I have the following json file
cat permissions.json
{
"foo1.bar1@email.com": [
"projects/development/roles/superadmin",
"compute.networkAdmin"
],
"foo2.bar2@email.co": [
"compute.networkAdmin"
]
}
Now I can do something like this quite well with jq
$ jq -r '.["foo1.bar1@email.com"]' permissions.json
[
"projects/development/roles/superadmin",
"compute.networkAdmin"
]
Now the email needs to come from a variable
So my for loop is such that
for USER in $(jq -r 'keys[]' permissions.json)
do
echo ${USER}
for ROLE in $(jq -r '.["$USER"][]' permissions.json)
do
echo "User ${USER} has role ${ROLE}"
done
done
But when I run
./compare-permissions.sh
foo1.bar1@email.com
jq: error (at permissions.json:9): Cannot iterate over null (null)
foo2.bar2@email.co
jq: error (at permissions.json:9): Cannot iterate over null (null)
Ive tried sending the var as an --arg
. Ive done something like this
USER=foo1.bar1@email.com
jq -r --arg USER "$USER" '.["$USER"][] | select(.[]==$USER)' permissions.json
But the result is empty. So how can I use the email as a variable and extract the permissions out of it using jq
?
Don't use string interpolation; pass the variable as an argument.
for user in $(jq -r 'keys[]' permissions.json)
do
echo ${user}
for role in $(jq --arg u "$user" -r '.[$u][]' permissions.json)
do
echo "User ${user} has role ${role}"
done
done
Also, don't use for loops to iterate over the output of a command. Use a while
loop and the read
command.
while IFS= read -r user; do
echo "$user"
while IFS= read -r role; do
echo "User $user has role $role"
done < <(jq --arg u "$user" -r '.[$u][]' permissions.json
done < <(jq -r 'keys[]' permissions.json)
However, you may not need a shell loop at all.
% jq -r 'keys[] as $user | .[$user][] | "User \($user) has role \(.)"' permissions.json
User foo1.bar1@email.com has role projects/development/roles/superadmin
User foo1.bar1@email.com has role compute.networkAdmin
User foo2.bar2@email.co has role compute.networkAdmin
$USER
won't be expanded since it's in single quotes. You can use arg:
#!/bin/bash
for USER in $(jq -r 'keys[]' permissions.json)
do
echo ${USER}
for ROLE in $(jq --arg u "$USER" -r '.[$u][]' permissions.json)
do
echo "User ${USER} has role ${ROLE}"
done
done
or to extract a permissions for one user:
USER=foo1.bar1@email.com
jq --arg USER "$USER" -r '.[$USER][]' permissions.json