Trying to determine if a value is part of a list

Question

I have a list of AWS arns that I am iterating through.

I am trying to catch if the arn is in a list:

user_name = 'bluethundr'
for policy_arn in policy_arn_list:
    print("Policy ARN: ", policy_arn)
    if policy_arn == ('pol-aws-secrets-manager-' + user_name):
        policy_exists = True
        print("Policy exists is true.")

But the if test is not catching the fact that the ARN already exists. Here is my output:

Policy ARN:  arn:aws:iam::849355752309:policy/pol-iam
Policy ARN:  arn:aws:iam::849355752309:policy/pol-rds
Policy ARN:  arn:aws:iam::849355752309:policy/pol-s3
Policy ARN:  arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-bluethundr

The ARN I am looking for is:

arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-bluethundr

I can verify that that ARN exists on the cli:

aws iam list-policies --scope Local --profile=jf-dev | jq -r '.Policies[].PolicyName' | grep bluethundr
pol-aws-secrets-manager-bluethundr

This is the contents of policy_arn_list:

['arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user2',
 'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user4',
 'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-bluethundr',
 'arn:aws:iam::849355752309:policy/pol-s3',
 'arn:aws:iam::849355752309:policy/pol-ec2',
 'arn:aws:iam::849355752309:policy/pol-rds',
 'arn:aws:iam::849355752309:policy/pol-iam',
 'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user1',
 'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user3']

What am I doing wrong? Why is the if test not seeing that the ARN I am looking for is already in the list?

Maybe a membership check rather than the check for equality helps.. — Austin, Apr 01 '19 at 18:16
What are the contents of policy_arn_list? You may want to use [`string.find()`](https://docs.python.org/3/library/stdtypes.html#str.find), instead of `==` — GreenMatt, Apr 01 '19 at 18:16
The contents of the policy_arn_list is in the output. I am iterating through them with policy_arn. — bluethundr, Apr 01 '19 at 18:18
I suggest to add the tag for amazon web service to the question, as your list is not a list of string but a list of AWS. May be relevant. — Valentino, Apr 01 '19 at 18:20
Based on your addition either my solution or John Gordon's should work. John's is a little more precise, while mine is more general. Just depends on what you want. — bart cubrich, Apr 01 '19 at 18:39

score 1 · Accepted Answer · answered Apr 01 '19 at 18:16

1

Can you try

if ('pol-aws-secrets-manager-' + user_name) in str(policy_arn):

seems to me 1) policy_arn may not be a string (can't tell), and 2) might have more characters than just ('pol-aws-secrets-manager-' + user_name). If either of these are the only problems then my solution should work.

answered Apr 01 '19 at 18:16

bart cubrich

1,184
1
14
41

If this works it is related to this post https://stackoverflow.com/questions/5319922/python-check-if-word-is-in-a-string – bart cubrich Apr 01 '19 at 18:18
Thank you. That worked! Some other good solutions here too that I will look into. Thank you for your input! – bluethundr Apr 01 '19 at 18:53
Since it worked you could try this if `('pol-aws-secrets-manager-' + user_name) in policy_arn:`, which would save you the string conversion. – bart cubrich Apr 01 '19 at 18:58

John Gordon · Answer 2 · 2019-04-01T18:30:38.960

1

The ARN I am looking for is:
arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-bluethundr

Your code is looking for pol-aws-secrets-manager-bluethundr, but the actual ARN value has extra stuff at the beginning, and you are checking for equality instead of a substring match.

Assuming the stuff at the beginning of the string is unimportant, you can try this:

if policy_arn.endswith('/pol-aws-secrets-manager-' + user_name):

edited Apr 01 '19 at 18:30

answered Apr 01 '19 at 18:22

John Gordon

29,573
7
33
58

Ok. How do I check for a substring match? – bluethundr Apr 01 '19 at 18:27

score 1 · Answer 3 · answered Apr 01 '19 at 18:39

It this case you could do by using the str method endswith() as shown below. For more complicated patterns, you might need to use the re regular expression module, but that doesn't seem necessary to handle something this simple.

policy_arn_list = ['arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user2',
                   'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user4',
                   'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-bluethundr',
                   'arn:aws:iam::849355752309:policy/pol-s3',
                   'arn:aws:iam::849355752309:policy/pol-ec2',
                   'arn:aws:iam::849355752309:policy/pol-rds',
                   'arn:aws:iam::849355752309:policy/pol-iam',
                   'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user1',
                   'arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user3']

user_name = 'bluethundr'
search_target = 'pol-aws-secrets-manager-' + user_name
for policy_arn in policy_arn_list:
    print("Policy ARN: ", policy_arn)
#    if policy_arn == ('pol-aws-secrets-manager-' + user_name):
    if policy_arn.endswith(search_target):
        policy_exists = True
        print("Policy exists is true.")

Output:

Policy ARN:  arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user2
Policy ARN:  arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user4
Policy ARN:  arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-bluethundr
Policy exists is true.
Policy ARN:  arn:aws:iam::849355752309:policy/pol-s3
Policy ARN:  arn:aws:iam::849355752309:policy/pol-ec2
Policy ARN:  arn:aws:iam::849355752309:policy/pol-rds
Policy ARN:  arn:aws:iam::849355752309:policy/pol-iam
Policy ARN:  arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user1
Policy ARN:  arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-user3

score 0 · Answer 4 · answered Apr 01 '19 at 18:21

0

Because arn:aws:iam::849355752309:policy/pol-aws-secrets-manager-bluethundr is not equal to pol-aws-secrets-manager-bluethundr

answered Apr 01 '19 at 18:21

ice1x

21
6

score 0 · Answer 5 · edited Apr 01 '19 at 19:33

Looks like policy_arn in policy_arn in policy_arn_list starts with arn:aws:iam::849355752309:policy/ I'd just tweak the concat syntax in the if statement to ensure right comparison. Below is the revised code.

user_name = 'bluethundr'
for policy_arn in policy_arn_list:
        print("Policy ARN: ", policy_arn)
        if policy_arn == ('arn:aws:iam::849355752309:policy/'+'pol-aws-secrets-manager-' + user_name):
            policy_exists = True
            print("Policy exists is true.")

Trying to determine if a value is part of a list

5 Answers5