I’m prepping some Phoenix apps for deployment (hype!), and for one of them I would like to have a small CLI script to perform some simple tasks which are security sensitive enough that I’d rather not have them on the admin panel.
I understand that I can create eval scripts similar to the “migrate” script that you get with mix phx.gen.release, but I haven’t been able to find any documentation or previous forum threads about passing arguments to these scripts, so I thought it would be a good topic for a new thread
One approach which should work would be to inject the args directly into the eval as a literal string and then parse them back out in Elixir.
Essentially the following (haven’t tested this yet):
def eval_cli(raw_args) do
args = OptionParser.split(raw_args)
# ...
end
Does anyone have any better ideas? I feel like I can’t be the first person to have this problem, but everything I’ve been able to find essentially just suggests writing evals manually in the shell which I don’t want to do.
I think, unless you provide arguments in an elixir form, it’s impossible to have a reliable result, you’d need to realize a proper Elixir (shell) escaping from the shell/script.
I guess with this way you can’t put space in arguments?
I’d save myself the hassle and create a control Unix domain socket in a well-known location, like /var/run. Have a process listen for incoming messages and you can basically do whatever you want. You can create a CLI program, in bash, C, whatever, and implement any “protocol” you want. You can send JSON {"mod": "MyApp.Whatever", "fun": "some_fun", "args": ["some", "arg"]}. An even more flexible approach would be to encode erlang terms in a binary message but then you’ll be basically reimplementing GitHub - nerves-networking/beam_notify: Send a message from a shell script to the BEAM.
You are correct, of course, and my disappointment with this was what prompted me to post
I believe what’s going on there is that "$@" properly quotes the args that it outputs, which then promptly breaks up the string that you pass to elixir -e. Using "$*" works as expected because it joins the args into one big (space-delimited) string, except you then destroy any information about which args are which, meaning your args can no longer have spaces etc. This would actually be perfectly fine for my use case (which is very simple), but it would be nice to have a real solution.
I did consider trying to inject the args into argv somehow, which is clever, but even if it worked for eval I don’t see how it could be made to work for rpc.
I think you could also manually quote out each argument (which may actually be the simplest working solution), like:
./my_app eval "MyApp.func(\"$1\", \"$2\")"
But there are still so many obvious ways to break this.
This is indeed a much saner solution, though I think we have different concepts of avoiding hassle I think this would be overkill for my case (something I intend to run maybe once every couple months), but if I had to use it every day I’d probably go this way.
Honestly the best strategy in my case may just be to use Mix scripts in prod (I’ll have Mix installed anyway as I intend to build the releases on each server), but it would be nice if there was a proper way to use “scripts in releases” built into Elixir.
