JSON - File Evaluations - Scenarios - Ansible Converted

 ===========================================================================

 

 

===========================================================================


====Another example of fetching the information

package play

default let_do := false

let_do = true {
   resource := input[_]
   resource.hosts == "databases"
}

 

Result :

{
    "let_do": true
}

 

============

INPUT FILE 

[
  {
    "name": "Update web servers",
    "hosts": "webservers",
    "remote_user": "root",
    "tasks": [
      {
        "name": "Ensure apache is at the latest version",
        "ansible.builtin.yum": {
          "name": "httpd",
          "state": "latest"
        }
      },
      {
        "name": "Write the apache config file",
        "ansible.builtin.template": {
          "src": "/srv/httpd.j2",
          "dest": "/etc/httpd.conf"
        }
      }
    ]
  },
  {
    "name": "Update db servers",
    "hosts": "databases",
    "remote_user": "root",
    "tasks": [
      {
        "name": "Ensure postgresql is at the latest version",
        "ansible.builtin.yum": {
          "name": "postgresql",
          "state": "latest"
        }
      },
      {
        "name": "Ensure that postgresql is started",
        "ansible.builtin.service": {
          "name": "postgresql",
          "state": "started"
        }
      }
    ]
  }
]

    

 ===

== Works

package play

default let_do := false

let_do {
    info := input[_]
    info.name == "Update web servers"
}


===

package play

default resource_name  := false

resource_name {
   resource := input[_]
   info := resource.tasks[_]
   info.name =="Ensure apache is at the latest version"
}

=====

[
    {
        "name": "Update web servers",
        "hosts": "webservers",
        "remote_user": "root",
        "tasks": [
            {
                "name": "Ensure apache is at the latest version",
                "ansible.builtin.yum": {
                    "name": "httpd",
                    "state": "latest"
                }
            },
            {
                "name": "Write the apache config file",
                "ansible.builtin.template": {
                    "src": "/srv/httpd.j2",
                    "dest": "/etc/httpd.conf"
                }
            }
        ]
    },

+++++++++++++Another scenarios

 

package play

default resource_name  := false

resource_name {
   resource := input[_]
   info := resource.tasks[_]
   info_2 := info["ansible.builtin.yum"]
   info_2.name == "httpd"
}

INPUT file 

 [
    {
        "name": "Update web servers",
        "hosts": "webservers",
        "remote_user": "root",
        "tasks": [
            {
                "name": "Ensure apache is at the latest version",
                "ansible.builtin.yum": {
                    "name": "httpd",
                    "state": "latest"
                }
            },
            {
                "name": "Write the apache config file",
                "ansible.builtin.template": {
                    "src": "/srv/httpd.j2",
                    "dest": "/etc/httpd.conf"
                }
            }
        ]
    },
    {
        "name": "Update db servers",
        "hosts": "databases",
        "remote_user": "root",
        "tasks": [
            {
                "name": "Ensure postgresql is at the latest version",
                "ansible.builtin.yum": {
                    "name": "postgresql",
                    "state": "latest"
                }
            },
            {
                "name": "Ensure that postgresql is started",
                "ansible.builtin.service": {
                    "name": "postgresql",
                    "state": "started"
                }
            }
        ]
    }
]

 

====Another Scenario : https://play.openpolicyagent.org/p/W2IPPgEXqo

Policy file ..

package play

default allow_update := false
default allow_update_1 := false
default allow_update_2 := false
default allow_update_3 := false
default allow_update_4 := false
default allow_update_5 := false

allow_update = true {
   resource := input[_]
   resource.name == "Add new.foo.com as an A record with 3 IPs"
}

allow_update_1 = true {
    resource := input[_]
    dns_update := resource["community.dns.hosttech_dns_record_set"]
    dns_update.ttl == 7200
}

allow_update_2 = true {
    resource := input[_]
    resource.name == "Add new.foo.com as an A record with 3 IPs"
    dns_update := resource["community.dns.hosttech_dns_record_set"]
    dns_update.ttl == 7200
}

allow_update_3 = true {
    resource := input[_]
    resource.name == "Update new.foo.com as an A record with a list of 3 IPs"
    dns_update := resource["community.dns.hosttech_dns_record_set"]
    dns_update.record == "new.foo.com"
}

allow_update_4 = true {
    resource := input[_]
    resource.name == "Update new.foo.com as an A record with a list of 3 IPs"
    dns_update := resource["community.dns.hosttech_dns_record_set"]
    dns_update.record == "new.foo.com"
    dns_update.value[0] == "1.1.1.1"
    dns_update.value[1] == "2.2.2.2"
    dns_update.value[2] == "3.3.3.3"
}

# Iteration
allow_update_5 = true {
    resource := input[_]
    resource.name == "Update new.foo.com as an A record with a list of 3 IPs"
    dns_update := resource["community.dns.hosttech_dns_record_set"]
    dns_update.record == "new.foo.com"
    some i
    dns_update.value[i] == "3.3.3.3"
}


====INPUT FILE

[
  {
    "name": "Add new.foo.com as an A record with 3 IPs",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "new.foo.com",
      "type": "A",
      "ttl": 7200,
      "value": "1.1.1.1,2.2.2.2,3.3.3.3",
      "hosttech_token": "access_token"
    }
  },
  {
    "name": "Update new.foo.com as an A record with a list of 3 IPs",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "new.foo.com",
      "type": "A",
      "ttl": 7200,
      "value": [
        "1.1.1.1",
        "2.2.2.2",
        "3.3.3.3"
      ],
      "hosttech_token": "access_token"
    }
  },
  {
    "name": "Retrieve the details for new.foo.com",
    "community.dns.hosttech_dns_record_set_info": {
      "zone_name": "foo.com",
      "record": "new.foo.com",
      "type": "A",
      "hosttech_username": "foo",
      "hosttech_password": "bar"
    },
    "register": "rec"
  },
  {
    "name": "Delete new.foo.com A record using the results from the facts retrieval command",
    "community.dns.hosttech_dns_record_set": {
      "state": "absent",
      "zone_name": "foo.com",
      "record": "{{ rec.set.record }}",
      "ttl": "{{ rec.set.ttl }}",
      "type": "{{ rec.set.type }}",
      "value": "{{ rec.set.value }}",
      "hosttech_username": "foo",
      "hosttech_password": "bar"
    }
  },
  {
    "name": "Add an AAAA record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "localhost.foo.com",
      "type": "AAAA",
      "ttl": 7200,
      "value": "::1",
      "hosttech_token": "access_token"
    }
  },
  {
    "name": "Add a TXT record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "localhost.foo.com",
      "type": "TXT",
      "ttl": 7200,
      "value": "bar",
      "hosttech_username": "foo",
      "hosttech_password": "bar"
    }
  },
  {
    "name": "Remove the TXT record",
    "community.dns.hosttech_dns_record_set": {
      "state": "absent",
      "zone_name": "foo.com",
      "record": "localhost.foo.com",
      "type": "TXT",
      "ttl": 7200,
      "value": "bar",
      "hosttech_username": "foo",
      "hosttech_password": "bar"
    }
  },
  {
    "name": "Add a CAA record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "foo.com",
      "type": "CAA",
      "ttl": 3600,
      "value": [
        "128 issue letsencrypt.org",
        "128 iodef mailto:webmaster@foo.com"
      ],
      "hosttech_token": "access_token"
    }
  },
  {
    "name": "Add an MX record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "foo.com",
      "type": "MX",
      "ttl": 3600,
      "value": [
        "10 mail.foo.com"
      ],
      "hosttech_token": "access_token"
    }
  },
  {
    "name": "Add a CNAME record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "bla.foo.com",
      "record": "foo.com",
      "type": "CNAME",
      "ttl": 3600,
      "value": [
        "foo.foo.com"
      ],
      "hosttech_username": "foo",
      "hosttech_password": "bar"
    }
  },
  {
    "name": "Add a PTR record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.foo.com",
      "record": "foo.com",
      "type": "PTR",
      "ttl": 3600,
      "value": [
        "foo.foo.com"
      ],
      "hosttech_token": "access_token"
    }
  },
  {
    "name": "Add an SPF record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "foo.com",
      "type": "SPF",
      "ttl": 3600,
      "value": [
        "v=spf1 a mx ~all"
      ],
      "hosttech_username": "foo",
      "hosttech_password": "bar"
    }
  },
  {
    "name": "Add a PTR record",
    "community.dns.hosttech_dns_record_set": {
      "state": "present",
      "zone_name": "foo.com",
      "record": "foo.com",
      "type": "PTR",
      "ttl": 3600,
      "value": [
        "10 100 3333 service.foo.com"
      ],
      "hosttech_token": "access_token"
    }
  }
]



 

Comments

Post a Comment

Popular posts from this blog

Sty -OPA - Rego : What is OPA

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   OPA is a general purpose policy engine . All these software that we see on the right at some point of time understands that it needs a policy decision.  So what it is does it cobles on whatever policy decision that it needs about as a policy query and hands that query over to OPA . And OPA makes the decision and returns into the service , it is the services responsibility to enforce that decision . It is OPA responsibility to make that decision. For example if that service was a kubernetes API server . Kubernetes will decide that some user is trying to create a new resource on it , POD or ingress lets say on the kubernetes cluster . Kubernetes would take that 100 or 500 line of code of JSON or YAMLthat describes the new resource the user trying to deploy on to the cluster and it will hand that entire JSON or YAML code to OPA - OPA
Read more

Sty -OPA - Rego : Comparing and Constructing Values

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  How to do some Equality Checks Equality Expressions : Array is above one , below is sets . Sets are sometimes surprising to people.     These two sets has got all the same element . The order in which they appear is Irrelevant and the number of times each of this appears is irrelevant.   There is another kind of Equality operator. The x in the first bracket , it finds x is not  the same as the one on the right and it assume x as variable and assigns the value 2 on the right to x on the left. Rego Build in Functions : Build in functions do a loads of comparisons and functions .
Read more

Sty -OPA - Rego : Basic Rego Rules

Image
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Boolean Rules & Evaluation OPA Policy Authorization : Through out we will be using API policy evaluation . This is very simple use case and a common use case.  Boolean Rules : Remember that every rule is an IF statement . When you are going to write an IF statement you are going to assign a value . Multiple Rules : In all of those rules we were thinking of them in Isolation . But with OPA you can goahead and write multiple rule and if you do that you will end up with writing a logical OR. Even though you can write multiple . What happens when non of the Rules Succeed. Then the value of that rule is undefined. But in some cases you do not want the default "undefined" result and - if non of the rules succeed. default is_read = false This is achieved by defining the result as - false This says that non of the value s
Read more