Local script option provider about rundeck HOT 25 CLOSED

(by Moses Lei at 2011-05-27T13:10:01-07:00)

Noah, I don't see how allowing executions for options providers is any more prone to abuse than allowing executions for arbitrary other code, which is what jobs are. Can you elaborate?

from rundeck.

I just got stuck wanting this. I want to run a script that invokes consul and then jq to create options. This would be trivial if I could just specify a path to a script that install via ansible when rundeck is installed. But having to standup a webserver just for this....

from rundeck.

+1.
iaingblack solution really don't work for me.
Also, could the options come from the result of an execution of a job?
I set up a job "A" that outputs JSON to stdout.
I set up another job "B" with an option that references "A"'s output.
When configuring "B" execution, rundeck launches "A" to retrieve options.
Completely self-contained solution.
Regards

from rundeck.

(by Noah Campbell at 2011-05-27T12:39:39-07:00)

This was considered, but we concluded that the potential for abuse might out weight the benefit. By focusing on the URL as the primary interface, the need to operate another option for reading values is not needed (file:/// is a url).

from rundeck.

(by Noah Campbell at 2011-05-27T13:24:21-07:00)

You bring up a good point about the default configuration of RunDeck. For your proposed idea, would these local script options be run as the rundeck user or the user of the java process?

from rundeck.

(by Moses Lei at 2011-05-27T14:22:07-07:00)

I don't know of any installations where the user running the java process is not rundeck... what concerns do you have either way?

from rundeck.

Hello,
(regard to original post)
We have a similar need as well. We are looking at how to provide users an option to automatically update a JSON on the Rundeck server ( for instance a key/value mapping of server and service account associated with the server etc).
Currently, I either manually update a JSON on the Rundeck server running apache and provide the options URI to the users, but that is not very scalable.
We are planning to write a separate CGI self service tools for users to update the JSON on the server side with these key/value son to be used as option providers.

Would be nice if we can have that part of the project /job in Rundeck.

Cheers, Dharmendra

from rundeck.

+1

from rundeck.

+1 for this as well, would be a great addition

from rundeck.

+1

from rundeck.

+1

from rundeck.

I'm a little unusure if it's obvious that the file:/// style URL can work as a half-way house as no-one comments on it any further, so i'll just mention what I tested just in case (apologies if stupidly obvious to everyone!).

You can place a JSON file on the rundeck server and use that via the file:/// reference (ie file:/var/rundeck/projects/mytestproject/etc/test.json). Create a job on the rundeck server to execute a script to generate this file on your behalf every x minutes/hours and you have a semi-workable solution. Have a job in the project users can run to refresh the file and it becomes slightly self-service.

I know it's not scalable and not much of an improvement on hosting the JSON on a web service but it at least removes the pain of having a website to manage security on etc...

from rundeck.

+1 facing the same issue. It would be great to have scripted input options without need to create separate job for option file updates.

from rundeck.

+1

from rundeck.

+1. Surprised this feature doesn't exist (nor planned). If I can arbitrarily pull any file via a file:/ URL then I don't see a [new] security issue here. (Worst case just leave the feature disabled unless an admin enables it? Or force the scripts to all live in a specific folder specified in the Rundeck config?)

Seems like a huge effort to drag out a web service stack and try to keep it in sync with my Rundeck environment's needs...

from rundeck.

+1

from rundeck.

@sjrd218 @gschueler I see this ticket is marked as closed and part of the 3.0.14 milestone. I'm running 3.1.0-20190731 and don't see any way to specify a script for getting options. I've checked the documentation and don't see anything referencing this feature. Is there some flag that needs to be set to enable this feature?

from rundeck.

The documentation for this feature is here: https://docs.rundeck.com/docs/developer/option-values-plugins.html

from rundeck.

Thanks for the quick response pointing me in the right direction, that seems like a complex way to solve this. Think I'll stick to hard coding options for now.

from rundeck.

I am facing the original issue myself, and looking into it, it seems maybe a simple configuration could solve this problem. Specifically, storing option values in consul, they can be returned using a ?raw query-string on the end of a key. The only issue currently is that this seems to return in the text/plain content type where rundeck requires application/json. It seem an easy configuration would be to add something like rundeck.jobs.options.acceptcontenttype = "anything"

Just my 2 cents. And definitely want to thank the folks dedicating their time to this project, it is a great product that continues to get better.

from rundeck.

@bigfish301 If you create your own option values plugin, you can do exactly what you are wanting to do. Just make sure you have option values plugins enabled: rundeck.feature.option-values-plugin.enabled=true

https://docs.rundeck.com/docs/developer/12-option-values-plugins.html#script-plugin-type

from rundeck.

@sjrd218 - Yes, I did notice that. Thanks for the reply. My challenge at the moment, anything I am putting the config does not seem to be working. Ideally, i would need to pass some parameters for each option to get a unique result. Currently have the following in my plugin.yaml but does not show up in the UI. Is this something that can only be updated in the job definition and uploaded?

config:
- type: String
name: optionname
title: option
description: 'reference name of option'
required: true

from rundeck.

Meanwhile until i can figure that out, I wrote a quick script to run a web server that return the kv values from consul as json content type. Just need to store the json format in the value. and you can reference it with the remote url in your option.
https://github.com/bigfish301/RDOptions_ConsulFrontEnd

from rundeck.

Update, in case anyone is still watching. Looks like there is a project option -
project.jobs.disableRemoteOptionJsonCheck

If you set your project config to include
project.jobs.disableRemoteOptionJsonCheck=true

You can reference Consul kv by using something like http://consul:8500/v1/kv/key?raw as the remote url for an option. Tested this and it works nicely.

from rundeck.

Update, in case anyone is still watching. Looks like there is a project option -
project.jobs.disableRemoteOptionJsonCheck

If you set your project config to include
project.jobs.disableRemoteOptionJsonCheck=true

You can reference Consul kv by using something like http://consul:8500/v1/kv/key?raw as the remote url for an option. Tested this and it works nicely.

this is a nice trick to use the Consul KV! I think to try that.

from rundeck.