LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Array Correlation Between 3 Different Loops using Bash (https://www.linuxquestions.org/questions/programming-9/array-correlation-between-3-different-loops-using-bash-4175642669/)

bluethundr 11-19-2018 02:10 PM
Array Correlation Between 3 Different Loops using Bash
 
I have 3 loops that I use to determine the permission level of AWS user accounts.

This array lists the AWS policy Effect:

Code:
      for ((policy_index=0;policy_index<${#aws_managed_policies[@]};++policy_index)); do
      aws_policy_arn="${aws_managed_policies[policy_index]}"
      aws_policy_version_id=$(aws iam get-policy --policy-arn "$aws_policy_arn" --profile="$aws_key" | jq -r '.Policy.DefaultVersionId')
      readarray -t aws_policy_effects < <( if aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement[].Effect' 2> /dev/null
      then
        true
      else
        aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement.Effect' 2> /dev/null
      fi )
    done
I get the effect of the policy with this loop (Allow/Deny):

Code:
    for ((effect_index=0;effect_index<${#aws_policy_effects[@]};++effect_index)); do
        policy_effect="${aws_policy_effects[effect_index]}"
        if [[ "$policy_effect" = "Allow" ]]; then
            aws_policy_effects[effect_index]='ALLOW'
            unset aws_policy_effects
        elif [[ "$policy_effect" = "Deny" ]]; then
            aws_policy_effects[effect_index]='DENY'
        fi
    done
And I get the list of services that the user has permission to with this loop:

Code:
    readarray -t aws_policy_actions < <(aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement[].Action' 2> /dev/null  | grep '*')

    if [[ "$aws_policy_effect" = "Allow" ]]; then
        for ((action_index=0;action_index<${#aws_policy_actions[@]};++action_index)); do
            policy_action="${aws_policy_actions[action_index]}"
            if [[ "$policy_action" = "^*$" ]]; then
                admin_access="YES"
            elif [[ -n "$policy_action" ]]; then
                policy_action=$(echo "$policy_action" | cut -d: -f1)
                admin_access="YES"
                aws_admin_services+=("$policy_action")
            else
                admin_access="NO"             
            fi       
        done  # action loop
    fi
I want the 3 loops to correspond.

I need the Policy Effect, set admin_access variable to YES or NO, and then build a list of services they have access to, and add them to the list of services in aws_admin_services.


How can I best achieve this? Do I need to embed the 3 loops within one another in order to have everything correspond?

BW-userx 11-20-2018 07:05 AM
associative arrays and 2d arrays, and 3d arrays.


All times are GMT -5. The time now is 11:05 PM.