使用 jq 过滤并保留原始 json 结构

Question

我有一个 json 结构，其中包含来自 kubectl 的注释列表 - jsonpath='{.spec.template.metadata.annotations}

{
  "kubectl.kubernetes.io/restartedAt": "2022-03-09T16:09:47-08:00",
  "sidecar.istio.io/proxyCPU": "100m",
  "sidecar.istio.io/proxyCPULimit": "2",
  "sidecar.istio.io/proxyMemory": "128Mi",
  "sidecar.istio.io/proxyMemoryLimit": "1Gi",
  "traffic.sidecar.istio.io/excludeOutboundPorts": "8200",
  "vault.hashicorp.com/agent-cache-enable": "true",
  "vault.hashicorp.com/agent-cache-use-auto-auth-token": "force",
  "vault.hashicorp.com/agent-init-first": "true",
  "vault.hashicorp.com/agent-inject": "true",
  "vault.hashicorp.com/ca-cert": "/run/secrets/kubernetes.io/serviceaccount/ca.crt",
  "vault.hashicorp.com/preserve-secret-case": "true",
  "vault.hashicorp.com/role": "my-role",
  "vault.hashicorp.com/secret-volume-path-a": "/var/path",
  "vault.hashicorp.com/secret-volume-path-b": "/var/path",
  "vault.hashicorp.com/secret-volume-path-c": "/var/path",
  "vault.hashicorp.com/secret-volume-path-d": "/var/path",
  "vault.hashicorp.com/secret-volume-path-e": "/var/path"
}

我希望使用 jq 只获取包含“vault”的键，所以输出应该是：

{
  "vault.hashicorp.com/agent-cache-enable": "true",
  "vault.hashicorp.com/agent-cache-use-auto-auth-token": "force",
  "vault.hashicorp.com/agent-init-first": "true",
  "vault.hashicorp.com/agent-inject": "true",
  "vault.hashicorp.com/ca-cert": "/run/secrets/kubernetes.io/serviceaccount/ca.crt",
  "vault.hashicorp.com/preserve-secret-case": "true",
  "vault.hashicorp.com/role": "my-role",
  "vault.hashicorp.com/secret-volume-path-a": "/var/path",
  "vault.hashicorp.com/secret-volume-path-b": "/var/path",
  "vault.hashicorp.com/secret-volume-path-c": "/var/path",
  "vault.hashicorp.com/secret-volume-path-d": "/var/path",
  "vault.hashicorp.com/secret-volume-path-e": "/var/path"
}

我试过使用类似

的东西

$ kubectl get deployment test -n test -o jsonpath='{.spec.template.metadata.annotations}' |jq '. | to_entries[] | select(.key | startswith("vault"))'

{
  "key": "vault.hashicorp.com/agent-cache-enable",
  "value": "true"
}
{
  "key": "vault.hashicorp.com/agent-cache-use-auto-auth-token",
  "value": "force"
}

但我不知道如何将该输出转换回原始 json 格式。

Answer 1

to_entries 将对象解构为 key-value 对数组。使用 map(…) 修改其项而不分解数组，并使用 from_entries 从修改后的数组重建原始对象：

… | jq 'to_entries | map(select(.key | startswith("vault"))) | from_entries'

或者使用 with_entries(…) 这是 to_entries | map(…) | from_entries 的内置快捷方式：

… | jq 'with_entries(select(.key | startswith("vault")))'

{
  "vault.hashicorp.com/agent-cache-enable": "true",
  "vault.hashicorp.com/agent-cache-use-auto-auth-token": "force",
  "vault.hashicorp.com/agent-init-first": "true",
  "vault.hashicorp.com/agent-inject": "true",
  "vault.hashicorp.com/ca-cert": "/run/secrets/kubernetes.io/serviceaccount/ca.crt",
  "vault.hashicorp.com/preserve-secret-case": "true",
  "vault.hashicorp.com/role": "my-role",
  "vault.hashicorp.com/secret-volume-path-a": "/var/path",
  "vault.hashicorp.com/secret-volume-path-b": "/var/path",
  "vault.hashicorp.com/secret-volume-path-c": "/var/path",
  "vault.hashicorp.com/secret-volume-path-d": "/var/path",
  "vault.hashicorp.com/secret-volume-path-e": "/var/path"
}

Demo

使用 jq 过滤并保留原始 json 结构

Using jq to filter and keep original json structure

json

jq