C#解析天蓝色策略规则json以创建树

时间:2019-06-12 16:25:34

标签: c# json azure azure-policy

我想通过转到每个根级别将使用Newtonsoft.Json.Linq的JSON解析为树格式。

我面临的实际问题是allOf内部的内容没有被打印出来,并且在JObject中它的InvalidCast异常。我需要帮助来打印控制台应用程序中的所有父元素和子元素。

这是JSON:

{
  "properties": {
    "displayName": "Audit if Key Vault has no virtual network rules",
    "policyType": "Custom",
    "mode": "Indexed",
    "description": "Audits Key Vault vaults if they do not have virtual network service endpoints set up. More information on virtual network service endpoints in Key Vault is available here: _https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview-vnet-service-endpoints",
    "metadata": {
      "category": "Key Vault",
      "createdBy": "",
      "createdOn": "",
      "updatedBy": "",
      "updatedOn": ""
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault/vaults"
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id",
                "exists": "false"
              },
              {
                "field": "Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id",
                "notLike": "*"
              },
              {
                "field": "Microsoft.KeyVault/vaults/networkAcls.defaultAction",
                "equals": "Allow"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "audit"
      }
    }
  },
  "id": "/subscriptions/xxxxxx/providers/Microsoft.Authorization/policyDefinitions/wkpolicydef",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "xyz"
}

我的代码:

static JmesPath jmes = new JmesPath();
static void Main(string[] args)
    {
        string policyStr = "JSON GIVEN IN THE DESCRIPTION";
        string str = jmes.Transform(policyStr, "properties.policyRule.if");
        Convert(str);
    }

    public static void Convert(string json)
    {
        dynamic myObj = JsonConvert.DeserializeObject(json);
        PrintObject(myObj, 0);

        Console.ReadKey();
    }

    private static void PrintObject(JToken token, int depth)
    {
        if (token is JProperty)
        {
            var jProp = (JProperty)token;
            var spacer = string.Join("", Enumerable.Range(0, depth).Select(_ => "\t"));
            var val = jProp.Value is JValue ? ((JValue)jProp.Value).Value : "-";

            Console.WriteLine($"{spacer}{jProp.Name}  -> {val}");


            foreach (var child in jProp.Children())
            {
                PrintObject(child, depth + 1);
            }
        }
        else if (token is JObject)
        {
            foreach (var child in ((JObject)token).Children())
            {
                PrintObject(child, depth + 1);
            }
        }
    }

我已经安装了JMESPath.Net NuGet软件包。演示小提琴here

1 个答案:

答案 0 :(得分:2)

您的基本问题是,在PrintObject(JToken token, int depth)中,您不认为传入的tokenJArray的情况:

if (token is JProperty)
{
}
else if (token is JObject)
{
}
// Else JArray, JConstructor, ... ?

由于"allOf"的值是一个数组,因此您的代码不执行任何操作:

{
  "allOf": [ /* Contents omitted */ ]
}

一个最小的解决方法是检查JContainer而不是JObject,但是,这不能处理包含原始值的数组的情况,因此不能认为是正确的解决方法。 (演示小提琴#1 here。)

相反,在递归代码中,您需要处理JContainer的所有可能的子类,包括JObjectJArrayJProperty和(也许是)JConstructor。但是,具有两个层次结构的JObject与只有一个层次结构的JArray之间的不一致会使编写这种递归代码变得烦人。

一种以更清洁的方式处理数组和对象的可能解决方案是完全隐藏JProperty的存在,并表示对象是其子级按名称索引的容器,而数组是其子级以整数索引的容器。以下扩展方法可以完成这项工作:

public interface IJTokenWorker
{
    bool ProcessToken<TConvertible>(JContainer parent, TConvertible index, JToken current, int depth) where TConvertible : IConvertible;
}

public static partial class JsonExtensions
{
    public static void WalkTokens(this JToken root, IJTokenWorker worker, bool includeSelf = false)
    {
        if (worker == null)
            throw new ArgumentNullException();
        DoWalkTokens<int>(null, -1, root, worker, 0, includeSelf);
    }

    static void DoWalkTokens<TConvertible>(JContainer parent, TConvertible index, JToken current, IJTokenWorker worker, int depth, bool includeSelf) where TConvertible : IConvertible
    {
        if (current == null)
            return;
        if (includeSelf)
        {
            if (!worker.ProcessToken(parent, index, current, depth))
                return;
        }
        var currentAsContainer = current as JContainer;
        if (currentAsContainer != null)
        {
            IList<JToken> currentAsList = currentAsContainer; // JContainer implements IList<JToken> explicitly
            for (int i = 0; i < currentAsList.Count; i++)
            {
                var child = currentAsList[i];
                if (child is JProperty)
                {
                    DoWalkTokens(currentAsContainer, ((JProperty)child).Name, ((JProperty)child).Value, worker, depth+1, true);
                }
                else
                {
                    DoWalkTokens(currentAsContainer, i, child, worker, depth+1, true);
                }
            }
        }
    }
}

然后您的Convert()方法变为:

class JTokenPrinter : IJTokenWorker
{
    public bool ProcessToken<TConvertible>(JContainer parent, TConvertible index, JToken current, int depth) where TConvertible : IConvertible
    {
        var spacer = new String('\t', depth);
        string name;
        string val;

        if (parent != null && index is int)
            name = string.Format("[{0}]", index);
        else if (parent != null && index != null)
            name = index.ToString();
        else 
            name = "";

        if (current is JValue)
            val = ((JValue)current).ToString();
        else if (current is JConstructor)
            val = "new " + ((JConstructor)current).Name;
        else
            val = "-";

        Console.WriteLine(string.Format("{0}{1}   -> {2}", spacer, name, val));
        return true;
    }
}

public static void Convert(string json)
{
    var root = JsonConvert.DeserializeObject<JToken>(json);
    root.WalkTokens(new JTokenPrinter());
}

演示小提琴#2 here,其输出:

allOf   -> -
    [0]   -> -
        field   -> type
        equals   -> Microsoft.KeyVault/vaults
    [1]   -> -
        anyOf   -> -
            [0]   -> -
                field   -> Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id
                exists   -> false
            [1]   -> -
                field   -> Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id
                notLike   -> *
            [2]   -> -
                field   -> Microsoft.KeyVault/vaults/networkAcls.defaultAction
                equals   -> Allow

相关: