Aaron Meyer created GUACAMOLE-1919:
--------------------------------------
Summary: Add option to call external scripts before/after
connections are passed to guacd.
Key: GUACAMOLE-1919
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1919
Project: Guacamole
Issue Type: Wish
Components: guacamole
Reporter: Aaron Meyer
The simple version of the idea is to be able to call an external script or
process before and after a connection is made in order to automate any number
of external systems in concert with the connection.
* An 'External Scripts' section in the connection editor
** 'Script Before' field to provide path to script/program
** 'Script After' field to provide path to script/program
** For Before fields:
*** A checkbox to enable/disable blocking the connection until script returns
*** A checkbox to enable/disable passing connection password to script
** For both Before/After: A numeric field for all scripts for a timeout value
of seconds to wait for response.
*** Scripts set to block would timeout to connection failure. (ideally a
message to user for cause of failure.
*** Non-blocking scripts would timeout and proceed with connection.
** Add a + button to dynamically add multiple scripts called for both before /
after options - each script should have blocking/secure checkboxes.
*** If multiple scripts are configured it would be nice to run them in
parallel if that's possible.
* Metadata.
** For calling scripts the following details should be passed
*** Connection details including any expanded from placeholders
*** Include password value if option enabled.
** Option: Scripts could return string values to guacamole and display message
to connecting user.
* Function
** If before connection script is set to block, AND if script returns False
the connection should be aborted. Ideally the script can pass through a string
to the user for reason for script failure.
I see this as being a swiss army knife for many different integration options.
* Sending notifications to any messaging platform when users connect to notify
on connections opened / closed outside of the system being connected to.
* Script could send approval request to system owner via Ntfy, Slack, Teams,
SMS etc. If owner accepts connection continues, if not the connection fails and
message from owner is displayed to requestor. (Requires calling script to be
able to return values to guac)
* DIY VDI to quickly spin up desktop containers or linked clone VMs on demand
using ANY container / virtualization environment.
* DIY VDI If using VM pools, could checkout a running VM from pool and
depending on pool remaining capacity spin up additional VM. Then on closing
connection evaluation on pool capacity could destroy / suspend / poweroff
endpoints.
* Create a new tunneled port through a bastion host / launch VPN tunnel / etc.
to reach a secured remote system.
* Allow connections only during specified days / time of day.
Anything you could script could be extended to, this could be quite powerful.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
