appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
34.62k stars 3.73k forks source link

[Feature] SSH Plugin #2404

Open andrewrkerr opened 3 years ago

andrewrkerr commented 3 years ago

Summary

Allowing server commands (bash, powershell, etc.) to be called and return output.

Motivation

This would enable automation that isn't handled easily by an API/DB. Basic example: IT creates a basic form/button that would call a command to disable someone in AD. HR could just put in a username a click disable. This could then send an email to a distro letting them know the user has been disabled. This is just an example, but the possibilities for scripting would be endless.

Additional Context

Using JS would run the command locally, but the user may not be able to run the command due to vlan, permissions, or other factors. Having the command run from the server could resolve this. IT would be able to handle the logic, error checking and etc within their code. The main idea is just to be able to call commands from Appsmith to the server.

Security could be a concern since you may not want all users to have access to this feature. Permissions around it would be a bonus.

sumitsum commented 3 years ago

Hi @andrewrkerr, can you please explain if it is same or different from running a REST API call on the server ?

andrewrkerr commented 3 years ago

No, it wouldn't be an api call. Here's a better breakdown of what I meant.

I install Appsmith on a linux server. I'd like to be able to send a bash command from Appsmith to the server it's installed on. Another example: I set a button so that when someone clicks it, then it can run "apt-get update" or any other bash command.

Let me know if this makes more sense.

sumitsum commented 3 years ago

Hi @andrewrkerr, thanks for clearing that up. Can you please explain a little more regarding the use case and what more can be done with it ?

andrewrkerr commented 3 years ago

The use case would be to allow IT to create automations and allow for the "non-tech" to run the commands with a button click. Here's a few examples:

IT installs powershell on the same server that Appsmith is installed. IT creates powershell scripts for various tasks. IT links the powershell scripts to different buttons/forms in Appsmith. Appsmith calls the powershell command/script and gives the "non-tech" access to the page with the buttons/forms/etc. This would allow us to automate almost anything that isn't an API or database call.

Most of our users don't have access to do things like: disable users in AD, purge emails from O365, install apps to other servers., and many other tasks. This would allow IT to provide a simple option to the end users to handle these tasks and more. The automation possibilities with this type of setup is almost endless.

sumitsum commented 3 years ago

Hi @Nikhil-Nandagopal @mohanarpit need your opinion on this one. Do you think the use case described fit the Appsmith product vision/goal ? I think there are some issues with the proposal - (1) it does not seem to align with the goal of the application (2) an application like this shouldn't try to modify server properties where many other such applications may be deployed. It can open up many security issues.

andrewrkerr commented 3 years ago

Hey @sumitsum - For (1) - I understand if it doesn't align with your vision/goal. For (2) - I think this could be handled with permissions to alleviate the security concerns.

Either way, I think it's a great tool that will help lots of people.

mohanarpit commented 3 years ago

@andrewrkerr If I re-frame this feature request, do you think your use-case can be accomplished using an SSH plugin? Imagine a case where you could provide your SSH username, password/identity file to Appsmith and setup a SSH connection. You could then SSH into any server you'd like to and execute any shell command on the remote server. Technically, you could also SSH into the same server where Appsmith is hosted and run any shell commands.

This would be secure because the permissions for the commands being executed will depend on the securities of your SSH login user.

As @sumitsum mentioned, I don't think allowing an application to modify the underlying OS is a good idea. These permissions should be granted explicitly.

Nikhil-Nandagopal commented 3 years ago

@andrewrkerr thank you for the details. This is a pretty unique idea! It sounds like an alternative to having to write an API / DB query for users who are more comfortable using a scripting language.

andrewrkerr commented 3 years ago

@mohanarpit That would work as well!

rubabuddin commented 3 years ago

Would also be interested in something similar so that Python scripts that live on another server could be executed. This would remove the requirement of exposing these as APIs.

richardkaplan commented 3 years ago

A similar example would be the abilitly to run an Applescript or Javascript for Automation script - you would never want to expose this to random people, but for use by trusted people it could be extremely useful.

vanscurvy commented 2 years ago

I am interested in this as well. The first use case would be to run a script on the same server that mounts a pre-authenticated google drive account. The second would be to give an end user the ability to drive home-automation scripts living on the same server.

TannerW commented 2 years ago

Any update on this? Really exciting feature!

Nikhil-Nandagopal commented 2 years ago

Unfortunately not. We have a backlog of plugins that we haven't been able to get to lately. We're working on creating bandwidth to pick these up!

TannerW commented 2 years ago

@Nikhil-Nandagopal Understood! Thank you for the response and the hard work!

CanalWood commented 1 year ago

I've seen the video of this new feature and it's really exciting!

I would like to use this feature to run script to execute some powercli vsphere command or execute terraform file.
Do you have an estimate date for this delivery?

Good luck and thanks!!

sumitsum commented 1 year ago

@CanalWood thanks for sharing your feedback and use case :) . Regarding the timeline, this quarter seems difficult, next quarter may be possible, not sure though. Apologies for the delay.

Lars-Br commented 1 month ago

Has this feature somehow been canceled? We are eagerly waiting for it, but there have been no updates in quite some time, and the feature-branch that already contained a working plugin has been deleted. At least this feature request is still open, so is there still hope this might be implemented?

rohan-arthur commented 4 weeks ago

@Lars-Br we haven't been able to prioritise this feature. Meanwhile we're working on making the js objects more stable. Would you please share the scenarios you're looking to realise with appsmith where the SSH integration would help you?