('%Y%m%d%H%M%SZ')).strftime('%s'))|int) / (60*60*24) }}"
>>>>> register: res
>>>>>
>>>>> How do I add/use a loop_control variable to that? Also, with_together
>>>>> seems to have been replaced by loop and the zip filter.
>>>>>
>>>>> Thanks,
>>>>> Harry
>>>>> On Wednesday, December 8, 2021 at 1:57:31 PM UTC-5 [email protected]
>>>>> wrote:
>>>>>
>>>>>> The problem with implementing it that way is that the users's fact is
>>>>>> referencing "user_show.results[item|int], but I can't add another loop
>>>>>> variable. I'm using with_sequence earlier in the playbook for testing
>>>>>> to
>>>>>> limit the amount of users queried, and that number is needed for the
>>>>>> user_show.results array.
>>>>>>
>>>>>> You can use loop_control to use names other than item for your loop
>>>>>> variables.
>>>>>> https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#defining-inner-and-outer-variable-names-with-loop-var
>>>>>>
>>>>>>
>>>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/0fW4Hnr9sOg/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/0785c1c0-8fe1-40d6-b1ef-e2fbd647d891n%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/0785c1c0-8fe1-40d6-b1ef-e2fbd647d891n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/0fW4Hnr9sOg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c896ee18-d1ae-47a0-a4b9-50c7510c4d5dn%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/c896ee18-d1ae-47a0-a4b9-50c7510c4d5dn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAEH9rSgdnCOCevyAe4SeJ%3DxY9sjZey82n-Q4ZPr2tduGOJXxCA%40mail.gmail.com.
