Unable to Submit add prefix request via IRRd API
Closed this issue · 1 comments
Describe the bug
Uploading new prefix via API option available in IRRD. On submitting the request getting below error
"Authorisation for route x.x.x.x/24/24ASxxxx failed: must by authenticated by one of: MAINT-Axxxx"
Note:- Sending the request with Source as REACH
To Reproduce
Include what query you were running, or what e-mail submission you made, and the exact output.
Remember to obscure passwords, but never remove entire lines.
Expected behaviour
Prefix updated successfully with source as REACH
Additional context
Below is the configuration file
irrd:
database_url: 'postgresql://irrd:irrd@example:port/irrd'
redis_url: 'redis://127.0.0.1'
piddir: /var/run/
user: irrd
group: irrd
# required, but no default included for safety
access_lists:
http_database_status:
- '::/32'
- '127.0.0.1'
generic_nrtm_access:
- '192.0.2.0/24'
server:
http:
status_access_list: http_database_status
interface: '::0'
wrokers: 2
port: 8080
url: http://cla-sit-1a-dcm1.in.aws.tg.com:8000
whois:
interface: '::0'
max_connections: 2
port: 43
auth:
gnupg_keyring: /home/irrd/gnupg-keyring/
override_password: {hash}
# password_hashers:
# md5-pw: legacy
# auth:
# gnupg_keyring: /home/irrd/gnupg-keyring/
# override_password: {hash}
# webui_auth_failure_rate_limit: "30/hour"
# password_hashers:
# -name: md5-pw
email:
footer: email footer
from: xyz@telstra.com
recipient_override: example@example.com
smtp: hostname
notification_header: |
This is to notify you of changes in the {sources_str} database
or object authorisation failures.
You may receive this message because you are listed in
the notify attribute on the changed object(s), or because
you are listed in the mnt-nfy or upd-to attribute on a maintainer
of the object(s).
rpki:
roa_import_timer: 1800
notify_invalid_enabled: false
log:
logfile_path: /var/log/irrd/irrd.log
level: DEBUG
sources:
REACH:
authoritative: true
keep_journal: true
object_class_filter:
- route
- as-set
RADB:
authoritative: true
keep_journal: true
RPKI:
authoritative: true
keep_journal: true
AUTHDATABASE:
authoritative: true
keep_journal: true
There isn't enough detail here for me to say anything: apparently IRRD thinks MAINT-Axxxx is required to authenticate for this request. Are you creating a route? Updating? What are the mntners on the route? On any overlapping route object? On the AS number mentioned? What do the logs say?