1

你们中的任何人都可以帮我找出 CLI 命令 /JMESPATH 查询中的问题 - “什么不起作用?

下面给出的 PS JSON 输出是有效的,您可以使用输出在 JMESPATH.org 上测试其中的 JMESPATH 查询部分

什么有效?

1) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[]
2) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[].FromPort
3)aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[].IpProtocol

什么不工作?

1) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?IpProtocol=='tcp'].IpProtocol
2)aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?FromPort=='22'].FromPort

JSON 输出

{
    "SecurityGroups": [
        {
            "Description": "default VPC security group",
            "GroupName": "default",
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-06d7c8d3300000000",
                            "UserId": "400000000000"
                        }
                    ]
                }
            ],
            "OwnerId": "400000000000",
            "GroupId": "sg-06d7c000000000000",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "VpcId": "vpc-0d26c7ba200000000"
        },
        {
            "Description": "BastionSG",
            "GroupName": "BastionSG",
            "IpPermissions": [
                {
                    "FromPort": 22,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 22,
                    "UserIdGroupPairs": []
                }
            ],
            "OwnerId": "400000000000",
            "GroupId": "sg-0a26abc0a00000000",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
 "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "VpcId": "vpc-0d26c7ba200000000"
        }
    ]
}

预期/实际结果

aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?IpProtocol=='tcp'].IpProtocol

结果

预期 - tcp,实际 - 不返回结果

aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?FromPort=='22'].FromPort

结果

预期 - 22,实际 - 不返回结果

4

2 回答 2

1 
SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[] | [?IpProtocol=='tcp'].IpProtocol | [0]

SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[] | [?FromPort==`22`].FromPort | [0]

或者,为 bash 引用/调整:

'SecurityGroups[?GroupId==`"sg-0a26abc0a00000000"`].IpPermissions[] | [?IpProtocol==`"tcp"`].IpProtocol | [0]'

'SecurityGroups[?GroupId==`"sg-0a26abc0a00000000`"].IpPermissions[] | [?FromPort==`22`].FromPort | [0]'

您会注意到[]IpPermissions 末尾的 ,它使列表变平。如果您不这样做(或不这样做SecurityGroups[?GroupId=='sg-0a26abc0a00000000'][]),则过滤器将应用于列表的顶级,其中不存在 IpPermissions。

我不清楚为什么这是真的。这似乎是错误的,因为没有较早的过滤器,以后的过滤器将应用于子列表。

于 2019-01-03T19:07:18.830 回答
1

这是我尝试过并获得预期数据的那些。让我知道这是否适合您。

aws ec2 describe-security-groups --query 'SecurityGroups[?GroupId==`sg-xxxxxx`].[IpPermissions[?IpProtocol==`tcp`] | [0].IpProtocol]' --output text
//tcp
aws ec2 describe-security-groups --query 'SecurityGroups[?GroupId==`sg-xxxxxx`].[IpPermissions[?FromPort==`22`] | [0].FromPort]' --output text
//22

笔记 -

  1. 最好将您的查询用单引号括起来,以便 CLI 可以正确解析整个查询。
  2. 您可以使用反引号(`)填充条件。
于 2019-01-05T23:24:00.007 回答