Escape characters in AWK script within bash script

Question

This code works as expected outside of AWK

password_cmd="kubectl get secrets -o jsonpath=\'{.data.ssl-store-password}\' -n $namespace $password_secret"
echo $password_cmd
password=eval $password_cmd

output:

kubectl get secrets -o jsonpath=\'{.data.ssl-store-password}\' -n aircourier secret-aircourier-mq-password

When using it inside AWK I'm having problems escaping the quotes

First try

password_cmd="kubectl get secrets -o jsonpath=\'\''{.data.ssl-store-password}\'\'' -n $namespace $password_secret";

Output

awk: cmd. line:9: warning: escape sequence `\'' treated as plain `''

Second try

password_cmd='\''kubectl get secrets -o jsonpath=\'\''{.data.ssl-store-password}\'\'' -n $namespace $password_secret'\'';

Output

awk: cmd. line:9:       password_cmd='kubectl get secrets -o jsonpath=\'{.data.ssl-store-password}\' -n $namespace $password_secret';
awk: cmd. line:9:                    ^ invalid char ''' in expression

Full script so far

#!/bin/bash
kubectl get secrets --all-namespaces | grep jks > keystores.tmp


# create table headers in the file for manage engine
echo '<--table K8_jks_secrets starts-->' > table.out
echo 'Namespace , Secret Name, Expire Date, Days Remaining' >> table.out

# awk through each line in keystores.tmp that we created earier
awk '{
    #print $1, ", " $2, ", ";
    namespace=1;
    jks_secret=2;
    print $namespace, ", " $jks_secret, ", ";
    $password_secret=substr($2,1,length($2)-3)"password";
    print $password_secret

    password_cmd='\"'kubectl get secrets -o jsonpath=\'\''{.data.ssl-store-password}\'\'' -n $namespace $password_secret'\"';
    print $password_cmd ;

}' keystores.tmp >> table.out

echo '<--table K8_jks_secrets starts-->' >> table.out

Answer 1

Put your awk script in a separate file. Then you will not have to worry about how bash and awk quitting interact. Your awk command will become:

awk -f foo.awk keystores.tmp >> table.out

As far as I can tell, your script isn't using any bash variables, so that should do the trick!

Edit If you are actually wanting to run the password_cmd, you can use system or getline in your awk script.

Answer 2

I ended up using while read loop, probably not the best solution but it does what I need.

#!/bin/bash
#This script is triggered by Manage Engine and checks certificate expire dates of all K8 Pod jks secrets
# get all jks secrets in K8 and write them to a temp file that we can read through later

#suppress the warning generated from java keystore command
exec 2> /dev/null
#Warning:
#The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".



#run kubectl command to get all secrets that are jks 
kubectl get secrets --all-namespaces | grep jks > keystores.tmp


# create table headers in the file for manage engine
echo '<--table K8_jks_secrets starts-->' > cert_dates_table.out
echo 'Namespace , Secret Name, Expire Date, Days Remaining' >> cert_dates_table.out

# read through each line in keystores.tmp that we created earier
while read -r line; do

    #remove unneeded spaces from the line so that cut can use ' ' as delimiter
    new_line=$(echo $line | sed -e "s/  */ /g")
    #echo "$new_line"

    #namespace is the first field
    namespace=$(echo "$new_line" | cut -d ' ' -f 1)
    #echo $namespace

    #jks secret name is the second field
    jks_secret=$(echo "$new_line" | cut -d ' ' -f 2)
    #echo $jks_secret

    #The password secrect name is awlays the same as the jks secrect name but with "password" instead of "jks" on the end
    #trim the "jks" and add "password" instead
    password_secret=${jks_secret::-3}"password"
    #echo $password_secret

    #This command will extract and decode the password secret
    password_cmd="kubectl get secrets -o jsonpath=\'{.data.ssl-store-password}\' -n $namespace $password_secret | cut -c 2- | head -c -2 | base64 -d "
    #echo $password_cmd
    password=$(eval $password_cmd)
    #echo "password: "$password

    #this command will extract and decode the jks secret and store it in a file so that we can run the java keytool command on it later
    jks_cmd="kubectl get secrets -o jsonpath=\'{.data}\' -n $namespace $jks_secret | cut -d':' -f2 | cut -d']' -f1 | base64 -d "
    #echo $jks_cmd
    eval $jks_cmd > keystore.jks
    #echo $jks_base64

    #using keytool we read the jks and grep for all lines containing 'Valid from' as both valid from and expiry date is shown on the same line
    #output all the lines with Valid From and Expiry Dates into a temp file we will read later
    keytool_cmd="keytool -list -v -storepass "\'"$password"\'" -keystore keystore.jks | grep 'Valid from'"
    #echo $keytool_cmd 
    eval $keytool_cmd > dates.tmp
    #echo $keystore_readable

    #for each jks read through each date and output the fields into the manage Engine cert_dates_table.out
    while read -r date_line; do
        #cut the line to just include the Expirey date
        string_date=$(echo "$date_line" | cut -c 53-)
        #echo $string_date

        #convert the string date to a date
        cert_date=$(date -d ''"$string_date"'' +%s)
        #echo $cert_date

        #put the current system date into a variable
        system_date=$(date +%s)

        #calculate the differnace in days between today and the cert expire date
        day_left=$(( (cert_date - system_date) / 86400 ))
        #echo $day_left

        echo $namespace ","  $jks_secret ", " $string_date ", " $day_left >> cert_dates_table.out

    done < dates.tmp


done < keystores.tmp

#delete the tmp files created
rm -f dates.tmp
rm -f keystores.tmp
rm -f keystore.jks

#End the table for Manage Engine
echo '<--table K8_jks_secrets ends-->' >> cert_dates_table.out