com_datadoghq_remoteaction_rshell

package
v0.0.0-...-bfe00b6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewRshellBundle 

func NewRshellBundle(cfg *config.Config) types.Bundle

NewRshellBundle creates the rshell bundle with its registered actions. It reads the operator-configured allowlists (paths and commands) from the config.

Types

type RshellBundle 

type RshellBundle struct {
	// contains filtered or unexported fields
}

RshellBundle implements types.Bundle for the com.datadoghq.remoteaction.rshell bundle.

func (*RshellBundle) GetAction 

func (b *RshellBundle) GetAction(actionName string) types.Action

GetAction returns the action registered under actionName, or nil if not found.

type RunCommandHandler 

type RunCommandHandler struct {
	// contains filtered or unexported fields
}

RunCommandHandler implements the runCommand action.

Both allow-lists are intersected unconditionally with the per-task backend list before being passed to rshell. They use different equivalence notions, and each axis has a sentinel value that means "allow whatever the backend allowed":

  • commands compare by exact string equality, with one special case: the literal "rshell:*" admits every backend entry in the "rshell:" namespace. Other operator entries must be in the backend's namespaced form to match.
  • paths compare by containment with the narrower side winning; the sentinel "/" admits every absolute path through containment.

On either axis, an explicit empty operator list is the kill-switch.

func NewRunCommandHandler 

func NewRunCommandHandler(operatorAllowedPaths []string, operatorAllowedCommands []string) *RunCommandHandler

func (*RunCommandHandler) Run 

func (h *RunCommandHandler) Run(
	ctx context.Context,
	task *types.Task,
	_ *privateconnection.PrivateCredentials,
) (interface{}, error)

Run executes the command through the rshell restricted interpreter. The environment is intentionally empty; no host environment variables are forwarded.

type RunCommandInputs 

type RunCommandInputs struct {
	Command         string              `json:"command"`
	AllowedCommands []string            `json:"allowedCommands"`
	AllowedPaths    map[string][]string `json:"allowedPaths"`
}

RunCommandInputs defines the inputs for the runCommand action.

The backend is the authoritative source for both allowlists. A nil Go slice (field absent or explicit JSON null) blocks everything on its respective axis — rshell refuses to run any command or open any file. A non-nil list is intersected with the operator config before being handed to rshell.

type RunCommandOutputs 

type RunCommandOutputs struct {
	ExitCode        int      `json:"exitCode"`
	Stdout          string   `json:"stdout"`
	Stderr          string   `json:"stderr"`
	SandboxWarnings []string `json:"sandboxWarnings,omitempty"`
}

RunCommandOutputs defines the outputs for the runCommand action.

SandboxWarnings carries non-fatal diagnostic messages emitted by rshell during runner construction (e.g. an AllowedPaths entry that does not exist on the host). Empty when the sandbox configuration is clean. These messages indicate misconfiguration, not command failure: they are independent of ExitCode.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.