I’m querying our FreeIPA server for user information. What I need is there UID, GID, and Home directory. I can get those individually, but how can I set a fact that combines all of these items? Here’s the 3 separate facts, I just can’t figure out how to have an array of them:
- name: Set User facts
set_fact:
user_uid: “{{ user_find.json.result | json_query(‘result.uid’) }}”
user_gid: “{{ user_find.json.result | json_query(‘result.gidnumber’) }}”
user_list: “{{ user_find.json.result | json_query(‘result.homedirectory’) }}”
Any ideas?
Harry
Before we try to do this manually in anisble- are you sure it’s really impossible to craft a radius query that returns all the info you need?
Our IPA server is really Red Hat IDM, but we’re using the APIs to return all of the user information. I can debug message that info so I know I have it. I just don’t know how to say " I want a list of this, this, and this" so I can use that later. What I’m ultimately looking for is to traverse this list and copy a file to the user’s home folder, and make sure the ownership is right (uid/gid).
Thanks,
Harry
While the use of json_query obscures the actual structure that you’re dealing with (and you haven’t provided an example), this looks an awful lot like you’re taking something where you already have all of the information you want in a list, and turning it into three lists. Is there a reason you can’t just use user_find.json.result.result directly?
So I’m close. I am able to get the items from the returned list via the IPA API:
- name: Run user_find from IDM API using previously stored session cookie
uri:
url: “https://{{idmfqdn}}/ipa/session/json”
method: POST
headers:
Cookie: “{{ login.set_cookie }}”
Referer: “https://{{idmfqdn}}/ipa”
Content-Type: “application/json”
Accept: “application/json”
body_format: json
body: “{"method": "user_find/1","params": [,{"version": "{{ api_vers }}"}]}”
register: user_find
I can print them out and get the info I need:
- name: Print output
debug:
msg: “{{ item.uid[0] }}: {{ item.gidnumber[0] }}: {{ item.homedirectory[0] }}”
with_items: “{{ user_find.json.result.result| }}”
However, in my other thread about removing items from the list, I’m trying the suggestion as follows:
- name: Print output
debug:
msg: “{{ item.uid[0] }}: {{ item.gidnumber[0] }}: {{ item.homedirectory[0] }}”
loop: “{{ user_find.json.result.result|difference(deny) }}”
vars:
deny: [“/home/admin”,“/home/test”]
This gives me the following validation error:
ERROR! conflicting action statements: debug, deny
I won’t be using debug in the final version of the playbook, so since I know that I can get the info I need, should I just move onto that? Or is there a way to get debug and deny to coexist to I can be SURE I’m getting what I need first?
Thanks,
Harry
'deny' is wrongly indented. It is a variable. Should be indented under 'vars'.
I wanted to let you know that I got this working. I looped through the users list that was generated and skipped over the folders I didn’t need by using:
when: item.homedirectory[0] not in [“/home/admin”, “/home/test2”]
I also referenced the UID and GID in a similar manner (item.uid[0] and item.gidnumber[0]) and was able to use the information I needed to complete the task.
Thanks for the tips!
Harry