Ansible Play error - Template error while templating string: no filter named 'map'. String:

1,761 views
Skip to first unread message

Kishore Ponniah

unread,
Oct 24, 2018, 5:08:49 AM10/24/18
to Ansible Project
Hello all,

This is the continuation of my other Post creating direct connect gateway. This is the same but using assume roles and cross-account deployment. I have added loops but there are 2 sections which are not working (debug role arns & assume cross account roles). Can some one help?

Error:
TASK [debug role arns] ************************************************************************************************************************************************************************************************************
task path: /home/ec2-user/environment/aws-rxgt-mgmt-platform/ansible/rxgt-ps-rxgtmgmt-playbook.yaml:29
fatal: [infrastructure]: FAILED! => {
    "msg": "template error while templating string: no filter named 'map'. String: {{ rxgt_identity_account['deploy_accounts']|map('extract', rxgt_identity_account['account_config'])|list }}"
}

=======================================================
Main playbook:

---
# This playbook builds Network infrastructure in all configured accounts
- name: Install/Update RXGT Mgmt account CF templates
  hosts: infrastructure
  tasks:

- name: Install/Update RXGT PS cross account CF templates
  hosts: infrastructure
  tasks:
    - name: get sts session token
      sts_session_token:
        duration_seconds: "{{ sts_session_duration | default(3600) }}"
        mfa_serial_nunber: "{{ sts_mfa_serial_number | default(omit) }}"
        mfa_token: "{{ sts_mfa_token | default(omit) }}"
      register: sts_session_token
      when: with_sts
      tags: 
        rxgt-ps-mgmt-stack-deploy
      
    - name: retrieve sts credentials
      set_fact:
        sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
        sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
        sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
      when: with_sts  
      tags:
        rxgt-ps-mgmt-stack-deploy

    - name: debug role arns
      debug:
        msg: "Assuming role: {{ account_config.sts_role_arn }}"
        verbosity: 1
      loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract', rxgt_identity_account['account_config'])|list }}"
      loop_control:
        loop_var: account_config
        label: "{{ account_config.sts_role_arn }}"
      tags:
        rxgt-ps-mgmt-stack-deploy

    - name: assume cross account roles
      sts_assume_role:
        role_arn: "{{ account_config.sts_role_arn }}"
        role_session_name: "ansibledeploy"
        duration_seconds: "{{ sts_session_duration | default(3600) }}"
        aws_access_key: "{{ sts_access_key | default(omit) }}"
        aws_secret_key: "{{ sts_secret_key | default(omit) }}"
        security_token: "{{ sts_session_token | default(omit) }}"
        mfa_serial_nunber: "{{ sts_mfa_serial_number | default(omit) }}"
        mfa_token: "{{ sts_mfa_token | default(omit) }}"
      loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract', rxgt_identity_account['account_config'])|list }}"
      loop_control:
        loop_var: account_config
        label: "{{ account_config.sts_role_arn }}"
      register: assumed_roles_with_account_config
      tags:
        rxgt-ps-mgmt-stack-deploy
        
    - name: create rxgt-ps-mgmt-direct-connect-gateway stack
      aws_direct_connect_gateway:
        state: present
        region: "{{ account_config.1 }}"
        aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
        aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
        security_token: "{{ account_config.0.sts_creds.session_token }}"
        name: "{{ rxgt_identity_account.account_config.rxgtmgmt.stacks['rxgt-ps-mgmt-direct-connect-gateway'].params.name }}"
        amazon_asn: "{{ rxgt_identity_account.account_config.rxgtmgmt.stacks['rxgt-ps-mgmt-direct-connect-gateway'].params.amazon_asn }}"
      loop: "{{ assumed_roles_with_account_config.results|subelements('account_config.regions', skip_missing=True) }}"
      loop_control:
        loop_var: account_config
        label: "{{ account_config.0.account_config.account_alias }}:{{ account_config.1 }}"
      register: created_aws_direct_connect_gateway
      tags:
        rxgt-ps-mgmt-stack-deploy
      
  
    - name: debug stack outputs
      vars:
        msg: "{{ account_config | to_nice_yaml }}"
      debug:
        msg: "{{ msg.split('\n') }}"
        verbosity: 0
      loop: "{{ assumed_roles_with_account_config.results|subelements('account_config.regions', skip_missing=True) }}"
      loop_control:
        loop_var: account_config
        label: "{{ account_config.0.account_config.account_alias }}:{{ account_config.1 }}"
      tags:
        - 'never'
        - 'debug'
        - rxgt-ps-mgmt-stack-deploy

=======================================================
account_config.yaml

---
ansible_python_interpreter: "{{ lookup('env', 'VIRTUAL_ENV') }}/bin/python"
rxgt_identity_account:
  deploy_accounts:
  - XXXXXX

  account_config:
    XXXXXX:
      id: XXXXXXXX
      account_alias: XXXXXX
      sts_role_arn: arn:aws:iam::XXXXXXXXXXXX:role/xxxx/xx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      pass_role_arn: ""
      regions:
      - eu-west-1
      stacks:
        rxgt-ps-mgmt-direct-connect-gateway:
          params:
            name: rxgtmgmt-dxgw
            amazon_asn: 65000
          override_tags:
            rx:billing:service-name: identity
            rx:billing:environment-name: xxxxxx

Kishore Ponniah

unread,
Oct 25, 2018, 6:11:07 AM10/25/18
to Ansible Project
Hello all, 

I have managed to sort out this issue. I had an old version of Python-Jinja2 in my virtual environment. Once upgraded it resolved. 

Thanks
Reply all
Reply to author
Forward
0 new messages