Nate Cole created AMBARI-18680:
----------------------------------
Summary: Disallow POST and PUT operations on a cluster
Key: AMBARI-18680
URL: https://issues.apache.org/jira/browse/AMBARI-18680
Project: Ambari
Issue Type: Task
Reporter: Nate Cole
Assignee: Nate Cole
Priority: Critical
Fix For: 2.5.0
When invoking an Offline Upgrade, the server should be restricted for operation
by the web client.
* We can add a servlet filter to restrict this, then use a {{cluster-env}}
property to indicate when the API should be locked down.
* PUT/POST should all be disallowed
** Except when passing a custom header with calls that allows the functionality.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
