You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Nate Cole (JIRA)" <ji...@apache.org> on 2016/10/24 15:41:58 UTC

[jira] [Updated] (AMBARI-18680) Disallow POST and PUT operations on a cluster

     [ https://issues.apache.org/jira/browse/AMBARI-18680?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nate Cole updated AMBARI-18680:
-------------------------------
    Component/s: ambari-server

> Disallow POST and PUT operations on a cluster
> ---------------------------------------------
>
>                 Key: AMBARI-18680
>                 URL: https://issues.apache.org/jira/browse/AMBARI-18680
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>            Reporter: Nate Cole
>            Assignee: Nate Cole
>            Priority: Critical
>             Fix For: 2.5.0
>
>
> When invoking an Offline Upgrade, the server should be restricted for operation by the web client.
> * We can add a servlet filter to restrict this, then use a {{cluster-env}} property to indicate when the API should be locked down. 
> * PUT/POST should all be disallowed
> ** Except when passing a custom header with calls that allows the functionality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)