#vserver security file-directory show

1 messages · Page 1 of 1 (latest)

orchid ocean
#

Version 9.10.1 P4

TLDR: some rest commands do not fail gracefully and return a valid status code.

Here is my situation. I'd like to get away from ssh and use Rest connections for some commands. One of the problems I am having with ssh via python and paramiko is that the ssh connection on the cluster often gets overloaded and starts to deny my connection requests, banner time outs, etc.

Originally this command was only available in the private cli passthrough. It works majority of the time, but will fail without a valid return code when it encounters broken acls such as an unresolved active directory group or user.

/api/private/cli/vserver/security/file-directory/path.

Then I noticed they ported it over to Rest finally in 9.9+/protocols/file-security/permissions/{svm.uuid}/{path}
This top works most of the time.... However you are still subject to the same problem when you encounter any type of broken sid.
The cli command works flawlessly even though you hit the errors. The field acl is still displayed and you can parse it, etc.

vserver security file-directory show -vserver x -path y -fields x,y,z

I also want to use the rest api for listing a path contents on the cluster as well. I sometimes find Unicode characters and those will cause the ssh, rest, etc to throw an error as well.

/api/storage/volumes/{volume.uuid}/files/{path}

Reference: https://library.netapp.com/ecmdocs/ECMLP2879871/html/#/NAS/file_directory_security_get

deep rose
#

I know this is an old post, but I have the exact same use case (wanting to move away from ssh and to REST for ACL lookups for the exact same reasons) and running into similar issues with 9.13.1. The REST API fails completely when it's unable to lookup any SID:

{
  "error": {
    "message": "Failed to convert SID to a Windows name. Reason: \"SecD Error: object not found\". ",
    "code": "4849677"
  }
}

It would be great if the REST API behaved similarly to CLI, where valid SID lookups were returned and failures were handled more gracefully. Anyone know if there's any work being done on this?

solemn lantern
#

Hi David,
Can you please provide and example of the python code used to send the request in addition to the request/response logs. That should give us more information to be able to answer your question. Thanks!