Generating string based on inventory variable

su8319 · November 1, 2023, 8:48pm

Hiii everyone

I’m looking for a way to generate a random string required by an application (that will be put inside a template configuration) based on the encryption choice made by the user.

Inside the inventory:

vars:
    # Depending on the algorithm you prefer, the playbook
    # has to generate either a 32 key length (for A, B, C) 
    # or 16 key length (D, E) required by the program.
    chosen_encryption: "A"

On the playbook side:

---
- name: Program setup
  hosts: localhost
  gather_facts: yes
  tasks:
  - name: Encoded random password (32 key length)
    ansible.builtin.set_fact:
      password: "{{lookup('community.general.random_string', base64=true, length=32)}}"
    when: chosen_encryption == "A" or "B" or "C"
    no_log: true

  - name: Encoded random password (16 key length)
    ansible.builtin.set_fact:
      password: "{{lookup('community.general.random_string', base64=true, length=16)}}"
    when: chosen_encryption == "D" or "E"
    no_log: true

This string is then registered into a json configuration file:

{
    "algorithm": "{{ chosen_encryption }}",
    "key": "{{ password }}"
}

However, the string written in the file is always 16 key length.

Am I missing something ? There is also probably a better way to write this playbook ? Despite having made some research, I can’t find a way to define a proper “if else” condition in this case.

In advance, thanks for helping a beginner

jbericat · November 2, 2023, 12:54am

Hello @su8319

You’re setting the when conditions incorrectly - That is, you must specify both operators for each condition, like this:

---
- name: Program setup
  hosts: localhost
  gather_facts: true
  vars:
    chosen_encryption: "A"

  tasks:

    - name: Encoded random password (32 key length)
      ansible.builtin.set_fact:
        password32: "{{ lookup('community.general.random_string', base64=true, length=32) }}"
      when: >-
        chosen_encryption == "A" or
        chosen_encryption == "B" or
        chosen_encryption == "C"
      no_log: true

    - name: Encoded random password (16 key length)
      ansible.builtin.set_fact:
        password16: "{{ lookup('community.general.random_string', base64=true, length=16) }}"
      when: >-
        chosen_encryption == "D" or
        chosen_encryption == "E"
      no_log: true

    - name: DEBUG
      ansible.builtin.debug:
        msg:
          - "password16 is {{ password16 | default('null') }}"
          - "password32 is {{ password32 | default('null') }}"
...

Result:

PLAY [Program setup] *************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Encoded random password (32 key length)] ***********************************************************************************************************************************************************************
ok: [localhost]

TASK [Encoded random password (16 key length)] ***********************************************************************************************************************************************************************
skipping: [localhost]

TASK [DEBUG] *********************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": [
        "password16 is null",
        "password32 is KGh3N2o/WGc5bVg0bFA8UEwlK2BHeGFOVyJGaFg3QFs="
    ]
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

Hope it helps!

su8319 · November 4, 2023, 5:43pm

Thanks for your solution, it work like a charm !

tanganellilore · November 4, 2023, 5:50pm

Hi,
Why not use a “map” of choice that you need instead use a double when with double variable?

Something like

criptography_map:
  A: 32
  B: 32
  C: 32
  D: 16
  E: 16

And then in task

- name: Encoded random password 
  ansible.builtin.set_fact:
    password: "{{ lookup('community.general.random_string', base64=true, length=criptography_map[chosen_encryption] ) }}"
  no_log: true

This will be much simple, will not use 2 tasks and avoid usage of 2 different variables.

jbericat · November 4, 2023, 5:55pm

Thanks @tanganellilore that would be way more elegant & efficient - I just focused on pointing-out how the conditions work on Ansible, but yeah you’re totally right

jbericat · November 4, 2023, 5:56pm

Glad it worked for you! Take a look to @tanganellilore answer too, you might find it interesting

system · December 4, 2023, 5:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ansible inventory as json and inline vaulted data does not work (works with yaml inventory) Get Help	3	186	December 14, 2023
Dynamic value assignment to ansible fact based on condition Get Help playbook	9	512	October 19, 2023
Ansible random generated passwords Get Help playbook	8	345	May 9, 2024
Automate IOS device local password change Get Help playbook , network , cisco , ios	0	32	September 20, 2024
How to use an inventory variable in a lookup of aws secret? Get Help playbook , ansible-core , aws , jinja2 , variables	8	66	July 16, 2024

Generating string based on inventory variable

Related topics