Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

How-to Articles

feb-20.jpg

Migrating from the Infoblox Perl API to the Infoblox REST API in Perl Scripts

Infoblox NIOS provides two APIs, one in Perl (PAPI), and one as a RESTful HTTP-based API (WAPI). The Perl API is the original, available from almost the beginning with the Infoblox DNSone appliances. Infoblox has continued to develop the Perl API for over 10 years maintaining a similar structure and schema. The Perl API has one significant drawback, which is a requirement to upgrade the Infoblox-provided Perl module every time you upgrade NIOS. In addition, Perl has been on a long, slow decline in popularity. According to the TIOBE Index (1), Perl peaked in popularity in May 2005 at #3 and is currently (as of November 2017) at its nadir at #15 since records began in 2001. Many script writers have moved to Python which is optimal for RESTful operations due to the similarity of its dict structure to the JSON format used by most RESTful APIs.

 

In NIOS 6.6, Infoblox introduced the Web API which is a RESTful interface using HTTPS transport. The WAPI is very well documented in both the built-in documentation on the NIOS appliances and the Infoblox Community API and Integrations section (2). The WAPI has several advantages over the PAPI:

  • Programming language agnostic - Use any scripting/programming language that supports HTTPS requests or use simple curl commands
  • No module to upgrade when upgrading NIOS - only a URL change when you're ready
  • Backward compatibility is always maintained within a schema version
  • Self-describing schema
  • Standardized JSON or XML data interchange formats

The focus of this blog post is on the migration path from PAPI to WAPI inside Perl scripts. Many Infoblox NIOS users have existing Perl scripts that use the PAPI and the information here can be used for a slow migration to WAPI or for the addition of new functionality in existing scripts so as to gain the flexibility that the WAPI provides.

 

The NIOS WAPI, like many RESTful APIs, makes extensive use of HTTPS requests and JSON or XML format for input and output. Before getting started, make sure you have the following Perl modules installed on your system:

  • REST::Client
  • MIME::Base64 

Optional:

  • JSON (if you plan to use JSON formatted data)
  • XML::LibXML (or similar, if you plan to use XML formatted data)
  • Data::\Dumper (useful if you want to dump structured data to strings) 

Here's a sample script that does a typical operation (adds a host record) via PAPI (note that these scripts are included as attachments to this blog post):

 

#!/usr/bin/perl

use strict;
use warnings;
use Infoblox;

my $host_ip = "10.60.27.4";
my $ibuser = "admin";
my $ibpw = "infoblox";

my $session = Infoblox::Session->new(
        master => $host_ip,
        username => $ibuser,
        password => $ibpw
);
unless ($session) {
        die(qq(constructor for session failed: ),
                join(":", Infoblox::status_code(), Infoblox::status_detail()));
}

my $host = Infoblox::DNS::Host->new(
        name => "host1.test.com",
        comment => "Added via PAPI",
        ipv4addrs => ["1.1.1.1"]
);

my $response = $session->add( $host );

 This example uses curl to accomplish the same thing via the WAPI:

 

curl -k1 -u admin:infoblox -H "Content-Type: application/json" -X POST https://10.60.27.4/wapi/v2.7/record:host -d '{"name": "host2.test.com", "comment": "Added via curl", "ipv4addrs": [{"ipv4addr": "2.2.2.2"}]}' 

As you can see, the WAPI example is much simpler because REST requests are stateless. Unlike the PAPI which requires a session to be established followed by data operations while the WAPI uses a stateless request for each individual operation.

 

There are a number of ways to perform RESTful operations from Perl. These include a simple curl command executed using backticks or system() or the LWP module which is used for making HTTPS requests, but the most featureful module for this purpose is the REST::Client module. The REST::Client module does a lot of the work of abstracting things like request headers and responses. Here is an example script that performs the same operation using the NIOS WAPI via the Perl REST::Client module:

 

#!/usr/bin/perl

use strict;
use warnings;
use REST::Client;
use MIME::Base64;

my $host_name = "infoblox.localdomain";
my $host_ip = "10.60.27.4";
my $ibuser = "admin";
my $ibpw = "infoblox";
my $wapiver = "2.7";
my $wapiurl = "https://".$host_ip."/wapi/v".$wapiver;
my $headers = {Accept => 'application/json', Authorization => 'Basic ' . encode_base64($ibuser . ':' . $ibpw)};

my $client = REST::Client->new();
$client->setHost($wapiurl);
$client->getUseragent()->ssl_opts(verify_hostname => 0); 
$client->getUseragent()->ssl_opts(SSL_verify_mode => "SSL_VERIFY_NONE");

my $body = '{"ipv4addrs":[{"ipv4addr":"3.3.3.3"}],"name":"host3.test.com","comment":"Added via WAPI Perl script"}';
$client->POST('/record:host', $body, $headers);

Here is the result of all three of the above operations:

 

Result of PAPI, curl, and WAPI operations

 

The above examples show that it is possible to use either the Infoblox PAPI or WAPI from within a Perl script. Moving to the WAPI for new scripts and changes to existing scripts has a number of advantages:

  • Ability to move API calls between scripts of different languages (WAPI calls are language agnostic)
  • Similarity to other vendor RESTful APIs which are widely implemented on many other products
  • Use of standardized data interchange formats: JSON or XML
  • Reduced reliance on Perl scripting, which is a skill that is becoming more rare
  • Support for Infoblox Cloud APIs

(1) https://www.tiobe.com/tiobe-index/perl/

(2) https://community.infoblox.com/t5/API-Integrations/ct-p/APIIntegrations

 

 

Showing results for 
Search instead for 
Did you mean: