Search code examples
ansible

How to set a "when" condition by referencing a value in a register variable

I am trying to run the following tasks which will check if SMB version 1 is enabled and disable it if it is found to be enabled. The fist task runs a powershell command and registers the output to smbcheck. The second task will then disable SMB version 1 if it is found to be enabled:

    - name: Check if SMB v1 is enabled
      ansible.windows.win_powershell:
        script: |
          Get-SmbServerConfiguration | Select EnableSMB1Protocol
      register: smbcheck

    - name: Disable SMBv1 only on servers where it is enabled.
      ansible.windows.win_powershell:
        script: |
          Set-SmbServerConfiguration -EnableSMB1Protocol $false
      when: smbcheck.output.EnableSMB1Protocol

The output of smbcheck will include the following:

"output": [ { "EnableSMB1Protocol": false } ]

So I would expect the when condition to skip hosts if EnableSMB1Protocol is false. However, when I run the playbook in AAP I get the following error:

The conditional check 'smbcheck.output.EnableSMB1Protocol' failed. The error was: error while evaluating conditional (smbcheck.output.EnableSMB1Protocol): 'list object' has no attribute 'EnableSMB1Protocol'

Any ideas how to successfully set the condition so that the task only runs if smbcheck output has EnableSMB1Protocol is True?

I have tried to reference EnableSMB1Protocol in different ways but nothing has worked so far.

Solution

  • That's expected.

    If your smbcheck variable has "output": [ { "EnableSMB1Protocol": false } ] key, it means that output is a list that contains one object consisting of one key/value pair.

    So, referring it as smbcheck.output[0].EnableSMB1Protocol should help.

    Additionally, there is a practice helping to avoid possible misinterpretations when checking the values: first, check the presence, and then check the value itself. Given that the when accepts multiple conditions and joins them with logical AND when listed, the following structure provides a safe way to check any type of value:

    when: 
  - smbcheck.output[0].EnableSMB1Protocol is defined
  - smbcheck.output[0].EnableSMB1Protocol

    Or, in Pythonic way:

    when: smbcheck.output[0].EnableSMB1Protocol is defined
      and smbcheck.output[0].EnableSMB1Protocol