-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run Kitodo Script commands via Active MQ #6013
Conversation
7fd387a
to
c5bc6a8
Compare
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/MapMessageObjectReader.java
Fixed
Show resolved
Hide resolved
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/MapMessageObjectReader.java
Fixed
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good (apart from some small suggestions), but lacks a test. Please provide a test for this new functionality and update the documentation in the wiki.
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/MapMessageObjectReader.java
Outdated
Show resolved
Hide resolved
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/MapMessageObjectReader.java
Outdated
Show resolved
Hide resolved
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/MapMessageObjectReader.java
Outdated
Show resolved
Hide resolved
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/MapMessageObjectReader.java
Outdated
Show resolved
Hide resolved
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/MapMessageObjectReader.java
Dismissed
Show dismissed
Hide dismissed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for incorporating the change requests.
Kitodo/src/test/java/org/kitodo/production/interfaces/activemq/KitodoScriptProcessorIT.java
Show resolved
Hide resolved
Kitodo/src/test/java/org/kitodo/production/interfaces/activemq/KitodoScriptProcessorIT.java
Outdated
Show resolved
Hide resolved
Kitodo/src/main/java/org/kitodo/production/services/command/KitodoScriptService.java
Outdated
Show resolved
Hide resolved
Kitodo/src/test/java/org/kitodo/production/interfaces/activemq/KitodoScriptProcessorIT.java
Outdated
Show resolved
Hide resolved
Kitodo/src/test/java/org/kitodo/production/interfaces/activemq/KitodoScriptProcessorIT.java
Outdated
Show resolved
Hide resolved
Kitodo/src/test/java/org/kitodo/production/interfaces/activemq/KitodoScriptProcessorIT.java
Outdated
Show resolved
Hide resolved
…/MapMessageObjectReader.java Co-authored-by: Arved Solth <[email protected]>
a1bf77c
to
b7c5f2b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes looks good but I can not test the changes by real samples but the tests should cover the introduced new processor. After merging the documentation https://github.com/kitodo/kitodo-production/wiki/Developer_3.x-Active-MQ should / must be updated for the new ActiveMQ processor so anyone can create the correct message queue messages.
A hopefully important information and maybe discussion decision: It could be a dangerous to enable feature through the configuration option as any KitodoScript can be executed for an unlimited list of process ids. You only needed access to the used ActiveMQ server and send to this queue a message. There is no restriction like in the UI where you need at least a login and proper rights to execute KitodoScripts for amount of or all projects and their processes. As everyone how can send ActiveMQ messages to that queue can execute the "hidden" KitodoScript action At least a note be applied to the part inside |
I can't really imagine that it happens by accident, that a Kitodo script is parameterized like that. Yes, and maybe it's even intended to delete processes, who knows. On our systems, only defined ports are accessible, so no one can activate anything other than # You can provide a queue from which messages are read to run a Kitodo Script
# •-------------------------------------------------------------------------•
# | CAUTION: This can be used to use an unknown Kitodo script with the name |
# | "action:deleteProcesses", and this could result in data destruction! |
# •-------------------------------------------------------------------------•
#activeMQ.kitodoScript.queue=KitodoProduction.KitodoScript.Queue |
The text looks good but I don't know if we really want to hint to the dangerous script call. If you run everything on one host / virtual machine / real system and access everything only by localhost the risk is lower to to them who run this parts on different hosts / virtual machines / real systems as they need this splitting. |
I take your concerns seriously and added a whitelist to the configuration so that only explicitly permitted commands can be started remotely. I think this should relieve all worries. |
Kitodo/src/main/java/org/kitodo/production/interfaces/activemq/KitodoScriptProcessor.java
Outdated
Show resolved
Hide resolved
Thanks. Such an allow list is a simple way to archive this - better then nothing at all. |
@matthias-ronge @solth The ActiveMQ developer documenation is not yet updated for this new feature. |
This development allows to run Kitodo Script commands using the Active MQ interface.
For example, to export processes, you send a Map Message with the content:
processes
can be a single integer, or string representing an integer, or a list of either, or string with several integers separated by non-digit character(s).Resolves #5980
This development is funded by the Municipality of The Hague—Construction Office.