On Sat, May 25, 2024 at 6:58 AM Ionel GARDAIS < [email protected]> wrote:
> Hi, > > What would be the best way to add/modify connections programmatically ? > I'd like to poll external providers for new servers/VPS and add them to > guacamole. > > There are three or four possible ways to do this, and the "best" will likely depend on how the external provider makes the information available and your level of coding experience... * If you have some experience coding Java - or want to gain said experience - you can write an authentication extension for Guacamole that polls the external provider(s) for connections and presents them to the users logging in to Guacamole. The advantage of going this route is that it would be completely dynamic - that is, the data could be polled/refreshed each time a user logs on to Guacamole (or a timer/periodic refresh could be implemented) and you'd never have to worry about a process running to manually refresh things. The challenges to this are 1) you'd need to write Java code, and 2) you'd need some knowledge of the API the providers are using and how to integrate with that. * The second and third option require that you are using the JDBC authentication extension. The second one involves writing data directly to the database that Guacamole uses - the schema for the database is relatively simple, and there's a decent amount of documentation about it and how to (safely) modify the underlying data: https://guacamole.apache.org/doc/gug/jdbc-auth.html#modifying-data-manually. You could have a script in the language of your choosing that goes out and collects the data from the external providers and then generates SQL commands to insert the data into the database. This has the advantage of being simpler than coding your own authentication extension, but the challenge is that you have to make sure that process runs reliably and deal with situations where you may step on users (you delete a connection while someone is using it, for example). * The third option, also using the JDBC extension, is to use REST API calls to create the connections in the JDBC extension. While we do not have great documentation for the REST API, it isn't too terribly difficult to figure out how to do this reverse-engineering it from the calls made when you create, delete, and update connections using the Guacamole Client web interface, since that interface also makes use of the REST API. The advantages to this are that it is a bit "safer" in terms of making sure that you don't insert something into the database that's going to completely trash it, it will be bound by all of the Guacamole security controls (authentication and authorization, in particular), and it's relatively easy these days to write code to make REST API calls. The biggest challenge to this one is that you have to figure out the mostly-undocumented Guacamole REST API. * The final option would be to use the existing JSON authentication extension, which allows you to log a user into Guacamole and provide the connection data in a (signed) JSON request. This one would be useful in the case where you actually want to redirect someone directly from an external provider to Guacamole, providing the connections as part of that redirect/authentication, and have them show up automatically. I kind of doubt this is what you're looking for, but thought I'd mention it, anyway. Documentation is here: https://guacamole.apache.org/doc/gug/json-auth.html. I suspect that you're going to want to go with one of the scripting options - either writing directly to the database or using the REST API - but wanted to lay out the other options, as well. -Nick
