- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
wapi: create zone_auth with allow_query
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2022 07:28 AM
Hi,
I'm trying to add a "zone_auth" with a NamedACL, but i'm getting following error:
{ "Error": "AdmConProtoError: TSIG key or access control rule structure or Named ACL ref expected in allow_query", "code": "Client.Ibap.Proto", "text": "TSIG key or access control rule structure or Named ACL ref expected in allow_query" }
This is the body I'm POST(ing) to "https://<url>/wapi/v2.11.3/request":
[ {
"method" : "POST", "object" : "zone_auth", "data" : { "allow_query" : [ "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public" ], "ns_group" : "RZ-DNS-Server", "fqdn" : "10.4.3.0/24", "comment" : "tbk.privat", "extattrs" : { "Backbone" : { "value" : "RZ" }, "Audit" : { "value" : "tbk - add network - Tue Aug 9 16:18:04 2022" } } } } ]
If I try to GET the Named ACL everything is fine:
curl -k -H 'Authorization: Basic <base64> content-type:application/json' -XGET "https://<url>/wapi/v2.11.3/namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public" { "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:uni", "name": "public" }
In the wapidoc for zone_auth the type of allow_query is as followed defined:
One of the following: Address ac struct, TSIG ac struct array.
so no Named ACL ref
Solved! Go to Solution.
Re: wapi: create zone_auth with allow_query
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 03:21 PM
A few things you'll want to fix:
- Specify that it's a reverse zone, with the zone_format attribute
- Specify that an ACL will be used, with the use_allow_query attribute
- The reference is passed as an attribute/value pair, in the allow_query structure
So your data should look something like this:
[ { "method" : "POST", "object" : "zone_auth", "data" : { "zone_format": "IPV4", "fqdn" : "10.4.3.0/24", "ns_group" : "Internal DNS", "comment" : "tbk.privat", "use_allow_query": true, "allow_query": [ { "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks" } ] } } ]
Re: wapi: create zone_auth with allow_query
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2022 03:24 AM
Hi,
thank you for the help. Now it's clear that I have to use
"use_allow_query": true,
and that the format of allow_query is:
"allow_query": [ { "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks" }
]
(a list of hashes with key,value par of "_ref","<_ref>")