Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

API & Integration

Reply
Highlighted

Add Permissions to Network/Container

SWomack
Techie
Posts: 5
4264     0

I need to add Permissions to Networks/Container for various AD_Admin groups that are part of my IPAM..I think I see the Object from the WAPI API Guide..if this can be done can I get a CURL example of how to perform this functionality?

Re: Add Permissions to Network/Container

[ Edited ]
Authority
Posts: 18
4265     0

Hi SWomack, this is the generic syntax for a CURL command to create a permission for an object:

 

curl -k -u admin -X POST https://[GM_IP_or_FQDN/wapi/v[version]/permission -H "Content-Type:application/json" -d '{"group":"[admin_group_name]","permission":"[READ/WRITE/DENY]","object":"[object_reference]"}'

 

In the below example, I do a couple of GETs to get the name of the group and zone reference for the example, then I POST a READ permission for zone "one.zone".

 

GET some admin groups:

 

jfigueira$ curl -k -u admin -XGET https://jfigueira-demo/wapi/v2.1/admingroup?name~="Group"
Enter host password for user 'admin':
[
    {
        "_ref": "admingroup/b25lLmFkbWluX2dyb3VwJC5Hcm91cCBB:Group%20A", 
        "name": "Group A"
    }, 
    {
        "_ref": "admingroup/b25lLmFkbWluX2dyb3VwJC5Hcm91cCBC:Group%20B", 
        "name": "Group B"
    }, 
    {
        "_ref": "admingroup/b25lLmFkbWluX2dyb3VwJC5Hcm91cCBD:Group%20C", 
        "name": "Group C"
    }, 
    {
        "_ref": "admingroup/b25lLmFkbWluX2dyb3VwJC5Hcm91cCBE:Group%20D", 
        "name": "Group D"
    }
]

GET zone reference:

 

jfigueira$ curl -k -u admin -X GET https://jfigueira-demo/wapi/v2.1/zone_auth?fqdn=one.zone
Enter host password for user 'admin':
[
    {
        "_ref": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LnpvbmUub25l:one.zone/Internal", 
        "fqdn": "one.zone", 
        "view": "Internal"
    }
]

POST new READ permission for one.zone:

jfigueira$ curl -k -u admin -X POST https://jfigueira-demo/wapi/v2.1/permission -H "Content-Type:application/json" -d '{"group":"Group A","permission":"READ","object":"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LnpvbmUub25l:one.zone/Internal"}'
Enter host password for user 'admin':
"permission/b25lLmhpZXJfcnVsZSQuY29tLmluZm9ibG94LmRucy56b25lJC5fZGVmYXVsdC56b25lLm9uZS4uLmNvbS5pbmZvYmxveC5vbmUuYWRtaW5fZ3JvdX

You'll receive a reference for your new permission, which would be useful if for example you decided to change the permission object.

 

GUI before POST command:

Screen Shot 2015-09-14 at 12.19.25 .png

 

GUI after POST command:

Screen Shot 2015-09-14 at 12.21.57 .png

 

 

Re: Add Permissions to Network/Container

BRose
Techie
Posts: 3
4265     0

I'm using powershell to try and manage groups and users.  I found this post using the admingroup object.  I'm trying to use the following:

 

Invoke-WebRequest -Uri https://infoblox/wapi/v2.1/admingroup?name~="admin-group" -Credential $cred

 

I'm getting the following error:

 

Invoke-WebRequest : The remote server returned an error: (400) Bad Request.
At line:1 char:1
+ Invoke-WebRequest -Uri $Uri -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

 

Other commands work fine:

 

PS H:\Scripts> Invoke-WebRequest -Uri 'https://infoblox/wapi/v2.1/record:host?name=<removed>' -Credential $cred


StatusCode : 200
StatusDescription : OK
Content : ...

 

Any idea?  I haven't used curl so I'll work on getting that setup and see if I get different results.

Re: Add Permissions to Network/Container

BRose
Techie
Posts: 3
4265     0

I attempted with curl and receive the following:

 

PS C:\bin\curl\bin> .\curl.exe -k -u admin -XGET https://infoblox/wapi/v2.1/admingroup?name~="Group"
Enter host password for user 'admin':
{ "Error": "AdmConProtoError: Unknown object type (admingroup)",
"code": "Client.Ibap.Proto",
"text": "Unknown object type (admingroup)"
}PS C:\bin\curl\bin>

Showing results for 
Search instead for 
Do you mean 

Recommended for You