Python 如果使用jinja进行匹配,则从列表创建列表
简单的ansible剧本描述如下: 我们要从匹配的Python 如果使用jinja进行匹配,则从列表创建列表,python,ansible,jinja2,Python,Ansible,Jinja2,简单的ansible剧本描述如下: 我们要从匹配的已筛选的\u账户中筛选账户。为简单起见,我们将这些值作为单个列表给出,但实际上它是列表的映射 --- - name: my playbook hosts: localhost vars: accounts: ["1111111111","2222222222","3333333333","4444444444"] filter_account: ["1111111111","3333333333"] tasks:
已筛选的\u账户中筛选账户
。为简单起见,我们将这些值作为单个列表给出,但实际上它是列表的映射
---
- name: my playbook
hosts: localhost
vars:
accounts: ["1111111111","2222222222","3333333333","4444444444"]
filter_account: ["1111111111","3333333333"]
tasks:
- name: "Generate KMS policy to allow access for all Organisation child accounts"
template:
src: "data-kms-policy.json.j2"
dest: "data-kms-policy.json"
tags: gk
- name: "cat kms json file"
shell: "cat data-kms-policy.json"
register: result
tags: gk
data-kms-policy.json.j2:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Allow cross-account use of the key",
"Effect": "Allow",
"Principal": {
"AWS": [{% for host in accounts %}{% if host in filter_account and not loop.last %}"arn:aws:iam::{{ host }}:root",{% endif %}{% if host in filter_account and loop.last %}"arn:aws:iam::{{ host }}:root"{% endif %}{% endfor %}]
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]}
预期产出:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Allow cross-account use of the key",
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam::1111111111:root","arn:aws:iam::3333333333:root"]
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}]}
实际产量:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Allow cross-account use of the key",
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam::1111111111:root","arn:aws:iam::3333333333:root", ]
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}]}
当前data-kms-policy.json.j2的问题是,它总是在最后一个元素的末尾添加“,”如何删除“,”如果它是最后一个匹配的元素。通过将if host in
子句向上移动到for
循环中,然后提取分隔符测试,您可能会喜欢没有这么多副本
- debug:
msg: |
"AWS": [
{%- for host in accounts if host in filter_account -%}
{{ "" if loop.first else "," }}
"arn:aws:iam::{{ host }}:root"
{%- endfor -%}
]
通常,我还强烈建议使用|to_json
来构造json格式的数据,因为它可以从“is this legal json”业务中获得一个json格式的数据,但在这种情况下,风险非常低,列表
构造代码非常冗长,因为需要格式