Help with if/elseif/else

Carl-Holzhauer · 2025-06-16T17:09:51.400Z

I’m struggling with if/elseif/else within a foreach loop. The basic idea of the script is to check to see if SSH is enabled on clusters, and if it is, tell me about it. If it’s not enabled, things are good, nothing to do. There are some clusters that are with the implementations team and I don’t care about them… they’re not under my purview yet. I connect to the API, get a list of clusters, then run a “check firewall” script against them. The output of that script is saved to a text file. I then use “select-string” to look for a specific text string…depending on what I find, I do “something”.

The problem I have is that while the first “if” statement works exactly as I’d expect, whatever I put for the second “elseif” takes over…all clusters are either compliant or not compliant. Script is below (I’ve generalized a few things for privacy)

#Variables.  Edit these to fit the environment
#Set the path to the script
$path="C:\"

#Who is the email being sent to?
$email=""

#Which email server should be used to send email?
$emailserver=""

#Set the directory to store the transcripts in
$transcript="C:\Transcripts" 

#Get a list of clusters still with the Implementation team so we don't check them for compliance
$implementations= @(Get-Content -Path 'C:\Implementationclusters.txt')

### Run the script ####
#Change to the script directory
cd $path

#Clean up the results from last time
Remove-item $transcript\*.txt

# Source the API
. ./api.ps1

#Connect to the API
apiauth

#Get a list of all of the current clusters
$clusters =@(Clusters | select -Property name)

#Page through the clusters, one at a time and run the firewall tool script against them
 foreach ($cluster in $clusters.name) {
    #Start the transcript
        Start-Transcript -Path $transcript\$cluster.txt
   C:\firewalltool.ps1 -vip site.com -profileName ssh -clusterName $cluster  
#Stop the transcript
        Stop-Transcript

}
 #Examine the results files. 
  foreach ($cluster in $clusters.name) {   
        
     if ($implementations -contains $cluster) {
             Write-Host "$cluster is with Implementations team" 
 } 
 elseif (
     Select-String -path $transcript\*.txt -Pattern 'allow' -simplematch ) 
         {Write-Host "$cluster is not compliant!" -ForegroundColor White -BackgroundColor Red
 }          
 elseif (Select-String -path $transcript\*.txt -Pattern 'All IP Addresses(*) (deny)' -simplematch ) 
         {Write-Host "$cluster is compliant!" 
 }    
 else {Write-Host "$cluster is not compliant" 
 }
 
 }

Neally · 2025-06-16T17:30:31.020Z

Hm do those ‘Select-String’ cmdlets actually return what you expect them to if you test them individually?

Carl-Holzhauer · 2025-06-16T17:36:57.151Z

They do. Exactly. They just seem to fall apart when I put them in the loop

adminofthings · 2025-06-16T17:58:04.655Z

If there are multiple .txt files in the $transcript directory when this runs, you only need one file to contain “Allow” for that elseif block to always be true regardless of the cluster name. You will need to parse out the data that corresponds to the current cluster or write your files to be one file per cluster.

Neally · 2025-06-16T17:58:38.679Z

I mean if ANY of the text files ($transcript\*.txt) in the transcript folder have ‘allow’ in them it would match and stop evaluating.

Carl-Holzhauer · 2025-06-16T18:27:36.293Z

I do have one file per cluster…that file only contains the results for that cluster, it does not contain results for any other cluster.

Carl-Holzhauer · 2025-06-16T18:28:16.341Z

I for sure have one in there with “allow” in it as a test case. How would I deal with that?

Neally · 2025-06-16T18:42:33.484Z

As AdminOfThings suggested, you can try to create one file per cluster and give the transcript the same name as the cluster (e.g. ‘transcript-cluster123.txt’) and then in your foreach, you just have it check the corresponding transcript, rather than ALL files in the folder.
Of if the transcript files have the cluster name inside, you can try to parse that out and then have it it check or clustername AND allow, or clustername AND deny, or whatever you are trying to match.

EDIT: added example
e.g.

Select-String -path "$transcript\$cluster.txt" -Pattern 'allow' -simplematch

Carl-Holzhauer · 2025-06-16T19:00:19.841Z

That’s what I have now…I have one text file per cluster and the text file is named $cluster.txt.

Neally · 2025-06-16T19:14:10.644Z

But you are checking ALL files in the folder

Select-String -path "$transcript\*.txt" -Pattern 'Allow' -simplematch

rather than the one that matches the cluster name

Select-String -path "$transcript\$cluster.txt" -Pattern 'Allow' -simplematch

Carl-Holzhauer · 2025-06-16T19:16:49.220Z

Ah, I see what you’re saying. I"ll try that

Carl-Holzhauer · 2025-06-17T11:54:07.962Z

That was exactly my issue. Thank you for the help, it was driving me nuts