如何解决使用 JmesPath 过滤 CloudTrail 日志
我正在编写一个 boto 脚本来使用 JmesPath 过滤掉 cloudtrail。
JmesPath 应该将输出作为存储桶的名称。我不确定什么应该是正确的语法。提前致谢。
logs = cloudtrail.create_trail(
Name='GoodTrail',S3BucketName='goodbucket3',)
print(logs)
path = jmespath.search('logs',{'S3BucketName': ''}})
print(path)
这就是 print(logs) 给出的:
{
"Name": "GoodTrail","S3BucketName": "goodbucket3","IncludeGlobalServiceEvents": true,"IsMultiRegionTrail": false,"TrailARN": "arn:aws:cloudtrail:us-east-1:XXXXXXXXXXX:trail/GoodTrail","LogFileValidationEnabled": false,"IsOrganizationTrail": false,"ResponseMetadata": {
"RequestId": "520fdfae-02ea-4695-857c-c47c7bcb00dd","HTTPStatusCode": 200,"HTTPHeaders": {
"x-amzn-requestid": "520fdfae-02ea-4695-857c-c47c7bcb00dd","content-type": "application/x-amz-json-1.1","content-length": "242","date": "Fri,18 Dec 2020 15:48:26 GMT"
},"RetryAttempts": 0
}
}
解决方法
这一行的三个主要问题:
path = jmespath.search('logs',{'S3BucketName': ''}})
- 当使用 JMESPath
search函数时,您必须将表达式作为第一个参数,将 JSON 文档作为第二个参数,当您在这里做相反的事情时。
来源:https://jmespath.org/specification.html#jmespath-specificationsearch(<jmespath expr>,<JSON document>) -> <return value>
所以你应该有:path = jmespath.search('some-search-experssion',some_variable) - 您正在将字符串
'logs'传递给search函数,而不是包含 JSON 文档本身的变量logs,因此它应该是path = jmespath.search('some-search-experssion',logs) - 要搜索像您这样的简单对象,您只需要立即引用该对象的键,因此您的搜索表达式应该是:
S3BucketNamepath = jmespath.search('S3BucketName',logs)
所以,连同脚本test.py:
import jmespath
logs = {
"Name": "GoodTrail","S3BucketName": "goodbucket3","IncludeGlobalServiceEvents": True,"IsMultiRegionTrail": False,"TrailARN": "arn:aws:cloudtrail:us-east-1:562922379100:trail/GoodTrail","LogFileValidationEnabled": False,"IsOrganizationTrail": False,"ResponseMetadata": {
"RequestId": "520fdfae-02ea-4695-857c-c47c7bcb00dd","HTTPStatusCode": 200,"HTTPHeaders": {
"x-amzn-requestid": "520fdfae-02ea-4695-857c-c47c7bcb00dd","content-type": "application/x-amz-json-1.1","content-length": "242","date": "Fri,18 Dec 2020 15:48:26 GMT"
},"RetryAttempts": 0
}
}
#print(logs)
path = jmespath.search('S3BucketName',logs)
print(path)
给出:
$ python3 test.py
goodbucket3
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
