Reply

WAPI Modify Permission on multiple DNS zones

New Member
Posts: 3
3655     0

Hello

I need to set write permissions on a large number of DNS zones and on some members of the grid
I thought I would do it using WAPI but I am having difficulty setting the correct request which may be something like this:

 

curl -k -u admin:infoblox -X POST "https://IPGM/wapi/v2.10/permission" -d '{"role": "DNS Admin - Branch1", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEucmguaW50Mg:int2.rh/Internal-Branch1"}'

 

But i receive: 

"Error": "AdmConProtoError: Unknown argument/field

Is it possible to set the desired permissions (by associating a role or a group) on a list of zones through WAPI calls?

 

Thanks

Re: WAPI Modify Permission on multiple DNS zones

Superuser
Posts: 38
3656     0

Hi

 

In your curl the data object passed should be in raw format. the below curl should work for you.

curl -k -u admin:infoblox -X POST 'https://<grid-master>/wapi/v2.10/permission' -H 'Content-Type: application/json' --data-raw '{
    "role": "DNS Admin - Branch1",
    "permission": "WRITE",
    "object": "zone_auth/ZG5zLnpvbmUkLjEucmguaW50Mg:int2.rh/Internal-Branch1"
}'

Shukran

Shukran

Re: WAPI Modify Permission on multiple DNS zones

New Member
Posts: 3
3656     0

Thanks Shukran, it works!! Is it possibile modify permission on multiple zones...?  For ex i have also

 

\"role\": \"DNS Admin - Latam\", \"permission\": \"WRITE\",\"object\": \"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS5maWF0LmFuYWx5dGljcw:analytics.xx.com/Internal_Branch1\",
\"role\": \"DNS Admin - Latam\", \"permission\": \"WRITE\",\"object\": \"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS5mY2Fncm91cC5pbnRyYS5hcHBmaW5hbmNl:apfin.rest.com/Internal_Branch1\",

 

Probably it's necessary use the single entry api point wapi/v2.11.2/request an insert also the method for every object?

 

Thanks again

 

Re: WAPI Modify Permission on multiple DNS zones

[ Edited ]
Superuser
Posts: 38
3656     0

I am not aware if you could do it using the permission object but you could always use the request object and modify permissions for multiple zones.

 

You can use the syntax below for request object.

 

curl -k -u admin:infoblox -X POST 'https://<grid-master>/wapi/v2.7/request' -H 'Content-Type: application/json' --data-raw '[
    {
        "method": "POST",
        "object": "permission",
        "data": {
            "role": "Test Role",
            "permission": "WRITE",
            "object": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmFycGEuaW4tYWRkci4xMC4xMC4xMA:10.10.10.0%2F24/default"
        }
    },
    {
        "method": "POST",
        "object": "permission",
        "data": {
            "role": "Test Role",
            "permission": "WRITE",
            "object": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS50ZXN0:test.com/default"
        }
    }
]'
Shukran

Re: WAPI Modify Permission on multiple DNS zones

New Member
Posts: 3
3656     0

Thanks Shukran, also your last code works!

I have modified it using a support file

 

curl -k -u usr:usr -X POST "https://GM_!P/wapi/v2.10/request" -H "Content-Type: application/json" -d @zones_curl_param.json

 

Where zones_curl_param.json has this content

 

 

  {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLjRhbWlnb3NuYXN0cmFkYQ:Zone1/View1"
    }
  },
  {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZWxlcmFuZG9hc3ZlbmRhc2ZpYXQ:Zone2/View2"
    }
  },
   {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZXNzb3Jpb2dlbnVpbm9maWF0:Zon3/View3"
    }
   },
  {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZXNzb3Jpb2dlbnVpbm92YWxlbWFpcw:Zone4/View4"
    }
  }
 ]

 

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Demo: Infoblox IPAM plug-in integration with OpenStack Newton