A record create when parent domain doesn't exist false positive

Question

A record create when parent domain doesn't exist false positive

Closed this issue 3 years ago · 1 comments

Found this issue while testing. If an A record is submitted for a parent domain that doesn't exist it would normally fail however if the IP address that you are submitting the record for has records that exist then it returns the reference to one of those objects.

Installed version:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.7 LTS"
infoblox-client: 0.5.0
wapi_version tested: 2.6.1 and 2.9.7

Example:
record = objects.ARecord.create(ib_session, name='abc.domaindoesnotexist.com', ipv4addr='10.10.10.1', view='internal') print(record.ref) 'record:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQuY29tLm1ldGxpZmUsdTAzNjUwOTAxMDItdmxhbjk4My1ncnAwLDEwLjEwLjEwLjE:abc.domainexists.com/internal'

IP 10.10.10.1 already existed in IPAM with an A record object
Domain domaindoesnotexist.com does not exist in DNS

Repeating the same process with an IP address that does not contain an A record object will return the expected exception --
record = objects.ARecord.create(ib_session, name='abc.domaindoesnotexist.com', ipv4addr='10.10.10.2', view='internal') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "venv/lib/python3.6/site-packages/infoblox_client/objects.py", line 337, in create **kwargs)) File "venv/lib/python3.6/site-packages/infoblox_client/objects.py", line 317, in create_check_exists local_obj.return_fields) File "venv/lib/python3.6/site-packages/infoblox_client/connector.py", line 50, in callee return func(*args, **kwargs) File "venv/lib/python3.6/site-packages/infoblox_client/connector.py", line 388, in create_object code=r.status_code) infoblox_client.exceptions.InfobloxCannotCreateObject: Cannot create 'record:a' object(s): b'{ "Error": "AdmConDataError: None (IBDataConflictError: IB.Data.Conflict:The action is not allowed. A parent was not found.)", \n "code": "Client.Ibap.Data.Conflict", \n "text": "The action is not allowed. A parent was not found."\n}' [code 400]

Answer 1 · 2021-10-13T12:39:28.000Z

This issue will be fixed when PR #288 is merged.

If ARecord, pointing to some IP, exists, the client will reject the creation of any ARecord pointing to this IP. That's because the client uses only IP address to search for existing ARecords during the creation process. When PR #288 will be merged, the client will search for existing ARecords by IP and Name fields. So this issue will not occur again.