Trouble with quoting variables

Archives Ansible Project
1

I have a shell command with json on it. I need some assistance, please, in quoting it properly.

This is an attempt to execute an aws command-line command. I realize that there are a massive number of aws aws modules, but unfortunately, my bota is broken, so I can’t use anything that relies on python making api calls. Upcoming is a project to move to python 3 in the hopes of fixing pythons ability to do api work. So I’m stuck with command line.

My playbook says:

`

  • name: add to Github Enterprise Security Group
    shell: aws ec2 authorize-security-group-ingress --group-name GithubHappy --ip-permissions ‘[{“IpProtocol”: “tcp”,“FromPort”:22,“ToPort”: 22,“IpRanges”: [{“CidrIp”: “{{external}}/32”,“Description”:“{{servername}}”}]}]’

`

and my error reads:

`

RROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: No JSON object could be decoded

Syntax Error while loading YAML.
mapping values are not allowed in this context

The error appears to be in ‘/usr/local/ansible/playbooks/newserver.yml’: line 28, column 112, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  • name: add to Github Enterprise Security Group
    shell: aws ec2 authorize-security-group-ingress --group-name GithubHappy --ip-permissions “'[{“IpProtocol”: “tcp”,“FromPort”:22,“ToPort”: 22,“IpRanges”: [{“CidrIp”: “{{external}}/32”,“Description”:”{{servername}}“}]}]'”
    ^ here
    We could be wrong, but this one looks like it might be an issue with
    missing quotes. Always quote template expression brackets when they
    start a value. For instance:

with_items:

  • {{ foo }}

Should be written as:

with_items:

  • “{{ foo }}”

`

I’ve tried quoting the entire thing with both single quotes and then with double quotes, escaping the embedded quotes with backslashes. I’ve tried putting quotes in jinja curlies. such as {{ ‘"’ }} . Just about every permutation I can think of.

Is this even possible? Should I put the aws command in a shell script and run that? Inquiring minds want to know :slight_smile:
Thanks.

Ed Greenberg

2

What does the correct version of the command line look like?

The docs seem to indicate a slightly different data structure, where
only IpRanges is added as a json list:
https://docs.aws.amazon.com/cli/latest/reference/ec2/authorize-security-group-ingress.html

I would try defining the data structure as a variable in your playbook
(as YAML, which is easier to read/write), and then combine to_json and
quote.