Question

我正在尝试获取基于数据库角色的授予列表，以在一个模块中重复使用。为此，结果必须是列表

name: adding permissions
module:
  role: database_role
  permissions:
    - "schema:USAGE/table1:SELECT/table2:SELECT,UPDATE"
    - "another_schema:USAGE/ALL:ALL"

我的权限定义为变量，如下所示：

db_roles:
  - name: role1
    grants:
      - schema: schema
        permissions:
          - table1:SELECT
          - table2:SELECT,UPDATE
      - schema: another_schema:
        permissions:
          - ALL:ALL

我还定义了更多角色。角色的这种定义意味着我可以在每行添加一个新的权限，以使其更具可读性。

现在，我正在尝试格式化此变量以接收如下内容：

permissions:
  - role1: 
      - "schema:USAGE/table1:SELECT/table2:SELECT,UPDATE"
      - "another_schema:USAGE/ALL:ALL"
  - role2: 
      - "schema:USAGE/ALL:ALL"

但是我不知道如何得到这个结果。

我尝试过的事情

到目前为止，我最了解的是这个，但是我不确定是否有可能以某种方式从字典中检索值

ok: [localhost] => {
"permissions": {
    "role1": {
        "schema": "schema:USAGE/table1:SELECT/table2:SELECT",
        "another_schema": "another_schema:USAGE/ALL:ALL"
    }
}

}

让我到达的代码是

- name: Create privs for users
  set_fact:
      permissions: "{{ permissions|default( {item.0.name:{}} ) | combine( {item.0.name:{item.1.schema: item.1.schema ~ ':USAGE/'  ~ item.1.permissions | join('/')}}, recursive=True) }}"
  with_subelements:
      - "{{ db_roles }}"
      - grants

Answer 1

强硬的:)希望我做对了。

从您离开的地方开始，我添加了此任务，以进一步处理您准备的变量：

  - name: Create privs for users - step 2
    set_fact:
      permissions_final: "{{ permissions_final|default([]) + [{ item : permissions[item] | dict2items | map(attribute='value') | list }] }}"
    with_items:
      - "{{ permissions.keys() | list }}"

完整代码和示例输出：

---
- hosts: localhost
  gather_facts: false
  vars:
    db_roles:
    - name: role1
      grants:
        - schema: schema
          permissions:
            - table1:SELECT
            - table2:SELECT,UPDATE
        - schema: another_schema
          permissions:
            - ALL:ALL
    - name: role2
      grants:
        - schema: schema3
          permissions:
            - table1:SELECT
            - table2:SELECT,UPDATE
        - schema: another_schema4
          permissions:
            - ALL:ALL

  tasks:
  - name: Create privs for users
    set_fact:
      permissions: "{{ permissions|default( {item.0.name:{}} ) | combine( {item.0.name:{item.1.schema: item.1.schema ~ ':USAGE/'  ~ item.1.permissions | join('/')}}, recursive=True) }}"
    with_subelements:
      - "{{ db_roles }}"
      - grants

  # - name: print results
  #   debug:
  #     var: permissions

  - name: Create privs for users - step 2
    set_fact:
      permissions_final: "{{ permissions_final|default([]) + [{ item : permissions[item] | dict2items | map(attribute='value') | list }] }}"
    with_items:
      - "{{ permissions.keys() | list }}"

  - name: print results
    debug:
      var: permissions_final

产生的变量

TASK [print results] ***************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "permissions_final": [
        {
            "role1": [
                "schema:USAGE/table1:SELECT/table2:SELECT,UPDATE",
                "another_schema:USAGE/ALL:ALL"
            ]
        },
        {
            "role2": [
                "schema3:USAGE/table1:SELECT/table2:SELECT,UPDATE",
                "another_schema4:USAGE/ALL:ALL"
            ]
        }
    ]
}

希望这会有所帮助！

带有目录的追加目录

1 个答案: