无法使用 jq-string ("") 将 JSON 文件解析为 CSV，并且无法添加数组

Question

这里是 output.json：https://1drv.ms/u/s!AizscpxS0QM4hJo5SnYOHAcjng-jww

当我有多个服务时，我在 sts:AsumeRole.Principal.Service 部分有问题

Principal": {
                        "Service": [
                            "ssm.amazonaws.com", 
                            "ec2.amazonaws.com"
                        ]
                    }

在我下面的代码中，它是.Principal.Service 字段。 如果只有一项服务，没有问题

 "InstanceProfileList": [
            {
                "InstanceProfileId": "AIPAJMMLWIVZ2IXTOC3RO", 
                "Roles": [
                    {
                        "AssumeRolePolicyDocument": {
                            "Version": "2012-10-17", 
                            "Statement": [
                                {
                                    "Action": "sts:AssumeRole", 
                                    "Effect": "Allow", 
                                    "Principal": {
                                        "AWS": "*"
                                    }
                                }
                            ]
                        }, 
                        "RoleId": "AROAJPHJ4EDQG3G5ZQZT2", 
                        "CreateDate": "2017-04-04T23:46:47Z", 
                        "RoleName": "dev-instance-role", 
                        "Path": "/", 
                        "Arn": "arn:aws:iam::279052847476:role/dev-instance-role"
                    }
                ], 
                "CreateDate": "2017-04-04T23:46:47Z", 
                "InstanceProfileName": "bastionServerInstanceProfile", 
                "Path": "/", 
                "Arn": "arn:aws:iam::279052847476:instance-profile/bastionServerInstanceProfile"
            }
        ], 
        "RoleName": "dev-instance-role", 
        "Path": "/", 
        "AttachedManagedPolicies": [
            {
                "PolicyName": "dev-instance-role-policy", 
                "PolicyArn": "arn:aws:iam::279052847476:policy/dev-instance-role-policy"
            }
        ], 
        "RolePolicyList": [], 
        "Arn": "arn:aws:iam::279052847476:role/dev-instance-role"
    }, 
    {
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17", 
            "Statement": [
                {
                    "Action": "sts:AssumeRole", 
                    "Effect": "Allow", 
                    "Principal": {
                        "Service": [
                            "ssm.amazonaws.com", 
                            "ec2.amazonaws.com"
                        ]
                    }
                }
            ]
        }, 

如果只存在一项服务，则没有问题，但如果多于一项，则会出现错误string ("") and array (["ssm.amazonaws.com) cannot be added

如何在一行中获取 Principal.Service 的所有值。

我的代码：

jq -rc '.RoleDetailList 
  | map(select((.AssumeRolePolicyDocument.Statement | length > 0) and 
        (.AssumeRolePolicyDocument.Statement[].Principal.Service) or 
        (.AssumeRolePolicyDocument.Statement[].Principal.AWS) or 
        (.AssumeRolePolicyDocument.Statement[].Principal.Federated) or 
        (.AttachedManagedPolicies | length >0) or 
        (.RolePolicyList | length > 0)) )[] 
      | [.RoleName,
         ([.RolePolicyList[].PolicyName,
          ([.AttachedManagedPolicies[].PolicyName] | join("--"))] 
         | join(" ")),
       (.AssumeRolePolicyDocument.Statement[] 
        | .Principal.Federated + "" + .Principal.Service + ""+.Principal.AWS)] 
       | @csv' ./output.json

期望的输出：

"dev-instance-role","dev-instance-role-policy","ssm.amazonaws.com--ec2.amazonaws.com--*"

当前输出：

"dev-instance-role","dev-instance-role-policy","*"

Answer 1

.Principal.Service 似乎是一个字符串或字符串数​​组，因此您需要处理这两种情况。因此考虑：

def to_s: if type == "string" then . else join("--") end;

您可能希望使其更通用以使其更健壮或出于其他原因。

您可能还想简化 jq 过滤器，使其更易于理解和维护，例如通过使用 jq 变量。还要注意

.x.a + .x.b + x.c 

可以写成：

.x | (.a + .b + .c)

Answer 2

考虑添加额外的条件来检查.Principal.Service 是array 还是string 的类型：

jq -rc '.RoleDetailList 
        | map(select((.AssumeRolePolicyDocument.Statement | length > 0) and 
        (.AssumeRolePolicyDocument.Statement[].Principal.Service) or 
        (.AssumeRolePolicyDocument.Statement[].Principal.AWS) or 
        (.AssumeRolePolicyDocument.Statement[].Principal.Federated) or 
        (.AttachedManagedPolicies | length >0) or 
        (.RolePolicyList | length > 0)) )[] 
        | [.RoleName,
           ([.RolePolicyList[].PolicyName,
           ([.AttachedManagedPolicies[].PolicyName] | join("--"))] 
        | join(" ")),
         (.AssumeRolePolicyDocument.Statement[] 
        | .Principal.Federated + "" 
          + (.Principal.Service | if type == "array" then join("--") else . end) 
          + "" + .Principal.AWS)] 
       | @csv' ./output.json

输出：

"ADFS-Administrators","Administrator-Access ","arn:aws:iam::279052847476:saml-provider/companyADFS"
"ADFS-amtest-ro","pol-amtest-ro","arn:aws:iam::279052847476:saml-provider/companyADFS"
"adfs-host-role","pol-amtest-ro","ec2.amazonaws.com"
"aws-elasticbeanstalk-ec2-role","AWSElasticBeanstalkWebTier--AWSElasticBeanstalkMulticontainerDocker--AWSElasticBeanstalkWorkerTier","ec2.amazonaws.com"
"aws-elasticbeanstalk-service-role","AWSElasticBeanstalkEnhancedHealth--AWSElasticBeanstalkService","elasticbeanstalk.amazonaws.com"
"AWSAccCorpAdmin","AdministratorAccess","arn:aws:iam::279052847476:saml-provider/LastPass"
"AWScompanyCorpAdmin","AdministratorAccess","arn:aws:iam::279052847476:saml-provider/LastPass"
"AWScompanyCorpPowerUser","PowerUserAccess","arn:aws:iam::279052847476:saml-provider/LastPass"
"AWSServiceRoleForAutoScaling","AutoScalingServiceRolePolicy","autoscaling.amazonaws.com"
"AWSServiceRoleForElasticBeanstalk","AWSElasticBeanstalkServiceRolePolicy","elasticbeanstalk.amazonaws.com"
"AWSServiceRoleForElasticLoadBalancing","AWSElasticLoadBalancingServiceRolePolicy","elasticloadbalancing.amazonaws.com"
"AWSServiceRoleForOrganizations","AWSOrganizationsServiceTrustPolicy","organizations.amazonaws.com"
"AWSServiceRoleForRDS","AmazonRDSServiceRolePolicy","rds.amazonaws.com"
"Cloudyn","ReadOnlyAccess","arn:aws:iam::432263259397:root"
"DatadogAWSIntegrationRole","DatadogAWSIntegrationPolicy","arn:aws:iam::464622532012:root"
"datadog_alert_metrics_role","AWSLambdaBasicExecutionRole-66abe1f2-cee8-4a90-a026-061b24db1b02","lambda.amazonaws.com"
"dev-instance-role","dev-instance-role-policy","*"
"ec2ssmRole","AmazonEC2RoleforSSM","ssm.amazonaws.com--ec2.amazonaws.com"
"ecsInstanceRole","AmazonEC2ContainerServiceforEC2Role","ec2.amazonaws.com"
"ecsServiceRole","AmazonEC2ContainerServiceRole","ecs.amazonaws.com"
"flowlogsRole","oneClick_flowlogsRole_1495032428381 ","vpc-flow-logs.amazonaws.com"
"companyDevShutdownEC2Instaces","oneClick_lambda_basic_execution_1516271285849 ","lambda.amazonaws.com"
"companySAMLUser","AdministratorAccess","arn:aws:iam::279052847476:saml-provider/companyAzureAD"
"irole-matlabscheduler","pol-marketdata-rw","ec2.amazonaws.com"
"jira_role","","*"
"lambda-ec2-ami-role","lambda-ec2-ami-policy","lambda.amazonaws.com"
"lambda_api_gateway_twilio_processor","AWSLambdaBasicExecutionRole-f47a6b57-b716-4740-b2c6-a02fa6480153--AWSLambdaSNSPublishPolicyExecutionRole-d31a9f16-80e7-47c9-868a-f162396cccf6","lambda.amazonaws.com"
"lambda_stop_rundeck_instance","oneClick_lambda_basic_execution_1519651160794 ","lambda.amazonaws.com"
"OneLoginAdmin","AdministratorAccess","arn:aws:iam::279052847476:saml-provider/OneLoginAdmin"
"OneLoginDev","PowerUserAccess","arn:aws:iam::279052847476:saml-provider/OneLoginDev"
"rds-host-role","","ec2.amazonaws.com"
"rds-monitoring-role","AmazonRDSEnhancedMonitoringRole","monitoring.rds.amazonaws.com"
"role-amtest-ro","pol-amtest-ro","ec2.amazonaws.com"
"role-amtest-rw","pol-amtest-rw","ec2.amazonaws.com"
"Stackdriver","ReadOnlyAccess","arn:aws:iam::314658760392:root"
"vmimport","vmimport ","vmie.amazonaws.com"
"workspaces_DefaultRole","SkyLightServiceAccess ","workspaces.amazonaws.com"