Merge pull request #1039 from signal18/web-tty

Introducing Web Terminal via Websocket Connection

cluster/cluster.go

@@ -42,6 +42,7 @@ import (
 	"github.com/signal18/replication-manager/utils/misc"
 	"github.com/signal18/replication-manager/utils/s18log"
 	"github.com/signal18/replication-manager/utils/state"
+	"github.com/signal18/replication-manager/utils/tty"
 	clog "github.com/sirupsen/logrus"
 	log "github.com/sirupsen/logrus"
 	logsql "github.com/sirupsen/logrus"
@@ -240,7 +241,8 @@ type Cluster struct {
 	SlavesConnected        int
 	clog                   *clog.Logger `json:"-"`
 	*ClusterGraphite
-	VersionsMap *config.VersionsMap
+	VersionsMap    *config.VersionsMap
+	SessionManager *tty.SessionManager `json:"-"`
 }
 
 type SlavesOldestMasterFile struct {

cluster/cluster_acl.go

@@ -76,14 +76,14 @@ func (u *APIUser) Granted(grant string) error {
 
 func (cluster *Cluster) IsValidACL(strUser string, strPassword string, URL string, AuthMethod string) bool {
 	if user, ok := cluster.APIUsers[strUser]; ok {
-		//		fmt.Printf("password :" + user.Password)
 		if user.Password == cluster.Conf.GetDecryptedPassword("api-credentials", strPassword) || AuthMethod == "oidc" {
+			// cluster.LogModulePrintf(cluster.Conf.Verbose, config.ConstLogModGeneral, config.LvlInfo, "ACL URL check for user %s ", strUser)
 			return cluster.IsURLPassACL(strUser, URL, true)
 		}
 		return false
 	}
-	//	for key, value := range cluster.Grants {
 
+	// cluster.LogModulePrintf(cluster.Conf.Verbose, config.ConstLogModGeneral, config.LvlInfo, "ACL failed, user not found %s ", strUser)
 	return false
 }
 
@@ -596,6 +596,21 @@ func (cluster *Cluster) IsURLPassACL(strUser string, URL string, errorPrint bool
 		return true
 	}
 
+	// Terminal ACL
+	if strings.HasPrefix(URL, "/api/terminal") {
+		if URL == "/api/terminal/connect" || URL == "/api/terminal/list" {
+			return cluster.APIUsers[strUser].Grants[config.GrantGlobalTerminal]
+		}
+
+		if strings.Contains(URL, "clusters/"+cluster.Name+"/servers") {
+			return cluster.APIUsers[strUser].Grants[config.GrantDBTerminal]
+		}
+
+		if strings.Contains(URL, "clusters/"+cluster.Name+"/proxies") {
+			return cluster.APIUsers[strUser].Grants[config.GrantProxyTerminal]
+		}
+	}
+
 	if strings.Contains(URL, "/api/clusters/settings/actions/switch") {
 		return cluster.APIUsers[strUser].Grants[config.GrantGlobalSettings]
 	}

cluster/cluster_get.go

@@ -28,6 +28,7 @@ import (
 	"github.com/signal18/replication-manager/utils/dbhelper"
 	"github.com/signal18/replication-manager/utils/misc"
 	"github.com/signal18/replication-manager/utils/state"
+	"github.com/signal18/replication-manager/utils/tty"
 )
 
 func (cluster *Cluster) GetCrcTable() *crc64.Table {
@@ -1427,3 +1428,14 @@ func (cluster *Cluster) GetExternalCost(role string) float64 {
 	}
 	return 0
 }
+
+func (cluster *Cluster) GetTerminalManager() tty.TerminalManager {
+	var terminalMgr tty.TerminalManager
+	if cluster.Conf.TerminalSessionManager == "tmux" {
+		terminalMgr = &tty.TmuxManager{}
+	} else if cluster.Conf.TerminalSessionManager == "screen" {
+		terminalMgr = &tty.ScreenManager{}
+	}
+
+	return terminalMgr
+}

cluster/prov_onpremise_db.go

@@ -16,7 +16,7 @@ import (
 	"github.com/signal18/replication-manager/utils/misc"
 )
 
-func (cluster *Cluster) OnPremiseGetSSHKey(user string) string {
+func (cluster *Cluster) OnPremiseGetSSHKey() string {
 
 	// repmanuser := os.Getenv("HOME")
 	// if repmanuser == "" {
@@ -45,7 +45,7 @@ func (cluster *Cluster) OnPremiseConnect(server *ServerMonitor) (*sshclient.Clie
 	}
 	user, password := misc.SplitPair(cluster.Conf.GetDecryptedValue("onpremise-ssh-credential"))
 
-	key := cluster.OnPremiseGetSSHKey(user)
+	key := cluster.OnPremiseGetSSHKey()
 	if password != "" {
 		client, err := sshcli.DialWithPasswd(misc.Unbracket(server.Host)+":"+strconv.Itoa(cluster.Conf.OnPremiseSSHPort), user, password)
 		if err != nil {

cluster/prov_onpremise_prx.go

@@ -29,7 +29,7 @@ func (cluster *Cluster) OnPremiseProvisionBootsrapProxy(server DatabaseProxy, cl
 	envs += " REPLICATION_MANAGER_HOST_NAME=\"" + server.GetHost() + "\""
 	envs += " REPLICATION_MANAGER_HOST_PORT=\"" + server.GetPort() + "\""
 	envs += " REPLICATION_MANAGER_CLUSTER_NAME=\"" + cluster.Name + "\""
-        cmd := envs + "&& "
+	cmd := envs + "&& "
 	cmd += "wget --no-check-certificate -q -O- $REPLICATION_MANAGER_URL/static/configurator/onpremise/repository/debian/" + server.GetType() + "/bootstrap | sh"
 	if cluster.Configurator.HaveDBTag("rpm") {
 		cmd += "wget --no-check-certificate -q -O- $REPLICATION_MANAGER_URL/static/configurator/onpremise/repository/redhat/" + server.GetType() + "/bootstrap | sh"
@@ -51,13 +51,13 @@ func (cluster *Cluster) OnPremiseConnectProxy(server DatabaseProxy) (*sshclient.
 	if cluster.IsInFailover() {
 		return nil, errors.New("OnPremise Provisioning cancel during connect")
 	}
-	if ! cluster.Conf.OnPremiseSSH {
+	if !cluster.Conf.OnPremiseSSH {
 		return nil, errors.New("onpremise-ssh disable ")
 	}
 
 	user, password := misc.SplitPair(cluster.Conf.GetDecryptedValue("onpremise-ssh-credential"))
 
-	key := cluster.OnPremiseGetSSHKey(user)
+	key := cluster.OnPremiseGetSSHKey()
 	if password != "" {
 		client, err := sshcli.DialWithPasswd(misc.Unbracket(server.GetHost())+":"+strconv.Itoa(cluster.Conf.OnPremiseSSHPort), user, password)
 		if err != nil {

config/config.go

@@ -760,6 +760,9 @@ type Config struct {
 	TokenTimeout                              int                    `scope:"server" mapstructure:"api-token-timeout" toml:"api-token-timeout" json:"apiTokenTimeout"`
 	JobLogBatchSize                           int                    `mapstructure:"job-log-batch-size" toml:"job-log-batch-size" json:"jobLogBatchSize"`
 	ApiSwaggerEnabled                         bool                   `scope:"server" mapstructure:"api-swagger-enabled" toml:"api-swagger-enabled" json:"apiSwaggerEnabled"`
+	TerminalSessionEnabled                    bool                   `scope:"server" mapstructure:"terminal-session-enabled" toml:"terminal-session-enabled" json:"terminalSessionEnabled"`
+	TerminalSessionResume                     bool                   `scope:"server" mapstructure:"terminal-session-resume" toml:"terminal-session-resume" json:"terminalSessionResume"`
+	TerminalSessionManager                    string                 `mapstructure:"terminal-session-manager" toml:"terminal-session-manager" json:"terminalSessionManager"`
 	//OAuthRedirectURL                          string                 `mapstructure:"api-oauth-redirect-url" toml:"git-url" json:"-"`
 	//	BackupResticStoragePolicy                  string `mapstructure:"backup-restic-storage-policy"  toml:"backup-restic-storage-policy" json:"backupResticStoragePolicy"`
 	//ProvMode                           string `mapstructure:"prov-mode" toml:"prov-mode" json:"provMode"` //InitContainer vs API
@@ -1065,7 +1068,7 @@ const (
 	GrantDBConfigRessource         string = "db-config-ressource"
 	GrantDBConfigFlag              string = "db-config-flag"
 	GrantDBConfigGet               string = "db-config-get"
-	GrantDBDebug                   string = "db-debug"
+	GrantDBTerminal                string = "db-terminal"
 	GrantClusterCreate             string = "cluster-create"
 	GrantClusterDelete             string = "cluster-delete"
 	GrantClusterCreateMonitor      string = "cluster-create-monitor"
@@ -1101,6 +1104,7 @@ const (
 	GrantProxyConfigFlag        string = "proxy-config-flag"
 	GrantProxyStart             string = "proxy-start"
 	GrantProxyStop              string = "proxy-stop"
+	GrantProxyTerminal          string = "proxy-terminal"
 	GrantProvClusterProvision   string = "prov-cluster-provision"
 	GrantProvClusterUnprovision string = "prov-cluster-unprovision"
 	GrantProvProxyProvision     string = "prov-proxy-provision"
@@ -1112,6 +1116,7 @@ const (
 
 	GrantGlobalSettings string = "global-settings" // Can update global settings
 	GrantGlobalGrant    string = "global-grant"    // Can grant global settings
+	GrantGlobalTerminal string = "global-terminal" // Can use global terminal
 
 	GrantGrantShow   string = "grant-show"   // Can show users settings
 	GrantGrantAdd    string = "grant-add"    // Can add new user
@@ -2160,7 +2165,7 @@ func GetGrantType() map[string]string {
 		GrantDBShowSchema:              GrantDBShowSchema,
 		GrantDBShowProcess:             GrantDBShowProcess,
 		GrantDBShowLogs:                GrantDBShowLogs,
-		GrantDBDebug:                   GrantDBDebug,
+		GrantDBTerminal:                GrantDBTerminal,
 		GrantClusterCreate:             GrantClusterCreate,
 		GrantClusterDelete:             GrantClusterDelete,
 		GrantClusterCreateMonitor:      GrantClusterCreateMonitor,
@@ -2195,6 +2200,7 @@ func GetGrantType() map[string]string {
 		GrantProxyConfigFlag:           GrantProxyConfigFlag,
 		GrantProxyStart:                GrantProxyStart,
 		GrantProxyStop:                 GrantProxyStop,
+		GrantProxyTerminal:             GrantProxyTerminal,
 		GrantProvSettings:              GrantProvSettings,
 		GrantProvCluster:               GrantProvCluster,
 		GrantProvClusterProvision:      GrantProvClusterProvision,
@@ -2205,6 +2211,7 @@ func GetGrantType() map[string]string {
 		GrantProvProxyUnprovision:      GrantProvProxyUnprovision,
 		GrantGlobalGrant:               GrantGlobalGrant,
 		GrantGlobalSettings:            GrantGlobalSettings,
+		GrantGlobalTerminal:            GrantGlobalTerminal,
 		GrantSalesValidate:             GrantSalesValidate,
 		GrantSalesRefuse:               GrantSalesRefuse,
 		GrantSalesUnsubscribe:          GrantSalesUnsubscribe,
@@ -2241,7 +2248,7 @@ func GetGrantDB() []string {
 		GrantDBShowSchema,
 		GrantDBShowProcess,
 		GrantDBShowLogs,
-		GrantDBDebug,
+		GrantDBTerminal,
 	}
 }
 
@@ -2304,6 +2311,7 @@ func GetGrantProxy() []string {
 		GrantProxyConfigFlag,
 		GrantProxyStart,
 		GrantProxyStop,
+		GrantProxyTerminal,
 	}
 }
 
@@ -2342,6 +2350,7 @@ func GetGrantGlobal() []string {
 	return []string{
 		GrantGlobalGrant,
 		GrantGlobalSettings,
+		GrantGlobalTerminal,
 	}
 }