active directory - Is there a way to create a conditional statement in Ansible that will end the process when reading a string has finished?

Question

I created an ansible-playbook which aims to create a group on Active Directory. However, I encountered a problem when placing the new group in the active directory. This is because the path parameter belonging to community.windows.win_domain_group divides the domain into CN, OU and DC. For example, I want to create a new group with the name "WindowsUser" which is placed in the domain controller "test.active.dir" and common name = "Users", as shown below:

Then, here is the ansible-playbook with the name creategroup.yaml that I created:

---
- hosts: brc.testlab.com
  gather_facts: no
  tasks: 
    - name: "Create Group"
      community.windows.win_domain_group:
        name: "{{group}}"
        scope: global
        path: "CN=Users, DC={{(domain).split('.')[0]}}, DC={{(domain).split('.')[1]}}, DC={{(domain).split('.')[2]}}"

Where the playbook is run with the following command:

ansible-playbook -i hosts creategroup.yaml -e group=windowsUser -e domain=test.active.dir

Based on the existing ansible playbook, I managed to put the 'WindowsUser' group into CN = Users, DC = test, DC = active, DC = dir. However, if there is a domain controller with a division of more than / less than 3 DCs (for example domain = msg.test.active.dir or domain = active.dir) then the ansible playbook above will fail. Is there some way to create a conditional statement that will certainly stop the process of placing the string on the DC when the reading of the string domain has ended? I've tried adding the following command to yaml but the results still fail:

---
- hosts: brc.testlab.com
  gather_facts: no
  tasks: 
    - name: "Create Group"
      community.windows.win_domain_group:
        name: "{{group}}"
        scope: global
        path: "CN=Users, DC={{(domain).split('.')[0]}}, DC={{(domain).split('.')[1]}}, DC={{(domain).split('.')[2]}}, DC={{(domain).split('.')[3]|default()}}"

And here's the result:

Any answer would be very helpful, Thanks.

question from:https://stackoverflow.com/questions/66056585/is-there-a-way-to-create-a-conditional-statement-in-ansible-that-will-end-the-pr

Answer 1

Since the divisions in the domain can be different, it would be good to store the divisions in a variable, and then join them when specifying in the path.

I am using a debug message to show the output, but you can specify it to the path of win_domain_group module.

Example:

vars:
  group: WindowsUser
  domain: msg.test.active.dir

tasks:
- name: split the domain and save as variable
  set_fact:
    domain_split: "{{ domain.split('.') }}"
- name: show group in domain
  debug:
    msg: "CN={{ group }},DC={{ domain_split|join(',DC=') }}"

Now CN={{ group }} will be suffixed by the number of divisions in the domain name. So it will work for test.active.dir as well as active.dir. For the above example, it will be:

"msg": "CN=WindowsUser,DC=msg,DC=test,DC=active,DC=dir"