0

I am writing a shell script for replacing a keyword in a json file with a dynamic value using shell.

123.json

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "AWS": [
            "arn:aws:iam::xxxxxx:role/role1",
            "arn:aws:iam::yyyyyy:role/role2"
          ]
        },
        "Action": "sts:AssumeRole",
        "Condition": {}
      }
    ]
  }

I am getting the values of role1 and role2 as the terraform variables in shell script

shell.sh file has

echo $role1
echo $role2

$ cat 123.json | sed -n '/role1/ s/role1/$role/ p' 
$ cat 123.json | sed -n '/role1/ s/role1/$role/ p'

But the role1 and role2 are not getting updated. Can someone help me out.

Improve this question
2
  • I don't get it - do you use a variable called role1, role2 or role? Commented Aug 15, 2021 at 16:31
  • @smac2020 role1 and role2 Commented Aug 15, 2021 at 18:02

1 Answer 1

Reset to default
1

Your sed command doesn't work because shell does not expand variables in single quotes. But sed is not a good tool for editing structured format such as JSON - jq is a better choice:

jq --argjson foo "\"$role1\"" '.Statement[].Principal.AWS[0] |= sub("role1$";$foo)' < 123.json
jq --argjson foo "\"$role2\"" '.Statement[].Principal.AWS[1] |= sub("role2$";$foo)' < 123.json

"\"$role2\"" creates a jq variable from shell variables with literal double quotes added at the beginning and at the end.

To save output back to file you need to use external utilities because jq doesn't have -i option that tools such as sed have. You can either use sponge which is a part of moreutils:

$ jq --argjson foo "\"$role1\"" '.Statement[].Principal.AWS[0] |= sub("role1$";$foo)' < 123.json | sponge 123.json
$ jq --argjson foo "\"$role2\"" '.Statement[].Principal.AWS[1] |= sub("role2$";$foo)' < 123.json | sponge 123.json

or manually write to a temporary file and move file in place of 123.json:

$ temp="$(mktemp)"
$ jq --argjson foo "\"$role1\"" '.Statement[].Principal.AWS[0] |= sub("role1$";$foo)' < 123.json  > "$temp"
$ mv "$temp" 123.json
$ temp="$(mktemp)"
$ jq --argjson foo "\"$role2\"" '.Statement[].Principal.AWS[1] |= sub("role2$";$foo)' < 123.json > "$temp"
$ mv "$temp" 123.json
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Can you try explaining what are u doing as part of it. jq --argjson foo "\"$role1\""
I ran the above command its updating the file but not saving it. Can you pls help.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.