This repository has been archived by the owner on Jan 2, 2025. It is now read-only.
wip: adding cli tool #8
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gaohoward
requested review from
lavocatt,
ajaypratap003,
AjayJagan and
Msarawan
lavocatt
reviewed
Sep 11, 2024
There was a problem hiding this comment.
Nice work @howardgao! Here are a few pieces of feedback:
- When I'm running the executable without any arguments I'm getting this error:
Maybe instead of erroring out it could display the help?
- When I'm in interactive mode, I would appreciate having help when requesting some from the tool
- It is slightly confusing that the command needs to get in quotes on the command line, ie it doesn't understand
get /but does get'get /'
|
@lavocatt Thanks Thomas for trying it out! I think all your points make sense. The help system is bad. I'll improve it. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
gaohoward
force-pushed
the
c_add_cli
branch
4 times, most recently
from
b7bf9f7 to
88b2a1a
Compare
gaohoward
force-pushed
the
c_add_cli
branch
3 times, most recently
from
3624e22 to
ccd61e1
Compare
gaohoward
force-pushed
the
c_add_cli
branch
2 times, most recently
from
691dd0a to
da8134c
Compare
gaohoward
force-pushed
the
c_add_cli
branch
3 times, most recently
from
3ee6c1f to
c1017da
Compare
|
Small comment, I think this PR shouldn't have to embed a commit related to the security model as its principal matter of concern is about adding the CLI tool. |
Yes you are right. As it is a draft right now I included the security model to test |
gaohoward
force-pushed
the
c_add_cli
branch
3 times, most recently
from
4d2cabc to
88847cb
Compare
The API Server provides a security model that provides authentication
and authorization of incoming clients.
The security can be enabled/disabled (i.e. via `API_SERVER_SECURITY_ENABLED` env var)
Currently the api server support `jwt` token authentication.
The login api is defined in openapi.yml
/server/login
A client logs in to an api server by sending a POST request to the login path.
The request body contains login information (i.e. username and password for jwt authentication type)
Please refer to [api.md](api.md) for details of the login api.
Currently the security manager uses local file to store user's info.
The default users file name is `.users.json`
The users file name can be configured using `USERS_FILE_URL` env var.
See `.test.users.json` for sample values.
Currently the api server doesn't perform authorization on logged in users.
The server keeps a list of jolokia endpoints for clients to access.
The endpoints are loaded from a local file named
`.endpoints.json`. Each top level entry represents a jolokia endpoint.
An entry has a unique name and details to access the jolokia api.
See `.test.endpoints.json` for sample values.
When an authenticated client sends a request to the api-server, it
should present its token in the request header
'Authorization: Bearer `token`'
It also need to give the `targetEndpoint` in the query part of the request
if the request is to access an jolokia endpoint.
For example `/execBrokerOperation?targetEndpoint=broker1`.
Direct Proxy means a client can pass a broker's endpoint info to the
api-server in order to access it via the api-server.
For example the [self-provisioning plugin]
(https://github.com/artemiscloud/activemq-artemis-self-provisioning-plugin)
uses this api to access the jolokia of a broker's jolokia endpoint.
The Jolokia api-server comes with a cli (command line interface) tool. When the cli tool starts it connects to the api-server and can access the jolokia endpoints. The cli tool takes a **command** and requests the api-server using [its api](src/config/openapi.yml) to invoke on the target jolokia endpint, gets back the response and printing the result to the console in JSON format. It can run in `interactive mode` or in `non-interactive` mode. To build the cli tool run ``` yarn build ``` which will build both the api-server and cli tool. To install the cli tool runnable locally run: ``` npm link ``` It will create the cli runnable `jolokia-api-server-cli` The cli tool needs a running api-server. To start the cli tool run ``` jolokia-api-server-cli [options] ``` or you can use `yarn` ``` yarn start-cli [options] ``` In this mode, the tool starts and execute a command and then exits. The syntax for non-interactive mode is: ``` jolokia-api-server-cli <command> -l <api-server-url> -e <jolokia-endpoint-url> ``` If `-l` option is omitted the default is ` https://localhost:9443` The `-e` option is the target jolokia url. for example ``` -e http://user:password@127.0.0.1:8161 ``` If the port number part is omitted, the default is `80` for http and `443` for https. The `command` is the command to be executed. Note in non-interactive mode the `command` need be quoted if 1. the command contains options (e.g -e) because the '-' can be interpreted by the shell 2. the command contains '*' char Example: ``` jolokia-api-server-cli "get queue TEST -a MessageCount RoutingType" -e http://user:pass@127.0.0.1:8161 ``` Alternatively you can use `--` to separate the command: ``` jolokia-api-server-cli -e http://user:pass@127.0.0.1:8161 -- get @broker2/queue DLQ -a MessageCount ``` In interactive mode the tool starts into a command shell and accepts user input as a command, then it executes it and went back to the shell prompt to accept another, until you run the `exit` command. The syntax to run the cli in this mode is ``` jolokia-api-server-cli -i ``` When it starts it print the cli title and ready to accept commands. With interactive mode the cli can 'caches' a list of jolokia endpoints (added by the `add` command only available in interactive mode). It takes one of them as `current endpoint` so when user types a command without specifying target jolokia endpoint, the `current endpoint` will be used. This is the only available command currently. It can retrive information from a jolokia endpoint. The syntax of this command is ``` get <path> <name> <-a attributes...> <-o operations...> ``` It takes a `path` argument, a `name` argument, an optional `-a`(attribute) option and an optional `-o` (operation) option. The value of `path` is a string representing a target mbean from which you want to get information. It takes the form [target endpoint]/[component]. The `target endpoint` in `interactive` mode allows you to specify which broker you want to retrieve information from. If absent it takes the current broker cached by the cli. In non-interactive mode that [target endpoint] can be empty if `-e` option is given, or it is the target remote endpoint name prefix by a `@` char. For example `@broker1/` The `component` part is the type of the mbean. Currently the supported mbean types are - `queue` - `address` - `acceptor` - `cluster-connection` --- **NOTE** If the target component is the broker itself, the component should be left empty. For example `get @broker1/ -a Status` It means to get the value of `Status` attribute of the broker. --- The <name> argument is the mbean name (e.g. DLQ, testQueue, etc). The value of `-a` option is a list of attribute names (space or comma separated) to read from the target mbean. If the value is a `*` it will read all the attributes of the target mbean. The value of `-o` option is a list of operation names (space or comma separated) to read from the target mbean. If the value is a `*` it will read all the operations of the target mbean. examples: `get @broker1/` - get the current broker mbean information `get @broker1/*` - get all mbeans registered with the broker mbean `get @broker1/ -a *` - read all the attributes of the broker mbean `get @broker1/ -a * -o *` - read information of all attributes and operations of the broker mbean `get @broker1/queue` (or `get /queue`) - list all the queue mbeans information `get @broker1/acceptor acceptor0 -a *` - read all attributes of acceptor named `acceptor0` `get @broker1/queue TEST -a MessageCount RoutingType` - read `MessageCount` and `RoutingType` of queue `TEST` `get @broker1/queue -o xxx` - read information of operation xxx of queue TEST The `run` command is used to invoke operations on a jolokia endpoint. The syntax of this command is ``` run <path> <name> <operation> ``` It takes a `path` argument, a `name` argument and an `operation` to be executed on the mbean. The syntax for `path` and `name` are the same as for the `get` command. The operation takes the form <operation-name>([args...]). For example ``` run @broker1/ listAddresses(m) ``` It means to call listAddresses(java.lang.String) method on @broker1 with argument value 'm'. There are several commands that are only available to interactive mode. Add a jolokia endpoint to the cli cache. Syntax: ``` add <endpoint name> <url> -u <user> -p <password> ``` example: ``` add ex-aao-ssl https://ex-aao-ssl-wconsj-0-svc-rte-default.apps-crc.testing -u user -p password ``` This command allows user to add a jolokia endpoint that is not managed by the api-server. After the endpoint is added the user can access the endpoint using the cli commands. --- **NOTE** When accessing such jolokia endpoints, the command references it without `@` prefixed, for example `get ex-aao-ssl/ -a Status` --- To change `current endpoint`. Syntax: ``` switch <endpoint name> ``` example: ``` switch broker0 ``` A command can be simplified if it is targeted at the current endpoint. For example if you set the current endpoint to `broker0` the command ``` > add broker0 http://127.0.0.2:8161 -u guest -p guest ``` and if you want to get the queues of the broker0, you can do ``` get /queues ``` instead of explicitly: ``` get broker0/queues ``` To list all the jolokia endpoints cached in cli and managed on the api-server. Syntax: ``` > list [ "local2(local): http://127.0.0.2:8161", "@pod-0: https://broker-pem-wconsj-0-svc-ing-default.artemiscloud.io:443", "@pod-1: https://broker-pem-wconsj-1-svc-ing-default.artemiscloud.io:443", "@Local: http://127.0.0.1:8161", "@restricted: https://artemis-broker-jolokia-0-svc-ing-default.artemiscloud.io:443" ] ```
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jolokia api-server Cli tool (work in progress)
The Jolokia api-server comes with a cli (command line interface) tool. When the cli tool starts it connects to the api-server and can access the jolokia endpoints.
The cli tool takes a command and requests the api-server using its api to invoke on the target jolokia endpint, gets back the response and printing the result to the console in JSON format.
It can run in
interactive modeor innon-interactivemode.To build the cli tool run
which will build both the api-server and cli tool.
To install the cli tool runnable locally run:
It will create the cli runnable
jolokia-api-server-cliRunning the cli tool
The cli tool needs a running api-server.
To start the cli tool run
or you can use
yarnUsing Cli tool in non-interactive mode
In this mode, the tool starts and execute a command and then exits.
The syntax for non-interactive mode is:
If
-loption is omitted the default ishttps://localhost:9443The
-eoption is the target jolokia url. for exampleIf the port number part is omitted, the default
is
80for http and443for https.The
commandis the command to be executed.Note in non-interactive mode the
commandneed be quoted ifExample:
Alternatively you can use
--to separate the command:Using Cli tool in interactive mode
In interactive mode the tool starts into a command shell and
accepts user input as a command, then it executes it and went
back to the shell prompt to accept another, until you run the
exitcommand.
The syntax to run the cli in this mode is
When it starts it print the cli title and ready to accept
commands.
With interactive mode the cli can 'caches' a list of jolokia endpoints (added by the
addcommandonly available in interactive mode). It takes one of them as
current endpointso when user typesa command without specifying target jolokia endpoint, the
current endpointwill be used.Using Cli Commands
The
getcommandThis is the only available command currently. It can retrive
information from a jolokia endpoint.
The syntax of this command is
It takes a
pathargument, anameargument, an optional-a(attribute) option and an optional-o(operation) option.The value of
pathis a string representing a target mbean from which you want to get information.It takes the form [target endpoint]/[component]. The
target endpointininteractivemode allowsyou to specify which broker you want to retrieve information from. If absent it takes the current broker
cached by the cli. In non-interactive mode that [target endpoint] can be empty if
-eoption is given,or it is the target remote endpoint name prefix by a
@char. For example@broker1/The
componentpart is the type of the mbean. Currently the supported mbean types arequeueaddressacceptorcluster-connectionNOTE
If the target component is the broker itself, the component should be left empty. For example
get @broker1/ -a StatusIt means to get the value of
Statusattribute of the broker.The argument is the mbean name (e.g. DLQ, testQueue, etc).
The value of
-aoption is a list of attribute names (space or comma separated) to read from the target mbean.If the value is a
*it will read all the attributes of the target mbean.The value of
-ooption is a list of operation names (space or comma separated) to read from the target mbean.If the value is a
*it will read all the operations of the target mbean.examples:
get @broker1/- get the current broker mbean informationget @broker1/*- get all mbeans registered with the broker mbeanget @broker1/ -a *- read all the attributes of the broker mbeanget @broker1/ -a * -o *- read information of all attributes and operations of the broker mbeanget @broker1/queue(orget /queue) - list all the queue mbeans informationget @broker1/acceptor acceptor0 -a *- read all attributes of acceptor namedacceptor0get @broker1/queue TEST -a MessageCount RoutingType- readMessageCountandRoutingTypeof queueTESTget @broker1/queue -o xxx- read information of operation xxx of queue TESTThe
runcommandThe
runcommand is used to invoke operations on a jolokia endpoint.The syntax of this command is
It takes a
pathargument, anameargument and anoperationto be executed on the mbean.The syntax for
pathandnameare the same as for thegetcommand.The operation takes the form ([args...]). For example
It means to call listAddresses(java.lang.String) method on @broker1 with argument value 'm'.
Commands exclusive to Interactive mode
There are several commands that are only available to interactive mode.
The
addcommandAdd a jolokia endpoint to the cli cache. Syntax:
example:
This command allows user to add a jolokia endpoint that is not managed by the api-server. After the
endpoint is added the user can access the endpoint using the cli commands.
NOTE
When accessing such jolokia endpoints, the command references it without
@prefixed, for exampleget ex-aao-ssl/ -a StatusThe
switchcommandTo change
current endpoint. Syntax:example:
A command can be simplified if it is targeted at the current endpoint. For example if you
set the current endpoint to
broker0the commandand if you want to get the queues of the broker0, you can do
instead of explicitly:
The
listcommandTo list all the jolokia endpoints cached in cli and managed on the api-server. Syntax: