[ansible-project] issues with ansible looping

[Shivani Arora]

Hi Team,

I'm having issues with looping in Ansible. The background of what I'm 
trying to do is - 
I have 2 regions in aws_cloud_regions and their respective 
waf_blocked_accounts list, which looks like the one below. 

I want to create regional_account_rules in waf for both the regions (as in 
us-east-1 blocked_account_list gets attached to regional_account_rules for 
US East and the same for another region) but facing issues while looping 
over regions and blocked_account_list together. 


Also note, that search_string in "Create statements" accepts a string list, 
so we have to create one outer loop and one inner loop, an outer loop for 
regions, and an inner for adding blocked account lists one by one.

 

-bash-4.2$ cat environment/QAtest/us-east-1/waf_blocked_accounts.yml

blocked_account_list:

  - 5afabfb36d6c356772d8ae02

  - 5c46e33273766a3634f91a7c

    

"aws_cloud_regions": [
        "us-east-1",
        "eu-central-1"
    ]


The playbook which needs modification, it is not region-specific as of now:

  - name: Loop over AWS regions

    include_vars:

        file: "environment/QAtest/{{ region }}/waf_blocked_accounts.yml"

    loop: "{{ aws_cloud_regions }}"

    loop_control:

        loop_var: region

    register: blocked_accounts


  - name: Create statements

    set_fact:

      acc_statements: "{{ acc_statements + [loop_statement] }}"

    vars:

      loop_statement:

        byte_match_statement:

          search_string: "{{ acc_id }}"

          positional_constraint: EXACTLY

          field_to_match:

            single_header:

              name: "accountmoid"

          text_transformations:

          - type: NONE

            priority: 0

    loop: "{{ blocked_account_list }}"

    loop_control:

      loop_var: acc_id

 

  - set_fact:

      regional_account_rules:

      - name: "BlockedAccounts"

        priority: 3

        action:

          block: {}

        visibility_config:

          sampled_requests_enabled: yes

          cloud_watch_metrics_enabled: yes

          metric_name: "BlockedAccounts"

        statement:

          or_statement:

            statements: "{{ acc_statements }}"

  - set_fact:

      regional_account_rules: "{{ regional_account_rules | default([]) }}"



Any help is appreciated. Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cd18c106-b3c0-4f3b-8e6c-60c52ee3e5e6n%40googlegroups.com.