GUACAMOLE-1174: Added exec call implementation for kubernetes protocol

This commit is contained in:
Yaroslav Nikonorov 2020-08-14 15:35:37 +03:00
parent 382d72a26a
commit 7683a17d69
5 changed files with 82 additions and 18 deletions

View File

@ -213,10 +213,12 @@ void* guac_kubernetes_client_thread(void* data) {
}
/* Generate endpoint for attachment URL */
if (guac_kubernetes_endpoint_attach(endpoint_path, sizeof(endpoint_path),
if (guac_kubernetes_endpoint_uri(endpoint_path, sizeof(endpoint_path),
settings->kubernetes_namespace,
settings->kubernetes_pod,
settings->kubernetes_container)) {
settings->kubernetes_container,
settings->use_exec,
settings->exec_command)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Unable to generate path for Kubernetes API endpoint: "
"Resulting path too long");

View File

@ -31,6 +31,8 @@ const char* GUAC_KUBERNETES_CLIENT_ARGS[] = {
"namespace",
"pod",
"container",
"use-exec",
"exec-command",
"use-ssl",
"client-cert",
"client-key",
@ -86,6 +88,16 @@ enum KUBERNETES_ARGS_IDX {
*/
IDX_CONTAINER,
/**
* Whether exec call should be used. If omitted, attach call will be used.
*/
IDX_USE_EXEC,
/**
* The command used by exec call.
*/
IDX_EXEC_COMMAND,
/**
* Whether SSL/TLS should be used. If omitted, SSL/TLS will not be used.
*/
@ -275,6 +287,16 @@ guac_kubernetes_settings* guac_kubernetes_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_KUBERNETES_CLIENT_ARGS, argv,
IDX_CONTAINER, NULL);
/* Parse whether exec call should be used */
settings->use_exec =
guac_user_parse_args_boolean(user, GUAC_KUBERNETES_CLIENT_ARGS, argv,
IDX_USE_EXEC, false);
/* Read exec command (optional) */
settings->exec_command =
guac_user_parse_args_string(user, GUAC_KUBERNETES_CLIENT_ARGS, argv,
IDX_EXEC_COMMAND, GUAC_KUBERNETES_DEFAULT_EXEC_COMMAND);
/* Parse whether SSL should be used */
settings->use_ssl =
guac_user_parse_args_boolean(user, GUAC_KUBERNETES_CLIENT_ARGS, argv,

View File

@ -47,6 +47,12 @@
*/
#define GUAC_KUBERNETES_DEFAULT_NAMESPACE "default"
/**
* The command that should be used by default for exec call if no
* specific command is provided.
*/
#define GUAC_KUBERNETES_DEFAULT_EXEC_COMMAND "/bin/sh"
/**
* The filename to use for the typescript, if not specified.
*/
@ -97,6 +103,16 @@ typedef struct guac_kubernetes_settings {
*/
char* kubernetes_container;
/**
* Whether exec call should be used, default attach.
*/
bool use_exec;
/**
* Exec command, default /bin/sh.
*/
char* exec_command;
/**
* Whether SSL/TLS should be used.
*/

View File

@ -89,15 +89,16 @@ int guac_kubernetes_escape_url_component(char* output, int length,
}
int guac_kubernetes_endpoint_attach(char* buffer, int length,
int guac_kubernetes_endpoint_uri(char* buffer, int length,
const char* kubernetes_namespace, const char* kubernetes_pod,
const char* kubernetes_container) {
const char* kubernetes_container, int use_exec, const char* exec_command) {
int written;
char escaped_namespace[GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH];
char escaped_pod[GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH];
char escaped_container[GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH];
char escaped_exec_command[GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH];
/* Escape Kubernetes namespace */
if (guac_kubernetes_escape_url_component(escaped_namespace,
@ -109,26 +110,42 @@ int guac_kubernetes_endpoint_attach(char* buffer, int length,
sizeof(escaped_pod), kubernetes_pod))
return 1;
/* Generate attachment endpoint URL */
if (kubernetes_container != NULL) {
/* Generate endpoint path depending on the call type */
char* call="attach";
if (use_exec)
call = "exec";
char endpoint_path[GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH];
snprintf(endpoint_path, GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH*3,
"/api/v1/namespaces/%s/pods/%s/%s", escaped_namespace, escaped_pod, call);
/* Generate endpoint params */
char endpoint_params[GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH]="";
int param_length=0;
if(use_exec){
/* Escape exec command */
if (guac_kubernetes_escape_url_component(escaped_exec_command,
sizeof(escaped_exec_command), exec_command))
return 1;
param_length += snprintf(endpoint_params, GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH,
"command=%s&", escaped_exec_command);
}
if (kubernetes_container != NULL) {
/* Escape container name */
if (guac_kubernetes_escape_url_component(escaped_container,
sizeof(escaped_container), kubernetes_container))
return 1;
written = snprintf(buffer, length,
"/api/v1/namespaces/%s/pods/%s/attach"
"?container=%s&stdin=true&stdout=true&tty=true",
escaped_namespace, escaped_pod, escaped_container);
}
else {
written = snprintf(buffer, length,
"/api/v1/namespaces/%s/pods/%s/attach"
"?stdin=true&stdout=true&tty=true",
escaped_namespace, escaped_pod);
snprintf(endpoint_params+param_length, GUAC_KUBERNETES_MAX_ENDPOINT_LENGTH-param_length,
"container=%s&", escaped_container);
}
/* Combine path and params to uri */
written = snprintf(buffer, length, "%s?%sstdin=true&stdout=true&tty=true",
endpoint_path, endpoint_params);
/* Endpoint URL was successfully generated if it was written to the given
* buffer without truncation */
return !(written < length - 1);

View File

@ -73,13 +73,20 @@ int guac_kubernetes_escape_url_component(char* output, int length,
* The name of the container to attach to, or NULL to arbitrarily attach
* to the first container in the pod.
*
* @param use_exec
* Whether use call exec.
* Execute a command in a container and attach to it instead of main container process.
*
* @param exec_command
* The command used in conjunction with exec call.
*
* @return
* Zero if the endpoint path was successfully written to the provided
* buffer, non-zero if insufficient space exists within the buffer.
*/
int guac_kubernetes_endpoint_attach(char* buffer, int length,
int guac_kubernetes_endpoint_uri(char* buffer, int length,
const char* kubernetes_namespace, const char* kubernetes_pod,
const char* kubernetes_container);
const char* kubernetes_container, int use_exec, const char* exec_command);
#endif