Actionable Message Cards having issue with expectedActors field

%3CLINGO-SUB%20id%3D%22lingo-sub-229383%22%20slang%3D%22en-US%22%3EActionable%20Message%20Cards%20having%20issue%20with%20expectedActors%20field%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-229383%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20sending%20Actionable%20Message%20Cards%20to%20our%20outllook%20email%20which%20has%20capability%20of%20restarting%20applications%20servers%20and%20so%20on.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20the%20security%20perspective%20I%20am%20trying%20to%20limit%20users%20based%20on%20email%20id%20to%20restrict%20the%20access%20on%20which%20people%20can%20take%20action.%20I%20just%20want%20a%20set%20of%20users%20to%20perform%20the%20action%20and%20seems%20the%20field%20of%20expectedActors%20in%20the%20cards%20should%20do%20the%20needful.%20But%20on%20using%20that%20I%20don't%20see%20any%20difference%20and%20anyone%20can%20hit%20the%20button%20to%20take%20actions%20like%20restarting%20applications.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBelow%20is%20the%20sample%20of%20message%20card%20I%20am%20using%20as%20a%20part%20of%20my%20python%20script.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Efilters%20%3D%20%7B%3CBR%20%2F%3E%22%40type%22%3A%20%22AdaptiveCard%22%2C%3CBR%20%2F%3E%22%40context%22%3A%20%22%3CA%20href%3D%22http%3A%2F%2Fschema.org%2Fextensions%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschema.org%2Fextensions%3C%2FA%3E%22%2C%3CBR%20%2F%3E%22expectedActors%22%3A%20%5Bstr(%22person%40work.com%22)%5D%2C%3CBR%20%2F%3E%22themeColor%22%3A%20%220076D7%22%2C%3CBR%20%2F%3E%22summary%22%3A%20%22ElasticBeanstalk%20New%20Alert%22%2C%3CBR%20%2F%3E%22sections%22%3A%20%5B%7B%3CBR%20%2F%3E%22activityTitle%22%3A%20%22!%5BTestImage%5D(%3CA%20href%3D%22https%3A%2F%2F47a92947.ngrok.io%2FContent%2FImages%2Fdefault.png)Vaibhav%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2F47a92947.ngrok.io%2FContent%2FImages%2Fdefault.png)Vaibhav%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EShah%20created%20a%20new%20task%22%2C%3CBR%20%2F%3E%22activitySubtitle%22%3A%20%22On%20Project%20EB%20EVENTS%22%2C%3CBR%20%2F%3E%22activityImage%22%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fteamsnodesample.azurewebsites.net%2Fstatic%2Fimg%2Fimage5.png%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fteamsnodesample.azurewebsites.net%2Fstatic%2Fimg%2Fimage5.png%3C%2FA%3E%22%2C%3CBR%20%2F%3E%22facts%22%3A%20%5B%7B%3CBR%20%2F%3E%22name%22%3A%20%22Application%20Name%22%2C%3CBR%20%2F%3E%22value%22%3A%20app%3CBR%20%2F%3E%7D%2C%7B%3CBR%20%2F%3E%22name%22%3A%20%22Environment%20Name%22%2C%3CBR%20%2F%3E%22value%22%3A%20env%3CBR%20%2F%3E%7D%2C%7B%3CBR%20%2F%3E%22name%22%3A%20%22ElasticBeanstalk%20URL%22%2C%3CBR%20%2F%3E%22value%22%3A%20eb_url%3CBR%20%2F%3E%7D%2C%7B%3CBR%20%2F%3E%22name%22%3A%20%22Message%22%2C%3CBR%20%2F%3E%22value%22%3A%20%22ENVIRONMENT%20HEALTH%20HAS%20FAILED.%20PRODUCTION%20IMPACTED%22%3CBR%20%2F%3E%7D%2C%7B%3CBR%20%2F%3E%22name%22%3A%20%22ACTION%22%2C%3CBR%20%2F%3E%22value%22%3A%20%22APPLICATION%20RESTART%20HAS%20BEEN%20INITIATED%22%3CBR%20%2F%3E%7D%5D%2C%3CBR%20%2F%3E%22markdown%22%3A%20True%3CBR%20%2F%3E%7D%5D%2C%3CBR%20%2F%3E%22potentialAction%22%3A%20%5B%7B%3CBR%20%2F%3E%22%40type%22%3A%20%22ActionCard%22%2C%3CBR%20%2F%3E%22name%22%3A%20%22Restart%22%2C%3CBR%20%2F%3E%22inputs%22%3A%20%5B%7B%3CBR%20%2F%3E%22%40type%22%3A%20%22TextInput%22%2C%3CBR%20%2F%3E%22id%22%3A%20%22comment%22%2C%3CBR%20%2F%3E%22isMultiline%22%3A%20False%2C%3CBR%20%2F%3E%22title%22%3A%20%22Add%20a%20comment%20here%20for%20restart%22%3CBR%20%2F%3E%7D%5D%2C%3CBR%20%2F%3E%22actions%22%3A%20%5B%7B%3CBR%20%2F%3E%22%40type%22%3A%20%22HttpPOST%22%2C%3CBR%20%2F%3E%22name%22%3A%20%22Restart%20Application%22%2C%3CBR%20%2F%3E%22headers%22%3A%20%5B%3CBR%20%2F%3E%7B%22name%22%3A%20%22Authorization%22%2C%20%22value%22%3A%20%22%3CSPAN%3Ekey-value%3C%2FSPAN%3E%22%7D%2C%3CBR%20%2F%3E%7B%22name%22%3A%20%22key%22%2C%20%22value%22%3A%20%22%22%7D%2C%3CBR%20%2F%3E%7B%22name%22%3A%20%22CARD-UPDATE-IN-BODY%22%2C%20%22value%22%3A%20%22true%22%7D%2C%3CBR%20%2F%3E%7B%22name%22%3A%20%22ContentType%22%2C%20%22value%22%3A%20%22application%2Fjson%22%7D%3CBR%20%2F%3E%5D%2C%3CBR%20%2F%3E%22bodyContentType%22%3A%20%22application%2Fjson%22%2C%3CBR%20%2F%3E%22body%22%3A%20json.dumps(%7B%22type%22%3A%22app%22%2C%20%22Env%22%3Aenv%2C%20%22key%22%3A%22%3CSPAN%3Ekey-value%3C%2FSPAN%3E%22%7D)%2C%3CBR%20%2F%3E%22target%22%3A%20%22%3CSPAN%3Etargeturl%3C%2FSPAN%3E%22%3CBR%20%2F%3E%7D%2C%3CBR%20%2F%3E%7B%3CBR%20%2F%3E%22%40type%22%3A%20%22HttpPOST%22%2C%3CBR%20%2F%3E%22name%22%3A%20%22Restart%20EC2%20Instances%22%2C%3CBR%20%2F%3E%22headers%22%3A%20%5B%3CBR%20%2F%3E%7B%22name%22%3A%20%22key%22%2C%20%22value%22%3A%20%22%3CSPAN%3Ekey-value%3C%2FSPAN%3E%22%7D%2C%3CBR%20%2F%3E%7B%22name%22%3A%20%22CARD-UPDATE-IN-BODY%22%2C%20%22value%22%3A%20%22true%22%7D%2C%3CBR%20%2F%3E%7B%22name%22%3A%20%22ContentType%22%2C%20%22value%22%3A%20%22application%2Fjson%22%7D%3CBR%20%2F%3E%5D%2C%3CBR%20%2F%3E%22bodyContentType%22%3A%20%22application%2Fjson%22%2C%3CBR%20%2F%3E%22body%22%3A%20json.dumps(%7B%22type%22%3A%22ec2%22%2C%20%22Env%22%3Aenv%2C%20%22key%22%3A%22key-value%22%7D)%2C%3CBR%20%2F%3E%22target%22%3A%20%22targeturl%22%3CBR%20%2F%3E%7D%5D%3CBR%20%2F%3E%7D%5D%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eresponse%20%3D%20requests.post(HOOK_URL%2C%20json%3Dfilters)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-229462%22%20slang%3D%22en-US%22%3ERe%3A%20Actionable%20Message%20Cards%20having%20issue%20with%20expectedActors%20field%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-229462%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20moving%20your%20question%20to%20the%20Outlook%20community%20for%20better%20visibility.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I am sending Actionable Message Cards to our outllook email which has capability of restarting applications servers and so on. 

 

From the security perspective I am trying to limit users based on email id to restrict the access on which people can take action. I just want a set of users to perform the action and seems the field of expectedActors in the cards should do the needful. But on using that I don't see any difference and anyone can hit the button to take actions like restarting applications. 

 

Below is the sample of message card I am using as a part of my python script.

 

filters = {
"@type": "AdaptiveCard",
"@context": "http://schema.org/extensions",
"expectedActors": [str("person@work.com")],
"themeColor": "0076D7",
"summary": "ElasticBeanstalk New Alert",
"sections": [{
"activityTitle": "![TestImage](https://47a92947.ngrok.io/Content/Images/default.png)Vaibhav Shah created a new task",
"activitySubtitle": "On Project EB EVENTS",
"activityImage": "https://teamsnodesample.azurewebsites.net/static/img/image5.png",
"facts": [{
"name": "Application Name",
"value": app
},{
"name": "Environment Name",
"value": env
},{
"name": "ElasticBeanstalk URL",
"value": eb_url
},{
"name": "Message",
"value": "ENVIRONMENT HEALTH HAS FAILED. PRODUCTION IMPACTED"
},{
"name": "ACTION",
"value": "APPLICATION RESTART HAS BEEN INITIATED"
}],
"markdown": True
}],
"potentialAction": [{
"@type": "ActionCard",
"name": "Restart",
"inputs": [{
"@type": "TextInput",
"id": "comment",
"isMultiline": False,
"title": "Add a comment here for restart"
}],
"actions": [{
"@type": "HttpPOST",
"name": "Restart Application",
"headers": [
{"name": "Authorization", "value": "key-value"},
{"name": "key", "value": ""},
{"name": "CARD-UPDATE-IN-BODY", "value": "true"},
{"name": "ContentType", "value": "application/json"}
],
"bodyContentType": "application/json",
"body": json.dumps({"type":"app", "Env":env, "key":"key-value"}),
"target": "targeturl"
},
{
"@type": "HttpPOST",
"name": "Restart EC2 Instances",
"headers": [
{"name": "key", "value": "key-value"},
{"name": "CARD-UPDATE-IN-BODY", "value": "true"},
{"name": "ContentType", "value": "application/json"}
],
"bodyContentType": "application/json",
"body": json.dumps({"type":"ec2", "Env":env, "key":"key-value"}),
"target": "targeturl"
}]
}]}

 

response = requests.post(HOOK_URL, json=filters)

1 Reply

I'm moving your question to the Outlook community for better visibility.