Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API Examples

Reply

Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

[ Edited ]
Authority
Posts: 7
3565     0

WAPI VERSION 2.1 OR HIGHER REQUIRED

 

Based on a customer request, I created this WAPI request which will likely be useful in the future.

 

This call uses the WAPI "Request" object to go through the full process of creating two DTC servers, creating a DTC Pool, one for each server, then a topology rule, one for each Pool, then finally an LBDN with all the elements previously creted:

 

EDIT: The rules for the topology ruleset are not in variables, but it's very likely possible to do so. I'll add a version with variable rules if I see enough interest in this, for now it should be enough to remember where they add and edit them appropriately. 

 

Method: POST
URL: https://{{gm}}/wapi/v2.1/request
Body (in JSON):

[
    {
        "method": "STATE:ASSIGN",
        "data": {
            "server-1-name": "Jorge-WAPI-Web-Server-1",
            "server-1-ip": "88.88.88.88",
            "server-2-name": "Jorge-WAPI-Web-Server-2",
            "server-2-ip": "99.99.99.99",
            "pool-1-name": "Jorge-WAPI-Pool-1",
            "pool-2-name": "Jorge-WAPI-Pool-2",
            "topology-name": "Jorge-WAPI-Topology",
            "lbdn-name": "Jorge-WAPI-LBDN",
            "zone-name": "infoblox.demo"
        }
    },
    {
        "method": "POST",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-1-name:##",
            "host": "##STATE:server-1-ip:##"
        },
        "assign_state": {
            "dtc-server-1_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "POST",
        "object": "dtc:pool",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:pool-1-name:##",
            "lb_preferred_method": "GLOBAL_AVAILABILITY",
            "servers": [
                {
                    "ratio": 1,
                    "server": "##STATE:dtc-server-1_ref:##"
                }
            ]
        },
        "assign_state": {
            "dtc-pool-1_ref": "_ref"
        },
        "discard": false
    },
    {
        "method": "POST",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-2-name:##",
            "host": "##STATE:server-2-ip:##"
        },
        "assign_state": {
            "dtc-server-2_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "POST",
        "object": "dtc:pool",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:pool-2-name:##",
            "lb_preferred_method": "GLOBAL_AVAILABILITY",
            "servers": [
                {
                    "ratio": 1,
                    "server": "##STATE:dtc-server-2_ref:##"
                }
            ]
        },
        "assign_state": {
            "dtc-pool-2_ref": "_ref"
        },
        "discard": false
    },
    {
        "method": "POST",
        "object": "dtc:topology",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:topology-name:##",
            "rules": [
                {
                    "dest_type": "POOL",
                    "destination_link": "##STATE:dtc-pool-1_ref:##",
                    "sources": [
                        {
                            "source_op": "IS",
                            "source_type": "SUBNET",
                            "source_value": "10.10.10.0/24"
                        }
                    ]
                },
                {
                    "dest_type": "POOL",
                    "destination_link": "##STATE:dtc-pool-2_ref:##",
                    "sources": [
                        {
                            "source_op": "IS",
                            "source_type": "SUBNET",
                            "source_value": "20.20.20.0/24"
                        }
                    ]
                }
            ]
        },
        "assign_state": {
            "topology_ref": "_ref"
        },
        "discard": true
    },
    {
        "method": "GET",
        "object": "zone_auth",
        "data": {
            "fqdn": "##STATE:zone-name:##"
        },
        "enable_substitution": true,
        "assign_state": {
            "zone_ref": "_ref"
        }
    },
    {
        "method": "POST",
        "object": "dtc:lbdn",
        "data": {
            "lb_method": "TOPOLOGY",
            "name": "##STATE:lbdn-name:##",
            "topology": "##STATE:topology_ref:##",
            "patterns": [
                "wapi.dtc.infoblox.demo",
                "wapi2.dtc.infoblox.demo"
            ],
            "auth_zones": [
                "##STATE:zone_ref:##"
            ]
        },
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "STATE:DISPLAY"
    }
]

The following request will delete everything as created above:

 

 

 

Method: POST
URL: https://{{gm}}/wapi/v2.1/request
Body (in JSON):

[
    {
        "method": "STATE:ASSIGN",
        "data": {
            "server-1-name": "Jorge-WAPI-Web-Server-1",
            "server-2-name": "Jorge-WAPI-Web-Server-2",
            "pool-1-name": "Jorge-WAPI-Pool-1",
            "pool-2-name": "Jorge-WAPI-Pool-2",
            "topology-name": "Jorge-WAPI-Topology",
            "lbdn-name": "Jorge-WAPI-LBDN"
        }
    },
    {
        "method": "GET",
        "object": "dtc:lbdn",
        "data": {
            "name": "##STATE:lbdn-name:##"
        },
        "assign_state": {
            "lbdn_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:lbdn_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:topology",
        "data": {
            "name": "##STATE:topology-name:##"
        },
        "assign_state": {
            "dtc-topology_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-topology_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:pool",
        "data": {
            "name": "##STATE:pool-1-name:##"
        },
        "assign_state": {
            "dtc-pool-1_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-pool-1_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-1-name:##"
        },
        "assign_state": {
            "dtc-server-1_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-server-1_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:pool",
        "data": {
            "name": "##STATE:pool-2-name:##"
        },
        "assign_state": {
            "dtc-pool-2_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-pool-2_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-2-name:##"
        },
        "assign_state": {
            "dtc-server-2_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-server-2_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "STATE:DISPLAY"
    }
]

Have fun!

 

Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

Adviser
Posts: 85
3565     0

Thank you for sharing Jorge.

--------------------------------------
Check out our new Tech docs website for latest documentation on Infoblox products.

Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

Authority
Posts: 7
3565     0

OK, here is the request body, with the topology rules now as variables and at the top (I'm not sure why I couldn't get them to work originally, goes to show what a good night's sleep does!)

 

[
    {
        "method": "STATE:ASSIGN",
        "data": {
            "server-1-name": "Jorge-WAPI-Web-Server-1",
            "server-1-ip": "88.88.88.88",
            "server-2-name": "Jorge-WAPI-Web-Server-2",
            "server-2-ip": "99.99.99.99",
            "pool-1-name": "Jorge-WAPI-Pool-1",
            "pool-2-name": "Jorge-WAPI-Pool-2",
            "topology-name": "Jorge-WAPI-Topology",
            "lbdn-name": "Jorge-WAPI-LBDN",
            "zone-name": "infoblox.demo",
            "pool-1-sources":[
                        {
                            "source_op": "IS",
                            "source_type": "SUBNET",
                            "source_value": "10.10.10.0/24"
                        }
                    ],
            "pool-2-sources":[
                        {
                            "source_op": "IS",
                            "source_type": "SUBNET",
                            "source_value": "20.20.20.0/24"
                        }
                    ]
        }
    },
    {
        "method": "POST",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-1-name:##",
            "host": "##STATE:server-1-ip:##"
        },
        "assign_state": {
            "dtc-server-1_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "POST",
        "object": "dtc:pool",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:pool-1-name:##",
            "lb_preferred_method": "GLOBAL_AVAILABILITY",
            "servers": [
                {
                    "ratio": 1,
                    "server": "##STATE:dtc-server-1_ref:##"
                }
            ]
        },
        "assign_state": {
            "dtc-pool-1_ref": "_ref"
        },
        "discard": false
    },
    {
        "method": "POST",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-2-name:##",
            "host": "##STATE:server-2-ip:##"
        },
        "assign_state": {
            "dtc-server-2_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "POST",
        "object": "dtc:pool",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:pool-2-name:##",
            "lb_preferred_method": "GLOBAL_AVAILABILITY",
            "servers": [
                {
                    "ratio": 1,
                    "server": "##STATE:dtc-server-2_ref:##"
                }
            ]
        },
        "assign_state": {
            "dtc-pool-2_ref": "_ref"
        },
        "discard": false
    },
    {
        "method": "POST",
        "object": "dtc:topology",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:topology-name:##",
            "rules": [
                {
                    "dest_type": "POOL",
                    "destination_link": "##STATE:dtc-pool-1_ref:##",
                    "sources": "##STATE:pool-1-sources:##"
                },
                {
                    "dest_type": "POOL",
                    "destination_link": "##STATE:dtc-pool-2_ref:##",
                    "sources": "##STATE:pool-2-sources:##"
                }
            ]
        },
        "assign_state": {
            "topology_ref": "_ref"
        },
        "discard": true
    },
    {
        "method": "GET",
        "object": "zone_auth",
        "data": {
            "fqdn": "##STATE:zone-name:##"
        },
        "enable_substitution": true,
        "assign_state": {
            "zone_ref": "_ref"
        }
    },
    {
        "method": "POST",
        "object": "dtc:lbdn",
        "data": {
            "lb_method": "TOPOLOGY",
            "name": "##STATE:lbdn-name:##",
            "topology": "##STATE:topology_ref:##",
            "patterns": [
                "wapi.dtc.infoblox.demo",
                "wapi2.dtc.infoblox.demo"
            ],
            "auth_zones": [
                "##STATE:zone_ref:##"
            ]
        },
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "STATE:DISPLAY"
    }
]

Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

[ Edited ]
Authority
Posts: 7
3565     0

Final Edit: I added the LBDN patterns as variables at the top, and added an ICMP monitor to the pools as an example.

 

[
    {
        "method": "STATE:ASSIGN",
        "data": {
            "server-1-name": "Jorge-WAPI-Web-Server-1",
            "server-1-ip": "88.88.88.88",
            "server-2-name": "Jorge-WAPI-Web-Server-2",
            "server-2-ip": "99.99.99.99",
            "pool-1-name": "Jorge-WAPI-Pool-1",
            "pool-2-name": "Jorge-WAPI-Pool-2",
            "topology-name": "Jorge-WAPI-Topology",
            "lbdn-name": "Jorge-WAPI-LBDN",
            "zone-name": "infoblox.demo",
            "pool-1-sources":[
                        {
                            "source_op": "IS",
                            "source_type": "SUBNET",
                            "source_value": "10.10.10.0/24"
                        }
                    ],
            "pool-2-sources":[
                        {
                            "source_op": "IS",
                            "source_type": "SUBNET",
                            "source_value": "20.20.20.0/24"
                        }
                    ],
            "lbdb-patterns": [
                "wapi.dtc.infoblox.demo",
                "wapi2.dtc.infoblox.demo"
            ],
            "monitor-name":"icmp",
            "monitor-type":"dtc:monitor:icmp"
        }
    },
    {
        "method": "GET",
        "object": "##STATE:monitor-type:##",
        "data": {
            "name": "##STATE:monitor-name:##"
        },
        "assign_state": {
            "monitor_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "POST",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-1-name:##",
            "host": "##STATE:server-1-ip:##"
        },
        "assign_state": {
            "dtc-server-1_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "POST",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-2-name:##",
            "host": "##STATE:server-2-ip:##"
        },
        "assign_state": {
            "dtc-server-2_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "POST",
        "object": "dtc:pool",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:pool-1-name:##",
            "lb_preferred_method": "GLOBAL_AVAILABILITY",
            "servers": [
                {
                    "ratio": 1,
                    "server": "##STATE:dtc-server-1_ref:##"
                }
            ],
            "monitors":[
            	"##STATE:monitor_ref:##"
            ]
        },
        "assign_state": {
            "dtc-pool-1_ref": "_ref"
        },
        "discard": false
    },
        {
        "method": "POST",
        "object": "dtc:pool",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:pool-2-name:##",
            "lb_preferred_method": "GLOBAL_AVAILABILITY",
            "servers": [
                {
                    "ratio": 1,
                    "server": "##STATE:dtc-server-2_ref:##"
                }
            ],
            "monitors":[
            	"##STATE:monitor_ref:##"
            ]
        },
        "assign_state": {
            "dtc-pool-2_ref": "_ref"
        },
        "discard": false
    },
    {
        "method": "POST",
        "object": "dtc:topology",
        "enable_substitution": true,
        "data": {
            "name": "##STATE:topology-name:##",
            "rules": [
                {
                    "dest_type": "POOL",
                    "destination_link": "##STATE:dtc-pool-1_ref:##",
                    "sources": "##STATE:pool-1-sources:##"
                },
                {
                    "dest_type": "POOL",
                    "destination_link": "##STATE:dtc-pool-2_ref:##",
                    "sources": "##STATE:pool-2-sources:##"
                }
            ]
        },
        "assign_state": {
            "topology_ref": "_ref"
        },
        "discard": true
    },
    {
        "method": "GET",
        "object": "zone_auth",
        "data": {
            "fqdn": "##STATE:zone-name:##"
        },
        "enable_substitution": true,
        "assign_state": {
            "zone_ref": "_ref"
        }
    },
    {
        "method": "POST",
        "object": "dtc:lbdn",
        "data": {
            "lb_method": "TOPOLOGY",
            "name": "##STATE:lbdn-name:##",
            "topology": "##STATE:topology_ref:##",
            "patterns": "##STATE:lbdb-patterns:##",
            "auth_zones": [
                "##STATE:zone_ref:##"
            ]
        },
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "STATE:DISPLAY"
    }
]

Here is also the DELETE script, with a small tweak in the order of deletion (delete all servers first, then all pools) just to make it easier to re-use the calls.

[
    {
        "method": "STATE:ASSIGN",
        "data": {
            "server-1-name": "Jorge-WAPI-Web-Server-1",
            "server-2-name": "Jorge-WAPI-Web-Server-2",
            "pool-1-name": "Jorge-WAPI-Pool-1",
            "pool-2-name": "Jorge-WAPI-Pool-2",
            "topology-name": "Jorge-WAPI-Topology",
            "lbdn-name": "Jorge-WAPI-LBDN"
        }
    },
    {
        "method": "GET",
        "object": "dtc:lbdn",
        "data": {
            "name": "##STATE:lbdn-name:##"
        },
        "assign_state": {
            "lbdn_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:lbdn_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:topology",
        "data": {
            "name": "##STATE:topology-name:##"
        },
        "assign_state": {
            "dtc-topology_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-topology_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:pool",
        "data": {
            "name": "##STATE:pool-1-name:##"
        },
        "assign_state": {
            "dtc-pool-1_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-pool-1_ref:##",
        "enable_substitution": true,
        "discard": false
    },
        {
        "method": "GET",
        "object": "dtc:pool",
        "data": {
            "name": "##STATE:pool-2-name:##"
        },
        "assign_state": {
            "dtc-pool-2_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-pool-2_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-1-name:##"
        },
        "assign_state": {
            "dtc-server-1_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-server-1_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "GET",
        "object": "dtc:server",
        "data": {
            "name": "##STATE:server-2-name:##"
        },
        "assign_state": {
            "dtc-server-2_ref": "_ref"
        },
        "enable_substitution": true,
        "discard": true
    },
    {
        "method": "DELETE",
        "object": "##STATE:dtc-server-2_ref:##",
        "enable_substitution": true,
        "discard": false
    },
    {
        "method": "STATE:DISPLAY"
    }
]

 

Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

New Member
Posts: 1
3565     0

Hi,

 

In the presentation yesterday (How to Leverage APIs to Automate and Optimize Infoblox DTC) i was told you don't use the PUT option.

How can i modify all records (DTCSmiley Tongueool) with a specific comment and add a health check?

So i need to do a GET to store the pool names and then modify the health checks (monitors).

 

Regards,

 

Dwight Goossens

 

Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

New Member
Posts: 1
3565     0

Hey Dwight,

 

We meant in this particular demo we weren't using PUT.  The REST API does support put, post, and get.  

 

There's info on our API at https://www.infoblox.com/wp-content/uploads/infoblox-deployment-infoblox-rest-api.pdf.

 

Let me know if you have any other questions.

 

Thanks!

Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

New Member
Posts: 1
3565     0

Hallo zusammen,
leider kann ich keinen Feature-Request selbst starten und nutze einmal diese Diskussion.

 

Kann für die WAPI demnächst (gleichgültig der Version) die Möglichkeit bestehen VLANs zu erstellen/zu modifizieren und zu löschen und das für eine VLAN-Range sowie eine Suche nach dem nächsten freien VLAN in einer VLAN-Range und nicht nur für eine VLAN-View?
Momentan geht beides nur für die VLAN-Views.

Add-VLAN to View (not VLAN-Range)

curl -k -u admin:infoblox -H 'content-type: application/json' -X POST "https://gridmaster/wapi/v2.11/vlan?_return_fields%2B=id,name&_return_as_object=1" -d '{"id": 11,"name": "testvlan","parent":
"vlanview/ZG5zLnZsYW5fdmlldyR0ZXN0LjEwLjIw:test/10/20","reserved":true,"contact":"879220","department":"ng"}'

Get next VLAN from View (not VLAN-Range)

curl -k -u admin:infoblox -H 'content-type: application/json' -X POST "https://gridmaster/wapi/v2.11/vlan?_return_fields%2B=id,name&_return_as_object=1" -d
'{"id":"func:nextavailablevlanid:vlanview/ZG5zLnZsYW5fdmlldyR0ZXN0LjEwLjIw:test/10/20","name": "nextvlan","parent":
"vlanview/ZG5zLnZsYW5fdmlldyR0ZXN0LjEwLjIw:test/10/20","reserved":true,"contact":"879220","department":"ng"}'


Wissen Sie mehr dazu?

VG
aus einem Network-Team


Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

Authority
Posts: 14
3565     0

I have setup a testlab with an empty DTC and I tried to post the complete code with postman but I receive this error and I don't know what this means:

    "Error""AdmConProtoError: The operation returned an empty list ([]) assign_state is supported only when the result operation returns a single result.",

Re: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single Request

Moderator
Moderator
Posts: 312
3565     0

Note that this demonstration depends on having the zone "infoblox.demo" already installed in the default dns view.   I think that's the only thing it relies on to be already present.  You might have to modify the zone section to specify a DNS view, if your preferred DNS zone is not in the default DNS view.

 

Unfortunately troubleshooting a multibody post can be challenging, as the errors don't always tell us what section the error came from.   If the DNS zone isn't the problem, you might need to break it apart into sections, to troubleshoot.

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You