loopsansiblefortigate

Ansible: fortigate list to popolate a dictionary


remote_address_phase2:
  - 192.168.88.0/24
  - 192.168.1.0/24

task:

i have to create a firewall group 

  - name: "addrgrp"
    fortios_firewall_addrgrp:
      vdom:  "{{ vdom }}"
      state: "present"
      firewall_addrgrp:
        allow_routing: "disable"
        #category: "default"
        color: "21"
        comment: "try"
        exclude: "disable"
        fabric_object: "disable"
        member:
          - name: "NET-{{ item}}"
      
        name: "try"

        type: "default"

    with_items:  "{{  remote_address_phase2 }}"

if i made this activity i have 2 different task but the last operation overwrite the first

any idea?


Solution

  • Going by the example in the documentation for the module, it seems that the member: parameter takes a list of dicts.

    Example from module documentation:

            member:
             -
                name: "default_name_7 (source firewall.address.name firewall.addrgrp.name)"
    

    Haven't tested it, but we can create a similar structure before "addrgrp" task with set_fact and use the newly created variable.

        - set_fact:
            fw_members: "{{ fw_members | default([]) + [{'name': 'NET-' ~ item}] }}"
          loop: "{{ remote_address_phase2 }}"
    

    This gives:

        "fw_members": [
            {
                "name": "NET-192.168.88.0/24"
            },
            {
                "name": "NET-192.168.1.0/24"
            }
        ]
    

    It should then be possible to pass this variable as a value to the member: parameter. Example:

      - set_fact:
          fw_members: "{{ fw_members | default([]) + [{'name': 'NET-' ~ item}] }}"
        loop: "{{ remote_address_phase2 }}"
    
      - name: "addrgrp"
        fortios_firewall_addrgrp:
          vdom:  "{{ vdom }}"
          state: "present"
          firewall_addrgrp:
            allow_routing: "disable"
            #category: "default"
            color: "21"
            comment: "try"
            exclude: "disable"
            fabric_object: "disable"
            member: "{{ fw_members }}"
            name: "try"
            type: "default"