I am trying to get a list of certificates (let's say 100) from AWS Certificates Manager with their Domain Name, Expiry Data, Validation Status and Validation Method with the aws cli command aws acm describe-certificate.
I tried nesting filtering and --ouput text but the output is on two lines. I guess the reason is that ValidationStatus and ValidationMethod are second level in the json ouput after Certificate/DomainValidationOptions.
How would it be possible to get the text ouput in a single line?
Like
foo.bar.com 2022-06-18T23:59:59 00:00 FAILED DNS
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/describe-certificate.html
This is the --output text
$ aws acm describe-certificate --certificate-arn arn:aws:acm:region:aws-account_id:certificate/xxxx --query Certificate.[DomainName,NotAfter,DomainValidationOptions[].[ValidationStatus,ValidationMethod]] --output text
foo.bar.com 2022-06-18T23:59:59 00:00
FAILED DNS
This is the --output json (default output)
aws acm describe-certificate --certificate-arn arn:aws:acm:region:aws-account_id:certificate/xxxx --query Certificate.[DomainName,NotAfter,DomainValidationOptions[].[ValidationStatus,ValidationMethod]]
[
"foo.bar.com",
2022-06-18T23:59:59 00:00,
[
[
"FAILED",
"DNS"
]
]
]
CodePudding user response:
A way to achieve this is to flatten the array you are receiving from the AWS command, with the help of the JMESPath flatten operator — [] — in your query.
Having a query like this:
Certificate.[
DomainName,
NotAfter,
DomainValidationOptions[].[ValidationStatus, ValidationMethod]
][][]
Would give you, with one domain the JSON output
[
"www.example.com",
"2022-06-18T23:59:59 00:00",
"FAILED",
"DNS"
]
And end up on one line.
Now mind that, if you have more than one item in the DomainValidationOptions array, they will, then, all output on the same line, because you'll have one array with everything.
Example for two domains:
[
"www.example.com",
"2022-06-18T23:59:59 00:00",
"FAILED",
"DNS",
"FAILED",
"DNS"
]
See the DNS and ValidationStatus and ValidationMethod repeating for the two domains there?
What you might want to do, is to query the DomainName from the DomainValidationOptions, at least:
Certificate.[
NotAfter,
DomainValidationOptions[].[DomainName, ValidationStatus, ValidationMethod]
][][]
Which would still be on one line, but will get you the domain related to the validation:
[
"2022-06-18T23:59:59 00:00",
"www.example.com",
"FAILED",
"DNS",
"www.example.net",
"FAILED",
"DNS"
]
CodePudding user response:
Some progress was made using John's suggestion.
By using "InUseBy[0]" and not only "InUseBy", I managed to output the "InUseBy" on the first line; otherwise it would be on the second line.
Also using "DomainValidationOptions[0].ValidationStatus" instead of "DomainValidationOptions.ValidationStatus" outputs this on the 2nd line instead of 3rd.
Still, I would like
"RenewalSummary.[RenewalStatus,DomainValidationOptions[0].ValidationStatus]"
to be output on the first line too. I noticed RenewalSummary is an object ,{}, not an array, [].
"RenewalSummary": {
"RenewalStatus": "PENDING_VALIDATION",
"DomainValidationOptions": [
{
"DomainName": "foo.bar.com",
"ValidationDomain": "foo.bar.com",
"ValidationStatus": "PENDING_VALIDATION",
"ResourceRecord": {
"Name": "_9d77eed0XXX66.foo.bar.com.",
"Type": "CNAME",
"Value": "_a5XXXX3.tgztlnjmjp.acm-validations.aws."
},
"ValidationMethod": "DNS"
}
],
"UpdatedAt": "2022-06-24T11:16:34.617000 00:00"
},
aws acm describe-certificate --certificate-arn arn:aws:acm:region:aws-account_id:certificate/xxxx --query Certificate.[DomainName,Issuer,Status,FailureReason,NotAfter,InUseBy[0],RenewalSummary.[RenewalStatus,DomainValidationOptions[0].ValidationStatus]] --output text
This is how the output looks now:
foo.bar.com Amazon ISSUED None 2022-06-18T23:59:59 00:00 arn:aws:elasticloadbalancing:eu-west-1:aws_account_id:loadbalancer/app/alb_foo_bar/XXX
PENDING_VALIDATION PENDING_VALIDATION