In ansible, how to update a value of a dict withing a loop into a list of dict - ansible

As i am stuck, i need some help. I want to update a value of a dict in a list of dict (ideally, i don't want to create another list)
Under an ansible playbook i have a variable declared:
- id: 'test1id'
name: 'test1name'
description: ''
- id: 'test2id'
name: 'test2name'
description: 'init'
- id: 'test3id'
name: 'test3name'
description: 'init3'
I have a task that loop into "a" should update the description.
- name: Update description in a
when: a is defined
a: "{{ item | combine({'description': new_description}) }}"
new_description: "{{ item.description + "test" + }}"
loop: a
Expected result:
- id: 'test1id'
name: 'test1name'
description: 'test test1id'
- id: 'test2id'
name: 'test2name'
description: 'init test test2id'
- id: 'test3id'
name: 'test3name'
description: 'init3 test test3id'
Actual result:
- id: 'test3id'
name: 'test3name'
description: 'init3 test test3id'
Looks like i'm missing something, i just have the last item. I also tried other format but that never give me the expected result.

What you've done is right.
There were some errors, but I think it was caused by a typo, like loop: "{{ a }}" and spaces around the word test here new_description: '{{ item.description + " test " + }}'.
If you run it in debug mode:
ok: [localhost] => (item={'id': 'test1id', 'name': 'test1name', 'description': ''}) => {
"ansible_facts": {
"a": {
"description": " test test1id",
"id": "test1id",
"name": "test1name"
"ansible_loop_var": "item",
"changed": false,
"item": {
"description": "",
"id": "test1id",
"name": "test1name"
ok: [localhost] => (item={'id': 'test2id', 'name': 'test2name', 'description': 'init'}) => {
"ansible_facts": {
"a": {
"description": "init test test2id",
"id": "test2id",
"name": "test2name"
"ansible_loop_var": "item",
"changed": false,
"item": {
"description": "init",
"id": "test2id",
"name": "test2name"
ok: [localhost] => (item={'id': 'test3id', 'name': 'test3name', 'description': 'init3'}) => {
"ansible_facts": {
"a": {
"description": "init3 test test3id",
"id": "test3id",
"name": "test3name"
"ansible_loop_var": "item",
"changed": false,
"item": {
"description": "init3",
"id": "test3id",
"name": "test3name"
You just need to read the values back from ansible_facts you set.
The result should be registered temporarily and then convert the results to the original format with the updated values.
- hosts: localhost
gather_facts: no
- id: 'test1id'
name: 'test1name'
description: ''
- id: 'test2id'
name: 'test2name'
description: 'init'
- id: 'test3id'
name: 'test3name'
description: 'init3'
- name: Update description in a
when: a is defined
a: "{{ item | combine({'description': new_description}) }}"
new_description: '{{ item.description + " test " + }}'
loop: "{{ a }}"
register: temporary_a
- name: Results
a: "{{ temporary_a.results | map(attribute='ansible_facts.a') | list }}"
- debug:
var: a
ok: [localhost] => {
"a": [
"description": " test test1id",
"id": "test1id",
"name": "test1name"
"description": "init test test2id",
"id": "test2id",
"name": "test2name"
"description": "init3 test test3id",
"id": "test3id",
"name": "test3name"


To collect backing_datastore from the vmware_guest_disk_info module output

I'm using the below tasks in the playbook to find the backing datastore in the vmware but I tried various options, which is not helping to gather the backing_datastore name, kindly suggest how to fetch:
- name: Take Snapshot
hosts: patching
serial: 1
- 1credentials.yml
- name: Gather data of the registered virtual machines
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
vm_type: vm
validate_certs: no
delegate_to: localhost
register: vminfo
- debug:
msg: "{{ item.datacenter }}"
loop: "{{ vminfo.virtual_machines}}"
when: item.ip_address == inventory_hostname
- name: Gather Disk facts for the server - {{ inventory_hostname }}
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
datacenter: "{{ item.datacenter }}"
uuid: "{{ item.uuid }}"
validate_certs: False
delegate_to: localhost
register: disk_fact
loop: "{{ vminfo.virtual_machines }}"
when: item.ip_address == inventory_hostname
- debug:
msg: "{{ item.backing_datastore }}"
loop: "{{ disk_fact }}"
The raw output of the registered variable disk_fact is mentioned below:
ok: [] => {
"msg": {
"changed": false,
"msg": "All items completed",
"results": [
"ansible_loop_var": "item",
"changed": false,
"item": {
"allocated": {},
"attributes": {},
"cluster": "Training",
"datacenter": "opendc-rookie",
"datastore_url": [
"name": "Rookie-Core",
"url": "/vmfs/volumes/60ebc5fb-2e22fef3-ec42-1402ec6fadc8"
"name": "ENV08",
"url": "/vmfs/volumes/60ebd414-4e6253d6-7e29-1402ec6fadc8"
"esxi_hostname": "",
"folder": "/opendc-rookie/vm/ENV08",
"guest_fullname": "Microsoft Windows 8.x (64-bit)",
"guest_name": "win1",
"ip_address": "",
"mac_address": [
"moid": "vm-968",
"power_state": "poweredOn",
"tags": [],
"uuid": "4201e3dd-0cf5-1027-7eaf-d2b8804761d9",
"vm_network": {
"00:50:56:81:2e:64": {
"ipv4": [
"ipv6": []
"skip_reason": "Conditional result was False",
"skipped": true
"ansible_loop_var": "item",
"changed": false,
"failed": false,
"guest_disk_info": {
"0": {
"backing_datastore": "ENV04",
"backing_disk_mode": "persistent",
"backing_diskmode": "persistent",
"backing_eagerlyscrub": false,
"backing_filename": "[ENV04] ansible_automation_platofrm_RHEL8/ansible_automation_platofrm_RHEL8-000005.vmdk",
"backing_thinprovisioned": false,
"backing_type": "FlatVer2",
"backing_uuid": "6000C294-c77a-56fa-180c-d17ac9693433",
"backing_writethrough": false,
"capacity_in_bytes": 25769803776,
"capacity_in_kb": 25165824,
"controller_bus_number": 0,
"controller_key": 1000,
"controller_type": "paravirtual",
"key": 2000,
"label": "Hard disk 1",
"summary": "25,165,824 KB",
"unit_number": 0
"invocation": {
"module_args": {
"datacenter": "opendc-rookie",
"folder": null,
"hostname": "",
"moid": null,
"name": null,
"port": 443,
"proxy_host": null,
"proxy_port": null,
"use_instance_uuid": false,
"username": "Administrator#vsphere.local",
"uuid": "42013f12-5142-2b83-1ce7-6c334958afd5",
"validate_certs": false
"item": {
"allocated": {},
"attributes": {},
"cluster": "Training",
"datacenter": "opendc-rookie",
"datastore_url": [
"name": "Rookie-Core",
"url": "/vmfs/volumes/60ebc5fb-2e22fef3-ec42-1402ec6fadc8"
"name": "ENV04",
"url": "/vmfs/volumes/60ebd318-7c586ef0-5838-1402ec6fadc8"
"esxi_hostname": "",
"folder": "/opendc-rookie/vm/Pugaz",
"guest_fullname": "Red Hat Enterprise Linux 8 (64-bit)",
"guest_name": "ansible_automation_platofrm_RHEL8",
"ip_address": "",
"mac_address": [
"moid": "vm-836",
"power_state": "poweredOn",
"tags": [],
"uuid": "42013f12-5142-2b83-1ce7-6c334958afd5",
"vm_network": {
"00:50:56:81:c6:e3": {
"ipv4": [
"ipv6": [
Kindly suggest how can I fetch the backing_datastore from the above mentioned output.
The result is a list because there might be more items with the attribute backing_datastore. For example,
backing_datastores: "{{ disk_fact.results|json_query(_query) }}"
_query: '[].guest_disk_info[].*.backing_datastore'
- - ENV04
If you want the first one
backing_datastore: "{{ backing_datastores|flatten|first }}"
backing_datastore: ENV04
If you want to iterate results
- debug:
msg: "{{ item.guest_disk_info['0'].backing_datastore }}"
loop: "{{ disk_fact.results }}"
label: "{{ item.item.ip_address }}"
when: not item.skipped|d(false)
gives the attribute backing_datastore of the disk "0"
TASK [debug] **************************************************
skipping: [localhost] => (item=
ok: [localhost] => (item= =>
msg: ENV04
If you want to get the list of attributes backing_datastore of all disks use json_query in the loop
- debug:
msg: "{{ item.guest_disk_info|json_query('*.backing_datastore') }}"
loop: "{{ disk_fact.results }}"
label: "{{ item.item.ip_address }}"
when: not item.skipped|d(false)
TASK [debug] **************************************************
skipping: [localhost] => (item=
ok: [localhost] => (item= =>
- ENV04
Example of a complete playbook for testing
- hosts: localhost
- disk_fact.json
backing_datastores: "{{ disk_fact.results|json_query(_query) }}"
_query: '[].guest_disk_info[].*.backing_datastore'
backing_datastore: "{{ backing_datastores|flatten|first }}"
- debug:
var: backing_datastores
- debug:
var: backing_datastore
- debug:
msg: "{{ item.guest_disk_info['0'].backing_datastore }}"
loop: "{{ disk_fact.results }}"
label: "{{ item.item.ip_address }}"
when: not item.skipped|d(false)

create k8s secrets by using nested ansible loops

I am trying to create k8s secrets with the storing username and secret in results module of ansible but i created one loop for the name and namespace section and i am trying to create one more loop from the json results output. but it was taking one secret for all the projects
- projectName: helm
- default
- core
- projectName: proxy
- default
- core
ok: [harbor_stg1_dkp1] => {
"robot_result": {
"changed": false,
"msg": "All items completed",
"results": [
"ansible_loop_var": "item",
"content_type": "application/json",
"cookies": {
"sid": "557b377ba2bbe3f054d68bd56b0e10ef"
"invocation": {
"module_args": {
"attributes": null,
"body": {
"description": "pull artifacts for helm",
"disable": true,
"duration": -1,
"level": "system",
"name": "helm-robot",
"permissions": [
"access": [
"action": "pull",
"resource": "repository"
"kind": "project",
"namespace": "helm"
"body_format": "json",
"headers": {
"Accept": "application/json",
"Authorization": "Basic ",
"Content-Type": "application/json"
"http_agent": "ansible-httpget",
"status_code": [
"timeout": 30,
"unix_socket": null,
"validate_certs": false
"item": {
"name": "helm-robot",
"projectName": "helm"
"json": {
"creation_time": "2022-03-21T10:05:49.248Z",
"expires_at": -1,
"id": 67,
"name": "robot#helm-robot",
"secret": "Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm"
"x_envoy_upstream_service_time": "18",
"x_request_id": "496faaa6-bdc4-4e83-890a-2c577576f16b"
"ansible_loop_var": "item",
"content_type": "application/json",
"cookies": {
"sid": "6275d7bfe74e71db0a3947f4beb1e159"
"cookies_string": "sid=6275d7bfe74e71db0a3947f4beb1e159",
"date": "Mon, 21 Mar 2022 10:05:56 GMT",
"elapsed": 1,
"failed": false,
"failed_when_result": false,
"invocation": {
"module_args": {
"attributes": null,
"body": {
"description": "pull artifacts for proxy",
"disable": true,
"duration": -1,
"level": "system",
"name": "proxy-robot",
"permissions": [
"access": [
"action": "pull",
"resource": "repository"
"kind": "project",
"namespace": "proxy"
"body_format": "json",
"group": null,
"headers": {
"Accept": "application/json",
"Authorization": "Basic ",
"Content-Type": "application/json"
"http_agent": "ansible-httpget",
"method": "POST"
"timeout": 30,
"unix_socket": null,
"validate_certs": false
"item": {
"name": "proxy-robot",
"projectName": "proxy"
"json": {
"creation_time": "2022-03-21T10:05:56.807Z",
"expires_at": -1,
"id": 68,
"name": "robot#proxy-robot",
"secret": "slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn"
"msg": "OK (144 bytes)",
"x_envoy_upstream_service_time": "15",
"x_request_id": "93478b05-897b-4df9-abb4-e07e03723af0"
- name: Create secrets
state: present
apiVersion: v1
kind: Secret
name: "{{ item.0.projectName }}"
namespace: "{{ item.1 }}"
password: "{{ project.secret }}"
username: "{{ }}"
type: Opaque
project: "{{ (robot_result.results | json_query('[*].json'))[ansible_loop.index0] }}"
loop: "{{ project_namespaces | subelements('Namespaces') }}"
extended: yes
label: "{{ item.0.projectName }}"
when i executing this task i was getting the output like
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: default, password: Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm, username: robot#helm-robot"
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: core, password: slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn, username: robot#proxy-robot"
fatal: [harbor_shiplab_stg1_dkp1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: {{ (robot_result.results | json_query('[*].json'))[ansible_loop.index0] }}: list object has no element 2\n\nThe error appears to be in '/home/ubuntu/konvoy/ansible/roles/harbor-gc/tasks/main.yml': line 47, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create secrets\n ^ here\n"}
but my requirement would be like this
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: default, password: Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm, username: robot#helm-robot"
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: core, password: Q8mjthgRJFmscjfmqW1QzXEyKjmLEPQm, username: robot#helm-robot"
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: default, password: slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn, username: robot#proxy-robot"
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: core, password: slPnm8Zkp0OGBLec6tTcPuPITgOU2PAn, username: robot#proxy-robot"
As i am new to this ansible i was not much understanding this loops.Any help or suggestions would be appreciated and Thank you
You have to link secret with projectName:
- name: link projectname and json
dico: "{{ dico | d({}) | combine({item.projectName: project[ansible_loop.index0]}) }}"
project: "{{ (robot_result.results | json_query('[*].json')) }}"
it: "{{ (robot_result.results | json_query('[*].item')) }}"
loop: "{{ it }}"
extended: yes
- debug:
msg: "name: {{ item.0.projectName }}, namespace: {{ item.1 }}, password: {{ dico[item.0.projectName].secret }}, username: {{ dico[item.0.projectName].username }}" #{{ ansible_loop.index0 }}"
project: "{{ (robot_result.results | json_query('[*].json')) }}"
loop: "{{ project_namespaces | subelements('Namespaces') }}"
label: "{{ item.0.projectName }}"
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: default, password: YzDDEtJcqYoBL2soZHfTqZxvhIfGKURT, username: robot#helm-robot"
ok: [localhost] => (item=helm) => {
"msg": "name: helm, namespace: core, password: YzDDEtJcqYoBL2soZHfTqZxvhIfGKURT, username: robot#helm-robot"
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: default, password: 7imXCVAGHV91AkeN7LAhWxQHabmYDRmg, username: robot#proxy-robot"
ok: [localhost] => (item=proxy) => {
"msg": "name: proxy, namespace: core, password: 7imXCVAGHV91AkeN7LAhWxQHabmYDRmg, username: robot#proxy-robot"

Locate string/integer not in list

Im pulling a list of VLANs from our IPAM via an API and I want to be able to locate an unused "vlanId" that isnt in the list. I was expecting that I could use with_items for the JSON content and then use the random function with an until loop and occasionally it will initially generate a number that doesnt exist in the list. Mostly it just gets stuck and doesnt generate a new random number when the one generated already exists.
- uri:
url: "#"
validate_certs: no
token: "{{ token }}"
method: GET
force_basic_auth: yes
return_content: yes
register: ipam
- set_fact:
value: "{{ 4094 | random(start=1) }}"
until: value not in item.vlanId
with_items: "{{ }}"
retries: 4093
- debug: msg="{{ value }}"
Relevant Output:
ok: [localhost] => (item={u'domainId': u'3', u'description': u'#', u'editDate': None, u'Customer ID': None, u'number': u'2241', u'vlanId': u'548', u'name': u'2241', u'Customer Name': None, u'custom_fields': None, u'Engineer': None}) => {
"ansible_facts": {
"value": "2727"
"ansible_facts_cacheable": false,
"attempts": 1,
"changed": false,
"item": {
"Customer ID": null,
"Customer Name": null,
"Engineer": null,
"custom_fields": null,
"description": "#",
"domainId": "3",
"editDate": null,
"name": "2241",
"number": "2241",
"vlanId": "548"
ok: [localhost] => (item={u'domainId': u'3', u'description': u'#', u'editDate': None, u'Customer ID': None, u'number': u'2242', u'vlanId': u'549', u'name': u'2242', u'Customer Name': None, u'custom_fields': None, u'Engineer': None}) => {
"ansible_facts": {
"value": "1955"
"ansible_facts_cacheable": false,
"attempts": 1,
"changed": false,
"item": {
"Customer ID": null,
"Customer Name": null,
"Engineer": null,
"custom_fields": null,
"description": "#",
"domainId": "3",
"editDate": null,
"name": "2242",
"number": "2242",
"vlanId": "549"
FAILED - RETRYING: set_fact (4000 retries left).Result was: {
"ansible_facts": {
"value": "50"
"ansible_facts_cacheable": false,
"attempts": 1,
"changed": false,
"retries": 4001
FAILED - RETRYING: set_fact (3999 retries left).Result was: {
"ansible_facts": {
"value": "50"
"ansible_facts_cacheable": false,
"attempts": 2,
"changed": false,
"retries": 4001
FAILED - RETRYING: set_fact (3998 retries left).Result was: {
"ansible_facts": {
"value": "50"
"ansible_facts_cacheable": false,
"attempts": 3,
"changed": false,
"retries": 4001
Im currently using ansible
If this is something that cant/shouldnt be done in Ansible, any guidance would be appreciated.
Here's what you want:
- debug:
msg: "{{ range(1, 4095) | difference(vlanIds) | random }}"
vlanIds: "{{ | map(attribute='vlanId') | list }}"
map(attribute=... - create a list of vlan IDs,
range - generate a sequence from 1 to 4094,
difference - select all the elements from the above. that are not on the vlanIds list,
random - select a random element from the above.
For strings (as the title suggests) replace range with a list of possible strings.

Create an AMI using ansible ec2_ami module and grab snapshot_id(s) from registered variable

I have the following playbook:
- hosts: localhost
connection: local
gather_facts: False
- name: Read Variables
file: variables.yml
- name: Create AMI
aws_access_key: "{{ ACCESS_KEY }}"
aws_secret_key: "{{ SECRET_KEY }}"
region: "{{ AWS_REGION }}"
delete_snapshot: yes
instance_id: "{{ ID_INSTANCE }}"
name: "{{ SUFFIX_BACKUP }}-{{ NAME_BACKUP }}"
wait: yes
description: "{{ DESCR }}"
project: project1
register: ami_data
Example content of "ami_data" variable:
"msg": {
"architecture": "x86_64",
"block_device_mapping": {
"/dev/sda1": {
"delete_on_termination": true,
"encrypted": false,
"size": 30,
"snapshot_id": "snap-0e95eac98734af1d1",
"volume_type": "gp2"
"changed": false,
"creationDate": "2017-12-13T17:02:47.000Z",
"description": "descripition",
"failed": false,
"hypervisor": "xen",
"image_id": "ami-XXXXXX",
"is_public": false,
"launch_permissions": {},
"location": "457841571138/MYAMINAME",
"msg": "AMI not updated",
"name": "MYAMINAME",
"ownerId": "XXXXXXXXXX",
"platform": null,
"root_device_name": "/dev/sda1",
"root_device_type": "ebs",
"state": "available",
"tags": {
"project": "project1",
"virtualization_type": "hvm"
And now I want to grab the "snapshot_id" that was registered on "ami_data" variable for every disk on it. I have tried the following debug tasks using "msg" to show the value(s) of "snapshot_id" but non of them worked. What I'm doing wrong?
- name: Show data
msg: "{{ ami_data.block_device_mapping[*].snapshot_id }}"
- name: Show data
msg: "{{ ami_data.block_device_mapping[/dev/sda1].snapshot_id }}"
- name: Show data
msg: "{{ ami_data.block_device_mapping./dev/sda1.snapshot_id }}"
- name: Show data
msg: "{{ ami_data.block_device_mapping.[*].snapshot_id }}"
This one works:
- name: Show data
msg: "{{ ami_data.block_device_mapping }}"
And give me the following:
ok: [localhost] => {
"msg": {
"/dev/sda1": {
"delete_on_termination": true,
"encrypted": false,
"size": 30,
"snapshot_id": "snap-0ea846d9aca82b51f",
"volume_type": "gp2"
Firstly, with the ami_data.block_device_mapping you have to iterate with the list and after search under the map with the key name of the element (snapshot_id in this case):
- debug:
msg: {{ item }}
with_items: "{{ ami_data.block_device_mapping|map(attribute='snapshot_id')|list}}"
You were really close. Use square brackets but use quotes to specify literals:
- name: Show data
msg: "{{ ami_data.block_device_mapping['/dev/sda1'].snapshot_id }}"
or using variables:
- name: Show data
msg: "{{ ami_data.block_device_mapping[item].snapshot_id }}"
with_items: "{{ ami_data.block_device_mapping }}"

Ansible remove blank lines from list

So I've got a playbook that retrieves the members of an AD group and gives me a list of their user IDs like this:
- name: Get group members
member: "{{ item }}"
register: members
- context: group_members
- Jira_Administrators_GG
- name: Get userids
userid: "{{ lookup('ldap', '{{ item.item }}', context='users') }}"
register: userids
with_items: "{{ members.results }}"
- name: Create list of userids
userid_list: "{{ userids.results | map(attribute='ansible_facts.userid') | list }}"
Trouble is I end up with a few blank lines in the resultant list:
- name: Show userids
msg: "{{ hostvars['localhost']['userid_list'] }}"
TASK [Show userids] **************************************
ok: [xxxxxxxxx01] => {
"msg": [
Does anyone know how to remove the blank lines from the list? I've had a look through and tried a couple like replace() and rejectattr() in between the map and list but for whatever reason I'm not getting it right.
EDIT - Some attempts that didn't work...
I'm clearly not getting the syntax right with this one:
- name: Create list of userids
userid_list: "{{ userids.results | rejectattr('ansible_facts.userid', 'equalto', '') | map(attribute='ansible_facts.userid') | list }}"
..because the output was:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TemplateRuntimeError: no test named ''
fatal: [localhost]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}
I then tried moving rejectattr() before map. This was better, it actually runs but doesn't seem to make any difference to the resultant list:
- name: Create list of userids
userid_list: "{{ userids.results | rejectattr('ansible_facts.userid', 'equalto', '') | map(attribute='ansible_facts.userid') | list }}"
I tried with reject() instead of rejectattr() like this:
- name: Create list of userids
userid_list: "{{ userids.results | reject('equalto', '') | map(attribute='ansible_facts.userid') | list }}"
...and like this:
- name: Create list of userids
userid_list: "{{ userids.results | map(attribute='ansible_facts.userid') | reject('equalto', '') | list }}"
I've tried a few permutations, I also tried comparing to '[]' instead of '' because my empty lines show like that in the resultant list. I guess I just don't understand how to apply the filters correctly.
EDIT - Variable contents
Now if I do
- debug:
var: userids
I get this (truncated to show 2 results that have userid populated and 1 with userid blank):
ok: [localhost] => {
"userids": {
"changed": false,
"msg": "All items completed",
"results": [
"_ansible_item_result": true,
"_ansible_no_log": false,
"ansible_facts": {
"userid": "xxxxxxxxx55"
"changed": false,
"item": {
"_ansible_item_result": true,
"_ansible_no_log": false,
"ansible_facts": {
"member": "CN=Liam Fitzpatrick,OU=My User OU,DC=my,DC=domain,DC=com"
"changed": false,
"item": "CN=Liam Fitzpatrick,OU=My User OU,DC=my,DC=domain,DC=com"
"_ansible_item_result": true,
"_ansible_no_log": false,
"ansible_facts": {
"userid": "xxxxxxxxx58"
"changed": false,
"item": {
"_ansible_item_result": true,
"_ansible_no_log": false,
"ansible_facts": {
"member": "CN=Mr Jones,OU=My User OU,DC=my,DC=domain,DC=com"
"changed": false,
"item": "CN=Mr Jones,OU=My User OU,DC=my,DC=domain,DC=com"
"_ansible_item_result": true,
"_ansible_no_log": false,
"ansible_facts": {
"userid": []
"changed": false,
"item": {
"_ansible_item_result": true,
"_ansible_no_log": false,
"ansible_facts": {
"member": "CN=Mr Smith,OU=My User OU,DC=my,DC=domain,DC=com"
"changed": false,
"item": "CN=Mr Smith,OU=My User OU,DC=my,DC=domain,DC=com"
You have a list of strings (e.g. "xxxxxxxxx63") and empty lists ([]) – not empty strings.
You can use Jinja2 select/reject filters, for example:
- name: Create list of userids
userid_list: "{{ userids.results | map(attribute='ansible_facts.userid') | select('string') | list }}"
P.S. and avoid nested curly brackets, use:
"{{ lookup('ldap', item.item, context='users') }}"
