Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Correlation Between 3 Different Loops using Bash

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Correlation Between 3 Different Loops using Bash
# 1  
Old 11-15-2018
Correlation Between 3 Different Loops using Bash
I have 3 loops that I use to determine the permission level of AWS user accounts.

This array lists the AWS policy ARN (Amazon Resource Name):

Code:
for ((policy_index=0;policy_index<${#aws_managed_policies[@]};++policy_index)); do
          aws_policy_arn="${aws_managed_policies[policy_index]}"
          aws_policy_version_id=$(aws iam get-policy --policy-arn "$aws_policy_arn" --profile="$aws_key" | jq -r '.Policy.DefaultVersionId')
          readarray -t aws_policy_effects < <( if aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement[].Effect' 2> /dev/null
          then
            true
          else
            aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement.Effect' 2> /dev/null
          fi )
        done

I get the effect of the policy with this loop (Allow/Deny):

Code:
 for ((effect_index=0;effect_index<${#aws_policy_effects[@]};++effect_index)); do
        policy_effect="${aws_policy_effects[effect_index]}"
        echo "BEFORE IF STATEMENT: This is the policy effect: $policy_effect"
        if [[ "$policy_effect" = "Allow" ]]; then
            aws_policy_effects[effect_index]='ALLOW'
            unset aws_policy_effects
        elif [[ "$policy_effect" = "Deny" ]]; then
            aws_policy_effects[effect_index]='DENY'
        fi 
    done

And I get the list of services that the user has permission to with this loop:

Code:
  readarray -t aws_policy_actions < <(aws iam get-policy-version --policy-arn "$aws_policy_arn" --version-id "$aws_policy_version_id" --profile="$aws_key" 2> /dev/null | jq -r '.PolicyVersion.Document.Statement[].Action' 2> /dev/null  | grep '*')
    if [[ "$aws_policy_effect" = "Allow" ]]; then
        for ((action_index=0;action_index<${#aws_policy_actions[@]};++action_index)); do
            policy_action="${aws_policy_actions[action_index]}"
            if [[ "$policy_action" = "^*$" ]]; then
                admin_access="YES"
            elif [[ -n "$policy_action" ]]; then
                policy_action=$(echo "$policy_action" | cut -d: -f1)
                admin_access="YES"
                aws_admin_services+=("$policy_action")
            else
                admin_access="NO"              
            fi         
        done   # action loop
    fi

I want the 3 loops to correspond.

I need the ARN, Effect and Policies loops to agree: ARN1 with Effect 1 and Policy 1, ARN 2 with effect 2 and Policy 2, and so on.

How can I best achieve this? Do the 3 elements correspond with one another the way it's written? Or do I need to nest the 3 loops inside one another to do that?
Last edited by bluethundr; 11-15-2018 at 05:28 PM.. Reason: correcting duplicate code
# 2  
Old 11-15-2018
I think you accidentally posted the same code twice.

Anyway, we have no idea where aws_policy_effects, etc came from, so we cannot possibly say what order they're in.

Also, you can shrink that loop a lot:

Code:
STR=""
for X in "${aws_policy_effects[@]}"
do
        [[ "$X" == "Deny" ]] && STR="$STR DENY" || STR="$STR ALLOW"
done
aws_policy_effects=( $STR ) # Do not quote, splitting is intentional

...but it might have been easier to just pipe the data through tr 'a-z' 'A-Z' in the first place.

I'm sure that last block of code could be shrank too.

Probably all of it could use a good looking over and rewriting.
This User Gave Thanks to Corona688 For This Post:
bluethundr
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Bash: How to use read with conditions & loops

Hello, Below I try to control that the input is good an IP : #!/bin/bash cp /home/scripts/choice_interfaces.txt /home/scripts/interfaces.txt chmod 644 /home/scripts/interfaces.txt echo -e "Please enter the network informations into the /etc/network/interfaces file, complete them below... (9 Replies)
Discussion started by: Arnaudh78
9 Replies

2. Shell Programming and Scripting

Pipe 2 bash loops together

What is the proper way to run two bash loops in the same command? The two below loops run separately, the problem is when I pipe them I get an error that the file used for the second loop does not exist. I am not sure how to wait for the first loop to complete and then start the second. Thank... (10 Replies)
Discussion started by: cmccabe
10 Replies

3. Shell Programming and Scripting

bash loops

hello i'm writing a script and I want to use a for loop inside a while loop as following: while read line; do echo $line for i in $vrm; do echo $i done done < './contacts' when i use just the while loop it prints the lines from file ./contacts just... (13 Replies)
Discussion started by: vlm
13 Replies

4. Shell Programming and Scripting

while loops and variables under bash

Hi, This is probably going to be very simple but i came across something i can't quite explain. Here is the situation: i have a list of files, which i'd like to process one by one (get the size, make some tests, whatever) and generate some statistics using different variables. Something... (5 Replies)
Discussion started by: m69w
5 Replies

5. Homework & Coursework Questions

Bash if and loops help

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: Your shell script should continue to execute until the user selects option 4 2. Relevant commands, code,... (2 Replies)
Discussion started by: boyboy1212
2 Replies

6. UNIX for Dummies Questions & Answers

Bash loops and variable scope

Hi All, I've been researching this problem and I am pretty sure that the issue is related to the while loop and the piping. There are plenty of other threads about this issue that recommend removing the pipe and using redirection. However, I haven't been able to get it working using the ssh and... (1 Reply)
Discussion started by: 1skydive
1 Replies

7. UNIX for Dummies Questions & Answers

A copy paste problem with loops in bash

Hello All, i have a really strange copy paste problem. When I write some loops in an editor for example: for j in 1 2 3 do echo "$j" done and I want to paste it to the shell, the result in the shell is: for j in 1 2 3; do e; other commands work fine and if a copy paste... (4 Replies)
Discussion started by: creamcheese
4 Replies

8. Shell Programming and Scripting

bash scripting: using multiple 'for loops'??

Hey guys, I'm kinda a noob at scripting. I am trying to create a script that uses multiple for loops with the lsiutility to monitor disk health on a system. The script runs, but it will continually echo an infinite number of LogVolumes when there are only 2 per virtual disk on my server. It's... (2 Replies)
Discussion started by: tank126
2 Replies

9. Shell Programming and Scripting

[bash] IF is eating my loops

Hi! Could someone explain me why the below code is printing the contents of IF block 5 times instead of 0? #!/bin/bash VAR1="something" VAR2="something" for((i=0;i<10;i++)) do if(($VAR1=~$VAR2)) then echo VAR1: $VAR1 echo... (3 Replies)
Discussion started by: machinogodzilla
3 Replies

10. Shell Programming and Scripting

arrays and while loops in bash

hi guys, i have an array called ARRAY which has elements in it... i am trying to assign elements of ARRAY to master_array.. i get a =: command not found error.. i=0 while do ${master_array}=${ARRAY} ((i++)) done is there something i am missing? (4 Replies)
Discussion started by: npatwardhan
4 Replies
Login or Register to Ask a Question