CODEWITHSUNDEEP
ansibleyamlescaping
divij_o
divij_o

Reputation: 135

Escaping double quotes and braces inside Ansible variable

I'm trying to use Ansible's command module to run the following command:-

aws s3api put-bucket-encryption --bucket ovc-ov90test --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

Naturally, I want to pass in the flag values through playbook variables, and this is what I am using:

---
- name: Create s3 bucket
  hosts: localhost
  vars:
    bucket_name: ovc-ov90test
    encryption_rules: '{\"Rules\"\: [{\"ApplyServerSideEncryptionByDefault\"\: {\"SSEAlgorithm\"\: \"AES256\"}}]}'
  tasks:
    - name: Launch 
      block:
        - name: Encrypt the bucket
          command: 'aws s3api put-bucket-encryption --bucket {{ bucket_name }} --server-side-encryption-configuration {{ encryption_rules }}'

And this is my error:

TASK [Encrypt the bucket] *******************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["aws", "s3api", "put-bucket-encryption", "--bucket", "ovc-ov90test", "--server-side-encryption-configuration", "{\"Rules\":", "[{\"ApplyServerSideEncryptionByDefault\":", "{\"SSEAlgorithm\":", "\"AES256\"}}]}"], "delta": "0:00:00.648339", "end": "2021-02-11 11:56:49.423938", "msg": "non-zero return code", "rc": 252, "start": "2021-02-11 11:56:48.775599", "stderr": "\nusage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]\nTo see help text, you can run:\n\n  aws help\n  aws <command> help\n  aws <command> <subcommand> help\n\nUnknown options: {\"SSEAlgorithm\":, \"AES256\"}}]}, [{\"ApplyServerSideEncryptionByDefault\":", "stderr_lines": ["", "usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]", "To see help text, you can run:", "", "  aws help", "  aws <command> help", "  aws <command> <subcommand> help", "", "Unknown options: {\"SSEAlgorithm\":, \"AES256\"}}]}, [{\"ApplyServerSideEncryptionByDefault\":"], "stdout": "", "stdout_lines": []}

PLAY RECAP **********************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

I've also tried the following values for encryption_values(i. escaping double quotes AND both curly and square braces, and ii. escaping only double quotes and curly braces), but none work:

encryption_rules: '\{\"Rules\"\: \[\{\"ApplyServerSideEncryptionByDefault\"\: \{\"SSEAlgorithm\"\: \"AES256\"\}\}\]\}'
encryption_rules: '{\"Rules\"\: \[{\"ApplyServerSideEncryptionByDefault\"\: \{\"SSEAlgorithm\"\: \"AES256\"}}\]}'

Using {{ encryption_rules | quote }} inside the task after removing the single quotes from the encryption_rules variable doesn't work either. I'm guessing the solution is some combination of escaping the right characters but I can't figure out which. Any help would be appreciated!

PS: This runs correctly on the command line so IAM permissions are definitely not the problem.

Upvotes: 0

Views: 1077

Answers (1)

divij_o
divij_o

Reputation: 135

The key problem was (like @tinita pointed out here) the colon followed by a space : . I also ended up using the folded scalar in the command parameter to save myself the headache of unbalanced quotes. This works-

---
- name: Create s3 bucket
  hosts: localhost
  vars:
    bucket_name: ovc-ov90test
    encryption_rules: '{\"Rules\":\ [{\"ApplyServerSideEncryptionByDefault\":\ {\"SSEAlgorithm\":\ \"AES256\"}}]}'
  tasks:
    - name: Launch 
      block:
        - name: Encrypt the bucket
          command: >
            aws s3api put-bucket-encryption --bucket ovc-ov90test --server-side-encryption-configuration {{ encryption_rules }}

Upvotes: 2

Related Questions