We Keep Coding

Is there a way to insert raw escaped json in json body in ansible

See below first call which works. This is an example of how I create a template on my system. Notice I have to use {% raw %} ... {% endraw %} so ansible doesn't try to interpret the variables in my template.
- name: Create a template : OK
uri:
url: https://{{ ip }}/api/v1/templates
method: POST
headers:
Authorization: "{{ token }}"
Content-Type: application/json
body: |
{
"name": "{{ template_name }}",
"type": "v1",
"description": "{{ template_name }}",
"content": "template: | {% raw %}\n {\n \"class\": \"ABC\",\n \"param\": {{param1::integer}}\n }{% endraw %}"
}
body_format: json
timeout: 60
status_code: 202
validate_certs: false
register: json_response
Output OK:
ok: [notahost] => {
"invocation": {
"module_args": {
"body": {
"content": "template: | \n {\n \"class\": \"ABC\",\n \"param\": {{param1::integer}}\n }",
"description": "test1",
"name": "test1",
"type": "v1"
},
"body_format": "json",
Now, I am trying to move the content of the template outside in a file called template1.j2.
template1.j2:
{% raw %}
{
"class": "ABC",
"param": {{param1::integer}}
}
{% endraw %}
I insert the template template1.j2 into my JSON body (noticed I added the {% raw %} ... {% endraw %} inside the template).
- name: Create a template NOK
uri:
url: https://{{ ip }}/api/v1/templates
method: POST
headers:
Authorization: "{{ token }}"
Content-Type: application/json
body: |
{
"name": "{{ template_name }}",
"type": "v1",
"description": "{{ template_name }}",
"content": "template: | {{ lookup('file','template1.j2') }}"
}
body_format: json
timeout: 60
status_code: 202
validate_certs: false
register: json_response
Output NOK:
fatal: [notahost]: FAILED! => {
"content": "{\"message\":\"request body has an error: failed to decode request body: invalid character '\\\\n' in string literal\"}\n",
"invocation": {
"module_args": {
"body": "{\n \"name\": \"test2\",\n \"type\": \"v1\",\n \"description\": \"test2\",\n \"content\": \"template: | \n{\n \"class\": \"ABC\",\n \"param\": {{param1::integer}}\n} \n\"\n}\n",
"body_format": "json",
For some reason, it looks like the way I am doing this doesn't work, ansible still try to interpret the variable in my template at creation.
Any idea on how to get his work with my template outside the ansible task?
PS: I have tried to load the template file using the shell ansible module and that did not help.
Thanks & Regards,
Romain

Use lookup 'file' instead of 'template', e.g. the template (that you actually don't want to use as a template in this task)
shell> cat template1.j2
param: {{param1.integer}}
and the play
- hosts: localhost
vars:
param1:
integer: 99
tasks:
- debug:
msg: |
{{ lookup('template', 'template1.j2') }}
{{ lookup('file', 'template1.j2') }}
gives
msg: |-
param: 99
param: {{param1.integer}}
Given the template
shell> cat template1.j2
{
"class": "ABC",
"param": {{param1::integer}}
}
The play below shows how to create a body with and without the template
- hosts: localhost
vars:
template_name: test1
body1: |
{
"name": "{{ template_name }}",
"type": "v1",
"description": "{{ template_name }}",
"content": "template: | {% raw %}\n {\n \"class\": \"ABC\",\n \"param\": {{param1::integer}}\n }{% endraw %}"
}
body2:
{
"name": "{{ template_name }}",
"type": "v1",
"description": "{{ template_name }}",
"content": "template: | \n{{ lookup('file','template1.j2') }}"
}
tasks:
- debug:
var: body1|type_debug
- debug:
var: body1
- debug:
var: body2|type_debug
- debug:
var: body2
gives
ok: [localhost] =>
body1|type_debug: dict
ok: [localhost] =>
body1:
content: |-
template: |
{
"class": "ABC",
"param": {{param1::integer}}
}
description: test1
name: test1
type: v1
ok: [localhost] =>
body2|type_debug: dict
ok: [localhost] =>
body2:
content: |-
template: |
{
"class": "ABC",
"param": {{param1::integer}}
}
description: test1
name: test1
type: v1

How to I access JSON value from ansible output?

I have this ansible playbook which will create and attach volumes to EC2 instances using ec2_vol module and I want to partition the same using parted module. Below is my ec2_vol module,
EC2_VOL Module:
ec2_vol:
aws_access_key: XXXXXXXX
aws_secret_key: XXXXXXXX
security_token: XXXXXXXX
instance: "{{ item.instance_id }}"
region: "{{ var_dict['REGION'] }}"
device_name: "{{ VOL_NAME }}"
volume_type: gp2
volume_size: '1000'
delete_on_termination: false
with_items: "{{ ec2_instances_list.instances}}"
register: ec2_volumes
- debug:
msg: "{{ ec2_volumes.results }}"
Result of ec2_volumes:
And the result that is printing from ec2_volumes.results. I want to loop through the device_name and partition the devices which is created
TASK [debug] *******************************************************************
ok: [localhost] => {
"msg": [
{
"_ansible_ignore_errors": null,
"_ansible_item_label": {
"ami_launch_index": 0,
"architecture": "x86_64",
"block_device_mappings": [
{
"device_name": "/dev/sda1",
"ebs": {
"attach_time": "2021-04-30T15:47:07+00:00",
"delete_on_termination": true,
"status": "attached",
"volume_id": "vol-XXXXXXXXXXXXXX"
}
},
{
"device_name": "/dev/sdb",
"ebs": {
"attach_time": "2021-04-30T15:47:07+00:00",
"delete_on_termination": false,
"status": "attached",
"volume_id": "vol-XXXXXXXXXXXXXXXX"
}
}
],
And here is my parted module code:
- name: Partition Additional volumes
parted:
device: "{{ item.block_device_mappings[0].device_name }}"
number: 1
part_type: 'primary'
state: present
when: ("{{ ec2_volumes.device_name }}" != "/dev/sda1")
with_items: "{{ ec2_volumes.results}}"
But still getting error that 'block_device_mappings' has no attribute.
fatal: [localhost]: FAILED! => {"msg": "'list object' has no attribute 'block_device_mappings'"}
What could be the cause? Can someone help me to resolve this issue?
Edit 1:
Facing another issue after updating the playbook in the parted module
- name: Partition Additional volumes
parted:
device: "{{ item._ansible_item_label.block_device_mappings[0].device_name }}"
number: 1
part_type: 'primary'
state: present
when: ("{{ ec2_volumes.device_name }}" != "/dev/sda1")
with_items: "{{ ec2_volumes.results}}"
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'device_name'

The error is clear:
FAILED! => {"msg": "'list object' has no attribute 'block_device_mappings'"}
When you take a look at the list you'll see that block_device_mappings is an attribute of _ansible_item_label
"msg": [
{
"_ansible_ignore_errors": null,
"_ansible_item_label": {
"ami_launch_index": 0,
"architecture": "x86_64",
"block_device_mappings": [
...
Fix the reference
device: "{{ item._ansible_item_label.block_device_mappings[0].device_name }}"

Parsing json output retrieved from an API using Ansbile

I am new to Ansible. I am trying to fetch some API info from a centralized server in the json format, parse the json and set "certificate" to "yes" for each and every server and make a PUT operation back. GET and PUT operations in my code are working fine.
I am not able to find correct syntax to parse listofservers.json.
What is the syntax to display a specific json element??
Can you help me on how to parse the json to change "Certificate" value to Yes for all the servers?
My script
- hosts: serverlist
vars_prompt:
- name: "USER"
prompt: "Enter Admin Username"
private: no
- name: "PASS"
prompt: "Enter Admin Password"
private: yes
tasks:
- name: "Get the current values of all Servers"
delegate_to: localhost
register: listofservers
check_mode: no
uri:
validate_certs: "no"
user: "{{USER}}"
password: "{{PASS}}"
url: "https://console.exmaple.com/adminapi/serverlist"
method: "GET"
body_format: "json"
return_content: "no"
status_code: "200"
- name: Print json dictionary
debug:
var: listofservers.json
Output
TASK [Print json dictionary] *****************************************************************************************
ok: [centalServer.example.com] =>
{
"listofservers.json": {
"serverlist": [
{
"id": 1,
"servername": "redhat.example.com",
"apachestatus": "running",
"certificate": "no"
},
{
"id": 2,
"servername": "solaris.example.com",
"apachestatus": "down",
"certificate": "yes"
} ] } }

Q: "Change "certificate" value to "yes" for all servers."
A: The task below does the job
- set_fact:
listofservers: "{{ {'json':
{'serverlist': serverlist}} }}"
vars:
serverlist: "{{ listofservers.json.serverlist|
map('combine', {'certificate': 'yes'})|
list }}"
- debug:
var: listofservers.json
give
{
"listofservers.json": {
"serverlist": [
{
"apachestatus": "running",
"certificate": "yes",
"id": 1,
"servername": "redhat.example.com"
},
{
"apachestatus": "down",
"certificate": "yes",
"id": 2,
"servername": "solaris.example.com"
}
]
}
}
Q: "What is the syntax to display a specific JSON element?"
A: There are two main options 1) Ansible filters and 2) json_query, and many variations which depend on the structure of the data and requested query
For example, display first servername where id is equal to 1
- debug:
msg: "{{ listofservers.json.serverlist|
selectattr('id', 'eq', 1)|
map(attribute='servername')|
first }}"
gives
"msg": "redhat.example.com"
The same result will give json_query below
- debug:
msg: "{{ listofservers.json.serverlist|
json_query('[?id == `1`].servername')|
first }}"

How to get entry of a dictionary from vmware_guest_disk_facts

I'm trying to get the datastore name for a specific hard disk but I haven't been successful in being able to figuring out choose an entry in the list.
This output is from the ansible module "vmware_guest_disk_facts"
I save this output to a variable called "vm_info".
"guest_disk_facts": {
"0": {
"backing_filename": "stuffstuff",
"capacity_in_kb": 106954752,
"backing_eagerlyscrub": false,
"backing_datastore": "WHAT I REALLY WANT",
"backing_writethrough": false,
"label": "Hard disk 1",
"backing_type": "FlatVer2",
"key": 2000,
"capacity_in_bytes": 109521666048,
"backing_thinprovisioned": false,
"controller_key": 1000,
"summary": "106,954,752 KB",
"unit_number": 0,
"backing_uuid": "info"
},
"1": {
"backing_filename": "stuffstuff",
"capacity_in_kb": 15728640,
"backing_eagerlyscrub": false,
"backing_datastore": "DON'T CARE OF ABOUT THIS ONE",
"backing_writethrough": false,
"label": "Hard disk 2",
"backing_type": "FlatVer2",
"key": 2001,
"capacity_in_bytes": 16106127360,
"backing_thinprovisioned": false,
"controller_key": 1000,
"summary": "15,728,640 KB",
"unit_number": 1,
"backing_uuid": "info"
}
- debug:
msg: "{{ item.guest_disk_facts | json_query(query) }}"
with_items: "{{ vm_info.results }}"
vars:
query: "guest_disk_facts.0.backing_datastore" #done w/ & w/o quotes around 0
I've also tried the following queries and I feel like I've exhausted all options at this point.
query: "guest_disk_facts.[0].backing_datastore"#done w/ & w/o quotes around 0
query: "guest_disk_facts[0].backing_datastore" #done w/ & w/o quotes around 0
query: "guest_disk_facts.*.backing_datastore" #will give me backing_datastore entries for both dictionaries in this case
I would like to just get backing_datastore for one entry in this list of dictionaries
msg: "WHAT I REALLY WANT"
but so far I'm returned with either this error:
Expecting: ['quoted_identifier', 'unquoted_identifier', 'lbracket', 'lbrace'], got: number: Parse error at column 17, token \"0\" (NUMBER), for expression
OR
msg: ""
OR
msg:[
"0",
]

The task below gives "WHAT YOU REALLY WANT"
- debug:
msg: "{{ guest_disk_facts['0'|quote].backing_datastore }}"
The point is quoting the quoted key. The keys '0' and '1' are not valid variables and must be quoted.
The loop below
- debug:
msg: "{{ guest_disk_facts[item|quote].backing_datastore }}"
loop: "{{ guest_disk_facts.keys() }}"
gives
ok: [localhost] => (item=1) =>
msg: DON'T CARE OF ABOUT THIS ONE
ok: [localhost] => (item=0) =>
msg: WHAT I REALLY WANT

Another way to do this -
- name: Get all disks from existing VM
vmware_guest_disk_info:
validate_certs: False
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
datacenter: Asia-Datacenter1
name: VM_8046
register: existing_disk
- name: Get Backing datastore for desired disk id
set_fact:
disk_zero_datastore: "{{ item.value.backing_datastore }}"
with_dict: "{{ existing_disk.guest_disk_info }}"
when: item.key == '0'
- debug:
msg: "{{ disk_zero_datastore }}"
when: disk_zero_datastore is defined

best way to modify json in ansible

I have a variable (via set_fact) containing a json string:
{
"PolicyVersion": {
"CreateDate": "2017-08-07T02:48:05Z",
"Document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": [
"arn:aws:iam::123456789123:role/Root_Update_svcacct",
"arn:aws:iam::123456789123:role/Root_Delete_svcacct",
"arn:aws:iam::123456789123:role/Root_Create_svcacct",
"arn:aws:iam::123456789123:role/Root_Full_svcacct",
"arn:aws:iam::987654321987:role/Member1_Create_svcacct",
"arn:aws:iam::987654321987:role/Member1_Update_svcacct",
"arn:aws:iam::987654321987:role/Member1_Delete_svcacct",
"arn:aws:iam::987654321987:role/Member1_Full_svcacct"
]
}
],
"Version": "2012-10-17"
},
"IsDefaultVersion": true,
"VersionId": "v2"
}
}
What is the best way to insert more elements in the "Resource" array?
"arn:aws:iam::001122334455:role/Member1_Create_svcacct",
"arn:aws:iam::001122334455:role/Member1_Update_svcacct",
"arn:aws:iam::001122334455:role/Member1_Delete_svcacct",
"arn:aws:iam::001122334455:role/Member1_Full_svcacct"
I am exploring dumping the variable to a file and inserting the block I want with external shell tools, which does not seem to be elegant.

I don't know about the best way, but one option is to write a simple library module to handle the mechanics of the update for you. You could use the jsonpointer module as a way of locating the data you wish to modify, and then return the modified object to ansible. A starting point might look like:
#!/usr/bin/python
from ansible.module_utils.basic import AnsibleModule
import json
try:
import jsonpointer
except ImportError:
jsonpointer = None
def main():
module = AnsibleModule(
argument_spec=dict(
data=dict(required=True, type='dict'),
pointer=dict(required=True),
action=dict(required=True,
choices=['append', 'extend', 'update']),
update=dict(type='dict'),
extend=dict(type='list'),
append=dict(),
),
supports_check_mode=True,
)
if jsonpointer is None:
module.fail_json(msg='jsonpointer module is not available')
action = module.params['action']
data = module.params['data']
pointer = module.params['pointer']
if isinstance(data, str):
data = json.loads(str)
try:
res = jsonpointer.resolve_pointer(data, pointer)
except jsonpointer.JsonPointerException as err:
module.fail_json(msg=str(err))
if action == 'append':
res.append(module.params['append'])
if action == 'extend':
res.extend(module.params['extend'])
elif action == 'update':
res.update(module.params['update'])
module.exit_json(changed=True,
result=data)
if __name__ == '__main__':
main()
If you drop this into, e.g., library/json_modify.py, you can use it in a playbook like this:
- hosts: localhost
gather_facts: false
vars:
myvar: {
"PolicyVersion": {
"CreateDate": "2017-08-07T02:48:05Z",
"Document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": [
"arn:aws:iam::123456789123:role/Root_Update_svcacct",
"arn:aws:iam::123456789123:role/Root_Delete_svcacct",
"arn:aws:iam::123456789123:role/Root_Create_svcacct",
"arn:aws:iam::123456789123:role/Root_Full_svcacct",
"arn:aws:iam::987654321987:role/Member1_Create_svcacct",
"arn:aws:iam::987654321987:role/Member1_Update_svcacct",
"arn:aws:iam::987654321987:role/Member1_Delete_svcacct",
"arn:aws:iam::987654321987:role/Member1_Full_svcacct"
]
}
],
"Version": "2012-10-17"
},
"IsDefaultVersion": true,
"VersionId": "v2"
}
}
tasks:
- json_modify:
data: "{{ myvar }}"
pointer: "/PolicyVersion/Document/Statement/0/Resource"
action: extend
extend:
- "arn:aws:iam::001122334455:role/Member1_Create_svcacct"
- "arn:aws:iam::001122334455:role/Member1_Update_svcacct"
- "arn:aws:iam::001122334455:role/Member1_Delete_svcacct"
- "arn:aws:iam::001122334455:role/Member1_Full_svcacct"
register: result
- debug:
var: result.result
The result of running this playbook and the proposed module is:
TASK [debug] *******************************************************************
ok: [localhost] => {
"result.result": {
"PolicyVersion": {
"CreateDate": "2017-08-07T02:48:05Z",
"Document": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": [
"arn:aws:iam::123456789123:role/Root_Update_svcacct",
"arn:aws:iam::123456789123:role/Root_Delete_svcacct",
"arn:aws:iam::123456789123:role/Root_Create_svcacct",
"arn:aws:iam::123456789123:role/Root_Full_svcacct",
"arn:aws:iam::987654321987:role/Member1_Create_svcacct",
"arn:aws:iam::987654321987:role/Member1_Update_svcacct",
"arn:aws:iam::987654321987:role/Member1_Delete_svcacct",
"arn:aws:iam::987654321987:role/Member1_Full_svcacct",
"arn:aws:iam::001122334455:role/Member1_Create_svcacct",
"arn:aws:iam::001122334455:role/Member1_Update_svcacct",
"arn:aws:iam::001122334455:role/Member1_Delete_svcacct",
"arn:aws:iam::001122334455:role/Member1_Full_svcacct"
]
}
],
"Version": "2012-10-17"
},
"IsDefaultVersion": true,
"VersionId": "v2"
}
}
}

Actually Ansible is natively able to read JSON files.
see this question:
add-a-new-key-value-to-a-json-file-using-ansible

This is a little bit old. I know but I felt it could be useful to many people so I'll post here my solution as "the best way to modify a json" that I could personally find.
First of all the JSON. In my use-case I had a bunch of aws snapshots that were encrypted with the wrong kms key and I had to recreate the AMI with the correct key.
So I had to :
get data of the old snapshots ( like size device_name etc.)
create the new snaps with the different key
re-register a new ami with the correct block_device_mapping
Here's the code
- name: get ami
amazon.aws.ec2_ami_info:
image_ids: ami-<id>
region: "{{ region }}"
register: ami
- name: save snapshot ids and device_name and volume_size
set_fact:
snapshot_ids: "{{ ami | json_query('images[].block_device_mappings[].ebs.snapshot_id') }}"
device_name: "{{ ami | json_query('images[].block_device_mappings[].device_name') }}"
volume_size: "{{ ami | json_query('images[].block_device_mappings[].ebs.volume_size') }}"
basically each of the above is a list of each of the 3 things (device_name, snap_id, volume_size) that I need (but it could be extended)
then:
- name: get kms arn
aws_kms_info:
filters:
alias: "{{ kms_keys.alias }}"
region: "{{ region }}"
register: aws_kms_facts_out
- debug:
var: aws_kms_facts_out
- set_fact:
kms_arn: "{{ aws_kms_facts_out['keys'][0].key_arn }}"
- name: copy snap with new encryption key
community.aws.ec2_snapshot_copy:
source_region: "{{ region }}"
region: "{{ region }}"
source_snapshot_id: "{{ item }}"
encrypted: yes
kms_key_id: "{{ kms_arn }}"
loop: "{{ snapshot_ids }}"
register: new_snapshots
and then here's the catch
- set_fact:
new_snapshot_ids: "{{ new_snapshots| json_query('snapshots[].snapshot_id') }}"
- name: creating the block_device_mappings structure (still a list of objects)
ansible.builtin.debug:
msg: '{
"device_name": "{{ item.2 }}",
"delete_on_termination": "true",
"snapshot_id": "{{ item.0 }}",
"volume_size": {{ item.1 }},
"volume_type": "gp2"
}'
loop: "{{ new_snapshot_ids|zip_longest(volume_size,device_name)|list }}"
register: block_device_mappings
- set_fact:
bdm: "{{ block_device_mappings | json_query('results[].msg') }}"
finally
- name: create new ami from newly created snapshots
amazon.aws.ec2_ami:
region: "{{ region }}"
name: "{{ instance.name }}-{{ ansible_date_time.date }}"
state: present
architecture: x86_64
virtualization_type: hvm
root_device_name: /dev/sda1
device_mapping: "{{ bdm }}"
This is how you can do it without requiring any additional trick.
Of course this is declined to my particular use case but you can adapt it to any circumstance, that do not require a complete disassemble and reassemble of the Json itself