ONTAP Rest API Discussions

Create a RBAC role user with the new rest process

Sig
2,474 Views

Ok I'm a little frustrated with NetApp support.  After weeks they just sluffed me off to this group and told me to ask  here.

 

I hope someone here can answer my question.

 

I have an ONTAP 9.8 system (and older versions as well).

I used to be able to create custom role with read/write on all volume and
snapshots commands but deny the following:
volume delete
snapshot delete

 

Commands looked like this:

security login role create -vserver lan01 -role lanadmin -cmddirname "volume snapshot delete" -access none
security login role create -vserver lan01 -role lanadmin -cmddirname "volume delete" -access none

 

I'm told these no longer work and that I have to use the new rest-role commands.  I can't figure out the -api string to grant this same level of access.  I have tried several iterations.

security login rest-role modify -vserver lan01 -role lanadmin -api
/api/storage/volumes/*/snapshots -access readonly
...
security login rest-role modify -vserver lan01 -role lanadmin

-api /api/storage/volumes/{volume.uuid}/snapshots/{uuid} -access readonly

 

NetApp support doesn't seem to know how to help with this request.  Anyone here able to help?

Thanks

Sig

 

1 ACCEPTED SOLUTION

JohnChampion
2,405 Views

REST API support is now provided through Slack ... try netapppub.slack.com and post questions in the #api channel.  You'll get a fairly quick response  (...though NetApp is at minimal manning 5-9 July - company-wide holiday break). To get an invite go to netapp.io and click the Slack icon at the top right.

 

Here is the ONTAPI to REST mapping information document (https://library.netapp.com/ecm/ecm_download_file/ECMLP2874886)

 

You can check the status of the mappings and request specific REST mappings that are missing.  At the top of the first page is a link ("we want to hear from you").  

 

You could also try using the /private/cli REST method which lets you run CLI commands through a REST call and (in most cases) get JSON formatted results.

 

View solution in original post

3 REPLIES 3

Sig
2,436 Views

Found this Community conversation that seems to indicate that the rest-role commands don't have the granularity to deny volume delete or snapshot delete commands.

https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/RBAC-over-RestRoles/m-p/164281

 

Frustrating to loose this functionality before rest-role has feature parity and for NetApp support to not know this info.

JohnChampion
2,406 Views

REST API support is now provided through Slack ... try netapppub.slack.com and post questions in the #api channel.  You'll get a fairly quick response  (...though NetApp is at minimal manning 5-9 July - company-wide holiday break). To get an invite go to netapp.io and click the Slack icon at the top right.

 

Here is the ONTAPI to REST mapping information document (https://library.netapp.com/ecm/ecm_download_file/ECMLP2874886)

 

You can check the status of the mappings and request specific REST mappings that are missing.  At the top of the first page is a link ("we want to hear from you").  

 

You could also try using the /private/cli REST method which lets you run CLI commands through a REST call and (in most cases) get JSON formatted results.

 

Public