Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for secret attachment on configurable object types ( fixes ffddorf/netbox-vault-secrets#14 ) #49

Closed
wants to merge 1 commit into from
Closed

Add support for secret attachment on configurable object types ( fixes ffddorf/netbox-vault-secrets#14 ) #49

wants to merge 1 commit into from

Conversation

ghost
Copy link

@ghost ghost commented Nov 15, 2022
edited by ghost
Loading

Add support for configurable list of object types where secrets can be attached. ( fixes #14 )
Default config reflects the currently supported Device, VM, Service types.
Readme updated with info on how to configure.

Tested on Netbox 3.3.7 / Vault 1.12.1 (no changes to the front-end code in this PR, so vault version shouldn't matter)
Tested with the following plugin_config:

PLUGINS_CONFIG = {
    "netbox_vault_secrets": {
        "api_url": "https://vault.mikkle.io/",
        "kv_mount_path": "/mikkle.io",
        "secret_path_prefix": "/netbox",
        "login_methods": ["oidc"],
        "oidc": {
            "mount_path": "/auth/mikkle.io"
        },
        "content_types": [
            {
                "model": 'dcim.device'
            },
            {
                "model": 'ipam.service'
            },
            {
                "model": 'virtualization.virtualmachine',
                "vault_path_slug": 'vm'
            },
            {
                "model": 'tenancy.tenant'
            },
            {
                "model": 'tenancy.tenantgroup',
                "vault_path_slug": 'tenant_group'
            },
            {
                "model": 'circuits.circuit'
            },
            {
                "model": 'virtualization.clustergroup',
                "vault_path_slug": 'cluster_group'
            },
            {
                "model": 'virtualization.clustertype',
                "vault_path_slug": 'clusterType'
            },
            {
                "model": 'auth.user'
            },
        ]
    }
}

which works as expected (all except "auth.user" are set up)
Log (with debug enabled) tells what's going on:

DEBUG 2022-11-15 22:18:24,127 template_content netbox_vault_secrets 21 139918999255360 Allowed apps: circuits, dcim, extras, ipam, tenancy, virtualization, wireless
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Configured content_types: dcim.device, ipam.service, virtualization.virtualmachine, tenancy.tenant, tenancy.tenantgroup, circuits.circuit, virtualization.clustergroup, virtualization.clustertype, auth.user
INFO 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 ignored dis-allowed content_types: auth.user
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Inferred slug 'device' for model dcim.device
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultDcimDeviceSecrets
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Inferred slug 'service' for model ipam.service
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultIpamServiceSecrets
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Using overridden slug 'vm' for model virtualization.virtualmachine
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultVirtualizationVirtualmachineSecrets
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Inferred slug 'tenant' for model tenancy.tenant
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultTenancyTenantSecrets
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Using overridden slug 'tenant_group' for model tenancy.tenantgroup
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultTenancyTenantgroupSecrets
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Inferred slug 'circuit' for model circuits.circuit
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultCircuitsCircuitSecrets
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Using overridden slug 'cluster_group' for model virtualization.clustergroup
DEBUG 2022-11-15 22:18:24,128 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultVirtualizationClustergroupSecrets
DEBUG 2022-11-15 22:18:24,129 template_content netbox_vault_secrets 21 139918999255360 Using overridden slug 'clusterType' for model virtualization.clustertype
DEBUG 2022-11-15 22:18:24,129 template_content netbox_vault_secrets 21 139918999255360 Creating VaultSecretInserter sub-class VaultVirtualizationClustertypeSecrets

@ghost ghost changed the title Add support for secret attachment on configurable object types (fixes #14) Add support for secret attachment on configurable object types ( fixes #14 ) Nov 15, 2022
@ghost ghost changed the title Add support for secret attachment on configurable object types ( fixes #14 ) Add support for secret attachment on configurable object types ( fixes ffddorf/netbox-vault-secrets#14 ) Nov 15, 2022
@balpoint
Copy link

can we please implement this pull request ?!

@ghost ghost closed this by deleting the head repository May 14, 2024
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secret for tenants
1 participant
@balpoint