Unable to Submit add prefix request via IRRd API

Question

Unable to Submit add prefix request via IRRd API

Closed this issue 7 months ago · 1 comments

Describe the bug
Uploading new prefix via API option available in IRRD. On submitting the request getting below error
"Authorisation for route x.x.x.x/24/24ASxxxx failed: must by authenticated by one of: MAINT-Axxxx"

Note:- Sending the request with Source as REACH

To Reproduce
Include what query you were running, or what e-mail submission you made, and the exact output.
Remember to obscure passwords, but never remove entire lines.

Expected behaviour
Prefix updated successfully with source as REACH

Additional context
Below is the configuration file

irrd:
   database_url: 'postgresql://irrd:irrd@example:port/irrd'
   redis_url: 'redis://127.0.0.1'
   piddir: /var/run/
   user: irrd
   group: irrd
 # required, but no default included for safety
   access_lists:
      http_database_status:
         - '::/32'
         - '127.0.0.1'

      generic_nrtm_access:
         - '192.0.2.0/24'
   server:
      http:
         status_access_list: http_database_status
         interface: '::0'
         wrokers: 2
         port: 8080
         url: http://cla-sit-1a-dcm1.in.aws.tg.com:8000
      whois:
         interface: '::0'
         max_connections: 2
         port: 43
   auth:
      gnupg_keyring: /home/irrd/gnupg-keyring/
      override_password: {hash}
#      password_hashers:
#         md5-pw: legacy
#   auth:
#      gnupg_keyring: /home/irrd/gnupg-keyring/
#      override_password: {hash}
#        webui_auth_failure_rate_limit: "30/hour"
#      password_hashers:
#         -name: md5-pw
   email:
       footer: email footer
       from: xyz@telstra.com
       recipient_override: example@example.com
       smtp: hostname
       notification_header: |

            This is to notify you of changes in the {sources_str} database
            or object authorisation failures.

            You may receive this message because you are listed in
            the notify attribute on the changed object(s), or because
            you are listed in the mnt-nfy or upd-to attribute on a maintainer
            of the object(s).
   rpki:
      roa_import_timer: 1800
      notify_invalid_enabled: false
   log:
      logfile_path: /var/log/irrd/irrd.log
      level: DEBUG
   sources:
      REACH:
         authoritative: true
         keep_journal: true
         object_class_filter:
            - route
            - as-set
      RADB:
         authoritative: true
         keep_journal: true
      RPKI:
         authoritative: true
         keep_journal: true
      AUTHDATABASE:
         authoritative: true
         keep_journal: true

Answer 1 · 2024-01-12T12:49:14.000Z

There isn't enough detail here for me to say anything: apparently IRRD thinks MAINT-Axxxx is required to authenticate for this request. Are you creating a route? Updating? What are the mntners on the route? On any overlapping route object? On the AS number mentioned? What do the logs say?