Use variable in jq read query

2020-05-07 06:10发布

问题:

I have the following json file

cat permissions.json

{
  "foo1.bar1@email.com": [
    "projects/development/roles/superadmin",
    "compute.networkAdmin"
  ],
  "foo2.bar2@email.co": [
    "compute.networkAdmin"
  ]
}

Now I can do something like this quite well with jq

$ jq -r '.["foo1.bar1@email.com"]' permissions.json
[
  "projects/development/roles/superadmin",
   "compute.networkAdmin"
]

Now the email needs to come from a variable

So my for loop is such that

for USER in $(jq -r 'keys[]' permissions.json)
do
  echo ${USER}
  for ROLE in $(jq -r '.["$USER"][]' permissions.json)
  do
    echo "User ${USER} has role ${ROLE}"
  done
done

But when I run

./compare-permissions.sh
foo1.bar1@email.com
jq: error (at permissions.json:9): Cannot iterate over null (null)
foo2.bar2@email.co
jq: error (at permissions.json:9): Cannot iterate over null (null)

Ive tried sending the var as an --arg. Ive done something like this

USER=foo1.bar1@email.com
jq -r --arg USER "$USER" '.["$USER"][] | select(.[]==$USER)'  permissions.json

But the result is empty. So how can I use the email as a variable and extract the permissions out of it using jq ?

回答1:

Don't use string interpolation; pass the variable as an argument.

for user in $(jq -r 'keys[]' permissions.json)
do
  echo ${user}
  for role in $(jq --arg u "$user" -r '.[$u][]' permissions.json)
  do
    echo "User ${user} has role ${role}"
  done
done

Also, don't use for loops to iterate over the output of a command. Use a while loop and the read command.

while IFS= read -r user; do
  echo "$user"
  while IFS= read -r role; do
    echo "User $user has role $role"
  done < <(jq --arg u "$user" -r '.[$u][]' permissions.json
done < <(jq -r 'keys[]' permissions.json)  

However, you may not need a shell loop at all.

% jq -r 'keys[] as $user | .[$user][] | "User \($user) has role \(.)"' permissions.json
User foo1.bar1@email.com has role projects/development/roles/superadmin
User foo1.bar1@email.com has role compute.networkAdmin
User foo2.bar2@email.co has role compute.networkAdmin


回答2:

$USER won't be expanded since it's in single quotes. You can use arg:

#!/bin/bash                                                                                                                                                                                                        

for USER in $(jq -r 'keys[]' permissions.json)                                                                                                                                                                     
do                                                                                                                                                                                                                 
  echo ${USER}                                                                                                                                                                                                     
  for ROLE in $(jq --arg u "$USER" -r '.[$u][]' permissions.json)                                                                                                                                                  
  do                                                                                                                                                                                                               
    echo "User ${USER} has role ${ROLE}"                                                                                                                                                                           
  done                                                                                                                                                                                                             
done  

or to extract a permissions for one user:

USER=foo1.bar1@email.com                                                                                                                                                                                           
jq --arg USER "$USER" -r '.[$USER][]' permissions.json