Ansible 如何检查嵌套字典列表中的项是否存在于另一个字典列表中？

开发者社区大家好

这是我在这里的第一篇帖子：-）我对Ansible比较陌生，希望在以下方面得到一些帮助。我正在尝试创建一些脚本来管理Citrix NetScaler VPX上的功能。在本例中，我想部署一个包含已定义SSL密码的SSL密码组。 我在YAML文件中定义了以下数据结构：

nsapp_sslciphergroup:
  - ciphergroupname:                   "TEST_1"
    sslcipher:
      - ciphername:                    "TLS1.3-AES256-GCM-SHA384"
        cipherpriority:                "1"
      - ciphername:                    "TLS1.3-CHACHA20-POLY1305-SHA256"
        cipherpriority:                "2"
      - ciphername:                    "TLS1.3-AES128-GCM-SHA256"
        cipherpriority:                "3"

  - ciphergroupname:                   "TEST_2"
    sslcipher:
      - ciphername:                    "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384"
        cipherpriority:                "1"
      - ciphername:                    "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256"
        cipherpriority:                "2"
      - ciphername:                    "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384"
        cipherpriority:                "3"

NetScaler本身不允许将相同的密码再次绑定到给定的密码组中，因此在进行任何更改之前，我需要检查密码组及其绑定是否已经存在。所以第一次运行是可以的，但是任何连续运行都会失败，因为给定的密码名已经绑定到密码组。 当前代码如下所示：

- name: "Add SSL ciphergroup binding(s)"
  netscaler_nitro_request:
    <<: *nitro_login
    operation: add
    resource: sslcipher_sslciphersuite_binding
    name: ""
    attributes:
          ciphergroupname: "{{ item.0.ciphergroupname }}"
          ciphername: "{{ item.1.ciphername }}"
          cipherpriority: "{{ item.1.cipherpriority }}"
  register: add_sslcipher_sslciphersuite_binding_result
  with_subelements:
    - "{{ nsapp_sslciphergroup }}"
    - "sslcipher"
    - skip_missing: true

我正在尝试在“with_subelements”部分之后添加一个“when”子句，但是脚本的add部分总是希望运行

请任何人告诉我，检查“get\u sslcipher\u sslciphersuite\u binding\u result”变量是否包含给定密码组的给定密码名的正确方法是什么

---

非常感谢

解决方案是让模块报告故障并测试错误代码

failed_when: 
  - add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0
  - add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741

如果模块在成功更新资源时返回“0”，则可能可以使用

changed_when:
  - add_sslcipher_sslciphersuite_binding_result.nitro_errorcode == 0

---

不是幂等的

问：NetScaler本身不允许将相同的密码再次绑定到给定的密码组中，因此在进行任何更改之前，我需要检查密码组及其绑定是否已经存在。因此，第一次运行是可以的，但是任何连续运行都会失败，因为给定的密码名已经绑定到密码组。当前代码如下所示：

- name: "Add SSL ciphergroup binding(s)"
  netscaler_nitro_request:
    <<: *nitro_login
    operation: add
    resource: sslcipher_sslciphersuite_binding
    name: ""
    attributes:
          ciphergroupname: "{{ item.0.ciphergroupname }}"
          ciphername: "{{ item.1.ciphername }}"
          cipherpriority: "{{ item.1.cipherpriority }}"
  register: add_sslcipher_sslciphersuite_binding_result
  with_subelements:
    - "{{ nsapp_sslciphergroup }}"
    - "sslcipher"
    - skip_missing: true

-name:“添加SSL密码组绑定”
netscaler\u nitro\u请求：
刚刚黑了它：-）
“指定密码已绑定更高优先级”的NS错误代码为3741。只是在失败的情况下添加了它

- name: "Add SSL ciphergroup binding(s) if they do *NOT* exist"
  netscaler_nitro_request:
    <<: *nitro_login
    operation: add
    resource: sslcipher_sslciphersuite_binding
    name: ""
    attributes:
          ciphergroupname: "{{ item.0.ciphergroupname }}"
          ciphername: "{{ item.1.ciphername }}"
          cipherpriority: "{{ item.1.cipherpriority }}"
  register: add_sslcipher_sslciphersuite_binding_result
  until: ( add_sslcipher_sslciphersuite_binding_result is succeeded )
  retries: 6
  delay: 5
  with_subelements:
    - "{{ nsapp_sslciphergroup }}"
    - "sslcipher"
    - skip_missing: true
  failed_when: ( (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0) and (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741) )
- debug: 
    var: add_sslcipher_sslciphersuite_binding_result
  tags: [ never, debug ]
- assert:
    that: ( (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 0) or (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 3741) )
    fail_msg: "[ERROR] Operation failed!"
    success_msg: "[OK] Operation successful." 
  loop: "{{ nsapp_sslciphergroup }}" 
  loop_control:
    index_var: item

-name:“如果SSL密码组绑定*不*存在，则添加它们”
netscaler\u nitro\u请求：
“任何连续运行都会失败，因为给定的密码名已绑定到密码组”？错误消息是什么？不幸的是，对于NetScaler，情况并非如此：-（大多数NetScaler REST API查询都是以这种方式工作的，完全没有幂等性。除此之外“changed_when”可能使它也成为幂等的。请参见下文。
- name: "Add SSL ciphergroup binding(s)"
  netscaler_nitro_request:
    <<: *nitro_login
    operation: add
    resource: sslcipher_sslciphersuite_binding
    name: ""
    attributes:
          ciphergroupname: "{{ item.0.ciphergroupname }}"
          ciphername: "{{ item.1.ciphername }}"
          cipherpriority: "{{ item.1.cipherpriority }}"
  register: add_sslcipher_sslciphersuite_binding_result
  with_subelements:
    - "{{ nsapp_sslciphergroup }}"
    - "sslcipher"
    - skip_missing: true

- name: "Add SSL ciphergroup binding(s) if they do *NOT* exist"
  netscaler_nitro_request:
    <<: *nitro_login
    operation: add
    resource: sslcipher_sslciphersuite_binding
    name: ""
    attributes:
          ciphergroupname: "{{ item.0.ciphergroupname }}"
          ciphername: "{{ item.1.ciphername }}"
          cipherpriority: "{{ item.1.cipherpriority }}"
  register: add_sslcipher_sslciphersuite_binding_result
  until: ( add_sslcipher_sslciphersuite_binding_result is succeeded )
  retries: 6
  delay: 5
  with_subelements:
    - "{{ nsapp_sslciphergroup }}"
    - "sslcipher"
    - skip_missing: true
  failed_when: ( (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0) and (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741) )
- debug: 
    var: add_sslcipher_sslciphersuite_binding_result
  tags: [ never, debug ]
- assert:
    that: ( (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 0) or (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 3741) )
    fail_msg: "[ERROR] Operation failed!"
    success_msg: "[OK] Operation successful." 
  loop: "{{ nsapp_sslciphergroup }}" 
  loop_control:
    index_var: item