ONTAP Rest API Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Rest API Discussions

Ask a Question

Create a RBAC role user with the new rest process

Sig
‎2021-07-05 03:57 PM
3,646 Views

Ok I'm a little frustrated with NetApp support.  After weeks they just sluffed me off to this group and told me to ask  here.

 

I hope someone here can answer my question.

 

I have an ONTAP 9.8 system (and older versions as well).

I used to be able to create custom role with read/write on all volume and
snapshots commands but deny the following:
volume delete
snapshot delete

 

Commands looked like this:

security login role create -vserver lan01 -role lanadmin -cmddirname "volume snapshot delete" -access none
security login role create -vserver lan01 -role lanadmin -cmddirname "volume delete" -access none

 

I'm told these no longer work and that I have to use the new rest-role commands.  I can't figure out the -api string to grant this same level of access.  I have tried several iterations.

security login rest-role modify -vserver lan01 -role lanadmin -api
/api/storage/volumes/*/snapshots -access readonly
...
security login rest-role modify -vserver lan01 -role lanadmin

-api /api/storage/volumes/{volume.uuid}/snapshots/{uuid} -access readonly

 

NetApp support doesn't seem to know how to help with this request.  Anyone here able to help?

Thanks

Sig

 

0 Kudos
1 ACCEPTED SOLUTION
tahmad has accepted the solution

JohnChampion
NetApp
‎2021-07-06 09:30 AM
In response to Sig
3,577 Views

REST API support is now provided through Slack ... try netapppub.slack.com and post questions in the #api channel.  You'll get a fairly quick response  (...though NetApp is at minimal manning 5-9 July - company-wide holiday break). To get an invite go to netapp.io and click the Slack icon at the top right.

 

Here is the ONTAPI to REST mapping information document (https://library.netapp.com/ecm/ecm_download_file/ECMLP2874886)

 

You can check the status of the mappings and request specific REST mappings that are missing.  At the top of the first page is a link ("we want to hear from you").  

 

You could also try using the /private/cli REST method which lets you run CLI commands through a REST call and (in most cases) get JSON formatted results.

 

View solution in original post

0 Kudos
3 REPLIES 3

Sig
‎2021-07-05 09:57 PM
In response to Sig
3,608 Views

Found this Community conversation that seems to indicate that the rest-role commands don't have the granularity to deny volume delete or snapshot delete commands.

https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/RBAC-over-RestRoles/m-p/164281

 

Frustrating to loose this functionality before rest-role has feature parity and for NetApp support to not know this info.

tahmad has accepted the solution

JohnChampion
NetApp
‎2021-07-06 09:30 AM
In response to Sig
3,578 Views

REST API support is now provided through Slack ... try netapppub.slack.com and post questions in the #api channel.  You'll get a fairly quick response  (...though NetApp is at minimal manning 5-9 July - company-wide holiday break). To get an invite go to netapp.io and click the Slack icon at the top right.

 

Here is the ONTAPI to REST mapping information document (https://library.netapp.com/ecm/ecm_download_file/ECMLP2874886)

 

You can check the status of the mappings and request specific REST mappings that are missing.  At the top of the first page is a link ("we want to hear from you").  

 

You could also try using the /private/cli REST method which lets you run CLI commands through a REST call and (in most cases) get JSON formatted results.

 

0 Kudos
Announcements
All Community Forums
Public