- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
WAPI Modify Permission on multiple DNS zones
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2022 01:42 AM
Hello
I need to set write permissions on a large number of DNS zones and on some members of the grid
I thought I would do it using WAPI but I am having difficulty setting the correct request which may be something like this:
curl -k -u admin:infoblox -X POST "https://IPGM/wapi/v2.10/permission" -d '{"role": "DNS Admin - Branch1", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEucmguaW50Mg:int2.rh/Internal-Branch1"}'
But i receive:
"Error": "AdmConProtoError: Unknown argument/field
Is it possible to set the desired permissions (by associating a role or a group) on a list of zones through WAPI calls?
Thanks
Solved! Go to Solution.
Re: WAPI Modify Permission on multiple DNS zones
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2022 03:13 AM
Hi
In your curl the data object passed should be in raw format. the below curl should work for you.
curl -k -u admin:infoblox -X POST 'https://<grid-master>/wapi/v2.10/permission' -H 'Content-Type: application/json' --data-raw '{ "role": "DNS Admin - Branch1", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEucmguaW50Mg:int2.rh/Internal-Branch1" }'
Shukran
Re: WAPI Modify Permission on multiple DNS zones
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2022 08:40 AM
Thanks Shukran, it works!! Is it possibile modify permission on multiple zones...? For ex i have also
\"role\": \"DNS Admin - Latam\", \"permission\": \"WRITE\",\"object\": \"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS5maWF0LmFuYWx5dGljcw:analytics.xx.com/Internal_Branch1\",
\"role\": \"DNS Admin - Latam\", \"permission\": \"WRITE\",\"object\": \"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS5mY2Fncm91cC5pbnRyYS5hcHBmaW5hbmNl:apfin.rest.com/Internal_Branch1\",
Probably it's necessary use the single entry api point wapi/v2.11.2/request an insert also the method for every object?
Thanks again
Re: WAPI Modify Permission on multiple DNS zones
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2022 12:34 AM - edited 07-04-2022 12:36 AM
I am not aware if you could do it using the permission object but you could always use the request object and modify permissions for multiple zones.
You can use the syntax below for request object.
curl -k -u admin:infoblox -X POST 'https://<grid-master>/wapi/v2.7/request' -H 'Content-Type: application/json' --data-raw '[ { "method": "POST", "object": "permission", "data": { "role": "Test Role", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmFycGEuaW4tYWRkci4xMC4xMC4xMA:10.10.10.0%2F24/default" } }, { "method": "POST", "object": "permission", "data": { "role": "Test Role", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS50ZXN0:test.com/default" } } ]'
Re: WAPI Modify Permission on multiple DNS zones
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2022 04:03 AM
Thanks Shukran, also your last code works!
I have modified it using a support file
curl -k -u usr:usr -X POST "https://GM_!P/wapi/v2.10/request" -H "Content-Type: application/json" -d @zones_curl_param.json
Where zones_curl_param.json has this content
{ "method": "POST", "object": "permission", "data": { "role": "Test Role", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLjRhbWlnb3NuYXN0cmFkYQ:Zone1/View1" } }, { "method": "POST", "object": "permission", "data": { "role": "Test Role", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZWxlcmFuZG9hc3ZlbmRhc2ZpYXQ:Zone2/View2" } }, { "method": "POST", "object": "permission", "data": { "role": "Test Role", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZXNzb3Jpb2dlbnVpbm9maWF0:Zon3/View3" } }, { "method": "POST", "object": "permission", "data": { "role": "Test Role", "permission": "WRITE", "object": "zone_auth/ZG5zLnpvbmUkLjEuYnIuY29tLmFjZXNzb3Jpb2dlbnVpbm92YWxlbWFpcw:Zone4/View4" } } ]