-
-
Notifications
You must be signed in to change notification settings - Fork 248
Script config
Each script should be configured in conf/runners/conf-name.json file, where conf-name is a unique name for each script. Each configuration file should contain only one script. Configuration should be a valid JSON file.
Since (v1.18) you can use YAML files instead of JSON. Configuration options have the same types and nested levels.
Since (v1.18) you can use subfolders inside conf/runners folder for organizing your configurations. Since (v1.19) subfolders define script groups on UI, see group_by_folders for more details.
Also, you can configure scripts using /admin.html page on your server.
Examples of configuration files can be found in stable/testing/configs.
Configurable properties:
- name
- script_path
- description
- working_directory
- group
- allowed_users
- output_files
- requires_terminal
- bash_formatting
- output_format
- include
- hidden
- admin_users
- scheduling
- access
- logging
- preload_script
-
parameters
- name
- param
- same_arg_param
- no_value
- description
- required
- constant
- default
- type
- secure
- pass_as
- stdin_expected_text
- env_var
- ui
- + additional fields for different types
Parameter types:
Additional options:
User-friendly script name. Will be displayed to user
Required: no
Type: string
Default: the filename without extension
Example: "name": "My example script"
Path to the script (relative to working directory) OR just a command.
Required: yes
Type: string
Windows important: any non-batch scripts should be run as a command, e.g. 'python my_script.py'
Example: "script_path": "/some/path/to/script.sh"
Example2: "script_path": "python my_script.py"
User-friendly script description, which will be shown to a user
Markdown with GitHub flavour can be used
Required: no
Type: string
Example: "description": "This script shuts down the server"
Working directory for the script
Required: no
Type: string
Default: script-server directory
Allows to aggregate multiple scripts under the same collapsible header on the UI. Just specify the same group for those scripts
Since ( v1.19) If a script config is located inside a subdirectory, then this subdirectory will be define a default group. If you want to overwrite it or remove, specify a group explicitly.
Required: no
Type: string
Default: (since v1.19) subdirectory name or null
List of users, who can access the script
Required: no
Type: json array
Default: any user
List of files, which will be downloadable by user after a script execution. This option supports the following features:
- * and ** wildcard
- substitution of script parameters with ${parameter_name}
- substitution of auth variables:
${auth.username}(authenticated username) or${auth.audit_name}(user info, when auth is disabled) - use regex pattern for searching file path in a script output:
- should be surrounded with #
- matching group number can be specified with number# (e.g. #2#)
- #any_path can be used as an alternative to ** wildcard
If a path cannot be found, it will be ignored Secure parameter values are protected with a mask during the search
All the matching files are copied locally and stored for at least 24 hours. Only the same user can access the files.
Required: no
Type: array
Example:
"output_files": [
/* Returns the file under the path */
"/var/log/server.log",
/* Resolves param1 'value' and recursively searches for 'value'.dat in /tmp/results */
"/tmp/results/**/${param1}.dat",
/* Searches for any paths in in the script output, and then substitutes each occurence in the path */
"~/##any_path#/file.txt",
/* Searches for any 8 digits in the script output and builds /var/log/my_8digits.log paths */
"/var/log/my_#[0-9]{8}#.log",
/* Searches for username='value' in the script output and builds /home/'value'/file.txt paths */
"/home/#1#username=(\w+)#/file.txt"
](Linux only)
Specifies, if the script should be run in pseudo terminal mode. This is useful because some programs behave differently in terminal and non-interactive modes.
Required: no
Type: boolean
Default: true
(up to v 1.16, inclusive. Replaced by output_format)
Enables ANSI escape command parsing and showing formatted output on the user interface. E.g. \033[01;31m is a bold red text
Supported escape sequences: 16 text colors and 16 background colors, 4 text styles
Required: no
Type: boolean
Default: true for linux and mac, false otherwise
(v 1.17)
Specifies how Script server should parse script output. At the moment 4 formats are supported:
-
terminal(default): enables ANSI escape command parsing and showing formatted output on the user interface. E.g. \033[01;31m is a bold red text. Additionally this format supports hyperlinks highlighting and inline images -
text: no processing is done, script output is displayed as it is -
html: script output is treated as HTML elements and is rendered correspondingly. Scripts/css are not supported, for those please usehtml_iframe. Also, the HTML content is sanitized, to protect against XSS attacks -
html_iframe: script output is treated as a complete HTML page (including linked CSS and script files). In this case, Script server has no control over output styling (font family, size, color, etc.). To make CSS/scripts work, no HTML sanitizing is done (including user input), so such logs are vulnerable to XSS Attacks. Please avoid usinghtml_iframeif your server can be accessed by untrusted users.
Required: no
Type: string
Allowed values: [terminal, text, html, html_iframe]
Default: terminal
Allows to load configuration from another file(s).
Can be useful when multiple scripts are using the same configuration section, then the common part could be extracted to a separate config and then included.
Since (v1.18) you can define multiple included files as an array.
If a field exists in a main and an included configuration, the main configuration takes precedence. In the case of conflicts in multiple included files, the first defined included file takes precedence.
Usually included files should be hidden.
Include can be dynamic, depending on parameter values (what a user specifies). In this case, the include path should contain ${parameter_name} templates.
At the moment dynamic include affects only the parameter configuration section (new parameters can be added on the fly)
Required: no
Type: string (path) Since (v1.18): array
Hides the script from users
Can be used to disable a script or for included configurations
Required: no
Type: boolean
Default: false
List of admin users, who have admin access to this particular script. Be default any admin can modify any script. But there are cases, when some admins shouldn't modify some scripts.
Required: no
Type: json array
Default: any admin
Example: [ "user1", "user2", "@someGroup" ]
Scheduling configuration section for a script. Use this section if you would like to allow users to schedule script execution (once in the future, or repeatedly). See Wiki for details
Enables scheduling for a script. So that users would be able to schedule executions
Required: no
Type: boolean
Default: false
(v1.18)
Cleans up executions after they are finished, i.e. removes them from UI and don't show them to a user as active.
Required: no
Type: boolean
Default: true (except the cases, when output_files are configured)
(v1.18)
This option allows fine-tuning of access to this script.
(v1.18)
Specifies the type of shared access. Possible values:
- ALL_USERS: all users can access script executions of others, including logs, history, and stopping
By default, only a user has access to his own script executions. Execution history can be seen by admins too.
Required: no
Type: string
(v1.18)
Allows to override server logging configuration. For syntax please check the linked page.
(v1.18)
This option allows defining a separate script/command, which will be executed on a script page load and its results will be displayed to a user. This could be helpful to show some information to a user, which will affect the parameters, he will select. Another codename for this feature is a "splash" screen.
See #218 for a use case description.
(v1.18)
Defines a path to a script (or command) that should be executed.
Required: yes
Type: string
(v1.18)
Defines an output format for the preload script. For usage, see output_format.
Required: no
Type: string
Default: terminal
List of script parameters. Parameters are shown on the GUI and passed to a script exactly in the same order. Below are the all allowed parameter properties
Required: no
Type: array of dicts
Example:
"parameters": [
{
"name": "param1",
"param": "-a"
},
{
"name": "param2",
"param": "-b"
}
]
The name of the parameter, which will be shown to the user.
Required for non-constant parameters
Required: yes (for non-constant parameters)
Type: string
Can be used for specifying flag for the parameter (e.g. -p in script.sh -p myval). If omitted, parameter will be position based
Required: no
Type: string
If true, param and a user value will be sent as a single argument (without a whitespace). For example, if param='--name=' and value=abc, the script argument will be --name=abc.
Required: no
Type: boolean
Default: false
Allows to pass only a flag to the script, without any value (e.g. my_script.sh --verbose)
param property is required in this case.
This infers parameter type as boolean (the type property should be ommitted)
Required: no
Type: boolean
Default: false
User-friendly description of the parameter, shown to the user
Required: no
Type: string
Marks parameter as required for the user
Required: no
Type: boolean
Default: false
Don't show the parameter to a user, but pass it to a script with the value of default field
Required: no
Type: boolean
Default: false
Default value shown to a user
Environment variables can be specified with $$ (e.g. "default": "$$HOME")
User credentials can be used with the following templates ${auth.username} (authenticated username) or ${auth.audit_name} (user info, when auth is disabled).
A value can be defined by a script, for details see the script section (parameters injection is supported starting v1.18).
Required: no (for constants yes)
Type: depends on the parameter type
Parameter type, which affects how a parameter is shown to a user (checkbox, text field, select box, etc.) and how it's passed to a script (for example as a single argument or as multiple arguments)
If no_value is set to true, then the type is ignored and always is boolean
For detail description of each type and its supported properties see the section after properties description.
Allowed values: int, list, editable_list, text, file_upload, multiselect, server_file, ip, ip4, ip6
Required: no
Type: string
Default: "text"
Don't show value on server anywhere, replace it with a mask
Required: no
Type: boolean
Default: false
(v 1.18)
Specifies how to pass a parameter to a script, one of the:
-
argument: a parameter is passed to a script as an argument, e.g.my_script.sh parameter -
env_variable: a parameter is passed to a script as an environment variable. See env_var for details -
stdin: a parameter is sent to stdin (as a user would enter a text during runtime). By default, a parameter is sent on a script start. But can be sent later, by using stdin_expected_text
By default, every parameter is passed as an argument and env_variable (configuring 2 options manually is not possible).
Required: no
Type: string
Default: argument and env_variable
(v 1.18)
Usable only when pass_as: stdin.
When stdin_expected_text is specified, a parameter will be sent only after the expected text was printed by a script. Can be helpful, when a script requests smth like "Enter your username: ".
List parameters will be sent as comma-separated-values, e.g. [1, 3, 7] list will be passed as 1,3,7.
no_value parameters are sent as true or false.
If a script prints the expected text multiple times, only the first occurrence will be considered.
Required: no
Type: string
Default: no
Pass parameter as specified environment variable. So it would be accessible from your script.
For example, if "env_var": "MY_PARAM", you can use echo "$MY_PARAM" in your bash script
Please note, that all parameters are additionally passed as environment variables anyway, and env_var property allows to override the default name. For details, please check the ticket
Required: no
Type: string
Default: "PARAM_{capitalized parameter name with underscores}"
(v 1.18)
UI configuration section for a script. These options only affect UI representation of parameters and do not affect script execution
Allows to make parameter fields larger by specifying a ratio to other fields. E.g. weight=1 means normal size, weight=2 means double size. Weight should be an integer, if a value is too big, the full width will be used.
Required: no
Type: int
Default: 1
Adds a separator before a parameter on UI.
Separator type can be one of the:
-
new_linefor starting a parameter on a new line -
linefor a solid horizontal line
Required: yes
Type: string
Optional title for a separator. This text will be shown as a header before the parameter. If type is line, a solid line will be added with the header
Required: no
Type: string
Simple text field. The value is passed to a script as it is.
If parameter is secure, text field on UI will be masked.
Default value type: string
Specific text fields:
(v 1.17)
Max allowed length (in characters) of the text field.
Required: no
Default: unlimited
(v 1.18)
Allows to specify regex validation for the parameter.
Important! This is a complex option, i.e. it requires nested options, instead of specifying the regex directly. For example: "regex": {"pattern": "\\d+", "description": "Should be a number"}.
Required: no
Type: object
(v 1.18)
Defines regex pattern for validation. Please note, that double slash \\ is required for escape syntax, e.g. a number pattern is \\d.
Required: yes
Type: string
(v 1.18)
An optional description, which will be shown to a user, when regex is not matching. Even though it's optional, it's highly recommended to always specify it, so that users can better understand what is the reason for an error.
Required: no
Type: string
(v1.18)
Same as text type, but allows mutlilines. The value is passed to a script as it is.
Also, this parameter takes full width on the UI. So it's better to make multiline_text parameters to be the first or the last.
If parameter is secure, text field on UI will NOT be masked on UI, only on the server side.
Default value type: string
Specific multiline_text fields:
(v 1.17)
Max allowed length (in characters) of the text field.
Required: no
Default: unlimited
The same as text, but performs number validation.
Can be constrained with min and max properties
Default value type: string or integer
Specific int fields:
Mininal allowed value
Required: no
Type: int, string
Maximal allowed value
Required: no
Type: int, string
Parameter is shown to a user as a checkbox.
Since this is supported only for no_value parameters (flags only), value is not passed to a script
Default value type: boolean
Provides to user a list with allowed values (as a combobox).
Allowed values should be specified with values property
Default value type: string
Specific list fields:
List of allowed values for the parameter. Can be either predefined values or a result from another script invocation (see details in script section)
Required: yes
Type: array or object
Example1: "values": [ "Apple", "Orange", "Banana" ]
Example2: "values": { "script": "ls /home/me/projects" }
Example3: "values": { "script": "ls /home/${auth.username}/${param 1}/${param 2} | grep abc ", "shell": true }
(v1.18)
Defines optional mapping between allowed values and how these values are displayed on UI. It's always a key-value mapping, where a key is a script value, and a value is how this value is displayed on UI.
Important! These mappings are completely optional. If there is no mapping for a value, then this value will be displayed to a user as it is.
This feature can be useful when a script accepts some cryptic values, which are not very clear to users.
In case, when values are defined by a script, this mapping could still be used, but should define all required combinations in advance.
Required: no
Type: object (key-value mapping, both key and value should be strings)
Example: "values_ui_mapping": { "Apple": "A sweet juicy Apple" }
Provides to user a list with allowed values (as a combobox), where he can select multiple options
Depending on the configuration, these values will be passed as a single argument or multiple arguments
Allowed values should be specified with values property
Default value type: string
Specific multiselect fields:
See list.values
(v1.18)
See list.values_ui_mapping
Defines values separator if they are passed as a single argument (e.g. comma-separated)
Required: no
Default: ","
Type: string
(<= v1.16, replaced by multiselect_argument_type)
Defines, if each value should be passed as a separate argument.
In this case separator property is ignored
Required: no
Default: false
Type: boolean
(v1.17)
Defines, how param and each single value should be passed to a script. Should be one of:
-
single_argument(default): sends all the values as a single argument, separated byseparator(-param value1,value2,value3) -
argument_per_value: sends every value as a separate argument (-param value1 value2 value3) -
repeat_param_value: sends every value as a separate argument and repeat param for each value (-param value1 -param value2 -param value3)
Required: no
Default: single_argument
Type: string
(v 1.17)
The same as list, but allows a user to type a custom value
Allowed values should be specified with values property
Default value type: string
Specific editable_list fields:
See list.values
Allows user to upload a file to the server as a parameter.
The file is uploaded to the server and stored in a temp folder. Then the file is passed to a script as an absolute path
Currently only a single file can be uploaded. If you need to upload multiple files you can work around this by uploading
an archive (e.g. zip) and unpack the archive in your script.
secure flag has no effect for this type
Default value type: unsupported
Allows user to select a file on server.
It can be recursive (user can navigate in folders) or non-recursive (plain list of files).
The value passed to a script as a full path, including file_dir parameter.
Default value type: string (non-resursive) or array (recursive path)
Specific server_file fields:
Defines the server directory, where files are located
Can be relative path to working_directory
Required: yes
Type: string
Defines if a user will be able to navigate between folders and select any path
If true, file chooser dialog is shown to a user with file structure of the server.
User will be able to navigate only within file_dir directory. Any other locations will be hidden.
If this setting is true, then parameter default value should be specified as an array
Required: no
Default: false
Type: boolean
If set, then only files with the specified extensions will be shown to a user.
Multiple extensions could be specified.
If the option is set, then folder selection is not possible (i.e. file_type option is set to file)
Format: just extension name, without a dot. Case insensitive
Required: no
Default: any extension
Type: array (or a string for a single extension)
Specifies, what type of files the user will be able to select: file or dir.
Required: no
Allowed values: "file" and "dir"
Default: any type
Type: string
(v 1.17)
List of files/folders/patterns which should be excluded and not shown to a user.
If the specified pattern is a folder, all descendant children will be excluded recursively (see examples below).
Supports pattern matching: * for a single-level matching (e.g. /user/*/.ssh or path/*.log) and ** for recursive matching (any number of levels).
Some examples:
-
/var/log: exclude all the files in /var/log folder and any descendants (e.g. /var/log/abc/some.log) -
/user/home/*.txt: exclude any .txt files located directly in /user/home non-recursive. (e.g. /user/home/auth.txt - excluded, /user/home/documents/cv.txt - included) -
**/auth/**- exclude any files, located in auth folder (e.g. /var/auth/passwords, /user/home/.secrets/auth/secret.key)
Required: no
Type: array
Requires user to specify a valid IP address as a parameter. Accepts either IPv4 or IPv6.
If only only version should be accepted, there are corresponding parameter types ip4 and ip6
Only IP lexical validation is performed and the address is not checked for being accessible.
For default and values options, you can load data from script execution. Here is an example:
"values": {
"script": "some_script.sh ${another param}",
"shell": false
}
The script option supports auth variables and injection of other parameter values, for example:
"script": "ls ${auth.username}/${file_param}"
Auth variables are:
- ${auth.username} (authenticated username)
- ${auth.audit_name} (user info, when auth is disabled)
(v1.17)
The shell option allows you to use bash operators (e.g. | pipe operator) in scripts.
By default, this option is enabled only for scripts without any variables.
When script contains variables, it can be a subject to Shell injection, that's why shell is disabled by default. If you trust your users (and no one else can access the server), you can explicitly enable it be using "shell": true