any idea on this?
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"access_key": null,
"aws_ca_bundle": null,
"aws_config": null,
"debug_botocore_endpoint_logs": false,
"endpoint_url": null,
"iam_name": "aws_test_role",
"iam_type": "role",
"policy_json": "Version: \"2012-10-17\"\nStatement:\n -
Action: acm-pca:ListTags\n Effect: Allow\n Resource: \"*\"\n -
Action: acm-pca:GetPolicy\n Effect: Allow\n Resource: \"*\"\n -
Action: acm-pca:GetPolicy\n Effect: Allow\n Resource: \"*\"",
"policy_name": "PrismaCloud-IAM-ReadOnly-Policy",
"profile": null,
"region": null,
"secret_key": null,
"session_token": null,
"skip_duplicates": false,
"state": "present",
"validate_certs": true
}
},
"msg": "Failed to decode the policy as valid JSON: Expecting value:
line 1 column 1 (char 0)"
}
On Fri, Feb 10, 2023 at 12:18 PM Tony Wong <[email protected]> wrote:
> hi
>
> I got
>
> "msg": "Failed to decode the policy as valid JSON: Expecting value: line
> 1 column 1 (char 0)"
>
>
>
> On Fri, Feb 10, 2023 at 4:41 AM Dick Visser <[email protected]> wrote:
>
>> You could use an inline template to loop over the list of actions, for
>> example:
>>
>> ---
>>
>> - name: test
>>
>> hosts: localhost
>>
>> tasks:
>>
>> - name: Create IAM Managed Policy
>>
>> amazon.aws.iam_policy:
>>
>> iam_type: role
>>
>> iam_name: "aws_test_role"
>>
>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>
>> policy_json: |
>>
>> Version: "2012-10-17"
>>
>> Statement:
>>
>> {% for action in actions %}
>>
>> - Action: {{ action }}
>>
>> Effect: Allow
>>
>> Resource: "*"
>>
>> {% endfor %}
>>
>> state: present
>>
>> vars:
>>
>> actions:
>>
>> - acm-pca:ListTags
>>
>> - acm-pca:GetPolicy
>>
>> - acm-pca:GetPolicy
>>
>>
>>
>>
>> On Fri, 10 Feb 2023 at 00:34, Tony Wong <[email protected]> wrote:
>>
>>> Yep only last value
>>>
>>> On Thu, Feb 9, 2023 at 2:52 PM Todd Lewis <[email protected]> wrote:
>>>
>>>> Here's an idea: Register the result, and show us the output from
>>>> `ansible-playbook -vv`.
>>>> Based on what you said before about it replacing rather than adding to,
>>>> I'm going to guess you're only getting the last value. (?)
>>>>
>>>> On Thursday, February 9, 2023 at 5:02:45 PM UTC-5 Tony Wong wrote:
>>>>
>>>>> trying my loop but its only putting in one value . any idea?
>>>>>
>>>>> ---
>>>>> - name: test
>>>>> hosts: localhost
>>>>> tasks:
>>>>> - name: Create IAM Managed Policy
>>>>> amazon.aws.iam_policy:
>>>>> iam_type: role
>>>>> iam_name: "aws_test_role"
>>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>>> policy_json:
>>>>> Version: "2012-10-17"
>>>>> Statement:
>>>>> - Action: "{{ item }}"
>>>>> Effect: "Allow"
>>>>> Resource: "*"
>>>>> state: present
>>>>> loop:
>>>>> - acm-pca:ListTags
>>>>> - acm-pca:GetPolicy
>>>>> - acm-pca:GetPolicy
>>>>>
>>>>> On Thu, Feb 9, 2023 at 1:29 PM Tony Wong <[email protected]> wrote:
>>>>>
>>>>>> ok I tried doing it this way and it worked but wiped out my existing
>>>>>> policy. any idea how to append instead of replace?
>>>>>>
>>>>>> ---
>>>>>> - name: test
>>>>>> hosts: localhost
>>>>>> tasks:
>>>>>> - name: Create IAM Managed Policy
>>>>>> amazon.aws.iam_policy:
>>>>>> iam_type: role
>>>>>> iam_name: "aws_test_role"
>>>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>>>> policy_json:
>>>>>> Version: "2012-10-17"
>>>>>> Statement:
>>>>>> - Action: ["appstream:DescribeStacks"]
>>>>>> Effect: "Allow"
>>>>>> Resource: "*"
>>>>>> state: present
>>>>>>
>>>>>> On Thu, Feb 9, 2023 at 11:49 AM Tony Wong <[email protected]> wrote:
>>>>>>
>>>>>>> yes it does
>>>>>>>
>>>>>>> On Thu, Feb 9, 2023 at 11:47 AM 'Rowe, Walter P. (Fed)' via Ansible
>>>>>>> Project <[email protected]> wrote:
>>>>>>>
>>>>>> Does your AWS user ID used by the task have rights to modify IAM
>>>>>>>> policies?
>>>>>>>>
>>>>>>>> Walter
>>>>>>>> --
>>>>>>>> Walter Rowe, Division Chief
>>>>>>>> Infrastructure Services, OISM
>>>>>>>> Mobile: 202.355.4123 <(202)%20355-4123>
>>>>>>>>
>>>>>>>
>>>>>>>> On Feb 9, 2023, at 2:46 PM, Tony Wong <[email protected]> wrote:
>>>>>>>>
>>>>>>>> I am trying to add or modify an iam policy with below. it ran but
>>>>>>>> did not modify anything
>>>>>>>>
>>>>>>>> any idea?
>>>>>>>>
>>>>>>>> ---
>>>>>>>> - name: test
>>>>>>>> hosts: localhost
>>>>>>>> tasks:
>>>>>>>> - name: Create IAM Managed Policy
>>>>>>>> community.aws.iam_managed_policy:
>>>>>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>>>>>> policy:
>>>>>>>> Version: "2012-10-17"
>>>>>>>> Statement:
>>>>>>>> - Effect: "Allow"
>>>>>>>> "Action": "appstream:DescribeStacks"
>>>>>>>> Resource: "*"
>>>>>>>> make_default: false
>>>>>>>> state: present
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>> Groups "Ansible Project" group.
>>>>>>>>
>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>> send an email to [email protected].
>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/ansible-project/06b09dc9-215a-44a9-b9f0-ec4f7732f775n%40googlegroups.com
>>>>>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F06b09dc9-215a-44a9-b9f0-ec4f7732f775n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cdfa74f54be62470a632008db0ad64e5f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638115687786510359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fJhceH%2FdgC1pUwuDbWHQLUQUtd9NSvdwjOzmPwVhYMA%3D&reserved=0>
>>>>>>>> .
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> You received this message because you are subscribed to a topic in
>>>>>>>> the Google Groups "Ansible Project" group.
>>>>>>>> To unsubscribe from this topic, visit
>>>>>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>>>>>>> .
>>>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>>>> [email protected].
>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov
>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/0A40E414-A094-499F-A48F-750F8F8072C5%40nist.gov?utm_medium=email&utm_source=footer>
>>>>>>>> .
>>>>>>>>
>>>>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Ansible Project" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com
>>>> <https://groups.google.com/d/msgid/ansible-project/4e7d8b42-efa8-4206-93bf-e6d40c33d9adn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpizPuW1_Mch_7cyDmLTvVNL%3DFviaXQ%2BqEGVsO2Q1y-PA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLYNtcvCKGgwsPbnOV86jwh%2BYEu5N_Vn6uaA8LvUGeof8w%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAF8BbLYNtcvCKGgwsPbnOV86jwh%2BYEu5N_Vn6uaA8LvUGeof8w%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkoTr5maFdxoTP5sg85Mnr9di-5uRx5%2BuW-Jy%2BMZTmQ5dw%40mail.gmail.com.
