SSH Connector

ConnId/MidPoint connector for running provisioning scripts over SSH.

This connector has script execution capabilities only. It is not a complete stand-alone connector. It is designed to used together with other connectors, such as LDAP or Active Directory connectors.

Status

This connector is supportable. However, the connector is not feature-complete. Some functionality may be missing.

Configuration

Please see the source code of SshConfiguration.java for list of configuration properties. However, most configuration will be probably fine with the usual host, username and password.

The argumentStyle configuration property can take following values:

argumentStyle	Example command	Description
dash	command -f foo -b bar -c	Ordinary UNIX-like command switches.
dashdash	command --fu=foo --bar=baz	The "long" argument style used by newer UNIX tools. This option is not implemented yet.
slash	command /foo /bar	Old Windows argument style.
variables-bash	fu='foo'; bar='baz'; command $foo $bar	Bash variable definition before the command.
variables-powershell	$fu='foo'; $bar='baz'; command $foo $bar	PowerShell variable definition before the command.

The handleNullValues configuration property can take the following values:

handleNullValues	Description	Combination with argumentStyle	Example where foo is null
asEmptyString	Arguments that contain a null value will be interpreted as an empty string.	dash	command -foo -bar baz
		slash	command /foo /bar baz
		variables-bash	foo=''; bar='baz'; command $foo $bar
		variables-powershell	$foo=''; $bar='baz'; command $foo $bar
asGone	Arguments that contain a null value removed from the argument list.	dash	command -bar baz
		slash	command /bar baz
		variables-bash	bar='baz'; command $foo $bar
		variables-powershell	$bar='baz'; command $foo $bar

Limitations

• Only "execution mode" of SSH is supported. The connector will create SSH connection, authenticate, execute the command and tear down the connection. This is slow, but it is reliable. The "session mode" would allow to set up a session and keep it open. This is supposed to be much faster, as we would avoid connection overhead. However, that would also mean that we will have problems of detecting where command execution ends, the commands may influence session state, this may be shell-specific (different method for bash and powershell), etc.

• Script language parameter is ignored. However, for future compatibility, we recommend using following values:

  Script language value	Description
  sh	Generic UNIX shell. No specific shell is assumed.
  bash	Bourne Again Shell, the GNU classic.
  cmd	Windows cmd.exe shell.
  powershell	Windows PowerShell.

  Setting of script language does not influence the shell will be executed when SSH connection is opened. That is influenced by server or account setting, the client (connector) will not change that. This setting may influence how the connector interprets the command-line or script output.

• The connector returns the output (stdout) of the script. The error stream (stderr) is not processed by the connector yet.

• The connector cannot process script exit code. SSH provides the exit code, but there is no good way how to pass the exit code through the ConnId layer.

If you do not like the limitations, we will be more than happy to accept a contribution.