Actionable Message Cards having issue with expectedActors field

Copper Contributor

I am sending Actionable Message Cards to our outllook email which has capability of restarting applications servers and so on. 

 

From the security perspective I am trying to limit users based on email id to restrict the access on which people can take action. I just want a set of users to perform the action and seems the field of expectedActors in the cards should do the needful. But on using that I don't see any difference and anyone can hit the button to take actions like restarting applications. 

 

Below is the sample of message card I am using as a part of my python script.

 

filters = {
"@type": "AdaptiveCard",
"@context": "http://schema.org/extensions",
"expectedActors": [str("person@work.com")],
"themeColor": "0076D7",
"summary": "ElasticBeanstalk New Alert",
"sections": [{
"activityTitle": "![TestImage](https://47a92947.ngrok.io/Content/Images/default.png)Vaibhav Shah created a new task",
"activitySubtitle": "On Project EB EVENTS",
"activityImage": "https://teamsnodesample.azurewebsites.net/static/img/image5.png",
"facts": [{
"name": "Application Name",
"value": app
},{
"name": "Environment Name",
"value": env
},{
"name": "ElasticBeanstalk URL",
"value": eb_url
},{
"name": "Message",
"value": "ENVIRONMENT HEALTH HAS FAILED. PRODUCTION IMPACTED"
},{
"name": "ACTION",
"value": "APPLICATION RESTART HAS BEEN INITIATED"
}],
"markdown": True
}],
"potentialAction": [{
"@type": "ActionCard",
"name": "Restart",
"inputs": [{
"@type": "TextInput",
"id": "comment",
"isMultiline": False,
"title": "Add a comment here for restart"
}],
"actions": [{
"@type": "HttpPOST",
"name": "Restart Application",
"headers": [
{"name": "Authorization", "value": "key-value"},
{"name": "key", "value": ""},
{"name": "CARD-UPDATE-IN-BODY", "value": "true"},
{"name": "ContentType", "value": "application/json"}
],
"bodyContentType": "application/json",
"body": json.dumps({"type":"app", "Env":env, "key":"key-value"}),
"target": "targeturl"
},
{
"@type": "HttpPOST",
"name": "Restart EC2 Instances",
"headers": [
{"name": "key", "value": "key-value"},
{"name": "CARD-UPDATE-IN-BODY", "value": "true"},
{"name": "ContentType", "value": "application/json"}
],
"bodyContentType": "application/json",
"body": json.dumps({"type":"ec2", "Env":env, "key":"key-value"}),
"target": "targeturl"
}]
}]}

 

response = requests.post(HOOK_URL, json=filters)

1 Reply

I'm moving your question to the Outlook community for better visibility.