Generating string based on inventory variable

su8319 · November 1, 2023, 8:48pm

Hiii everyone

I’m looking for a way to generate a random string required by an application (that will be put inside a template configuration) based on the encryption choice made by the user.

Inside the inventory:

vars:
    # Depending on the algorithm you prefer, the playbook
    # has to generate either a 32 key length (for A, B, C) 
    # or 16 key length (D, E) required by the program.
    chosen_encryption: "A"

On the playbook side:

---
- name: Program setup
  hosts: localhost
  gather_facts: yes
  tasks:
  - name: Encoded random password (32 key length)
    ansible.builtin.set_fact:
      password: "{{lookup('community.general.random_string', base64=true, length=32)}}"
    when: chosen_encryption == "A" or "B" or "C"
    no_log: true

  - name: Encoded random password (16 key length)
    ansible.builtin.set_fact:
      password: "{{lookup('community.general.random_string', base64=true, length=16)}}"
    when: chosen_encryption == "D" or "E"
    no_log: true

This string is then registered into a json configuration file:

{
    "algorithm": "{{ chosen_encryption }}",
    "key": "{{ password }}"
}

However, the string written in the file is always 16 key length.

Am I missing something ? There is also probably a better way to write this playbook ? Despite having made some research, I can’t find a way to define a proper “if else” condition in this case.

In advance, thanks for helping a beginner

jbericat · November 2, 2023, 12:54am

Hello @su8319

You’re setting the when conditions incorrectly - That is, you must specify both operators for each condition, like this:

---
- name: Program setup
  hosts: localhost
  gather_facts: true
  vars:
    chosen_encryption: "A"

  tasks:

    - name: Encoded random password (32 key length)
      ansible.builtin.set_fact:
        password32: "{{ lookup('community.general.random_string', base64=true, length=32) }}"
      when: >-
        chosen_encryption == "A" or
        chosen_encryption == "B" or
        chosen_encryption == "C"
      no_log: true

    - name: Encoded random password (16 key length)
      ansible.builtin.set_fact:
        password16: "{{ lookup('community.general.random_string', base64=true, length=16) }}"
      when: >-
        chosen_encryption == "D" or
        chosen_encryption == "E"
      no_log: true

    - name: DEBUG
      ansible.builtin.debug:
        msg:
          - "password16 is {{ password16 | default('null') }}"
          - "password32 is {{ password32 | default('null') }}"
...

Result:

PLAY [Program setup] *************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Encoded random password (32 key length)] ***********************************************************************************************************************************************************************
ok: [localhost]

TASK [Encoded random password (16 key length)] ***********************************************************************************************************************************************************************
skipping: [localhost]

TASK [DEBUG] *********************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": [
        "password16 is null",
        "password32 is KGh3N2o/WGc5bVg0bFA8UEwlK2BHeGFOVyJGaFg3QFs="
    ]
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

Hope it helps!

su8319 · November 4, 2023, 5:43pm

Thanks for your solution, it work like a charm !

tanganellilore · November 4, 2023, 5:50pm

Hi,
Why not use a “map” of choice that you need instead use a double when with double variable?

Something like

criptography_map:
  A: 32
  B: 32
  C: 32
  D: 16
  E: 16

And then in task

- name: Encoded random password 
  ansible.builtin.set_fact:
    password: "{{ lookup('community.general.random_string', base64=true, length=criptography_map[chosen_encryption] ) }}"
  no_log: true

This will be much simple, will not use 2 tasks and avoid usage of 2 different variables.

jbericat · November 4, 2023, 5:55pm

Thanks @tanganellilore that would be way more elegant & efficient - I just focused on pointing-out how the conditions work on Ansible, but yeah you’re totally right

jbericat · November 4, 2023, 5:56pm

Glad it worked for you! Take a look to @tanganellilore answer too, you might find it interesting

system · December 4, 2023, 5:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.