Given the list expired:
[
{
"cert": "help.abc.com.cer",
"certkey": "help.abc.com-key",
"daystoexpiration": 0,
"key": "help.abc.com.key"
},
{
"cert": "prod.abc.ca-2020.cer",
"certkey": "prod.abc.ca",
"daystoexpiration": 0,
"key": "prod.abc.ca-2020.key"
},
{
"cert": "ca-profile-service-prod.abc.com.cer",
"certkey": "ca-profile-service-prod-cert",
"daystoexpiration": 0,
"key": "ca-profile-service-prod.abc.com.key"
},
{
"cert": "eclosing.abc.com.cer",
"certkey": "eclosing-cert",
"daystoexpiration": 0,
"key": "eclosing.abc.com.key"
},
{
"cert": "merlin-ldp-stg.abc.com.cer",
"certkey": "merlin-ldp-stg.cert",
"daystoexpiration": 0,
"key": "merlin-ldp-stg.abc.com.key"
},
{
"cert": "stg-abc.services.cer",
"certkey": "stg-abc.services.cert",
"daystoexpiration": 0,
"key": "stg-abc.services.key"
},
{
"cert": "fintech-ap-stg.cer",
"certkey": "fintech-ap-stg-cer",
"daystoexpiration": 0,
"key": "fintech-ap-stg.key"
},
{
"cert": "docker.prod.abc.com_2021.cer",
"certkey": "docker.prod.abc.com",
"daystoexpiration": 0,
"key": "docker.prod.abc.com_2021.key"
},
{
"cert": "merlin-ldp.cert-2023",
"certkey": "merlin-ldp.cert-2023",
"daystoexpiration": 0,
"key": "merlin-ldp.cert-2023"
},
{
"cert": "abc-net-etc-2023",
"certkey": "abc-net-etc-2023",
"daystoexpiration": 0,
"key": "abc-net-etc-2023"
},
{
"cert": "ppc01.abc.com_2024.cer",
"certkey": "ppc01.abc-2024",
"daystoexpiration": 0,
"key": "ppc01.abc_2024.key"
}
]
And the list certkey_binding
[
{
"certkey": "help.abc.com-key",
"data": "1",
"servername": "dfw-xyz.help.abc.com-SSL_tcp443-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "prod.abc.ca",
"data": "1",
"servername": "cca-canada.dfw.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "ca-profile-service-prod-cert",
"data": "1",
"servername": "dfw-ca-profile-service-prod.abc.com_ssl_443_lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "eclosing-cert",
"data": "1",
"servername": "eclosing.dfw.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "merlin-ldp-stg.cert",
"data": "1",
"servername": "dfw.merlin-ldp-stg.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "stg-abc.services.cert",
"data": "1",
"servername": "stg-abc.services.abc.com-DFW-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "fintech-ap-stg-cer",
"data": "1",
"servername": "dfw-fintech-ap-stg.abc.com-HTTPS_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "docker.prod.abc.com",
"data": "1",
"servername": "dfw-thirdparty.docker.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "docker.prod.abc.com",
"data": "2",
"servername": "dfw-us.gcr.docker.abc.com-SSL_tcp443-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "docker.prod.abc.com",
"data": "3",
"servername": "dfw-elasticsearch.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "merlin-ldp.cert-2023",
"data": "1",
"servername": "merlin-ldp.merlin-ldp-DFW-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "abc-net-etc-2023",
"data": "1",
"servername": "abc-net-etc.dfw.prod.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
},
{
"certkey": "ppc01.abc-2024",
"data": "1",
"servername": "dfw-clho.abc.com-SSL_443tcp-lb",
"stateflag": "2",
"version": 2
}
]
I try to compare the given lists and reject any certkey in the list expired that is associated with server name in the list certkey_binding.
My Ansible playbook:
- hosts: citrix_adc
gather_facts: False
tasks:
- name: Filter expired certs with no binding
set_fact:
filtered_certs: "{{ expired | rejectattr('certkey','equalto',item.certkey) | list }}"
loop: "{{ certkey_binding }}"
- name: Write filtered certs into file
copy:
content: "{{ filtered_certs | to_nice_json }}"
dest: '/Users/abcdef/Downloads/Ansible_Automation/NS_Cert_Cleanup/Certkeys_To_Delete.json'
Ideally I am expecting that filtered_certs should be an empty list, as all of the certkeys have a server name associated with them. But, in the result, I am seeing all the certkeys from the list expired.
How can this be achieved?
