I am using Ansible Tower to expose play. User stars job calling REST API and she/he provides some extra_vars. I have to validate provided variable against some other variables. For example: user provides hostname and I have in the inventory variable: allowed_hostnames. Problem is extra_vars trumps everything, so user can always override variable for list of allowed values, and test does not make sense. In Tower there is a Survey feature that can be used to limit variables allowed to change by user, but enabling Survey will block dict variables and I need it.
Asked
Active
Viewed 1,364 times
2 Answers
1
Q: "Problem is extra_vars trumps everything"
A: Avoid variable. For example the task
- debug:
msg: "{{ my_host|default('') }} is allowed to ..."
when: "my_host|default('') in lookup('file', 'allowed_hosts.yml')|from_yaml"
with the data
$ cat allowed_hosts.yml
- host1
- host2
- host3
- host9
gives
$ ansible-playbook play.yml -e 'my_host=host2'
"msg": "host2 is allowed to ..."
Next options might be pipe, redis, modgodb ... lookup plugins, custom filter, or custom lookup plugin.
Vladimir Botka
- 58,131
- 4
- 32
- 63
0
Based on @Vladimir answer I have done this like that:
- name: Check variables
fail:
when: "{{ {'restricted_variables':restricted_variables} != lookup('file', 'restricted_variables.yml')|from_yaml }}"
where restricted_variables.yml:
restricted_variables:
variable1: somevalue
variable2:
var1: 1
var2: 2
mefju
- 539
- 7
- 26