[SOLVED] identify elements of a bash array

bluethundr · 07-06-2018, 10:36 AM

I have a line in my bash script that pulls the AWS access keys and the dates they were created for a user.

Code:

aws iam list-access-keys --user-name $user_name --profile=prod  | jq -r '.AccessKeyMetadata[] | (.AccessKeyId, .CreateDate)')

It outputs the information like this:

Code:

    AKIAI6Q5EQ53GONANGBA
    2018-07-05T21:28:39Z
    AKIAICDOHVTMEAB6RM5Q
    2018-02-08T03:55:51Z

I tried creating an array and looping for the array:

Code:

   echo "User $user_name keys:"

   user_keys=( $(aws iam list-access-keys --user-name $user_name --profile=prod  | jq -r '.AccessKeyMetadata[] | (.AccessKeyId, .CreateDate)' '\n') )
   for i in "$user_keys"
   do 
     echo "$user_keys"
   done

But all that gets me is this output:

Code:

User my_aws_user keys:
AKIAI6Q5EQ53GONANGBA

I want to assign the output of that command to an array. And print out the key and time stamp on one line. And use the time stamp to determine if the user's key is older than 90 days.

If it is older than 90 days it will perform some additional functions, that I already have worked out. How can I achieve this?

Thanks

keefaz · 07-06-2018, 12:01 PM

You could use bash hash to store keys, timestamp as hash key, user key as value

something like

Code:

longCommand() {
    aws iam list-access-keys --user-name $1 --profile=kpmg-prod \
| jq -r '.AccessKeyMetadata[] | (.AccessKeyId, .CreateDate)' '\n'
}


declare -A user_keys

while read -r key timestamp; do
  user_keys[$timestamp]=$key
done < <( longCommand $user_name )

# iterate
for time in "${!user_keys[@]}"; do
  echo "time: $time, key: ${user_keys[$time]}"
done

bluethundr · 07-06-2018, 12:50 PM

Quote:

Originally Posted by keefaz

You could use bash hash to store keys, timestamp as hash key, user key as value

something like

Code:

longCommand() {
    aws iam list-access-keys --user-name $1 --profile=prod \
| jq -r '.AccessKeyMetadata[] | (.AccessKeyId, .CreateDate)' '\n'
}


declare -A user_keys

while read -r key timestamp; do
  user_keys[$timestamp]=$key
done < <( longCommand $user_name )

# iterate
for time in "${!user_keys[@]}"; do
  echo "time: $time, key: ${user_keys[$time]}"
done

Thanks! But when I run that exact code, I get this error:

Code:

jq: error: Could not open file \n: No such file or directory

How can I add a newline to a jq query?

keefaz · 07-06-2018, 01:16 PM

I don't know jq, I copied program parameters from your loop example.
I notice now that it's different from your first example though

Try changing the longFunction to:

Code:

longCommand() {
    aws iam list-access-keys --user-name $1 --profile=prod \
| jq -r '.AccessKeyMetadata[] | (.AccessKeyId, .CreateDate)'
}

bluethundr · 07-06-2018, 01:29 PM

Quote:

Originally Posted by keefaz

I don't know jq, I copied program parameters from your loop example.
I notice now that it's different from your first example though

Try changing the longFunction to:

Code:

longCommand() {
    aws iam list-access-keys --user-name $1 --profile=prod \
| jq -r '.AccessKeyMetadata[] | (.AccessKeyId, .CreateDate)'
}

Ok, no problem. I'll give that a shot. Thanks for your help!

bluethundr · 08-22-2018, 02:30 PM

Quote:

Originally Posted by bluethundr

Ok, no problem. I'll give that a shot. Thanks for your help!

That works! Thanks!

MadeInGermany · 08-23-2018, 04:19 PM

In your original post, replace

Code:

   for i in "$user_keys"
   do 
     echo "$user_keys"
   done

with

Code:

   for i in "${user_keys[@]}"
   do 
     echo "$i"
   done