If you're going to post an error indicating an undefined variable problem
on line 7 column 5 of a file we don't have, and you aren't going to give us
that portion of the file, or show us why you think that variable should be
defined at that point, what then do you expect us to do? We're trying to
help you after all. Please give us the information necessary to do that.
On Friday, February 17, 2023 at 10:16:16 AM UTC-5 Tony Wong wrote:
> now getting this
>
> fatal: [localhost]: FAILED! => {
> "msg": "The task includes an option with an undefined variable. The
> error was: 'actions' is undefined\n\nThe error appears to be in
> '/Users/t/virtualenv/ansible/update_iam_policy/update_iam3.yaml': line 7,
> column 5, but may\nbe elsewhere in the file depending on the exact syntax
> problem.\n\nThe offending line appears to be:\n\n tasks:\n - name: Create
> IAM Managed Policy\n ^ here\n"
> }
>
> On Thu, Feb 16, 2023 at 11:05 AM Dick Visser <[email protected]> wrote:
>
>>
>>
>> On Thu, 16 Feb 2023 at 17:11, Tony Wong <[email protected]> wrote:
>>
>>> ok this is more ansible problem.
>>>
>>> I like to put my policy changes in a vars file
>>>
>>> so I got a policy.yaml file like this
>>>
>>>
>>> policy.yaml
>>>
>>> acm-pca:ListTags
>>> acm-pca:GetPolicy
>>> acm-pca:GetPolicy
>>>
>>> ---
>>> - name: test
>>> hosts: localhost
>>> vars_files:
>>> - policy.yml
>>> tasks:
>>> - name: Create IAM Managed Policy
>>> amazon.aws.iam_policy:
>>> iam_type: role
>>> iam_name: "aws_test_role"
>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>> policy_json: "{{ policy | to_json }}"
>>> state: present
>>> policy: |
>>> Version: "2012-10-17"
>>> Statement:
>>> {% for action in actions %}
>>> - Action: {{ action }}
>>> Effect: Allow
>>> Resource: "*"
>>> {% endfor %}
>>>
>>>
>>> but when i run the pb it says
>>>
>>> ERROR! variable files must contain either a dictionary of variables, or
>>> a list of dictionaries.
>>>
>>
>> This is correct.
>>
>>> Got: acm-pca:ListTags acm-pca:GetPolicy acm-pca:GetPolicy (<class
>>> 'ansible.parsing.yaml.objects.AnsibleUnicode'>)
>>>
>>
>> Your policy yaml file should read something like
>>
>> policy:
>> acm-pca:ListTags
>> acm-pca:GetPolicy
>> acm-pca:GetPolicy
>>
>>
>>>
>>>
>>> On Tue, Feb 14, 2023 at 5:05 AM 'Rowe, Walter P. (Fed)' via Ansible
>>> Project <[email protected]> wrote:
>>>
>>>> This is not an ansible problem. You need to ready the AWS docs on
>>>> specifying IAM policies and make sure your policy adheres to their format
>>>> and only includes the key:value pairs they accept.
>>>>
>>>> Walter
>>>> --
>>>> Walter Rowe, Division Chief
>>>> Infrastructure Services, OISM
>>>> Mobile: 202.355.4123 <(202)%20355-4123>
>>>>
>>>> On Feb 13, 2023, at 1:47 PM, Tony Wong <[email protected]> wrote:
>>>>
>>>> tried but it failed
>>>>
>>>> fatal: [localhost]: FAILED! => {
>>>> "boto3_version": "1.24.27",
>>>> "botocore_version": "1.27.27",
>>>> "changed": false,
>>>> "error": {
>>>> "code": "MalformedPolicyDocument",
>>>> "message": "Syntax errors in policy.",
>>>> "type": "Sender"
>>>> },
>>>> "invocation": {
>>>> "module_args": {
>>>> "access_key": null,
>>>> "aws_ca_bundle": null,
>>>> "aws_config": null,
>>>> "debug_botocore_endpoint_logs": false,
>>>> "endpoint_url": null,
>>>> "iam_name": "aws_test_role",
>>>> "iam_type": "role",
>>>> "policy_json": "\"Version:
>>>> \\\"2012-10-17\\\"\\nStatement:\\n - Action: acm-pca:ListTags\\n
>>>> Effect: Allow\\n Resource: \\\"*\\\"\\n - Action:
>>>> acm-pca:GetPolicy\\n
>>>> Effect: Allow\\n Resource: \\\"*\\\"\\n - Action:
>>>> acm-pca:GetPolicy\\n Effect: Allow\\n Resource: \\\"*\\\"\\n\"",
>>>> "policy_name": "PrismaCloud-IAM-ReadOnly-Policy",
>>>> "profile": null,
>>>> "region": null,
>>>> "secret_key": null,
>>>> "session_token": null,
>>>> "skip_duplicates": false,
>>>> "state": "present",
>>>> "validate_certs": true
>>>> }
>>>> },
>>>> "msg": "An error occurred (MalformedPolicyDocument) when calling
>>>> the PutRolePolicy operation: Syntax errors in policy.",
>>>> "response_metadata": {
>>>> "http_headers": {
>>>> "connection": "close",
>>>> "content-length": "279",
>>>> "content-type": "text/xml",
>>>> "date": "Mon, 13 Feb 2023 16:10:28 GMT",
>>>> "x-amzn-requestid": "8ab06377-a416-45ea-a132-328cd03d329f"
>>>> },
>>>> "http_status_code": 400,
>>>> "request_id": "8ab06377-a416-45ea-a132-328cd03d329f",
>>>> "retry_attempts": 0
>>>> }
>>>> }
>>>>
>>>> On Mon, Feb 13, 2023 at 8:02 AM Dick Visser <[email protected]> wrote:
>>>>
>>>>> On Mon, 13 Feb 2023 at 15:55, Tony Wong <[email protected]> wrote:
>>>>>
>>>>> > "msg": "Failed to decode the policy as valid JSON: Expecting
>>>>> value: line 1 column 1 (char 0)"
>>>>>
>>>>> So, you will need to use proper JSON.
>>>>> Give this a try:
>>>>>
>>>>> ---
>>>>> - name: test
>>>>> hosts: localhost
>>>>> tasks:
>>>>> - name: Create IAM Managed Policy
>>>>> amazon.aws.iam_policy:
>>>>> iam_type: role
>>>>> iam_name: "aws_test_role"
>>>>> policy_name: "PrismaCloud-IAM-ReadOnly-Policy"
>>>>> policy_json: "{{ policy | to_json }}"
>>>>> state: present
>>>>> vars:
>>>>> actions:
>>>>> - acm-pca:ListTags
>>>>> - acm-pca:GetPolicy
>>>>> - acm-pca:GetPolicy
>>>>> policy: |
>>>>> Version: "2012-10-17"
>>>>> Statement:
>>>>> {% for action in actions %}
>>>>> - Action: {{ action }}
>>>>> Effect: Allow
>>>>> Resource: "*"
>>>>> {% endfor %}
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "Ansible Project" group.
>>>>> To unsubscribe from this topic, visit
>>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FWZzXL_z_teA%2Funsubscribe&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cb5e72445a8d84e76a10b08db0df2c681%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638119108586448983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=e%2FNOwupdFzY3H15tdGDbr6PuX12pncg9mxXov%2F3bnVQ%3D&reserved=0>
>>>>> .
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZKn4GQEjnRUGTTsZ358_mJ6a1cpqyRPtbXvMzoUNtvJQ%40mail.gmail.com
>>>>>
>>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAF8BbLZKn4GQEjnRUGTTsZ358_mJ6a1cpqyRPtbXvMzoUNtvJQ%2540mail.gmail.com&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cb5e72445a8d84e76a10b08db0df2c681%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638119108586448983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EuSwkNcE7j3a%2Bn0vV5Ol0dXRJ76F75n2ngxddqtPWfU%3D&reserved=0>
>>>>> .
>>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkqvQmg4x-M3nQUNigO4PQ_Et765EP4tOHkJiUYvf4ftZg%40mail.gmail.com
>>>>
>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCALmkhkqvQmg4x-M3nQUNigO4PQ_Et765EP4tOHkJiUYvf4ftZg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cb5e72445a8d84e76a10b08db0df2c681%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638119108586448983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OJKNMtgOTIjhmny5MpwC3KHIDw0CPQZGWv6JmYF8VpA%3D&reserved=0>
>>>> .
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Ansible Project" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>>
>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/4E6822FF-DEB2-42B5-B18A-A4BCECED47F1%40nist.gov
>>>>
>>>> <https://groups.google.com/d/msgid/ansible-project/4E6822FF-DEB2-42B5-B18A-A4BCECED47F1%40nist.gov?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkqfEokt473bEae-i0%3DMd5_n0PEEAM6th8Qw6Cz2ub89zg%40mail.gmail.com
>>>
>>> <https://groups.google.com/d/msgid/ansible-project/CALmkhkqfEokt473bEae-i0%3DMd5_n0PEEAM6th8Qw6Cz2ub89zg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> Sent from Gmail Mobile
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/WZzXL_z_teA/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>>
> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZpjWBNvFcyLETSBL0ae%2BbHEm7YbR1c%3Dxw2xrT09eNggQ%40mail.gmail.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/CAF8BbLZpjWBNvFcyLETSBL0ae%2BbHEm7YbR1c%3Dxw2xrT09eNggQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/de6b5c2a-e0f9-4973-b511-54a9ed6ee2edn%40googlegroups.com.
