在配置用户帐号时选择合适的字典值

我有来自4个不同LDAP域的多个用户，并试图在多个服务器上自动添加它们。每个用户/组的属性都是静态的，除了identity_source_id可以是4个可能的值之一。

我想根据名称值选择正确的identity_source_id值。

第一步是从每个服务器获取LDAP id和domain使用

得到fqdn/政策/api/v1/aaa/ldap-identity-sources
注册:id_source_results

我能够获得服务器上每个LDAP配置的LDAP ID和域名。

- name: set fact to store ID and domain_name
set_fact:
id_domain: "{{ id_domain|d([]) + [{'id': item.id, 'domain_name': item.domain_name }] }}" 
with_items: "{{id_source_results.json.results }}"
- name: Create dict for domain_name to id
set_fact:
id_domain_dict: "{{ id_domain | items2dict(key_name='domain_name', value_name='id' ) }}"
- name: Print dict
debug:
var: id_domain_dict

为

"id_domain_dict": {
"north.acme.com": "1111111-aaaaa",
"south.acme.com": "2222222-bbbbb",
"east.acme.com": "3333333-ccccc",
"west.acme.com": "4444444-ddddd"
}

我用来推送配置的剧本是

- name: List LDAP Identity Sources
ansible.builtin.uri:
url: https://{{inventory_hostname}}/api/v1/aaa/role-bindings
validate_certs: no
timeout: 15
force_basic_auth: yes
url_username: "administrator"
url_password: "{{ admin_password }}"
method: POST
body_format: json
body: 
[{
"name": "frank@NORTH.ACME.COM",
"type": "remote_user",
"identity_source_type": "LDAP",
"identity_source_id": "{{id_domain_dict.value}}",
"roles": [
{
"role": "admin",
"role_display_name": "Admin"
}
],
"resource_type": "RoleBinding",
"display_name": "frank@NORTH.ACME.COM"
},
{
"name": "ruth@SOUTH.ACME.COM",
"type": "remote_user",
"identity_source_type": "LDAP",
"identity_source_id": "{{id_domain_dict.value}}",
"roles": [
{
"role": "network_engineer",
"role_display_name": "Network Engineer"
}
],
"resource_type": "RoleBinding",
"display_name": "ruth@SOUTH.ACME.COM"
},
{
"name": "finance_team@east.acme.com",
"type": "remote_group",
"identity_source_type": "LDAP",
"identity_source_id": "{{id_domain_dict.value}}",
"roles": [
{
"role": "finance_admin",
"role_display_name": "Finance Admin"
}
],
"resource_type": "RoleBinding",
"display_name": "finance_team@east.acme.com"
},
{
"name": "auditors@west.acme.com",
"type": "remote_group",
"identity_source_type": "LDAP",
"identity_source_id": "{{id_domain_dict.value}}",
"roles": [
{
"role": "read-only",
"role_display_name": "Read-Only"
}
],
"resource_type": "RoleBinding",
"display_name": "auditors@west.acme.com"
}]
return_content: yes
status_code: 200
delegate_to: localhost

因为API Post主体是静态的，我不知道如何从id_domain_dict中选择正确的值。例如，对于auditors@west.acme.com的id_domain_dict。值应为4444444-ddddd

我尝试使用"@"来分割用户值。但是不能让这个工作

{% for k,v in id_domain_dict.items %}
{% domain = {{name}}.split('@') %}
{% if domain[1] in k %}
{{ v }}
{% endfor %}

我也试过

"identity_source_id": "{{ v if domain[1] in k '' }}"

但是所有的尝试都失败了

简化字典

id_domain_dict: "{{ dict(id_source_results.json.results|
json_query('[].[domain_name, id]')) }}"

为

id_domain_dict:
east.acme.com: 3333333-ccccc
north.acme.com: 1111111-aaaaa
south.acme.com: 2222222-bbbbb
west.acme.com: 4444444-ddddd

将主体放入变量中。例如，创建一个YAML文件并读取它

<一口>

shell> cat body.yml 
- display_name: frank@NORTH.ACME.COM
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: frank@NORTH.ACME.COM
resource_type: RoleBinding
roles:
- {role: admin, role_display_name: Admin}
type: remote_user
- display_name: ruth@SOUTH.ACME.COM
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: ruth@SOUTH.ACME.COM
resource_type: RoleBinding
roles:
- {role: network_engineer, role_display_name: Network Engineer}
type: remote_user
- display_name: finance_team@east.acme.com
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: finance_team@east.acme.com
resource_type: RoleBinding
roles:
- {role: finance_admin, role_display_name: Finance Admin}
type: remote_group
- display_name: auditors@west.acme.com
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: auditors@west.acme.com
resource_type: RoleBinding
roles:
- {role: read-only, role_display_name: Read-Only}
type: remote_group

body: "{{ lookup('file', 'body.yml')|from_yaml }}"

为

^{body:
- display_name: frank@NORTH.ACME.COM
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: frank@NORTH.ACME.COM
resource_type: RoleBinding
roles:
- role: admin
role_display_name: Admin
type: remote_user
- display_name: ruth@SOUTH.ACME.COM
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: ruth@SOUTH.ACME.COM
resource_type: RoleBinding
roles:
- role: network_engineer
role_display_name: Network Engineer
type: remote_user
- display_name: finance_team@east.acme.com
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: finance_team@east.acme.com
resource_type: RoleBinding
roles:
- role: finance_admin
role_display_name: Finance Admin
type: remote_group
- display_name: auditors@west.acme.com
identity_source_id: '{{ id_domain_dict.value }}'
identity_source_type: LDAP
name: auditors@west.acme.com
resource_type: RoleBinding
roles:
- role: read-only
role_display_name: Read-Only
type: remote_group}

选择名称，分割域，提取id，创建字典列表

domains: "{{ body|map(attribute='name')|
map('split', '@')|map('last')|map('lower')|
map('extract', id_domain_dict)|
map('community.general.dict_kv', 'identity_source_id') }}"

为

domains:
- identity_source_id: 1111111-aaaaa
- identity_source_id: 2222222-bbbbb
- identity_source_id: 3333333-ccccc
- identity_source_id: 4444444-ddddd

合并列表项

body_update: "{{ body|zip(domains)|map('combine') }}"

给出你要查找的结构

<一口>

body_update:
- display_name: frank@NORTH.ACME.COM
identity_source_id: 1111111-aaaaa
identity_source_type: LDAP
name: frank@NORTH.ACME.COM
resource_type: RoleBinding
roles:
- role: admin
role_display_name: Admin
type: remote_user
- display_name: ruth@SOUTH.ACME.COM
identity_source_id: 2222222-bbbbb
identity_source_type: LDAP
name: ruth@SOUTH.ACME.COM
resource_type: RoleBinding
roles:
- role: network_engineer
role_display_name: Network Engineer
type: remote_user
- display_name: finance_team@east.acme.com
identity_source_id: 3333333-ccccc
identity_source_type: LDAP
name: finance_team@east.acme.com
resource_type: RoleBinding
roles:
- role: finance_admin
role_display_name: Finance Admin
type: remote_group
- display_name: auditors@west.acme.com
identity_source_id: 4444444-ddddd
identity_source_type: LDAP
name: auditors@west.acme.com
resource_type: RoleBinding
roles:
- role: read-only
role_display_name: Read-Only
type: remote_group

体内使用

{{ body_update|to_nice_json }}

为

^{[
{
"display_name": "frank@NORTH.ACME.COM",
"identity_source_id": "1111111-aaaaa",
"identity_source_type": "LDAP",
"name": "frank@NORTH.ACME.COM",
"resource_type": "RoleBinding",
"roles": [
{
"role": "admin",
"role_display_name": "Admin"
}
],
"type": "remote_user"
},
{
"display_name": "ruth@SOUTH.ACME.COM",
"identity_source_id": "2222222-bbbbb",
"identity_source_type": "LDAP",
"name": "ruth@SOUTH.ACME.COM",
"resource_type": "RoleBinding",
"roles": [
{
"role": "network_engineer",
"role_display_name": "Network Engineer"
}
],
"type": "remote_user"
},
{
"display_name": "finance_team@east.acme.com",
"identity_source_id": "3333333-ccccc",
"identity_source_type": "LDAP",
"name": "finance_team@east.acme.com",
"resource_type": "RoleBinding",
"roles": [
{
"role": "finance_admin",
"role_display_name": "Finance Admin"
}
],
"type": "remote_group"
},
{
"display_name": "auditors@west.acme.com",
"identity_source_id": "4444444-ddddd",
"identity_source_type": "LDAP",
"name": "auditors@west.acme.com",
"resource_type": "RoleBinding",
"roles": [
{
"role": "read-only",
"role_display_name": "Read-Only"
}
],
"type": "remote_group"
}
]}

^{完整的测试剧本示例
- hosts: localhost
vars:
id_source_results:
json:
results:
- {id: 1111111-aaaaa, domain_name: north.acme.com}
- {id: 2222222-bbbbb, domain_name: south.acme.com}
- {id: 3333333-ccccc, domain_name: east.acme.com}
- {id: 4444444-ddddd, domain_name: west.acme.com}
id_domain_dict: "{{ dict(id_source_results.json.results|
json_query('[].[domain_name, id]')) }}"
body: "{{ lookup('file', 'body.yml')|from_yaml }}"
domains: "{{ body|map(attribute='name')|
map('split', '@')|map('last')|map('lower')|
map('extract', id_domain_dict)|
map('community.general.dict_kv', 'identity_source_id') }}"
body_update: "{{ body|zip(domains)|map('combine') }}"
tasks:
- debug:
var: id_domain_dict
- debug:
var: body
- debug:
var: domains
- debug:
var: body_update
- debug:
msg: |
{{ body_update|to_nice_json }}}

相关内容

最新更新

热门标签：