one common acl name with unique ip per device

I have about 5 ASAs and they all have one common ACL name say for example “allow_test”

now I need to add one more entry in the list for all 5 ASAs but each with different IP. Eg.

access-list allow_test standard permit host 1.1.1.1 (for asa1)
access-list allow_test standard permit host 2.2.2.2 (for asa2 and so on)

I tired it with_item loop and the variable set for hostname and then the ip for acl, but it doesn’t seem to work.

Have you guys come across of similar situation and have addressed this challenge? I would appreciate if you could share your solution with me.

Thanks!

Not sure if this would help, but maybe a different way of looking at it using with_subelements?

I have one Task that creates some ACLs for OpenStack

• name: Add Rules to the Security Groups
  tags: security_groups
  os_security_group_rule:
  security_group: “{{item.0.group}}”
  direction: “{{item.1.direction}}”
  protocol: “{{item.1.protocol}}”
  remote_ip_prefix: “{{item.1.remote_ip}}”
  ethertype: “{{ (item.1.remote_ip | search(‘:’)) | ternary(‘IPv6’,‘IPv4’) }}”
  with_subelements:
• “{{ security_groups }}”
• rules
  run_once: true

The Dictionary security_groups looks like this

security_groups:

• group: prod_traffic_plane
  rules:
• { “direction”:“ingress”, “protocol”: “tcp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“ingress”, “protocol”: “udp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“ingress”, “protocol”: “icmp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“ingress”, “protocol”: “tcp”, “remote_ip”: “::/0” }
• { “direction”:“ingress”, “protocol”: “udp”, “remote_ip”: “::/0” }
• { “direction”:“ingress”, “protocol”: “icmp”, “remote_ip”: “::/0” }
• { “direction”:“egress”, “protocol”: “tcp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“egress”, “protocol”: “udp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“egress”, “protocol”: “icmp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“egress”, “protocol”: “tcp”, “remote_ip”: “::/0” }
• { “direction”:“egress”, “protocol”: “udp”, “remote_ip”: “::/0” }
• { “direction”:“egress”, “protocol”: “icmp”, “remote_ip”: “::/0” }
• group: dev_traffic_plane
  rules:
• { “direction”:“ingress”, “protocol”: “tcp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“ingress”, “protocol”: “udp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“ingress”, “protocol”: “icmp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“ingress”, “protocol”: “tcp”, “remote_ip”: “::/0” }
• { “direction”:“ingress”, “protocol”: “udp”, “remote_ip”: “::/0” }
• { “direction”:“ingress”, “protocol”: “icmp”, “remote_ip”: “::/0” }
• { “direction”:“egress”, “protocol”: “tcp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“egress”, “protocol”: “udp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“egress”, “protocol”: “icmp”, “remote_ip”: “0.0.0.0/0” }
• { “direction”:“egress”, “protocol”: “tcp”, “remote_ip”: “::/0” }
• { “direction”:“egress”, “protocol”: “udp”, “remote_ip”: “::/0” }
• { “direction”:“egress”, “protocol”: “icmp”, “remote_ip”: “::/0” }

Thanks Clint!

I fixed this with:
vars:
asas:
asa1: 1.1.1.1
asa2: 2.2.2.2

• name: get hostname
  asa_command:
  commands:
• show hostname

register: hostname

• name: update acl
  asa_config:
  lines:
• access-list test1 remark test-test
• access-list test1 standard permit host {{asas[hostname.stdout[0]]}}
  match: strict