给出列表
expired
:
[
{
"cert": "help.abc.com.cer",
"certkey": "help.abc.com-key",
"daystoexpiration": 0,
"key": "help.abc.com.key"
},
{
"cert": "prod.abc.ca-2020.cer",
"certkey": "prod.abc.ca",
"daystoexpiration": 0,
"key": "prod.abc.ca-2020.key"
},
{
"cert": "ca-profile-service-prod.abc.com.cer",
"certkey": "ca-profile-service-prod-cert",
"daystoexpiration": 0,
"key": "ca-profile-service-prod.abc.com.key"
},
{
"cert": "eclosing.abc.com.cer",
"certkey": "eclosing-cert",
"daystoexpiration": 0,
"key": "eclosing.abc.com.key"
},
{
"cert": "merlin-ldp-stg.abc.com.cer",
"certkey": "merlin-ldp-stg.cert",
"daystoexpiration": 0,
"key": "merlin-ldp-stg.abc.com.key"
},
{
"cert": "stg-abc.services.cer",
"certkey": "stg-abc.services.cert",
"daystoexpiration": 0,
"key": "stg-abc.services.key"
},
{
"cert": "fintech-ap-stg.cer",
"certkey": "fintech-ap-stg-cer",
"daystoexpiration": 0,
"key": "fintech-ap-stg.key"
},
{
"cert": "docker.prod.abc.com_2021.cer",
"certkey": "docker.prod.abc.com",
"daystoexpiration": 0,
"key": "docker.prod.abc.com_2021.key"
},
{
"cert": "merlin-ldp.cert-2023",
"certkey": "merlin-ldp.cert-2023",
"daystoexpiration": 0,
"key": "merlin-ldp.cert-2023"
},
{
"cert": "abc-net-etc-2023",
"certkey": "abc-net-etc-2023",
"daystoexpiration": 0,
"key": "abc-net-etc-2023"
},
{
"cert": "ppc01.abc.com_2024.cer",
"certkey": "ppc01.abc-2024",
"daystoexpiration": 0,
"key": "ppc01.abc_2024.key"
}
]
还有清单
certkey_binding
[
{
"certkey": "help.abc.com-key",
"data": "1",
"servername": "dfw-xyz.help.abc.com-SSL_tcp443-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "prod.abc.ca",
"data": "1",
"servername": "cca-canada.dfw.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "ca-profile-service-prod-cert",
"data": "1",
"servername": "dfw-ca-profile-service-prod.abc.com_ssl_443_lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "eclosing-cert",
"data": "1",
"servername": "eclosing.dfw.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "merlin-ldp-stg.cert",
"data": "1",
"servername": "dfw.merlin-ldp-stg.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "stg-abc.services.cert",
"data": "1",
"servername": "stg-abc.services.abc.com-DFW-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "fintech-ap-stg-cer",
"data": "1",
"servername": "dfw-fintech-ap-stg.abc.com-HTTPS_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "docker.prod.abc.com",
"data": "1",
"servername": "dfw-thirdparty.docker.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "docker.prod.abc.com",
"data": "2",
"servername": "dfw-us.gcr.docker.abc.com-SSL_tcp443-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "docker.prod.abc.com",
"data": "3",
"servername": "dfw-elasticsearch.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "merlin-ldp.cert-2023",
"data": "1",
"servername": "merlin-ldp.merlin-ldp-DFW-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "abc-net-etc-2023",
"data": "1",
"servername": "abc-net-etc.dfw.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "ppc01.abc-2024",
"data": "1",
"servername": "dfw-clho.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
}
]
我尝试比较给定的列表,并拒绝列表
certkey
中与列表 expired
中的服务器名称关联的任何 certkey_binding
。
我的 Ansible 剧本:
- hosts: citrix_adc
gather_facts: False
tasks:
- name: Filter expired certs with no binding
set_fact:
filtered_certs: "{{ expired | rejectattr('certkey','equalto',item.certkey) | list }}"
loop: "{{ certkey_binding }}"
- name: Write filtered certs into file
copy:
content: "{{ filtered_certs | to_nice_json }}"
dest: '/Users/abcdef/Downloads/Ansible_Automation/NS_Cert_Cleanup/Certkeys_To_Delete.json'
理想情况下,我期望
filtered_certs
应该是一个空列表,因为所有 certkey
都有一个与其关联的服务器名称。但是,在结果中,我看到了列表中的所有 certkeys
expired
。
如何实现这一目标?
您可以通过一项任务来实现这一目标。
certkey_binding
过滤器定义列表中的证书密钥列表
map
rejectattr
结合使用该列表,但是,通过 in
测试,排除列表 expired
中也将出现在列表 certkey_binding
所以,你的任务最终是:
- copy:
dest: example.json
content: >-
{{
expired
| rejectattr(
'certkey','in', certkey_binding | map(attribute="certkey")
)
| to_nice_json
}}