THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

API Examples

Reply

wapi: create zone_auth with allow_query
TBaumgartner-Ki
Techie
Posts: 7

‎08-09-2022 07:28 AM

1994     0

Hi,

 

I'm trying to add a "zone_auth" with a NamedACL, but i'm getting following error:

 

{ "Error": "AdmConProtoError: TSIG key or access control rule structure or Named ACL ref expected in allow_query", 
  "code": "Client.Ibap.Proto", 
  "text": "TSIG key or access control rule structure or Named ACL ref expected in allow_query"
}

 

This is the body I'm POST(ing) to "https://<url>/wapi/v2.11.3/request":

 

[
   {
      "method" : "POST",
      "object" : "zone_auth",
      "data" : {
         "allow_query" : [
            "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public"
         ],
         "ns_group" : "RZ-DNS-Server",
         "fqdn" : "10.4.3.0/24",
         "comment" : "tbk.privat",
         "extattrs" : {
            "Backbone" : {
               "value" : "RZ"
            },
            "Audit" : {
               "value" : "tbk - add network - Tue Aug  9 16:18:04 2022"
            }
         }
      }
      
   }
]

If I try to GET the Named ACL everything is fine:

 

curl -k -H 'Authorization:  Basic <base64> content-type:application/json' -XGET "https://<url>/wapi/v2.11.3/namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public"
{
    "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:uni",
    "name": "public"
}

In the wapidoc for zone_auth the type of allow_query is as followed defined:

 

One of the following: Address ac struct, TSIG ac struct array.

so no Named ACL ref

Labels:
Reply
0 Kudos

Re: wapi: create zone_auth with allow_query
MattR
Moderator
Moderator
Posts: 315

‎08-10-2022 03:21 PM

1995     0

A few things you'll want to fix:

  • Specify that it's a reverse zone, with the zone_format attribute
  • Specify that an ACL will be used, with the use_allow_query attribute
  • The reference is passed as an attribute/value pair, in the allow_query structure

So your data should look something like this:

[
   {
      "method" : "POST",
      "object" : "zone_auth",
      "data" : {
        "zone_format": "IPV4",
        "fqdn" : "10.4.3.0/24",
        "ns_group" : "Internal DNS",
	"comment" : "tbk.privat",
        "use_allow_query": true,
      	"allow_query": [
          {
            "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks"
          }
        ]
      }      
   }
]
Reply

Re: wapi: create zone_auth with allow_query
TBaumgartner-Ki
Techie
Posts: 7

‎08-12-2022 03:24 AM

1995     0

Hi,

 

thank you for the help. Now it's clear that I have to use

 

"use_allow_query": true,

 

and that the format of allow_query is:

 

"allow_query": [
       {
         "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks"
       }
]

(a list of hashes with key,value par of "_ref","<_ref>")

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements