Reply

wapi: create zone_auth with allow_query

Posts: 7
1990     0

Hi,

 

I'm trying to add a "zone_auth" with a NamedACL, but i'm getting following error:

 

{ "Error": "AdmConProtoError: TSIG key or access control rule structure or Named ACL ref expected in allow_query", 
  "code": "Client.Ibap.Proto", 
  "text": "TSIG key or access control rule structure or Named ACL ref expected in allow_query"
}

 

This is the body I'm POST(ing) to "https://<url>/wapi/v2.11.3/request":

 

[
   {
"method" : "POST", "object" : "zone_auth", "data" : { "allow_query" : [ "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public" ], "ns_group" : "RZ-DNS-Server", "fqdn" : "10.4.3.0/24", "comment" : "tbk.privat", "extattrs" : { "Backbone" : { "value" : "RZ" }, "Audit" : { "value" : "tbk - add network - Tue Aug 9 16:18:04 2022" } } } } ]

If I try to GET the Named ACL everything is fine:

 

curl -k -H 'Authorization:  Basic <base64> content-type:application/json' -XGET "https://<url>/wapi/v2.11.3/namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public"
{
    "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:uni",
    "name": "public"
}

In the wapidoc for zone_auth the type of allow_query is as followed defined:

 

One of the following: Address ac struct, TSIG ac struct array.

so no Named ACL ref

Re: wapi: create zone_auth with allow_query

Moderator
Moderator
Posts: 315
1991     0

A few things you'll want to fix:

  • Specify that it's a reverse zone, with the zone_format attribute
  • Specify that an ACL will be used, with the use_allow_query attribute
  • The reference is passed as an attribute/value pair, in the allow_query structure

So your data should look something like this:

[
   {
      "method" : "POST",
      "object" : "zone_auth",
      "data" : {
        "zone_format": "IPV4",
        "fqdn" : "10.4.3.0/24",
        "ns_group" : "Internal DNS",
	"comment" : "tbk.privat",
        "use_allow_query": true,
      	"allow_query": [
          {
            "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks"
          }
        ]
      }      
   }
]

Re: wapi: create zone_auth with allow_query

Posts: 7
1991     0

Hi,

 

thank you for the help. Now it's clear that I have to use

 

"use_allow_query": true,

 

and that the format of allow_query is:

 

"allow_query": [
       {
         "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks"
       }
]

(a list of hashes with key,value par of "_ref","<_ref>")

Showing results for 
Search instead for 
Did you mean: 

Recommended for You