I want to create an API-only service account that can only create and update A & TXT records in a subzone. All of this should be automated via the WAPI interface.
Steps I had in mind:
1. create subzone: POST https://{{grid_master}}/wapi/v2.7/zone_auth?_return_fields=fqdn
2. create group: POST https://{{grid_master}}/wapi/v2.7/admingroup (for now I add a local user manually, but want to link it to an AD group later)
3. block this group to all resources (deny IPV6_HOST_ADDRESS / HOST / IPV6_NETWORK / NETWORK / HOST_ADDRESS / NETWORK_VIEW / PORT_CONTROL)
4. allow this group access to subzone (A and TXT records only)
The problem is I can't find the objects to add the permissions via the WAPI for steps 3 and 4. As an example, I can only find the object for IPV6_HOST_ADDRESS if I create such a permission via the GUI first (which then shows "_ref": "permission/b25lLmhpZXJfcnVsZSQuY29tLmluZm9ibG94LmRucy5uZXR3b3JrX3ZpZXdfcGFyZW50JC8uLi5jb20uaW5mb2Jsb3gub25lLmFkbWluX2dyb3VwJC5rOHMxLmRucy5ob3N0X2FkZHJlc3M7aXNfaXB2ND1mYWxzZQ:k8s1/DENY" if I check via the API)
Same goes for the A and TXT records in a DNS zone. I can retrieve the object of a zone via https://{{grid_master}}/wapi/v2.7/zone_auth?fqdn~=mydomain.com which gives
"_ref": "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS5qbmpsYWIuZHZsLWFwcHMudGVzdDI:mydomain.com/Internal". I can only find the objects for A and TXT if I again create a permission via the GUI and query via the API.
Any thoughts?
3775 
0
