2 levels nested loop with variables

Nic_H · August 13, 2020, 12:27am

Hi, I have been looking into nested , subelements and other lookups with no luck to make this working , using ansible 2.8.
Basically , I’d like to construct a loop than can itself iterate over other variables (list or dict).

iam_managed_policy:
policy_name: “{{ item.name }}”
policy: “{{ item.policy }}”
state: present
loop:
- { name: “rds-{{mysql_privilege}}-{{regions}}”, policy: “{{ lookup(‘template’, template.json.j2’) }}” }
vars:
mysql_privilege:
- rw
- ro
regions:
- us-west-1
- us-west-2

but it end up with such result:
“Couldn’t create policy rds-prod-[u’rw’, u’ro’] - [u’ca-central-1’, u’us-west-1’]”

What i d like is each loop would build a 2 dimensions array with the vars elements ( rw-us-west-1 , rw-us-west-2, ro-us-west-1, ro-us-west-2)

Is that even possible to achieve with ansible ?
thanks

Nic_H · August 13, 2020, 6:00pm

so, I have been trying with lookup(‘dict’) but still not quite close to the expected result
I get: " An unhandled exception occurred while running the lookup plugin ‘dict’. Error was a <class ‘ansible.errors.AnsibleError’>, original message: with_dict expects a dict"
her is the last code :

iam_managed_policy:
policy_name: “{{ item.name }}”
policy: “{{ item.policy }}”
state: present
loop:

{ name: "rds-{{ lookup(‘dict’, mysql_privilege[0].value ) }} ", policy: “{{ lookup(‘template’, ‘template.json.j2’) }}” }

- { name: "rds-{{ lookup(‘nested’, mysql_privilege[role] ) }} ", policy: “{{ lookup(‘template’, ‘template.json.j2’) }}” }

vars:
mysql_privilege:
role:

rw
ro
regions:
us-west-1
us-west-2

racke · August 13, 2020, 6:38pm

so, I have been trying with lookup('dict') but still not quite close to the expected result
I get: " An unhandled exception occurred while running the lookup plugin 'dict'. Error was a <class
'ansible.errors.AnsibleError'>, original message: with_dict expects a dict"
her is the last code :

iam_managed_policy:
policy_name: "{{ item.name }}"
policy: "{{ item.policy }}"
state: present
loop:
- { name: "rds-{{ lookup('dict', mysql_privilege[0].value ) }} ", policy: "{{ lookup('template', 'template.json.j2') }}" }
# - { name: "rds-{{ lookup('nested', mysql_privilege[role] ) }} ", policy: "{{ lookup('template', 'template.json.j2') }}" }
vars:
mysql_privilege:
role:
- rw
- ro
regions:
- us-west-1
- us-west-2

What are the possible values for policy_name? The value for the "policy" seems to the same lookup so you don't need in
the loop.

I'm pretty sure that you are running into brick walls for a possibly simple problem.

So please explain / give examples how the policy_name is constructed.

Regards
Racke

Nic_H · August 17, 2020, 6:52pm

Thanks Racke, I should have had some context. policy_name can vary, actually in the real task I have other policies with other names, hence the use of a loop for item.name and item.policy .
Just this specific one named rds_foo_bar needs the nested arguments from my vars list(or dict I am not sure) .
Although I can create a dedicate task just for that policy if that is too complicated, I just thought I could do some nested loop over variables.
Interesting facts, with nested it actually loop over each character in the key:value
Couldn’t create policy rds-dev-[[u’r’, u’e’, u’g’, u’i’, u’o’, u’n’, u’s’], [u’r’, u’o’, u’l’, u’e’]]

the actual play looks like:

iam_managed_policy:
policy_name: “{{ item.name }}”
policy: “{{ item.policy }}”
state: present
loop:

{ name: "rds-prod-{{ lookup(‘dict’, mysql_privilege[0].value ) }} ", policy: “{{ lookup(‘template’, rds-prod.json.j2) }}” }

- { name: “rds-dev-{{ lookup(‘nested’,mysql_privilege )”, policy: “{{ lookup(‘template’, rds_dev.json.j2) }}” }

- { name: cloudwatch, policy: “{{ lookup(‘template’,‘cloudwatch.json.j2’) }}” }

other policies with name and policy

vars:
mysql_privilege:
role:

rw
ro

rds_region:

us-west-1
us-west-2

And rds-prod.json.j2 also reuses the variables from mysql_privilege dict as:
…

“Action”: [
“rds-db:connect”
],
“Resource”: “arn:aws:rds-db:{{ rds_region }}{{ aws_id }}:dbuser:*/username-{{ role }}”

…

Nic_H · August 17, 2020, 9:15pm

so basically I just need to loop over extra variables in an inline way to construct the unique name and the unique policy template, then, the usual loop for the module will create the resources in aws.

should using Lookup a good start for inline loop ?
as nested and subelements can’t seem to achieve this, what other solution I can explore ?

cheers

Dick_Visser · August 17, 2020, 10:38pm

For several levels of loops I often split things out to separate files, which are then included with ‘include_tasks’ in a loop.

It helps to name the files properly, ie according to their function.

Topic		Replies	Views
Is there any way to create a nested loop over a dict and a list? Ansible Project	1	0	September 18, 2015
Multiple Sub Elements Iteration Ansible Project	0	0	October 27, 2016
Nested looping with dict/sub-list Ansible Project ubuntu	2	1	February 5, 2015
Looping a nested data structure Ansible Project	4	0	July 23, 2013
with_recursive: A lookup plugin that chains other lookups Ansible Developer	6	0	July 1, 2015

2 levels nested loop with variables

- { name: "rds-{{ lookup(‘nested’, mysql_privilege[role] ) }} ", policy: “{{ lookup(‘template’, ‘template.json.j2’) }}” }

- { name: “rds-dev-{{ lookup(‘nested’,mysql_privilege )”, policy: “{{ lookup(‘template’, rds_dev.json.j2) }}” }

- { name: cloudwatch, policy: “{{ lookup(‘template’,‘cloudwatch.json.j2’) }}” }

other policies with name and policy

Related topics