Transaction signatures (TSIG) is a mechanism used to secure DNS messages and to provide secure server-to-server communication (usually between master and slave server, but can be extended for dynamic updates as well).
Transaction Signatures, or TSIG for short, add cryptographic signatures as a method of authenticating a DNS conversation. It uses a shared secret to establish trust between the communicating parties.
Create a new Tsigkey.
Example request:
POST /tsigkeys HTTP/1.1
Host: 127.0.0.1:9001
Accept: application/json
Content-Type: application/json
{
"name": "Example key",
"algorithm": "hmac-sha256",
"secret": "SomeSecretKey",
"scope": "POOL",
"resource_id": "6ca6baef-3305-4ad0-a52b-a82df5752b62"
}
Example response:
HTTP/1.1 201 Created
Location: http://127.0.0.1:9001/v2/tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2
Content-Length: 350
Content-Type: application/json; charset=UTF-8
{
"links": {
"self": "http://127.0.0.1:9001/v2/tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2"
},
"name": "test-key",
"algorithm": "hmac-sha256",
"resource_id": "6ca6baef-3305-4ad0-a52b-a82df5752b62",
"created_at": "2015-12-21T09:48:15.000000",
"updated_at": null,
"secret": "SomeSecretKey",
"scope": "POOL",
"id": "5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2"
}
:form name: TSIG Key Name.
:form algorithm: TSIG Algorithm.
:form resource_id: Pool id or Zone id
:form secret: TSIG Secret.
:form scope: TSIG Scope.
:statuscode 201: Created
:statuscode 202: Accepted
:statuscode 401: Access Denied
Get the list of Tsigkeys.
Example request:
GET /tsigkeys HTTP/1.1
Host: 127.0.0.1:9001
Accept: application/json
Example response:
HTTP/1.1 200 OK
Content-Length: 776
Content-Type: application/json; charset=UTF-8
{
"tsigkeys": [
{
"links": {
"self": "http://127.0.0.1:9001/v2/tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2"
},
"name": "test-key",
"algorithm": "hmac-sha256",
"resource_id": "6ca6baef-3305-4ad0-a52b-a82df5752b62",
"created_at": "2015-12-21T09:48:15.000000",
"updated_at": null,
"secret": "SomeSecretKey",
"scope": "POOL",
"id": "5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2"
},
{
"links": {
"self": "http://127.0.0.1:9001/v2/tsigkeys/319c58fd-a0e0-4d69-a854-98bc49594419"
},
"name": "test-key-2",
"algorithm": "hmac-sha256",
"resource_id": "6ca6baef-3305-4ad0-a52b-a82df5752b62",
"created_at": "2015-12-21T09:51:06.000000",
"updated_at": null,
"secret": "SomeSecretKey",
"scope": "POOL",
"id": "319c58fd-a0e0-4d69-a854-98bc49594419"}
],
"links": {
"self": "http://127.0.0.1:9001/v2/tsigkeys"}
}
:statuscode 200: Success
:statuscode 401: Access Denied
Retrieves a tsigkey with the specified tsigkey’s ID.
Example request:
GET /v2/tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2 HTTP/1.1
Host: 127.0.0.1:9001
Content-Type: application/json
Accept: application/json
Example response:
Content-Length: 350 Content-Type: application/json; charset=UTF-8 X-Openstack-Request-Id: req-d8cd7f24-a735-400b-9a4b-79e175efc923 Date: Mon, 21 Dec 2015 09:59:26 GMT
- {
- “links”: {
- “self”: “http://127.0.0.1:9001/v2/tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2“
}, “name”: “test-key”, “algorithm”: “hmac-sha256”, “resource_id”: “6ca6baef-3305-4ad0-a52b-a82df5752b62”, “created_at”: “2015-12-21T09:48:15.000000”, “updated_at”: null, “secret”: “SomeSecretKey”, “scope”: “POOL”, “id”: “5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2”
}
Update a Tsigkey with the specified tsigkey’s id.
Example request:
PATCH /tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2 HTTP/1.1
Host: 127.0.0.1:9001
Accept: application/json
Content-Type: application/json
{
"name": "example_tsigkey",
"scope": "ZONE"
}
Example response:
HTTP/1.1 200 OK
Content-Length: 381
Content-Type: application/json; charset=UTF-8
{
"links": {
"self": "http://127.0.0.1:9001/v2/tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2"
},
"name": "example_tsigkey",
"algorithm": "hmac-sha256",
"resource_id": "6ca6baef-3305-4ad0-a52b-a82df5752b62",
"created_at": "2015-12-21T09:48:15.000000",
"updated_at": "2015-12-21T10:02:18.000000",
"secret": "SomeSecretKey",
"scope": "ZONE",
"id": "5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2"
}
:form name: TSIG Key Name.
:form algorithm: TSIG Algorithm.
:form resource_id: Pool id or Zone id
:form secret: TSIG Secret.
:form scope: TSIG Scope.
:statuscode 200: Success
:statuscode 202: Accepted
:statuscode 401: Access Denied
Remove a Tsigkey with the specified tsigkey’s id.
Example request:
DELETE /tsigkeys/5fa28ce8-68e3-4fdf-89c1-ed9f151b83d2 HTTP/1.1
Accept: application/json
Example response:
HTTP/1.1 204 No Content
Content-Length: 0
Status Codes: |
|
---|