Need assistance in Regex

Devops_testing · March 26, 2021, 10:37am

I’m trying to add new IP address (10.97.6.12) in firewall, Before adding, I’m validating whether the new IP already exists in firewall or not.

Task:

set_fact:
existing: “{{ result | json_query(‘objects[*].value’) | select(‘match’,( intip )) | list }}”

output:

TASK [set_fact] **************************************************************************************************************************************************************task path: /home/palo-test/json.yml:32
ok: [192.168.0.40] => {

“ansible_facts”: {
“existing”: [
“10.96.6.120”,
“10.96.6.125”
]
},
“changed”: false
}

Regex in set_fact is considering existing Ip objects 10.96.6.120 and 10.96.6.125 as 10.96.6.12. Need help to matching the exact IP.

Dick_Visser · March 26, 2021, 12:13pm

Without knowing what your 'result' data structure looks like, doing
string matching with IP addressing is almost certainly going to be
problematic.
I assume you don't want to have problems.
So, what does your 'result' data look like?

Devops_testing · March 26, 2021, 12:42pm

Thank you for you response. Here is the result data.

{
“objects”: [
{
“description”: null,
“name”: “OUTSIDE”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.97.7.37/27”
},
{
“description”: null,
“name”: “INSIDE”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.97.7.133/27”
},
{
“description”: null,
“name”: “INTERNET”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.97.6.36/27”
},
{
“description”: null,
“name”: “Default”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “0.0.0.0/0”
},
{
“description”: null,
“name”: “Dummy_server”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.96.15.254”
},
{
“description”: null,
“name”: “VPN_Subnet”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.16.24.0/22”
},
{
“description”: null,
“name”: “Internal”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.97.12.120”
},
{
“description”: null,
“name”: “test”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.96.6.120”
},
{
“description”: null,
“name”: “test1”,
“tag”: null,
“type”: “ip-netmask”,
“value”: “10.96.6.125”
}
]
}

Regards,
Sri

Dick_Visser · March 26, 2021, 1:23pm

If you want 'existing' to be a boolean, then you can simple check if
the IP is in the list.
Assuming 'intip' is the IP for which you want to test this:

- set_fact:
existing: "{{ intip in result|json_query('objects.value') }}"

The 'result' structure has some subnets as well, I'm not sure if it
would be a problem when you try to add an IP address that is inside
one of those subnets (I guess so). For instance, 10.97.7.55 would be
part of 10.97.7.37/27, but 'existing' would still return false.
If you want that to be covered, you'd have to glue some ipaddr login in between:

https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters_ipaddr.html

Topic		Replies	Views
ansible and grep Ansible Project	2	1	August 27, 2015
Problem returning IP address from custom fact Ansible Project ubuntu	1	0	May 13, 2017
json_query & regular expression Ansible Project	8	0	April 12, 2020
Ansible regex to search and replace an IP Address in a line Ansible Project	1	0	July 10, 2020
ansible 2.4 set_fact with regex_replace Quote issue Ansible Developer aws	0	0	July 9, 2019

Need assistance in Regex

Related topics