new warning in Ansible 2.3

Archives Ansible Project
1

The warning is:

[WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}.

Not sure how to avoid it in the below case. Any hint ?

See https://github.com/ansible/ansible/issues/22397. Sorry for commenting in a closed issue

consider the following variable:

to_be_removed_users:
  - name: 'adm'
    remove: False 
  - name: 'ftp'
    remove: True
  - name: 'games'
    remove: False  
  - name: 'gopher'
    remove: True
  - name: 'operator'
    remove: False
  - name: 'uucp'
    remove: True

then the following tasks generate the warning. Not sure how to avoid it as item.name is the result of iteration on the list

name: Get users list 
 getent: 
   database: passwd
 tags:
   - userdel

- name: Make sure the following users are removed
 user: 
   name: "{{ [item.name](http://item.name) }}"
   state: absent 
   remove: "{{item.remove}}"
 with_items: '{{ to_be_removed_users }}'
 when: getent_passwd.{{ [item.name](http://item.name) }} is defined
 tags:
   - userdel
2

Not sure how to avoid it in the below case. Any hint ?

I often find it helps to use the more Pythonic expression of the
variables, thing['foo'][bar], so you can tell that 'foo' is a literal
string and bar is a variable, rather than the sloppy thing.foo.bar, where
you can't.

So instead of

  when: getent_passwd.{{ item.name }} is defined

try

  when: getent_passwd[item['name']] is defined

I'm not 100% sure that's the problem you're having, but if it is, does
that work?

                                      -Josh (jbs@care.com)

(apologies for the automatic corporate disclaimer that follows)

This email is intended for the person(s) to whom it is addressed and may contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use, distribution, copying, or disclosure by any person other than the addressee(s) is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email and delete the message and any attachments from your system.

3

Technically, while what you have there worked, it’s not recommended.

Instead what you want, is something like:

when: hostvars[inventory_hostname][‘getent_passwd’][item.name] is defined

Or potentially:

when: vars[‘getent_passwd’][‘item.name’] is defined

When you use {{ }} a jinja2 statement, it can create unintended consequences, because the when statement and the {{ }} you put in the when statement are evaluated at different times, and can actually cause Undefined errors.

4

Yeah, or what Josh said too :slight_smile:

5

Thanks Matt and Josh

using the below works perfectly

when: getent_passwd[item[‘name’]] is defined

So this addressed the warning ansible2.3.0 was reporting and
I also got a better understanding about why to avoid jinja in when statement

Phil