Python 如果使用jinja进行匹配，则从列表创建列表_Python_Ansible_Jinja2

Python 如果使用jinja进行匹配，则从列表创建列表

python ansible

Python 如果使用jinja进行匹配，则从列表创建列表,python,ansible,jinja2,Python,Ansible,Jinja2,简单的ansible剧本描述如下：我们要从匹配的已筛选的\u账户中筛选账户。为简单起见，我们将这些值作为单个列表给出，但实际上它是列表的映射 --- - name: my playbook hosts: localhost vars: accounts: ["1111111111","2222222222","3333333333","4444444444"] filter_account: ["1111111111","3333333333"] tasks:

简单的ansible剧本描述如下：

我们要从匹配的

已筛选的\u账户中筛选账户
。为简单起见，我们将这些值作为单个列表给出，但实际上它是列表的映射

---

- name: my playbook
  hosts: localhost
  vars:
    accounts: ["1111111111","2222222222","3333333333","4444444444"]
    filter_account: ["1111111111","3333333333"]
  tasks:

    - name: "Generate KMS policy to allow access for all Organisation child accounts"
      template:
        src: "data-kms-policy.json.j2"
        dest: "data-kms-policy.json"
      tags: gk

    - name: "cat kms json file"
      shell: "cat data-kms-policy.json"
      register: result
      tags: gk


data-kms-policy.json.j2：
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Allow cross-account use of the key",
      "Effect": "Allow",
      "Principal": {
         "AWS": [{% for host in accounts %}{% if host in filter_account and not loop.last %}"arn:aws:iam::{{ host }}:root",{% endif %}{% if host in filter_account and loop.last %}"arn:aws:iam::{{ host }}:root"{% endif %}{% endfor %}]
         },
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:ReEncrypt*",
        "kms:GenerateDataKey*",
        "kms:DescribeKey"
      ],
      "Resource": "*"
    }
]}

预期产出：
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Allow cross-account use of the key",
      "Effect": "Allow",
      "Principal": {
         "AWS": ["arn:aws:iam::1111111111:root","arn:aws:iam::3333333333:root"]
         },
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:ReEncrypt*",
        "kms:GenerateDataKey*",
        "kms:DescribeKey"
      ],
      "Resource": "*"
    }]}



实际产量：
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Allow cross-account use of the key",
      "Effect": "Allow",
      "Principal": {
         "AWS": ["arn:aws:iam::1111111111:root","arn:aws:iam::3333333333:root", ]
         },
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:ReEncrypt*",
        "kms:GenerateDataKey*",
        "kms:DescribeKey"
      ],
      "Resource": "*"
    }]}



当前data-kms-policy.json.j2的问题是，它总是在最后一个元素的末尾添加“，”如何删除“，”如果它是最后一个匹配的元素。
通过将if host in
子句向上移动到for
循环中，然后提取分隔符测试，您可能会喜欢没有这么多副本
- debug:
    msg: |
       "AWS": [
          {%- for host in accounts if host in filter_account -%}
          {{ "" if loop.first else "," }}
          "arn:aws:iam::{{ host }}:root"
          {%- endfor -%}
       ]

通常，我还强烈建议使用|to_json
来构造json格式的数据，因为它可以从“is this legal json”业务中获得一个json格式的数据，但在这种情况下，风险非常低，列表
构造代码非常冗长，因为需要格式