WAPI Modify Permission on multiple DNS zones

Fabio_stll · ‎06-29-2022

Hello

I need to set write permissions on a large number of DNS zones and on some members of the grid
I thought I would do it using WAPI but I am having difficulty setting the correct request which may be something like this:

curl -k -u admin:infoblox -X POST "https://IPGM/wapi/v2.10/permission" -d '{"role": "DNS Admin - Branch1", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEucmguaW50Mg:int2.rh/Internal-Branch1"}'

But i receive:

"Error": "AdmConProtoError: Unknown argument/field

Is it possible to set the desired permissions (by associating a role or a group) on a list of zones through WAPI calls?

Thanks

shukran · ‎06-29-2022

Hi

In your curl the data object passed should be in raw format. the below curl should work for you.

curl -k -u admin:infoblox -X POST 'https://<grid-master>/wapi/v2.10/permission' -H 'Content-Type: application/json' --data-raw '{
    "role": "DNS Admin - Branch1",
    "permission": "WRITE",
    "object": "zone_auth/ZG5zLnpvbmUkLjEucmguaW50Mg:int2.rh/Internal-Branch1"
}'

Shukran

Fabio_stll · ‎06-30-2022

Thanks Shukran, it works!! Is it possibile modify permission on multiple zones...? For ex i have also

\"role\": \"DNS Admin - Latam\", \"permission\": \"WRITE\",\"object\": \"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS5maWF0LmFuYWx5dGljcw:analytics.xx.com/Internal_Branch1\",
\"role\": \"DNS Admin - Latam\", \"permission\": \"WRITE\",\"object\": \"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS5mY2Fncm91cC5pbnRyYS5hcHBmaW5hbmNl:apfin.rest.com/Internal_Branch1\",

Probably it's necessary use the single entry api point wapi/v2.11.2/request an insert also the method for every object?

Thanks again

shukran · ‎07-04-2022

I am not aware if you could do it using the permission object but you could always use the request object and modify permissions for multiple zones.

You can use the syntax below for request object.

curl -k -u admin:infoblox -X POST 'https://<grid-master>/wapi/v2.7/request' -H 'Content-Type: application/json' --data-raw '[
    {
        "method": "POST",
        "object": "permission",
        "data": {
            "role": "Test Role",
            "permission": "WRITE",
            "object": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmFycGEuaW4tYWRkci4xMC4xMC4xMA:10.10.10.0%2F24/default"
        }
    },
    {
        "method": "POST",
        "object": "permission",
        "data": {
            "role": "Test Role",
            "permission": "WRITE",
            "object": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS50ZXN0:test.com/default"
        }
    }
]'

Shukran

Fabio_stll · ‎07-06-2022

Thanks Shukran, also your last code works!

I have modified it using a support file

curl -k -u usr:usr -X POST "https://GM_!P/wapi/v2.10/request" -H "Content-Type: application/json" -d @zones_curl_param.json

Where zones_curl_param.json has this content

  {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLjRhbWlnb3NuYXN0cmFkYQ:Zone1/View1"
    }
  },
  {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZWxlcmFuZG9hc3ZlbmRhc2ZpYXQ:Zone2/View2"
    }
  },
   {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZXNzb3Jpb2dlbnVpbm9maWF0:Zon3/View3"
    }
   },
  {
    "method": "POST",
    "object": "permission",
    "data": {
      "role": "Test Role",
      "permission": "WRITE",
      "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZXNzb3Jpb2dlbnVpbm92YWxlbWFpcw:Zone4/View4"
    }
  }
 ]

THE GAME HAS CHANGED

API Examples

WAPI Modify Permission on multiple DNS zones

Re: WAPI Modify Permission on multiple DNS zones

Re: WAPI Modify Permission on multiple DNS zones

Re: WAPI Modify Permission on multiple DNS zones

Re: WAPI Modify Permission on multiple DNS zones