Hi all,
I have an issue to extract specific value from a task imported into a playbook.
In the task, I use register command (register azure_key_vault_key_1_1_name_id_result)
azure_key_vault_key_1_1_name_id_result looks like
ok: [localhost] => {
“changed”: false,
“invocation”: {
“module_args”: {
“ad_user”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“adfs_authority_url”: null,
“api_profile”: “latest”,
“auth_source”: “auto”,
“cert_validation_mode”: null,
“client_id”: null,
“cloud_environment”: “AzureCloud”,
“disable_instance_discovery”: false,
“log_mode”: null,
“log_path”: null,
“name”: “kvk-xxxx-vm-p”,
“password”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“profile”: null,
“secret”: null,
“show_deleted_key”: false,
“subscription_id”: “xxxxx-xxxxx-xxxxx-xxxxx-xxxxxx”,
“tags”: null,
“tenant”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“thumbprint”: null,
“vault_uri”: “https://kv-xxxxx-p.vault.azure.net/”,
“version”: “current”,
“x509_certificate_path”: null
}
},
“keys”: [
{
“attributes”: {
“created”: “2025-06-11T06:33:31+00:00”,
“enabled”: true,
“expires”: null,
“not_before”: null,
“recovery_level”: “Recoverable”,
“updated”: “2025-06-11T06:33:31+00:00”
},
“key”: {
“crv”: null,
“e”: “AQAB”,
“n”: “xxxx”,
“y”: null
},
“kid”: “https://kv-xxxx.vault.azure.net/keys/kvk-xxxxx-vm-p/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,
“managed”: null,
“permitted_operations”: [
“sign”,
“verify”,
“wrapKey”,
“unwrapKey”,
“encrypt”,
“decrypt”
],
“tags”: {},
“type”: “RSA”,
“version”: “eda76e152ead409881546fb367422930”
}
]
}
In the current playbook, I try the extract the kid value (last line)
- name: Create Disk Encryption Set “{{ azure_disk_encryption_set_1_1_name_id }}” in “{{ azure_resource_group_name_secu_1_id }}”
azure.azcollection.azure_rm_diskencryptionset:
subscription_id: “{{ azure_subscription_id }}”
ad_user: “{{ azure_ad_user_id }}”
password: “{{ azure_ad_user_password_id }}”
location: “{{ azure_location_1_id }}”
resource_group: “{{ azure_resource_group_name_secu_1_id }}”
name: “{{ azure_disk_encryption_set_1_1_name_id }}”
tenant: “{{ azure_tenant_id }}”
source_vault: “{{ azure_key_vault_1_1_name_id }}”
key_url: “{{ azure_key_vault_key_1_1_name_id_result.keys.kid[0].kid }}”
The task failed with the following error message
fatal: [localhost]: FAILED! => {
“msg”: “The task includes an option with an undefined variable.. ‘builtin_function_or_method object’ has no attribute ‘kid’\n\nThe error appears to be in ‘/hedia/ansible/playbooks/azure/roles/security/tasks/disk-encryption-set.yml’: line 4, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n# Disk Encryption Set in Francfort\n- name: Create Disk Encryption Set "{{ azure_disk_encryption_set_1_1_name_id }}" in "{{ azure_resource_group_name_secu_1_id }}"\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n with_items:\n - {{ foo }}\n\nShould be written as:\n\n with_items:\n - "{{ foo }}"\n”
If I put the value mnually, it works
key_url: “https://kv-xxxx.vault.azure.net/keys/kvk-xxx-vm-f/xxxxxxxxxxxxxxxxx”
Any idea ??
Thanks for your help
Regards,
HA