SSH API
Create a command over SSH API
Description#
The command over SSH API allows executing ssh commands over REST. This command is quite useful in triggering pre-defined commands in secured environments. From a security perspective, this allows external triggers(pre-defined commands) without providing Linux/CLI access to a specific user.
UI#
Access the DataTrucker URL via a browser
Create a credentials#
- Go to Credentials in the sidebar > SSH Credentials
- Scroll down to Credential Management
- Fill the form to create the connection
- Credential name โ an arbitrary value to identify the credential object
- The hostname of the target server to SSH. Note: SSH executes from the API server
- SSH Username
- SSH password or location of the ssh private key on the API server
- Password is Privatekey, is to identify if step 4, is a password or file location
- SSH Port
- Click on Create
Create a ssh API#
- Go to Script API in the Sidebar > SSHShell APIs
- Fill the form to create the API
- Resource Name: an arbitrary name to identify the resource
- The Credential linked to the resources
- Method: The type of REST Call
- Script: Command to executes
- Validation Regex of Input values is the input sanitization before executing the command. Arguments will be sent to API as an Array and will be space-separated. Every input argument needs to pass the regex as defined during the creation of the API.
- Documentation for Validation
Query the resource you created#
################################ query a ssh endpoint#############################
URL: /api/v1/jobs/<resource name>TYPE: <method defined>HEADER: Authorization: "Bearer <JWT Token>"BODY (JSON): { "args": ["-la"]}
Note: if this is a Get request you have to pass parameters as query keyvaluesExample:URL: /api/v1/jobs/<resource name>?args=<arg1>,<arg2>,....
Response: 200 OK{ jsondata....}As a CRD in Openshift / Kubernetes#
For credentials use the the API below to the management end point
---apiVersion: datatrucker.datatrucker.io/v1kind: DatatruckerFlowmetadata: name: datatruckerflow-samplespec: Resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "256Mi" cpu: "500m" JobDefinitions: - resourcename: sshell1 name: sshell1 type: Script-SSH credentialname: sshlocalconnect tenant: Admin restmethod: GET script: echo $PATH validations: type: - object properties: args: type: string pattern: "^[-a-z0-9]*$" maxLength: 8 Keys: configmap: placeholder Scripts: configmap: placeholder Type: Job DatatruckerConfig: datatruckerconfig-sample Replicas: 1 API: name: api Image: repository: docker.io imageName: datatruckerio/datatrucker-api tagName: latest
API#
Create a credential via REST#
############################### create a SSH cerdential#############################
URL: /api/v1/credentials/TYPE: POSTHEADER: Authorization: "Bearer <JWT Token>"BODY (JSON): { "credentialname": "sshlocalconnect", "type": "Script-SSH", "hostname": "localhost", "username": "root", "password": "root", "port": 22}
Response: 201 OK
################################## create a SSH Private cerdential################################
URL: /api/v1/credentials/TYPE: POSTHEADER: Authorization: "Bearer <JWT Token>"BODY (JSON): { "credentialname": "sshlocalconnectprivate", "type": "Script-SSH", "hostname": "localhost", "username": "app-admin", "password": "sshprivate.key", "port": 22, "passwordisPrivateKey": true}
Note: the folder location for keys can be configured in resource.config.json > Template.keys
Response: 201 OKCreate the API via REST#
############################### create a command over SSH API#############################
URL: /api/v1/resourcesTYPE: POSTHEADER: Authorization: "Bearer <JWT Token>"BODY (JSON): { "resourcename": "sshell1", "type": "Script-SSH", "credentialname": "sshlocalconnect", "restmethod": "GET", "script": "echo $PATH", "validations": { "type": ["object"], "properties": { "args": { "type": "string", "pattern": "^[-a-z0-9]*$", "maxLength": 8 } } }}
Response: 201 OK