Array Correlation Between 3 Different Loops using Bash

bluethundr · 11-19-2018, 02:10 PM

I have 3 loops that I use to determine the permission level of AWS user accounts.

This array lists the AWS policy Effect:

Code:

      for ((policy_index=0;policy_index<${#aws_managed_policies[@]};++policy_index)); do
      aws_policy_arn="${aws_managed_policies[policy_index]}"
      aws_policy_version_id=$(aws iam get-policy --policy-arn "$aws_policy_arn" --profile="$aws_key" | jq -r '.Policy.DefaultVersionId')
      readarray -t aws_policy_effects < <( if aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement[].Effect' 2> /dev/null
      then
        true
      else
        aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement.Effect' 2> /dev/null
      fi )
    done

I get the effect of the policy with this loop (Allow/Deny):

Code:

    for ((effect_index=0;effect_index<${#aws_policy_effects[@]};++effect_index)); do
        policy_effect="${aws_policy_effects[effect_index]}"
        if [[ "$policy_effect" = "Allow" ]]; then
            aws_policy_effects[effect_index]='ALLOW'
            unset aws_policy_effects
        elif [[ "$policy_effect" = "Deny" ]]; then
            aws_policy_effects[effect_index]='DENY'
        fi 
    done

And I get the list of services that the user has permission to with this loop:

Code:

    readarray -t aws_policy_actions < <(aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement[].Action' 2> /dev/null  | grep '*')

    if [[ "$aws_policy_effect" = "Allow" ]]; then
        for ((action_index=0;action_index<${#aws_policy_actions[@]};++action_index)); do
            policy_action="${aws_policy_actions[action_index]}"
            if [[ "$policy_action" = "^*$" ]]; then
                admin_access="YES"
            elif [[ -n "$policy_action" ]]; then
                policy_action=$(echo "$policy_action" | cut -d: -f1)
                admin_access="YES"
                aws_admin_services+=("$policy_action")
            else
                admin_access="NO"              
            fi         
        done   # action loop
    fi

I want the 3 loops to correspond.

I need the Policy Effect, set admin_access variable to YES or NO, and then build a list of services they have access to, and add them to the list of services in aws_admin_services.

How can I best achieve this? Do I need to embed the 3 loops within one another in order to have everything correspond?

BW-userx · 11-20-2018, 07:05 AM

associative arrays and 2d arrays, and 3d arrays.