基本上我正在尝试遍历我的AWS安全组,以使用0.0.0.0/0查找任何CIDR。
这是我的示例JSON文件:
{
"SecurityGroups": [
{
"IpPermissionsEgress": [],
"Description": "AWS OpsWorks load balancer - do not change or delete",
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 80,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 80,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 443,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 443,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
}
],
"GroupName": "AWS-OpsWorks-LB-Server",
"OwnerId": "056146032236",
"GroupId": "sg-7dd13739"
},
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"PrefixListIds": [],
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": [],
"Ipv6Ranges": []
}
],
"Description": "SG for bastion hosts",
"Tags": [
{
"Value": "bastion-host-sg",
"Key": "Name"
}
],
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 80,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 80,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 1991,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 1991,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 8080,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 8080,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 1194,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 1194,
"IpProtocol": "udp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0"
}
]
},
{
"PrefixListIds": [],
"FromPort": 30,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": -1,
"IpProtocol": "icmp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 1194,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 1194,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 53,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 53,
"IpProtocol": "udp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 53,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 53,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 443,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 443,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
},
{
"PrefixListIds": [],
"FromPort": 8,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": -1,
"IpProtocol": "icmp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
}
],
"GroupName": "bastion-host-sg",
"VpcId": "vpc-effd0e8a",
"OwnerId": "056146032236",
"GroupId": "sg-0f60196a"
}
]
}
这是我正在尝试运行的命令,但收到错误:
$ cat sg-small.json | jq '.SecurityGroups[].IpPermissions[].IpRanges[] | map(select(any(.CidrIp == "0.0.0.0/0")))'
jq: error (at <stdin>:227): Cannot iterate over string ("0.0.0.0/0")
有关为何发生这种情况的任何想法。该方法似乎适用于非IP地址的其他事情。
答案 0 :(得分:0)
你的表达:
logging_collector只是一个CidrIp对象的流,所以这不是你想要的。
以下将选择符合标准的SecurityGroup:
.SecurityGroups[].IpPermissions[].IpRanges[]
这是否正是你想要的还不清楚,因为你还没有指明。请参阅http://stackoverflow.com/help/mcve
答案 1 :(得分:0)
您看到错误的原因
Cannot iterate over string ("0.0.0.0/0")
是因为您的数据是过滤器的第一部分
.SecurityGroups[].IpPermissions[].IpRanges[]
生成一系列对象
{
"CidrIp": "0.0.0.0/0"
}
...
过滤器的map部分迭代每个对象中的值,传递
"0.0.0.0/0"
到表达式select(any(.CidrIp == "0.0.0.0/0")),其中any尝试迭代字符串中的所有值,并因您观察到的错误而失败。
如果您只想查看上述{"CidrIp":...}个对象序列,则可以删除map和any:
.SecurityGroups[].IpPermissions[].IpRanges[]
| select(.CidrIp == "0.0.0.0/0")
如果您希望将这些对象收集到一个数组中,您可以删除any并将一些迭代移动到map中,例如。
.SecurityGroups
| map(.IpPermissions[].IpRanges[] | select(.CidrIp == "0.0.0.0/0"))
[
{
"CidrIp": "0.0.0.0/0"
},
....
如果用其定义替换map,则更容易看到结果数组的明确构造。由于map(f)定义为[ .[] | f ],因此上述过滤器与此相同:
.SecurityGroups
| [ .[] | .IpPermissions[].IpRanges[] | select(.CidrIp == "0.0.0.0/0") ]