Search code examples
ansiblessl-certificatebuild-automationansible-2.xnetscaler

Compare two lists and write the result in a file using the rejectattr file

Given the list expired:

[
    {
        "cert": "help.abc.com.cer",
        "certkey": "help.abc.com-key",
        "daystoexpiration": 0,
        "key": "help.abc.com.key"
    },
    {
        "cert": "prod.abc.ca-2020.cer",
        "certkey": "prod.abc.ca",
        "daystoexpiration": 0,
        "key": "prod.abc.ca-2020.key"
    },
    {
        "cert": "ca-profile-service-prod.abc.com.cer",
        "certkey": "ca-profile-service-prod-cert",
        "daystoexpiration": 0,
        "key": "ca-profile-service-prod.abc.com.key"
    },
    {
        "cert": "eclosing.abc.com.cer",
        "certkey": "eclosing-cert",
        "daystoexpiration": 0,
        "key": "eclosing.abc.com.key"
    },
    {
        "cert": "merlin-ldp-stg.abc.com.cer",
        "certkey": "merlin-ldp-stg.cert",
        "daystoexpiration": 0,
        "key": "merlin-ldp-stg.abc.com.key"
    },
    {
        "cert": "stg-abc.services.cer",
        "certkey": "stg-abc.services.cert",
        "daystoexpiration": 0,
        "key": "stg-abc.services.key"
    },
    {
        "cert": "fintech-ap-stg.cer",
        "certkey": "fintech-ap-stg-cer",
        "daystoexpiration": 0,
        "key": "fintech-ap-stg.key"
    },
    {
        "cert": "docker.prod.abc.com_2021.cer",
        "certkey": "docker.prod.abc.com",
        "daystoexpiration": 0,
        "key": "docker.prod.abc.com_2021.key"
    },
    {
        "cert": "merlin-ldp.cert-2023",
        "certkey": "merlin-ldp.cert-2023",
        "daystoexpiration": 0,
        "key": "merlin-ldp.cert-2023"
    },
    {
        "cert": "abc-net-etc-2023",
        "certkey": "abc-net-etc-2023",
        "daystoexpiration": 0,
        "key": "abc-net-etc-2023"
    },
    {
        "cert": "ppc01.abc.com_2024.cer",
        "certkey": "ppc01.abc-2024",
        "daystoexpiration": 0,
        "key": "ppc01.abc_2024.key"
    }
]

And the list certkey_binding


[
    {
        "certkey": "help.abc.com-key",
        "data": "1",
        "servername": "dfw-xyz.help.abc.com-SSL_tcp443-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "prod.abc.ca",
        "data": "1",
        "servername": "cca-canada.dfw.prod.abc.com-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "ca-profile-service-prod-cert",
        "data": "1",
        "servername": "dfw-ca-profile-service-prod.abc.com_ssl_443_lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "eclosing-cert",
        "data": "1",
        "servername": "eclosing.dfw.abc.com-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "merlin-ldp-stg.cert",
        "data": "1",
        "servername": "dfw.merlin-ldp-stg.abc.com-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "stg-abc.services.cert",
        "data": "1",
        "servername": "stg-abc.services.abc.com-DFW-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "fintech-ap-stg-cer",
        "data": "1",
        "servername": "dfw-fintech-ap-stg.abc.com-HTTPS_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "docker.prod.abc.com",
        "data": "1",
        "servername": "dfw-thirdparty.docker.prod.abc.com-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "docker.prod.abc.com",
        "data": "2",
        "servername": "dfw-us.gcr.docker.abc.com-SSL_tcp443-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "docker.prod.abc.com",
        "data": "3",
        "servername": "dfw-elasticsearch.prod.abc.com-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "merlin-ldp.cert-2023",
        "data": "1",
        "servername": "merlin-ldp.merlin-ldp-DFW-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "abc-net-etc-2023",
        "data": "1",
        "servername": "abc-net-etc.dfw.prod.abc.com-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    },
    {
        "certkey": "ppc01.abc-2024",
        "data": "1",
        "servername": "dfw-clho.abc.com-SSL_443tcp-lb",
        "stateflag": "2",
        "version": 2
    }
]

I try to compare the given lists and reject any certkey in the list expired that is associated with server name in the list certkey_binding.

My Ansible playbook:

- hosts: citrix_adc
  gather_facts: False

  tasks:
    - name: Filter expired certs with no binding
      set_fact:
        filtered_certs: "{{ expired | rejectattr('certkey','equalto',item.certkey) | list }}"
      loop: "{{ certkey_binding }}"
      
    - name: Write filtered certs into file
      copy:
        content: "{{ filtered_certs | to_nice_json }}"
        dest: '/Users/abcdef/Downloads/Ansible_Automation/NS_Cert_Cleanup/Certkeys_To_Delete.json'

Ideally I am expecting that filtered_certs should be an empty list, as all of the certkeys have a server name associated with them. But, in the result, I am seeing all the certkeys from the list expired.

How can this be achieved?

Solution

  • You can achieve this in a single task.

    1. define a list of certificate keys in the list certkey_binding, using a map filter
    2. Use that list in combination of rejectattr, but, with the in test, rather, to exclude any certificate key in the list expired that would also be present in the list certkey_binding
    3. Then use the result in the task itself

    So, your task ends up being:

    - copy:
    dest: example.json
    content: >-
      {{
        expired
          | rejectattr(
              'certkey','in', certkey_binding | map(attribute="certkey")
            )
          | to_nice_json
      }}