问题描述
我正在编写各种剧本,用于在 AWS 中配置用户、组、策略等.
I am writing various playbooks for the provisioning of users, groups, policies etc in AWS.
目前,我正在尝试编写一个任务,该任务将从给定的 AWS IAM 账户中删除任何访问密钥.要在 ansible 中使用 iam 模块正确执行此操作,您必须指定要禁用的 AWS 访问密钥.
At the moment, I am trying to write a task that will remove any access keys from a given AWS IAM account. To properly do so using the iam module in ansible, you must specify the AWS access key that you wish to disable.
这个脚本还预先创建了一个用户(删除访问密钥是为了确保如果用户已经创建,他们没有任何以前遗留的访问密钥).
This script also creates a user before hand (the removing of access keys is to assure that if the user was already created, they don't have any left over access keys from before).
用户创建的输出像这样注册到一个变量中
The output of the user creation is registered into a variable like so
- name: Create new user and add to IAM group for console
vars:
use_key: "{{ enable_access_keys }}"
iam:
iam_type: user
name: "{{ item }}"
state: present
aws_access_key: "{{ account_vars.aws_access_key }}"
aws_secret_key: "{{ account_vars.aws_secret_key }}"
password: "{{ iam_password }}"
update_password: on_create
with_items:
- "{{ iam_user_name_list }}"
when: not use_key
register: console_user
console_user 变量的输出是:
The output of the console_user var is:
ok: [127.0.0.1] => {
"changed": false,
"msg": {
"changed": false,
"msg": "All items completed",
"results": [
{
"_ansible_item_result": true,
"_ansible_no_log": false,
"_ansible_parsed": true,
"changed": false,
"groups": null,
"invocation": {
"module_args": {
"access_key_ids": null,
"access_key_state": null,
"aws_access_key": "removed",
"aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ec2_url": null,
"groups": null,
"iam_type": "user",
"key_count": 1,
"name": "other-guy",
"new_name": null,
"new_path": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "/",
"profile": null,
"region": null,
"security_token": null,
"state": "present",
"trust_policy": null,
"trust_policy_filepath": null,
"update_password": "on_create",
"validate_certs": true
}
},
"item": "other-guy",
"keys": {
"Access key is here": "Active"
},
"user_name": "other-guy"
}
]
}
}
我的问题是,如何获取keys"字典下提供的访问密钥?由于我正在寻找的是密钥,而不是值,因此我不确定如何获取该访问密钥,以便我可以在下一个任务中使用它来表示我想删除它.
My question is, how can I get the access key that is provided under the "keys" dictionary? Since the what I'm looking for is the key, not the value, I'm not sure how I would go about obtaining that access key so I can use it in the next task to say that I'd like to remove it.
在此先感谢您的帮助.
推荐答案
每个字典都有 .keys() 方法.例如打印每个用户的密钥:
There is .keys() method for every dictionary. For example to print keys for each user:
- debug:
msg: "User {{ item.user_name }} has keys {{ item.keys.keys() }}"
with_items: "{{ console_user.results }}"
或者使用 JMESPath 迭代每个用户的每个键:
Or to iterate over every key of every user with JMESPath:
- debug:
msg: "{{ item }}"
with_items: "{{ console_user.results | json_query('[].keys.keys(@)') }}"
这篇关于从 ansible 中注册的变量中检索键的值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!