Skip to content

Disable API

Info

SOCA 25.8.0 and newer: It's recommended to switch to Feature Flags to manage APIs and View access.

If required, SOCA administrators can disable web API or views by using @disabled decorator

Disable an API

First, let's confirm a user can submit a job via the /api/scheduler/job endpoint:

 curl -k -X POST \
>    -H "X-SOCA-TOKEN: xxx" \
>    -H "X-SOCA-USER: mickael" \
>    -F payload="IyEvYmluL2Jhc2gKI1BCUyAtTiB0ZXN0am9iCiNQQlMgLVYgLWogb2UgLW8gdGVzdGpvYl9vdXRwdXQucWxvZwojUEJTIC1QIG15cHJvamVjdAojUEJTIC1xIG5vcm1hbAojUEJTIC1sIG5vZGVzPTEsaW5zdGFuY2VfdHlwZT1jNS5sYXJnZQovYmluL2VjaG8gIkhlbGxvIFdvcmxkIgo="  \
>    https://xxx.us-west-2.elb.amazonaws.com/api/scheduler/job
{"success": true, "message": "0"}

Edit /opt/soca/<CLUSTER_ID>/cluter_web_ui/api/v1/scheduler/pbspro/job.py and import the new decorator

from decorators import disabled

Locate the API you want to disable and replace the current decorator with @disabled

Before: 

@private_api
def post(self):
    // code

After: 

@disabled
def post(self):
   // code

Restart SOCA web interface via socawebui.sh stop/start and validate you cannot use the API anymore

 curl -k -X POST \
>    -H "X-SOCA-TOKEN: xxx" \
>    -H "X-SOCA-USER: mickael" \
>    -F payload="IyEvYmluL2Jhc2gKI1BCUyAtTiB0ZXN0am9iCiNQQlMgLVYgLWogb2UgLW8gdGVzdGpvYl9vdXRwdXQucWxvZwojUEJTIC1QIG15cHJvamVjdAojUEJTIC1xIG5vcm1hbAojUEJTIC1sIG5vZGVzPTEsaW5zdGFuY2VfdHlwZT1jNS5sYXJnZQovYmluL2VjaG8gIkhlbGxvIFdvcmxkIgo="  \
>    https://xxx.us-west-2.elb.amazonaws.com/api/scheduler/job
{"success": false, "message": "This API has been disabled by your Administrator"}

If you want to re-enable the API, simply configure the decorator back to its previous version (@private_api). Restart the web interface again and verify the API is now enabled: 

 curl -k -X POST \
>    -H "X-SOCA-TOKEN: xxx" \
>    -H "X-SOCA-USER: mickael" \
>    -F payload="IyEvYmluL2Jhc2gKI1BCUyAtTiB0ZXN0am9iCiNQQlMgLVYgLWogb2UgLW8gdGVzdGpvYl9vdXRwdXQucWxvZwojUEJTIC1QIG15cHJvamVjdAojUEJTIC1xIG5vcm1hbAojUEJTIC1sIG5vZGVzPTEsaW5zdGFuY2VfdHlwZT1jNS5sYXJnZQovYmluL2VjaG8gIkhlbGxvIFdvcmxkIgo="  \
>    https://xxx.us-west-2.elb.amazonaws.com/api/scheduler/job
{"success": true, "message": "1"}

Disable a view

Process is very similar, locate the HTTP view you want to restrict. For example edit /opt/soca/<CLUSTER_ID>/cluster_web_ui/views/remote_desktop.py

Import the new decorator

from decorators import login_required, disabled

Then replace the current decorator of the view you want to restrict with @disabled

@remote_desktop.route('/remote_desktop', methods=['GET'])
@disabled
def index():
    // code

Restart the Web UI. Accessing the view will now redirect you back to your homepage