You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Nate Cole (JIRA)" <ji...@apache.org> on 2016/10/24 15:36:58 UTC

[jira] [Created] (AMBARI-18680) Disallow POST and PUT operations on a cluster

Nate Cole created AMBARI-18680:
----------------------------------

             Summary: Disallow POST and PUT operations on a cluster
                 Key: AMBARI-18680
                 URL: https://issues.apache.org/jira/browse/AMBARI-18680
             Project: Ambari
          Issue Type: Task
            Reporter: Nate Cole
            Assignee: Nate Cole
            Priority: Critical
             Fix For: 2.5.0


When invoking an Offline Upgrade, the server should be restricted for operation by the web client.

* We can add a servlet filter to restrict this, then use a {{cluster-env}} property to indicate when the API should be locked down. 
* PUT/POST should all be disallowed
** Except when passing a custom header with calls that allows the functionality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)