diff --git a/.github/workflows/lint-tests.yml b/.github/workflows/lint-tests.yml index baf1239..1412e28 100644 --- a/.github/workflows/lint-tests.yml +++ b/.github/workflows/lint-tests.yml @@ -26,7 +26,7 @@ jobs: strategy: matrix: python: [ "3.10" ] - netbox: [ "", "v4.2.3" ] + netbox: [ "v4.5.0", "v4.4.10" ] steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.gitignore b/.gitignore index 877a41d..6ffa6ef 100644 --- a/.gitignore +++ b/.gitignore @@ -28,7 +28,7 @@ dist/ # Docker docker/coverage -!docker/netbox/env +!docker/common/netbox/env !docker/*/netbox/env docker/oauth2/secrets/* !docker/oauth2/secrets/.gitkeep diff --git a/Makefile b/Makefile index 496b47c..6fd2f11 100644 --- a/Makefile +++ b/Makefile @@ -4,48 +4,51 @@ else DOCKER_COMPOSE := docker-compose endif -NETBOX_VERSION ?= -ifneq ($(NETBOX_VERSION),) - DOCKER_PATH := docker/$(NETBOX_VERSION) - TEST_SELECTOR := "/opt/netbox/netbox/netbox_diode_plugin/tests/$(NETBOX_VERSION)/tests/" -else - DOCKER_PATH := docker - TEST_SELECTOR = netbox_diode_plugin -endif +# Default to v4.5.x if NETBOX_VERSION is not set +NETBOX_VERSION ?= v4.5.0 +# Extract minor version (e.g., v4.5.0 -> v4.5.x) +NETBOX_MINOR_VERSION := $(shell echo $(NETBOX_VERSION) | sed -E 's/^v?([0-9]+\.[0-9]+).*/v\1.x/') +DOCKER_PATH := docker/$(NETBOX_MINOR_VERSION) +DOCKER_COMMON_PATH := docker/common +TEST_SELECTOR := "/opt/netbox/netbox/netbox_diode_plugin/tests/$(NETBOX_MINOR_VERSION)/tests/" + +# Export variables so they're available to docker-compose +export NETBOX_VERSION +export NETBOX_MINOR_VERSION .PHONY: docker-compose-netbox-plugin-up docker-compose-netbox-plugin-up: - @$(DOCKER_COMPOSE) -f $(DOCKER_PATH)/docker-compose.yaml up -d --build + @$(DOCKER_COMPOSE) -f $(DOCKER_COMMON_PATH)/docker-compose.yaml up -d --build .PHONY: docker-compose-netbox-plugin-down docker-compose-netbox-plugin-down: - @$(DOCKER_COMPOSE) -f $(DOCKER_PATH)/docker-compose.yaml down + @$(DOCKER_COMPOSE) -f $(DOCKER_COMMON_PATH)/docker-compose.yaml down .PHONY: docker-compose-netbox-plugin-test docker-compose-netbox-plugin-test: - @$(DOCKER_COMPOSE) -f $(DOCKER_PATH)/docker-compose.yaml -f $(DOCKER_PATH)/docker-compose.test.yaml run -u root --rm netbox ./manage.py test $(TEST_FLAGS) --keepdb $(TEST_SELECTOR); \ + @$(DOCKER_COMPOSE) -f $(DOCKER_COMMON_PATH)/docker-compose.yaml -f $(DOCKER_COMMON_PATH)/docker-compose.test.yaml run -u root --rm netbox ./manage.py test $(TEST_FLAGS) --keepdb $(TEST_SELECTOR); \ EXIT_CODE=$$?; \ $(MAKE) docker-compose-netbox-plugin-down; \ exit $$EXIT_CODE .PHONY: docker-compose-netbox-plugin-test-lint docker-compose-netbox-plugin-test-lint: - @$(DOCKER_COMPOSE) -f $(DOCKER_PATH)/docker-compose.yaml -f $(DOCKER_PATH)/docker-compose.test.yaml run -u root --rm netbox ruff check --output-format=github netbox_diode_plugin; \ + @$(DOCKER_COMPOSE) -f $(DOCKER_COMMON_PATH)/docker-compose.yaml -f $(DOCKER_COMMON_PATH)/docker-compose.test.yaml run -u root --rm netbox ruff check --output-format=github netbox_diode_plugin; \ EXIT_CODE=$$?; \ $(MAKE) docker-compose-netbox-plugin-down; \ exit $$EXIT_CODE .PHONY: docker-compose-netbox-plugin-test-cover docker-compose-netbox-plugin-test-cover: - @$(DOCKER_COMPOSE) -f $(DOCKER_PATH)/docker-compose.yaml -f $(DOCKER_PATH)/docker-compose.test.yaml run --rm -u root -e COVERAGE_FILE=/opt/netbox/netbox/coverage/.coverage netbox sh -c "coverage run --source=netbox_diode_plugin --omit=*/migrations/* ./manage.py test --keepdb $(TEST_SELECTOR) && coverage xml -o /opt/netbox/netbox/coverage/report.xml && coverage report -m | tee /opt/netbox/netbox/coverage/report.txt"; \ + @$(DOCKER_COMPOSE) -f $(DOCKER_COMMON_PATH)/docker-compose.yaml -f $(DOCKER_COMMON_PATH)/docker-compose.test.yaml run --rm -u root -e COVERAGE_FILE=/opt/netbox/netbox/coverage/.coverage netbox sh -c "coverage run --source=netbox_diode_plugin --omit=*/migrations/* ./manage.py test --keepdb $(TEST_SELECTOR) && coverage xml -o /opt/netbox/netbox/coverage/report.xml && coverage report -m | tee /opt/netbox/netbox/coverage/report.txt"; \ EXIT_CODE=$$?; \ $(MAKE) docker-compose-netbox-plugin-down; \ exit $$EXIT_CODE .PHONY: docker-compose-generate-matching-docs docker-compose-generate-matching-docs: - @$(DOCKER_COMPOSE) -f $(DOCKER_PATH)/docker-compose.yaml -f $(DOCKER_PATH)/docker-compose.test.yaml run --rm netbox python manage.py generate_matching_docs | awk '/Generating markdown documentation.../{p=1;next} p' > ./docs/matching-criteria-documentation.md + @$(DOCKER_COMPOSE) -f $(DOCKER_COMMON_PATH)/docker-compose.yaml -f $(DOCKER_COMMON_PATH)/docker-compose.test.yaml run --rm netbox python manage.py generate_matching_docs | awk '/Generating markdown documentation.../{p=1;next} p' > ./docs/matching-criteria-documentation.md .PHONY: docker-compose-migrate docker-compose-migrate: - @$(DOCKER_COMPOSE) -f $(DOCKER_PATH)/docker-compose.yaml -f $(DOCKER_PATH)/docker-compose.test.yaml run --rm netbox python manage.py migrate + @$(DOCKER_COMPOSE) -f $(DOCKER_COMMON_PATH)/docker-compose.yaml -f $(DOCKER_COMMON_PATH)/docker-compose.test.yaml run --rm netbox python manage.py migrate diff --git a/README.md b/README.md index c4090c3..a913325 100644 --- a/README.md +++ b/README.md @@ -12,15 +12,17 @@ at [https://netboxlabs.com/blog/introducing-diode-streamlining-data-ingestion-in ## Compatibility -| NetBox Version | Plugin Version | -|:--------------:|:--------------:| -| >= 3.7.2 | 0.1.0 | -| >= 4.1.0 | 0.4.0 | -| >= 4.2.3 | 1.0.0 | -| >= 4.2.3 | 1.1.0 | -| >= 4.2.3 | 1.2.0 | -| >= 4.4.0 | 1.4.0 | -| >= 4.4.0 | 1.4.1 | +| NetBox Version | Plugin Version | +|:---------------:|:--------------:| +| >= 3.7.2 | 0.1.0 | +| >= 4.1.0 | 0.4.0 | +| >= 4.2.3 | 1.0.0 | +| >= 4.2.3 | 1.1.0 | +| >= 4.2.3 | 1.2.0 | +| >= 4.4.0 | 1.4.0 | +| >= 4.4.0 | 1.4.1 | +| >= 4.4.10 | 1.7.0 | +| >= 4.5.0 | 1.7.0 | ## Installation diff --git a/docker/common/docker-compose.test.yaml b/docker/common/docker-compose.test.yaml new file mode 100644 index 0000000..2e1e250 --- /dev/null +++ b/docker/common/docker-compose.test.yaml @@ -0,0 +1,5 @@ +name: diode-netbox-plugin-${NETBOX_MINOR_VERSION:-v4.5.x} +services: + netbox: + volumes: + - ../common/netbox/plugins_test.py:/etc/netbox/config/plugins.py:z,ro diff --git a/docker/v4.2.3/docker-compose.yaml b/docker/common/docker-compose.yaml similarity index 79% rename from docker/v4.2.3/docker-compose.yaml rename to docker/common/docker-compose.yaml index 510f83a..dd59a45 100644 --- a/docker/v4.2.3/docker-compose.yaml +++ b/docker/common/docker-compose.yaml @@ -1,19 +1,21 @@ -name: diode-netbox-plugin-4.2.3 +name: diode-netbox-plugin-${NETBOX_MINOR_VERSION:-v4.5.x} services: netbox: &netbox - image: netboxcommunity/netbox:v4.2.3-3.1.1-diode-netbox-plugin + image: netboxcommunity/netbox:${NETBOX_VERSION:-v4.5.0-3.4.2}-diode-netbox-plugin build: - context: . - dockerfile: Dockerfile-diode-netbox-plugin + context: .. + dockerfile: ${NETBOX_MINOR_VERSION:-v4.5.x}/Dockerfile pull: true + args: + NETBOX_VERSION: ${NETBOX_VERSION:-v4.5.0-3.4.2} depends_on: - netbox-postgres - netbox-redis - netbox-redis-cache - env_file: netbox/env/netbox.env - user: 'unit:root' + env_file: ../common/netbox/env/netbox.env + user: "unit:root" healthcheck: - start_period: 60s + start_period: 180s timeout: 3s interval: 15s test: "curl -f http://localhost:8080/netbox/api/ || exit 1" @@ -24,7 +26,7 @@ services: - ../oauth2/secrets:/run/secrets:z,ro - ./netbox/launch-netbox.sh:/opt/netbox/launch-netbox.sh:z,ro - ./netbox/plugins_dev.py:/etc/netbox/config/plugins.py:z,ro - - ./coverage:/opt/netbox/netbox/coverage:z,rw + - ../coverage:/opt/netbox/netbox/coverage:z,rw - netbox-media-files:/opt/netbox/netbox/media:rw - netbox-reports-files:/opt/netbox/netbox/reports:rw - netbox-scripts-files:/opt/netbox/netbox/scripts:rw @@ -32,7 +34,7 @@ services: - "host.docker.internal:host-gateway" ports: - "8000:8080" - + netbox-worker: <<: *netbox depends_on: @@ -48,11 +50,11 @@ services: timeout: 3s interval: 15s ports: [] - + # postgres netbox-postgres: image: docker.io/postgres:16-alpine - env_file: netbox/env/postgres.env + env_file: ../common/netbox/env/postgres.env volumes: - netbox-postgres-data:/var/lib/postgresql/data @@ -63,7 +65,7 @@ services: - sh - -c # this is to evaluate the $REDIS_PASSWORD from the env - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - env_file: netbox/env/redis.env + env_file: ../common/netbox/env/redis.env volumes: - netbox-redis-data:/data @@ -73,7 +75,7 @@ services: - sh - -c # this is to evaluate the $REDIS_PASSWORD from the env - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - env_file: netbox/env/redis-cache.env + env_file: ../common/netbox/env/redis-cache.env volumes: - netbox-redis-cache-data:/data @@ -89,4 +91,4 @@ volumes: netbox-reports-files: driver: local netbox-scripts-files: - driver: local + driver: local \ No newline at end of file diff --git a/docker/netbox/configuration/configuration.py b/docker/common/netbox/configuration/configuration.py similarity index 98% rename from docker/netbox/configuration/configuration.py rename to docker/common/netbox/configuration/configuration.py index c4270be..6f0a8b7 100644 --- a/docker/netbox/configuration/configuration.py +++ b/docker/common/netbox/configuration/configuration.py @@ -33,9 +33,9 @@ def _read_secret(secret_name: str, default: str | None = None) -> str | None: # is passed to it as a parameter. The value returned from `map_fn` is then the return value of this function. # The `map_fn` is not invoked, if the value (that was read from the environment or the default value if not found) is None. def _environ_get_and_map( - variable_name: str, - default: str | None = None, - map_fn: Callable[[str], Any | None] = None, + variable_name: str, + default: str | None = None, + map_fn: Callable[[str], Any | None] = None, ) -> Any | None: env_value = environ.get(variable_name, default) @@ -133,6 +133,12 @@ def _environ_get_and_map( # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY SECRET_KEY = _read_secret("secret_key", environ.get("SECRET_KEY", "")) + +API_TOKEN_PEPPERS = {} +if api_token_pepper := _read_secret('api_token_pepper_1', environ.get('API_TOKEN_PEPPER_1', '')): + API_TOKEN_PEPPERS.update({1: api_token_pepper}) + + ######################### # # # Optional settings # diff --git a/docker/netbox/configuration/extra.py b/docker/common/netbox/configuration/extra.py similarity index 100% rename from docker/netbox/configuration/extra.py rename to docker/common/netbox/configuration/extra.py diff --git a/docker/netbox/configuration/logging.py b/docker/common/netbox/configuration/logging.py similarity index 100% rename from docker/netbox/configuration/logging.py rename to docker/common/netbox/configuration/logging.py diff --git a/docker/netbox/configuration/plugins.py b/docker/common/netbox/configuration/plugins.py similarity index 100% rename from docker/netbox/configuration/plugins.py rename to docker/common/netbox/configuration/plugins.py diff --git a/docker/netbox/docker-entrypoint.sh b/docker/common/netbox/docker-entrypoint.sh similarity index 100% rename from docker/netbox/docker-entrypoint.sh rename to docker/common/netbox/docker-entrypoint.sh diff --git a/docker/netbox/env/netbox.env b/docker/common/netbox/env/netbox.env similarity index 92% rename from docker/netbox/env/netbox.env rename to docker/common/netbox/env/netbox.env index 4920b18..1925aff 100644 --- a/docker/netbox/env/netbox.env +++ b/docker/common/netbox/env/netbox.env @@ -38,4 +38,5 @@ SUPERUSER_PASSWORD=admin WEBHOOKS_ENABLED=true RELOAD_NETBOX_ON_DIODE_PLUGIN_CHANGE=true BASE_PATH=netbox/ -DEBUG=False \ No newline at end of file +DEBUG=False +API_TOKEN_PEPPER_1=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 \ No newline at end of file diff --git a/docker/netbox/env/postgres.env b/docker/common/netbox/env/postgres.env similarity index 100% rename from docker/netbox/env/postgres.env rename to docker/common/netbox/env/postgres.env diff --git a/docker/netbox/env/redis-cache.env b/docker/common/netbox/env/redis-cache.env similarity index 100% rename from docker/netbox/env/redis-cache.env rename to docker/common/netbox/env/redis-cache.env diff --git a/docker/netbox/env/redis.env b/docker/common/netbox/env/redis.env similarity index 100% rename from docker/netbox/env/redis.env rename to docker/common/netbox/env/redis.env diff --git a/docker/netbox/launch-netbox.sh b/docker/common/netbox/launch-netbox.sh similarity index 100% rename from docker/netbox/launch-netbox.sh rename to docker/common/netbox/launch-netbox.sh diff --git a/docker/netbox/local_settings.py b/docker/common/netbox/local_settings.py similarity index 100% rename from docker/netbox/local_settings.py rename to docker/common/netbox/local_settings.py diff --git a/docker/netbox/nginx-unit.json b/docker/common/netbox/nginx-unit.json similarity index 100% rename from docker/netbox/nginx-unit.json rename to docker/common/netbox/nginx-unit.json diff --git a/docker/netbox/plugins_dev.py b/docker/common/netbox/plugins_dev.py similarity index 100% rename from docker/netbox/plugins_dev.py rename to docker/common/netbox/plugins_dev.py diff --git a/docker/netbox/plugins_test.py b/docker/common/netbox/plugins_test.py similarity index 100% rename from docker/netbox/plugins_test.py rename to docker/common/netbox/plugins_test.py diff --git a/docker/requirements-diode-netbox-plugin.txt b/docker/common/requirements-diode-netbox-plugin.txt similarity index 100% rename from docker/requirements-diode-netbox-plugin.txt rename to docker/common/requirements-diode-netbox-plugin.txt diff --git a/docker/docker-compose.test.yaml b/docker/docker-compose.test.yaml deleted file mode 100644 index 8872fdb..0000000 --- a/docker/docker-compose.test.yaml +++ /dev/null @@ -1,5 +0,0 @@ -name: diode-netbox-plugin -services: - netbox: - volumes: - - ./netbox/plugins_test.py:/etc/netbox/config/plugins.py:z,ro diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml deleted file mode 100644 index d858f43..0000000 --- a/docker/docker-compose.yaml +++ /dev/null @@ -1,92 +0,0 @@ -name: diode-netbox-plugin -services: - netbox: &netbox - image: netboxcommunity/netbox:v4.4.2-3.4.1-diode-netbox-plugin - build: - context: . - dockerfile: Dockerfile - pull: true - depends_on: - - netbox-postgres - - netbox-redis - - netbox-redis-cache - env_file: netbox/env/netbox.env - user: 'unit:root' - healthcheck: - start_period: 180s - timeout: 3s - interval: 15s - test: "curl -f http://localhost:8080/netbox/api/ || exit 1" - volumes: - - ./netbox/docker-entrypoint.sh:/opt/netbox/docker-entrypoint.sh:z,ro - - ./netbox/nginx-unit.json:/opt/netbox/nginx-unit.json:z,ro - - ../netbox_diode_plugin:/opt/netbox/netbox/netbox_diode_plugin:z,rw - - ./oauth2/secrets:/run/secrets:z,ro - - ./netbox/launch-netbox.sh:/opt/netbox/launch-netbox.sh:z,ro - - ./netbox/plugins_dev.py:/etc/netbox/config/plugins.py:z,ro - - ./coverage:/opt/netbox/netbox/coverage:z,rw - - netbox-media-files:/opt/netbox/netbox/media:rw - - netbox-reports-files:/opt/netbox/netbox/reports:rw - - netbox-scripts-files:/opt/netbox/netbox/scripts:rw - extra_hosts: - - "host.docker.internal:host-gateway" - ports: - - "8000:8080" - - netbox-worker: - <<: *netbox - depends_on: - netbox: - condition: service_healthy - command: - - /opt/netbox/venv/bin/python - - /opt/netbox/netbox/manage.py - - rqworker - healthcheck: - test: ps -aux | grep -v grep | grep -q rqworker || exit 1 - start_period: 20s - timeout: 3s - interval: 15s - ports: [] - - # postgres - netbox-postgres: - image: docker.io/postgres:16-alpine - env_file: netbox/env/postgres.env - volumes: - - netbox-postgres-data:/var/lib/postgresql/data - - # redis - netbox-redis: - image: docker.io/redis:7-alpine - command: - - sh - - -c # this is to evaluate the $REDIS_PASSWORD from the env - - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - env_file: netbox/env/redis.env - volumes: - - netbox-redis-data:/data - - netbox-redis-cache: - image: docker.io/redis:7-alpine - command: - - sh - - -c # this is to evaluate the $REDIS_PASSWORD from the env - - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - env_file: netbox/env/redis-cache.env - volumes: - - netbox-redis-cache-data:/data - -volumes: - netbox-media-files: - driver: local - netbox-postgres-data: - driver: local - netbox-redis-cache-data: - driver: local - netbox-redis-data: - driver: local - netbox-reports-files: - driver: local - netbox-scripts-files: - driver: local diff --git a/docker/v4.2.3/Dockerfile-diode-netbox-plugin b/docker/v4.2.3/Dockerfile-diode-netbox-plugin deleted file mode 100644 index 24a73fd..0000000 --- a/docker/v4.2.3/Dockerfile-diode-netbox-plugin +++ /dev/null @@ -1,12 +0,0 @@ -FROM netboxcommunity/netbox:v4.2.3-3.1.1 - -COPY ./netbox/configuration/ /etc/netbox/config/ -RUN chmod 755 /etc/netbox/config/* && \ - chown unit:root /etc/netbox/config/* - -COPY ./netbox/local_settings.py /opt/netbox/netbox/netbox/local_settings.py -RUN chmod 755 /opt/netbox/netbox/netbox/local_settings.py && \ - chown unit:root /opt/netbox/netbox/netbox/local_settings.py - -COPY ./requirements-diode-netbox-plugin.txt /opt/netbox/ -RUN /opt/netbox/venv/bin/pip install --no-warn-script-location -r /opt/netbox/requirements-diode-netbox-plugin.txt diff --git a/docker/v4.2.3/docker-compose.test.yaml b/docker/v4.2.3/docker-compose.test.yaml deleted file mode 100644 index e6d202f..0000000 --- a/docker/v4.2.3/docker-compose.test.yaml +++ /dev/null @@ -1,5 +0,0 @@ -name: diode-netbox-plugin-4.2.3 -services: - netbox: - volumes: - - ./netbox/plugins_test.py:/etc/netbox/config/plugins.py:z,ro diff --git a/docker/v4.2.3/netbox/configuration/configuration.py b/docker/v4.2.3/netbox/configuration/configuration.py deleted file mode 100644 index d459441..0000000 --- a/docker/v4.2.3/netbox/configuration/configuration.py +++ /dev/null @@ -1,327 +0,0 @@ -#### -## We recommend to not edit this file. -## Create separate files to overwrite the settings. -## See `extra.py` as an example. -#### - -import re -from os import environ -from os.path import abspath, dirname, join -from typing import Any, Callable - -# For reference see https://docs.netbox.dev/en/stable/configuration/ -# Based on https://github.com/netbox-community/netbox/blob/develop/netbox/netbox/configuration_example.py - -### -# NetBox-Docker Helper functions -### - -# Read secret from file -def _read_secret(secret_name: str, default: str | None = None) -> str | None: - try: - f = open('/run/secrets/' + secret_name, encoding='utf-8') - except OSError: - return default - else: - with f: - return f.readline().strip() - - -# If the `map_fn` isn't defined, then the value that is read from the environment (or the default value if not found) is returned. -# If the `map_fn` is defined, then `map_fn` is invoked and the value (that was read from the environment or the default value if not found) -# is passed to it as a parameter. The value returned from `map_fn` is then the return value of this function. -# The `map_fn` is not invoked, if the value (that was read from the environment or the default value if not found) is None. -def _environ_get_and_map(variable_name: str, default: str | None = None, - map_fn: Callable[[str], Any | None] = None) -> Any | None: - env_value = environ.get(variable_name, default) - - if env_value is None: - return env_value - - if not map_fn: - return env_value - - return map_fn(env_value) - - -def _AS_BOOL(value): - return value.lower() == 'true' -def _AS_INT(value): - return int(value) -def _AS_LIST(value): - return list(filter(None, value.split(' '))) - -_BASE_DIR = dirname(dirname(abspath(__file__))) - -######################### -# # -# Required settings # -# # -######################### - -# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write -# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. -# -# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] -ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ') -# ensure that '*' or 'localhost' is always in ALLOWED_HOSTS (needed for health checks) -if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS: - ALLOWED_HOSTS.append('localhost') - -# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: -# https://docs.djangoproject.com/en/stable/ref/settings/#databases -DATABASE = { - 'NAME': environ.get('DB_NAME', 'netbox'), # Database name - 'USER': environ.get('DB_USER', ''), # PostgreSQL username - 'PASSWORD': _read_secret('db_password', environ.get('DB_PASSWORD', '')), - # PostgreSQL password - 'HOST': environ.get('DB_HOST', 'localhost'), # Database server - 'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default) - 'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')}, - # Database connection SSLMODE - 'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT), - # Max database connection age - 'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL), - # Disable the use of server-side cursors transaction pooling -} - -# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate -# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended -# to use two separate database IDs. -REDIS = { - 'tasks': { - 'HOST': environ.get('REDIS_HOST', 'localhost'), - 'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT), - 'USERNAME': environ.get('REDIS_USERNAME', ''), - 'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')), - 'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT), - 'SSL': _environ_get_and_map('REDIS_SSL', 'False', _AS_BOOL), - 'INSECURE_SKIP_TLS_VERIFY': _environ_get_and_map('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False', _AS_BOOL), - }, - 'caching': { - 'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')), - 'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT), - 'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')), - 'PASSWORD': _read_secret('redis_cache_password', - environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))), - 'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT), - 'SSL': _environ_get_and_map('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False'), _AS_BOOL), - 'INSECURE_SKIP_TLS_VERIFY': _environ_get_and_map('REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY', - environ.get('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False'), - _AS_BOOL), - }, -} - -# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file. -# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and -# symbols. NetBox will not run without this defined. For more information, see -# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY -SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', '')) - -######################### -# # -# Optional settings # -# # -######################### - -# # Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of -# # application errors (assuming correct email settings are provided). -# ADMINS = [ -# # ['John Doe', 'jdoe@example.com'], -# ] - -if 'ALLOWED_URL_SCHEMES' in environ: - ALLOWED_URL_SCHEMES = _environ_get_and_map('ALLOWED_URL_SCHEMES', None, _AS_LIST) - -# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same -# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP. -if 'BANNER_TOP' in environ: - BANNER_TOP = environ.get('BANNER_TOP', None) -if 'BANNER_BOTTOM' in environ: - BANNER_BOTTOM = environ.get('BANNER_BOTTOM', None) - -# Text to include on the login page above the login form. HTML is allowed. -if 'BANNER_LOGIN' in environ: - BANNER_LOGIN = environ.get('BANNER_LOGIN', None) - -# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90) -if 'CHANGELOG_RETENTION' in environ: - CHANGELOG_RETENTION = _environ_get_and_map('CHANGELOG_RETENTION', None, _AS_INT) - -# Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely. (Default: 90) -if 'JOB_RETENTION' in environ: - JOB_RETENTION = _environ_get_and_map('JOB_RETENTION', None, _AS_INT) -# JOBRESULT_RETENTION was renamed to JOB_RETENTION in the v3.5.0 release of NetBox. For backwards compatibility, map JOBRESULT_RETENTION to JOB_RETENTION -elif 'JOBRESULT_RETENTION' in environ: - JOB_RETENTION = _environ_get_and_map('JOBRESULT_RETENTION', None, _AS_INT) - -# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be -# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or -# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers -CORS_ORIGIN_ALLOW_ALL = _environ_get_and_map('CORS_ORIGIN_ALLOW_ALL', 'False', _AS_BOOL) -CORS_ORIGIN_WHITELIST = _environ_get_and_map('CORS_ORIGIN_WHITELIST', 'https://localhost', _AS_LIST) -CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in _environ_get_and_map('CORS_ORIGIN_REGEX_WHITELIST', '', _AS_LIST)] - -# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal -# sensitive information about your installation. Only enable debugging while performing testing. -# Never enable debugging on a production system. -DEBUG = _environ_get_and_map('DEBUG', 'False', _AS_BOOL) - -# This parameter serves as a safeguard to prevent some potentially dangerous behavior, -# such as generating new database schema migrations. -# Set this to True only if you are actively developing the NetBox code base. -DEVELOPER = _environ_get_and_map('DEVELOPER', 'False', _AS_BOOL) - -# Email settings -EMAIL = { - 'SERVER': environ.get('EMAIL_SERVER', 'localhost'), - 'PORT': _environ_get_and_map('EMAIL_PORT', 25, _AS_INT), - 'USERNAME': environ.get('EMAIL_USERNAME', ''), - 'PASSWORD': _read_secret('email_password', environ.get('EMAIL_PASSWORD', '')), - 'USE_SSL': _environ_get_and_map('EMAIL_USE_SSL', 'False', _AS_BOOL), - 'USE_TLS': _environ_get_and_map('EMAIL_USE_TLS', 'False', _AS_BOOL), - 'SSL_CERTFILE': environ.get('EMAIL_SSL_CERTFILE', ''), - 'SSL_KEYFILE': environ.get('EMAIL_SSL_KEYFILE', ''), - 'TIMEOUT': _environ_get_and_map('EMAIL_TIMEOUT', 10, _AS_INT), # seconds - 'FROM_EMAIL': environ.get('EMAIL_FROM', ''), -} - -# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table -# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True. -if 'ENFORCE_GLOBAL_UNIQUE' in environ: - ENFORCE_GLOBAL_UNIQUE = _environ_get_and_map('ENFORCE_GLOBAL_UNIQUE', None, _AS_BOOL) - -# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and -# by anonymous users. List models in the form `.`. Add '*' to this list to exempt all models. -EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST) - -# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). -# HTTP_PROXIES = { -# 'http': 'http://10.10.1.10:3128', -# 'https': 'http://10.10.1.10:1080', -# } - -# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing -# NetBox from an internal IP. -INTERNAL_IPS = _environ_get_and_map('INTERNAL_IPS', '127.0.0.1 ::1', _AS_LIST) - -# Enable GraphQL API. -if 'GRAPHQL_ENABLED' in environ: - GRAPHQL_ENABLED = _environ_get_and_map('GRAPHQL_ENABLED', None, _AS_BOOL) - -# # Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs: -# # https://docs.djangoproject.com/en/stable/topics/logging/ -# LOGGING = {} - -# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain -# authenticated to NetBox indefinitely. -LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL) - -# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users -# are permitted to access most data in NetBox (excluding secrets) but not make any changes. -LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'False', _AS_BOOL) - -# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to -# re-authenticate. (Default: 1209600 [14 days]) -LOGIN_TIMEOUT = _environ_get_and_map('LOGIN_TIMEOUT', 1209600, _AS_INT) - -# Setting this to True will display a "maintenance mode" banner at the top of every page. -if 'MAINTENANCE_MODE' in environ: - MAINTENANCE_MODE = _environ_get_and_map('MAINTENANCE_MODE', None, _AS_BOOL) - -# Maps provider -if 'MAPS_URL' in environ: - MAPS_URL = environ.get('MAPS_URL', None) - -# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g. -# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request -# all objects by specifying "?limit=0". -if 'MAX_PAGE_SIZE' in environ: - MAX_PAGE_SIZE = _environ_get_and_map('MAX_PAGE_SIZE', None, _AS_INT) - -# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that -# the default value of this setting is derived from the installed location. -MEDIA_ROOT = environ.get('MEDIA_ROOT', join(_BASE_DIR, 'media')) - -# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' -METRICS_ENABLED = _environ_get_and_map('METRICS_ENABLED', 'False', _AS_BOOL) - -# Determine how many objects to display per page within a list. (Default: 50) -if 'PAGINATE_COUNT' in environ: - PAGINATE_COUNT = _environ_get_and_map('PAGINATE_COUNT', None, _AS_INT) - -# # Enable installed plugins. Add the name of each plugin to the list. -# PLUGINS = [] - -# # Plugins configuration settings. These settings are used by various plugins that the user may have installed. -# # Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings. -# PLUGINS_CONFIG = { -# } - -# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to -# prefer IPv4 instead. -if 'PREFER_IPV4' in environ: - PREFER_IPV4 = _environ_get_and_map('PREFER_IPV4', None, _AS_BOOL) - -# The default value for the amperage field when creating new power feeds. -if 'POWERFEED_DEFAULT_AMPERAGE' in environ: - POWERFEED_DEFAULT_AMPERAGE = _environ_get_and_map('POWERFEED_DEFAULT_AMPERAGE', None, _AS_INT) - -# The default value (percentage) for the max_utilization field when creating new power feeds. -if 'POWERFEED_DEFAULT_MAX_UTILIZATION' in environ: - POWERFEED_DEFAULT_MAX_UTILIZATION = _environ_get_and_map('POWERFEED_DEFAULT_MAX_UTILIZATION', None, _AS_INT) - -# The default value for the voltage field when creating new power feeds. -if 'POWERFEED_DEFAULT_VOLTAGE' in environ: - POWERFEED_DEFAULT_VOLTAGE = _environ_get_and_map('POWERFEED_DEFAULT_VOLTAGE', None, _AS_INT) - -# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1. -if 'RACK_ELEVATION_DEFAULT_UNIT_HEIGHT' in environ: - RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_HEIGHT', None, _AS_INT) -if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ: - RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT) - -# Remote authentication support -REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL) -REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST) -REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER') -REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL) -REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST) -# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} - -# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the -# version check or use the URL below to check for release in the official NetBox repository. -RELEASE_CHECK_URL = environ.get('RELEASE_CHECK_URL', None) -# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases' - -# Maximum execution time for background tasks, in seconds. -RQ_DEFAULT_TIMEOUT = _environ_get_and_map('RQ_DEFAULT_TIMEOUT', 300, _AS_INT) - -# The name to use for the csrf token cookie. -CSRF_COOKIE_NAME = environ.get('CSRF_COOKIE_NAME', 'csrftoken') - -# Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set the CSRF_TRUSTED_ORIGINS flag. -# Django 4.0 requires to specify the URL Scheme in this setting. An example environment variable could be specified like: -# CSRF_TRUSTED_ORIGINS=https://demo.netbox.dev http://demo.netbox.dev -CSRF_TRUSTED_ORIGINS = _environ_get_and_map('CSRF_TRUSTED_ORIGINS', '', _AS_LIST) - -# The name to use for the session cookie. -SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid') - -# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use -# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only -# database access.) Note that the user as which NetBox runs must have read and write permissions to this path. -SESSION_FILE_PATH = environ.get('SESSION_FILE_PATH', environ.get('SESSIONS_ROOT', None)) - -# Time zone (default: UTC) -TIME_ZONE = environ.get('TIME_ZONE', 'UTC') - -# Date/time formatting. See the following link for supported formats: -# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date -DATE_FORMAT = environ.get('DATE_FORMAT', 'N j, Y') -SHORT_DATE_FORMAT = environ.get('SHORT_DATE_FORMAT', 'Y-m-d') -TIME_FORMAT = environ.get('TIME_FORMAT', 'g:i a') -SHORT_TIME_FORMAT = environ.get('SHORT_TIME_FORMAT', 'H:i:s') -DATETIME_FORMAT = environ.get('DATETIME_FORMAT', 'N j, Y g:i a') -SHORT_DATETIME_FORMAT = environ.get('SHORT_DATETIME_FORMAT', 'Y-m-d H:i') -BASE_PATH = environ.get('BASE_PATH', '') diff --git a/docker/v4.2.3/netbox/configuration/extra.py b/docker/v4.2.3/netbox/configuration/extra.py deleted file mode 100644 index 8bd1337..0000000 --- a/docker/v4.2.3/netbox/configuration/extra.py +++ /dev/null @@ -1,49 +0,0 @@ -#### -## This file contains extra configuration options that can't be configured -## directly through environment variables. -#### - -## Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of -## application errors (assuming correct email settings are provided). -# ADMINS = [ -# # ['John Doe', 'jdoe@example.com'], -# ] - - -## URL schemes that are allowed within links in NetBox -# ALLOWED_URL_SCHEMES = ( -# 'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp', -# ) - -## Enable installed plugins. Add the name of each plugin to the list. -# from netbox.configuration.configuration import PLUGINS -# PLUGINS.append('my_plugin') - -## Plugins configuration settings. These settings are used by various plugins that the user may have installed. -## Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings. -# from netbox.configuration.configuration import PLUGINS_CONFIG -# PLUGINS_CONFIG['my_plugin'] = { -# 'foo': 'bar', -# 'buzz': 'bazz' -# } - - -## Remote authentication support -# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} - - -## By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the -## class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example: -# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage' -# STORAGE_CONFIG = { -# 'AWS_ACCESS_KEY_ID': 'Key ID', -# 'AWS_SECRET_ACCESS_KEY': 'Secret', -# 'AWS_STORAGE_BUCKET_NAME': 'netbox', -# 'AWS_S3_REGION_NAME': 'eu-west-1', -# } - - -## This file can contain arbitrary Python code, e.g.: -# from datetime import datetime -# now = datetime.now().strftime("%d/%m/%Y %H:%M:%S") -# BANNER_TOP = f'This instance started on {now}.' diff --git a/docker/v4.2.3/netbox/configuration/ldap/extra.py b/docker/v4.2.3/netbox/configuration/ldap/extra.py deleted file mode 100644 index 4505197..0000000 --- a/docker/v4.2.3/netbox/configuration/ldap/extra.py +++ /dev/null @@ -1,28 +0,0 @@ -#### -## This file contains extra configuration options that can't be configured -## directly through environment variables. -## All vairables set here overwrite any existing found in ldap_config.py -#### - -# # This Python script inherits all the imports from ldap_config.py -# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py - -# # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin. -# AUTH_LDAP_REQUIRE_GROUP = ( -# LDAPGroupQuery("cn=netbox-user-ro,ou=groups,dc=example,dc=com") -# | LDAPGroupQuery("cn=netbox-user-rw,ou=groups,dc=example,dc=com") -# | LDAPGroupQuery("cn=netbox-user-admin,ou=groups,dc=example,dc=com") -# ) - -# # Sets LDAP Flag groups variables with example. -# AUTH_LDAP_USER_FLAGS_BY_GROUP = { -# "is_staff": ( -# LDAPGroupQuery("cn=netbox-user-ro,ou=groups,dc=example,dc=com") -# | LDAPGroupQuery("cn=netbox-user-rw,ou=groups,dc=example,dc=com") -# | LDAPGroupQuery("cn=netbox-user-admin,ou=groups,dc=example,dc=com") -# ), -# "is_superuser": "cn=netbox-user-admin,ou=groups,dc=example,dc=com", -# } - -# # Sets LDAP Mirror groups variables with example groups -# AUTH_LDAP_MIRROR_GROUPS = ["netbox-user-ro", "netbox-user-rw", "netbox-user-admin"] diff --git a/docker/v4.2.3/netbox/configuration/ldap/ldap_config.py b/docker/v4.2.3/netbox/configuration/ldap/ldap_config.py deleted file mode 100644 index 32743c7..0000000 --- a/docker/v4.2.3/netbox/configuration/ldap/ldap_config.py +++ /dev/null @@ -1,113 +0,0 @@ -from importlib import import_module -from os import environ - -import ldap -from django_auth_ldap.config import LDAPSearch - - -# Read secret from file -def _read_secret(secret_name, default=None): - try: - f = open('/run/secrets/' + secret_name, encoding='utf-8') - except OSError: - return default - else: - with f: - return f.readline().strip() - - -# Import and return the group type based on string name -def _import_group_type(group_type_name): - mod = import_module('django_auth_ldap.config') - try: - return getattr(mod, group_type_name)() - except: - return None - - -# Server URI -AUTH_LDAP_SERVER_URI = environ.get('AUTH_LDAP_SERVER_URI', '') - -# The following may be needed if you are binding to Active Directory. -AUTH_LDAP_CONNECTION_OPTIONS = { - ldap.OPT_REFERRALS: 0 -} - -AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = environ.get('AUTH_LDAP_BIND_AS_AUTHENTICATING_USER', 'False').lower() == 'true' - -# Set the DN and password for the NetBox service account if needed. -if not AUTH_LDAP_BIND_AS_AUTHENTICATING_USER: - AUTH_LDAP_BIND_DN = environ.get('AUTH_LDAP_BIND_DN', '') - AUTH_LDAP_BIND_PASSWORD = _read_secret('auth_ldap_bind_password', environ.get('AUTH_LDAP_BIND_PASSWORD', '')) - -# Set a string template that describes any user’s distinguished name based on the username. -AUTH_LDAP_USER_DN_TEMPLATE = environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None) - -# Enable STARTTLS for ldap authentication. -AUTH_LDAP_START_TLS = environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'true' - -# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert. -# Note that this is a NetBox-specific setting which sets: -# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) -LDAP_IGNORE_CERT_ERRORS = environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true' - -# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server -# Note that this is a NetBox-specific setting which sets: -# ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR) -LDAP_CA_CERT_DIR = environ.get('LDAP_CA_CERT_DIR', None) - -# Include this setting if you want to validate the LDAP server certificates against your own CA. -# Note that this is a NetBox-specific setting which sets: -# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE) -LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None) - -AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '') -AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName') -AUTH_LDAP_USER_SEARCH_FILTER: str = environ.get( - 'AUTH_LDAP_USER_SEARCH_FILTER', f'({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)' -) - -AUTH_LDAP_USER_SEARCH = LDAPSearch( - AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER -) - -# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group -# heirarchy. - -AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '') -AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group') - -AUTH_LDAP_GROUP_SEARCH_FILTER: str = environ.get( - 'AUTH_LDAP_GROUP_SEARCH_FILTER', f'(objectclass={AUTH_LDAP_GROUP_SEARCH_CLASS})' -) -AUTH_LDAP_GROUP_SEARCH = LDAPSearch( - AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER -) -AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType')) - -# Define a group required to login. -AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN') - -# Define special user types using groups. Exercise great caution when assigning superuser status. -AUTH_LDAP_USER_FLAGS_BY_GROUP = {} - -if AUTH_LDAP_REQUIRE_GROUP is not None: - AUTH_LDAP_USER_FLAGS_BY_GROUP = { - "is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''), - "is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''), - "is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '') - } - -# For more granular permissions, we can map LDAP groups to Django groups. -AUTH_LDAP_FIND_GROUP_PERMS = environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true' -AUTH_LDAP_MIRROR_GROUPS = environ.get('AUTH_LDAP_MIRROR_GROUPS', '').lower() == 'true' - -# Cache groups for one hour to reduce LDAP traffic -AUTH_LDAP_CACHE_TIMEOUT = int(environ.get('AUTH_LDAP_CACHE_TIMEOUT', 3600)) - -# Populate the Django user from the LDAP directory. -AUTH_LDAP_USER_ATTR_MAP = { - "first_name": environ.get('AUTH_LDAP_ATTR_FIRSTNAME', 'givenName'), - "last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'), - "email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mail') -} diff --git a/docker/v4.2.3/netbox/configuration/logging.py b/docker/v4.2.3/netbox/configuration/logging.py deleted file mode 100644 index f145c5c..0000000 --- a/docker/v4.2.3/netbox/configuration/logging.py +++ /dev/null @@ -1,72 +0,0 @@ -from os import environ - -LOGGING = { - 'version': 1, - 'disable_existing_loggers': False, - 'handlers': { - 'console': { - 'class': 'logging.StreamHandler', - }, - }, - 'loggers': { - '': { # root logger - 'handlers': ['console'], - 'level': 'DEBUG' if environ.get('DEBUG', 'false').lower() == 'true' else 'INFO', - }, - }, -} -# # Remove first comment(#) on each line to implement this working logging example. -# # Add LOGLEVEL environment variable to netbox if you use this example & want a different log level. -# from os import environ - -# # Set LOGLEVEL in netbox.env or docker-compose.overide.yml to override a logging level of INFO. -# LOGLEVEL = environ.get('LOGLEVEL', 'INFO') - -# LOGGING = { - -# 'version': 1, -# 'disable_existing_loggers': False, -# 'formatters': { -# 'verbose': { -# 'format': '{levelname} {asctime} {module} {process:d} {thread:d} {message}', -# 'style': '{', -# }, -# 'simple': { -# 'format': '{levelname} {message}', -# 'style': '{', -# }, -# }, -# 'filters': { -# 'require_debug_false': { -# '()': 'django.utils.log.RequireDebugFalse', -# }, -# }, -# 'handlers': { -# 'console': { -# 'level': LOGLEVEL, -# 'filters': ['require_debug_false'], -# 'class': 'logging.StreamHandler', -# 'formatter': 'simple' -# }, -# 'mail_admins': { -# 'level': 'ERROR', -# 'class': 'django.utils.log.AdminEmailHandler', -# 'filters': ['require_debug_false'] -# } -# }, -# 'loggers': { -# 'django': { -# 'handlers': ['console'], -# 'propagate': True, -# }, -# 'django.request': { -# 'handlers': ['mail_admins'], -# 'level': 'ERROR', -# 'propagate': False, -# }, -# 'django_auth_ldap': { -# 'handlers': ['console',], -# 'level': LOGLEVEL, -# } -# } -# } diff --git a/docker/v4.2.3/netbox/configuration/plugins.py b/docker/v4.2.3/netbox/configuration/plugins.py deleted file mode 100644 index c6deec2..0000000 --- a/docker/v4.2.3/netbox/configuration/plugins.py +++ /dev/null @@ -1,29 +0,0 @@ -# Add your plugins and plugin settings here. -# Of course uncomment this file out. - -# To learn how to build images with your required plugins -# See https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins - -PLUGINS = [ - "netbox_diode_plugin", - "netbox_branching", -] - -# PLUGINS_CONFIG = { -# "netbox_diode_plugin": { -# # Auto-provision users for Diode plugin -# "auto_provision_users": True, -# -# # Diode gRPC target for communication with Diode server -# "diode_target_override": "grpc://localhost:8080/diode", -# -# # User allowed for Diode to NetBox communication -# "diode_to_netbox_username": "diode-to-netbox", -# -# # User allowed for NetBox to Diode communication -# "netbox_to_diode_username": "netbox-to-diode", -# -# # User allowed for data ingestion -# "diode_username": "diode-ingestion", -# }, -# } diff --git a/docker/v4.2.3/netbox/docker-entrypoint.sh b/docker/v4.2.3/netbox/docker-entrypoint.sh deleted file mode 100644 index fb25e67..0000000 --- a/docker/v4.2.3/netbox/docker-entrypoint.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash -# Runs on every start of the NetBox Docker container - -# Stop when an error occures -set -e - -# Allows NetBox to be run as non-root users -umask 002 - -# Load correct Python3 env -# shellcheck disable=SC1091 -source /opt/netbox/venv/bin/activate - -# Try to connect to the DB -DB_WAIT_TIMEOUT=${DB_WAIT_TIMEOUT-3} -MAX_DB_WAIT_TIME=${MAX_DB_WAIT_TIME-30} -CUR_DB_WAIT_TIME=0 -while [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do - # Read and truncate connection error tracebacks to last line by default - exec {psfd}< <(./manage.py showmigrations 2>&1) - read -rd '' DB_ERR <&$psfd || : - exec {psfd}<&- - wait $! && break - if [ -n "$DB_WAIT_DEBUG" ]; then - echo "$DB_ERR" - else - readarray -tn 0 DB_ERR_LINES <<<"$DB_ERR" - echo "${DB_ERR_LINES[@]: -1}" - echo "[ Use DB_WAIT_DEBUG=1 in netbox.env to print full traceback for errors here ]" - fi - echo "⏳ Waiting on DB... (${CUR_DB_WAIT_TIME}s / ${MAX_DB_WAIT_TIME}s)" - sleep "${DB_WAIT_TIMEOUT}" - CUR_DB_WAIT_TIME=$((CUR_DB_WAIT_TIME + DB_WAIT_TIMEOUT)) -done -if [ "${CUR_DB_WAIT_TIME}" -ge "${MAX_DB_WAIT_TIME}" ]; then - echo "❌ Waited ${MAX_DB_WAIT_TIME}s or more for the DB to become ready." - exit 1 -fi -# Check if update is needed -if ! ./manage.py migrate --check >/dev/null 2>&1; then - echo "⚙️ Applying database migrations" - ./manage.py migrate --no-input - echo "⚙️ Running trace_paths" - ./manage.py trace_paths --no-input - echo "⚙️ Removing stale content types" - ./manage.py remove_stale_contenttypes --no-input - echo "⚙️ Removing expired user sessions" - ./manage.py clearsessions - echo "⚙️ Building search index (lazy)" - ./manage.py reindex --lazy -fi - -# Create Superuser if required -if [ "$SKIP_SUPERUSER" == "true" ]; then - echo "↩️ Skip creating the superuser" -else - if [ -z ${SUPERUSER_NAME+x} ]; then - SUPERUSER_NAME='admin' - fi - if [ -z ${SUPERUSER_EMAIL+x} ]; then - SUPERUSER_EMAIL='admin@example.com' - fi - if [ -f "/run/secrets/superuser_password" ]; then - SUPERUSER_PASSWORD="$(