ONTAP Rest API Discussions

Create a RBAC role user with the new rest process

Sig

Ok I'm a little frustrated with NetApp support.  After weeks they just sluffed me off to this group and told me to ask  here.

 

I hope someone here can answer my question.

 

I have an ONTAP 9.8 system (and older versions as well).

I used to be able to create custom role with read/write on all volume and
snapshots commands but deny the following:
volume delete
snapshot delete

 

Commands looked like this:

security login role create -vserver lan01 -role lanadmin -cmddirname "volume snapshot delete" -access none
security login role create -vserver lan01 -role lanadmin -cmddirname "volume delete" -access none

 

I'm told these no longer work and that I have to use the new rest-role commands.  I can't figure out the -api string to grant this same level of access.  I have tried several iterations.

security login rest-role modify -vserver lan01 -role lanadmin -api
/api/storage/volumes/*/snapshots -access readonly
...
security login rest-role modify -vserver lan01 -role lanadmin

-api /api/storage/volumes/{volume.uuid}/snapshots/{uuid} -access readonly

 

NetApp support doesn't seem to know how to help with this request.  Anyone here able to help?

Thanks

Sig

 

1 ACCEPTED SOLUTION

JohnChampion

REST API support is now provided through Slack ... try netapppub.slack.com and post questions in the #api channel.  You'll get a fairly quick response  (...though NetApp is at minimal manning 5-9 July - company-wide holiday break). To get an invite go to netapp.io and click the Slack icon at the top right.

 

Here is the ONTAPI to REST mapping information document (https://library.netapp.com/ecm/ecm_download_file/ECMLP2874886)

 

You can check the status of the mappings and request specific REST mappings that are missing.  At the top of the first page is a link ("we want to hear from you").  

 

You could also try using the /private/cli REST method which lets you run CLI commands through a REST call and (in most cases) get JSON formatted results.

 

View solution in original post

3 REPLIES 3

Sig

Found this Community conversation that seems to indicate that the rest-role commands don't have the granularity to deny volume delete or snapshot delete commands.

https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/RBAC-over-RestRoles/m-p/164281

 

Frustrating to loose this functionality before rest-role has feature parity and for NetApp support to not know this info.

JohnChampion

REST API support is now provided through Slack ... try netapppub.slack.com and post questions in the #api channel.  You'll get a fairly quick response  (...though NetApp is at minimal manning 5-9 July - company-wide holiday break). To get an invite go to netapp.io and click the Slack icon at the top right.

 

Here is the ONTAPI to REST mapping information document (https://library.netapp.com/ecm/ecm_download_file/ECMLP2874886)

 

You can check the status of the mappings and request specific REST mappings that are missing.  At the top of the first page is a link ("we want to hear from you").  

 

You could also try using the /private/cli REST method which lets you run CLI commands through a REST call and (in most cases) get JSON formatted results.

 

Public