1. 首頁
  2. 問答
  3. 從ACL策略在bash

從ACL策略在bash

2016-03-16 30 views
3

刪除AllUsers的我從AWS這樣從ACL策略在bash

{ 
    "Owner": { 
    "DisplayName": "2414218.aws", 
    "ID": "xxxxxxxx" 
    }, 
    "Grants": [ 
    { 
     "Grantee": { 
     "DisplayName": "2414218.aws", 
     "ID": "yyyyyyyyyy" 
     }, 
     "Permission": "FULL_CONTROL" 
    }, 
    { 
     "Grantee": { 
     "URI": "http://acs.amazonaws.com/groups/global/AllUsers" 
     }, 
     "Permission": "READ" 
    } 
    ] 
}

的迴應,我希望更新的文件,以便AllUsers的去除(獲取對象的ACL應該像下圖)

{ 
    "Owner": { 
    "DisplayName": "2414218.aws", 
    "ID": "xxxxxxxx" 
    }, 
    "Grants": [ 
    { 
     "Grantee": { 
     "DisplayName": "2414218.aws", 
     "ID": "yyyyyyyyyy" 
     }, 
     "Permission": "FULL_CONTROL" 
    } 
    ] 
}

我該怎麼做,不知道還有哪些受助者可用?我特別期待,當我看到http://acs.amazonaws.com/groups/global/AllUsers

我目前使用aws s3api get-object-acl --bucket mhe-deployments-prod --key $keyFile | jq '.'定位策略

來源

2016-03-16 ehime

回答

3

這裏是一個JQ過濾器除去專營其中將刪除所有的.Grants數組元素爲其.Grantee.URI是 「http://acs.amazonaws.com/groups/global/AllUsers」:

.Grants |= map(select(.Grantee.URI != "http://acs.amazonaws.com/groups/global/AllUsers"))

缺貨放:根據要求

來源

2016-03-16 20:10:04 peak

0

可能不是最好的,但是,這個工作

#!/usr/local/bin/bash 
# aws ~/.aws/credentials and s3cmd must be configured first with proper creds 

target='' 
for key in $(aws s3 ls s3://$target --recursive |awk '{print$4}') ; do 
    [ "${key: -1}" == "/" ] || { 
    award=$(aws s3api get-object-acl --bucket $target --key $key |jq '.Grants[].Grantee | .URI' |grep -v 'null' |grep AllUsers) 

    [ ! -z "${award}" ] && { 
     policy=$(aws s3api get-object-acl --bucket $target --key $key) 
     echo "$target: $key\n$policy\n\n" >> /tmp/policy-backup.json 
     echo -e "Working on: $key" 

     s3cmd setacl s3://$target/$key --acl-private ## s3cmd must be comfigured to your env 
    } 
    } 
done

來源

2016-03-16 19:44:56 ehime

2

您可以使用AWS CLI中內置的--query選項。是你不需要任何外部工具的好處:

aws s3api get-object-acl --bucket $BUCKET --key $KEY \ 
    --query "{Owner: Owners, \ 
      Grants: Grants[?Grantee.URI != 'http://acs.amazonaws.com/groups/global/AllUsers']}"

來源

2016-03-23 16:40:50 jamesls

+0

不錯的一個,這幾乎是我一直在尋找 – ehime

0

在這個問題中指定的補助金也可直接與del去除。例如

del(
    .Grants[] 
    | select(.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers") 
)

來源

2017-08-27 21:42:44 jq170727

相關問題

 相關問題