octoblox 0.5.0rc delegation issues & query

[harpreetnav]

i've noticed the recent development and support for delegation domains. my company has same same setup, we've got lots of delegations, very interested in this.

i've tested the v0.5.0rc against our infoblox, have got a bit of API issues, just wondering what's the Infoblox version, API version the octoblox code is targeted? or what it should be using?

my infoblox setup as follows:

NIOS: 8.6.1-421583
WAPI version: v2.12.1

i've got a couple of issues/errors

ISSUE 1: soa_default_ttl error

ERROR InfoBloxProvider[infoblox_dele] InfoBlox.request: 400 GET zone_delegated {'params': {'fqdn': 'sub1.apitest', '_return_fields+': 'soa_default_ttl'}, 'allow_redirects': True} { "Error": "AdmConProtoError: Unknown argument/field: 'soa_default_ttl'", 
  "code": "Client.Ibap.Proto", 
  "text": "Unknown argument/field: 'soa_default_ttl'"
}

reading from WAPI documentation, zone_delegated only has delegated_ttl attribute to display. soa_default_ttl is only available for zone_auth API calls

https://ipam.illinois.edu/wapidoc/objects/zone_delegated.html?highlight=zone_delegated#zone_delegated

do you use a different WAPI version? or do i have to change my configuration in any way?

ISSUE 2: zone_format value

i've also got the FORWARDING error

ERROR InfoBloxProvider[infoblox_dele] InfoBlox.request: 400 POST zone_delegated {'data': None, 'json': {'fqdn': 'sub1.apitest', 'zone_format': 'FORWARDING', 'delegate_to': [{'name': 'ns1.sub1.apitest', 'address': '1.1.1.1'}, {'name': 'ns2.sub1.apitest', 'address': '8.8.8.8'}]}} { "Error": "AdmConProtoError: Invalid value for zone_format (\"FORWARDING\") valid values are: FORWARD, IPV4, IPV6", 
  "code": "Client.Ibap.Proto", 
  "text": "Invalid value for zone_format (\"FORWARDING\") valid values are: FORWARD, IPV4, IPV6"
}

again it looks like i'm using the wrong WAPI version, the valid values are FORWARD, IPV4 and IPV6 only.

also regarding the configuration. we've got more than 50 different delegation. i'm not sure if i'm interpreting the v0.5.0 design correctly? does this imply that i'll have a very large config-file, and one for each unique delegation set plus lots of empty yaml zones for delegations? or you've got a different way of configuring this?

providers:
  config:
    class: octodns.provider.yaml.YamlProvider
    directory: ./config
    default_ttl: 3600
    enforce_order: True
  infoblox_delegated_1:
    class: octoblox.InfoBloxProvider
    endpoint: infoblox.example.com
    username: admin
    password: env/INFOBLOX_PASSWORD
    create_zones: true
    zone_type: zone_delegated
    new_zone_fields:
      delegated_to:
        - name: ns1.test.example.com
          address: 1.1.1.1
        - name: ns2.test.example.com
          address: 8.8.8.8
      restart_if_needed: true
  infoblox_delegated_2:
    class: octoblox.InfoBloxProvider
    endpoint: infoblox.example.com
    username: admin
    password: env/INFOBLOX_PASSWORD
    create_zones: true
    zone_type: zone_delegated
    new_zone_fields:
      delegated_to:
        - name: ns1.test.example2.com
          address: 1.1.1.1
        - name: ns2.test.example2.com
          address: 8.8.8.8
      restart_if_needed: true
  infoblox_delegated_3:
    ...
  infoblox_delegated_4:
    ...
  infoblox_delegated_N:

[asyncon]

Version 0.5.0rc2 should address your concerns. It has moved the delegation logic to a separate provider class.

Handling of delegated zones within InfoBlox is a tricky problem. On one hand there is a desire to make it follow the expected OctoDNS pattern of putting the glue records in the parent domain. On the other there is the need to support the ns_group field which separates the management of zones and their NS records from the CI/CD process. It is the latter option which then permits complex administration tasks to be carried out by the InfoBlox admins without needing to involve the CI/CD system for fear of breaking something. This is also why only zone creation is supported.

As for the issue of having repeat configuration here is an example using yaml anchors which shows how common config can be de-duped.

providers:
  config:
    class: octodns.provider.yaml.YamlProvider
    directory: ./config
    default_ttl: 3600
    enforce_order: True
  infoblox: &infoblox_config
    class: octoblox.InfoBloxProvider
    endpoint: infoblox.example.com
    username: admin
    password: env/INFOBLOX_PASSWORD
    create_zones: true
    new_zone_fields:
      grid_primary:
        - name: infoblox.example.com
      ns_group: default
      restart_if_needed: true
      soa_default_ttl: 3600
      view: default
      use_grid_zone_timer: true
  delegated:
    <<: *infoblox_config
    class: octoblox.DelegatedProvider
    new_zone_fields:
      delegated_to:
        - name: ns1.test.example.com
          address: 1.1.1.1
        - name: ns2.test.example.com
          address: 8.8.8.8
      view: default

zones:
  example.com.: &infoblox
    sources:
      - config
    targets:
      - infoblox
  other1.example.com.: *infoblox
  other2.example.com.: *infoblox
  test.example.com.: &delegated
    sources:
      - config
    targets:
      - delegated
  test2.example.com.: *delegated
  test3.example.com.: *delegated

[asyncon]

To address the empty zone files, version 0.5.0rc3 adds the EmptySource class which simply reports no records.

The following is all that is required for delegated zones. No other files required.

providers:
  empty:
    class: octoblox.EmptySource
  delegated:
    class: octoblox.DelegatedProvider
    endpoint: infoblox.example.com
    username: admin
    password: env/INFOBLOX_PASSWORD
    create_zones: true
    new_zone_fields:
      delegated_to:
        - name: ns1.test.example.com
          address: 1.1.1.1
        - name: ns2.test.example.com
          address: 8.8.8.8
      view: default

zones:
  test.example.com.: &delegated
    sources:
      - empty
    targets:
      - delegated
  test2.example.com.: *delegated
  test3.example.com.: *delegated

[asyncon]

Version 0.5.0 will be released and this issue closed at the end of next week unless anymore issues are reported.