Skip to content

PowerNetbox v4.6.0.0 — NetBox 4.6 compatibility

Choose a tag to compare

View all tags
@ctrl-alt-automate ctrl-alt-automate released this 15 May 00:08
· 44 commits to main since this release
v4.6.0.0
d65bc04

PowerNetbox v4.6.0.0

Target: NetBox 4.6.0 (released 2026-05-05)
Minimum: NetBox 4.3+
PowerShell: 5.1+ (Desktop and Core), cross-platform

This is the first PowerNetbox release that targets NetBox 4.6.x. It bundles two months of accumulated dev work (security hardening, supply-chain provenance, several bug fixes, and a cmdlet rename for ContactAssignment) with the minimal compat needed for NetBox 4.6 — CI matrix bumps, branching plugin upgrade, and zero-drift ValidateSet verification.

The substantive 4.6 surface (new endpoints VirtualMachineType / CableBundle / RackGroup, VM -Device parameter, ASN role, ETag/If-Match, cursor pagination, partial tag assignment) is intentionally deferred to v4.6.x.x follow-ups so this release can ship now and unblock the dev backlog. See umbrella issue #395 for the full 4.6 implementation roadmap.

NetBox 4.6 compatibility

  • CI matrix updated across all four workflows (integration, compatibility, branching-integration, pre-release-validation):
    • Added v4.6.0-5.0.1 (netbox-docker 5.0.1)
    • Added v4.5.10-4.0.2 (final 4.5.x release)
    • Retained v4.4.10-3.4.2 and v4.3.7-3.3.0
    • Dropped v4.5.8-4.0.2 (superseded by 4.5.10)
  • netbox-branching plugin bumped 0.8.0 → 1.0.3 (per upstream COMPATIBILITY.md, covers NetBox 4.4.1–4.6.x)
  • ValidateSet parity against v4.6.0 reports zero drift — existing decorators cover all 4.6.0 choices for endpoints we currently expose
  • Primary test instance (zulu-how.exe.xyz) upgraded v4.5.8 → v4.6.0 via Ansible

Bug fixes

  • #414 / #416Get-/New-/Set-NBContactAssignment parameter name (Wolfgang Wagner / @danubie). The functions previously used -Content_Type, which NetBox 4.x rejected with HTTP 400. Renamed to -Object_Type to match the API field. [Alias('Content_Type')] retained for backward compat; 27 new integration tests cover the full Contact / ContactRole / ContactAssignment CRUD lifecycle including cascading-cleanup ordering.
  • #392 follow-up — ValidateSet expansion on RearPort / FrontPort / Cable Type (commit b44934e). Adds previously-missing choices from the parity tool's audit; strictly expansive, no breakage to existing callers.
  • #398 follow-up / #401 — Enum null-clearing on Set-NBDCIMInterface. Allows clearing enum-typed fields (e.g. duplex, poe-mode) via the empty-string sentinel — previously the only path was to fetch + mutate + PATCH the entire object.

New parameters

  • #409 — Nullable FK params + -Description on Set-NBDCIMDevice (Matt Karel / @mkarel, commit 0ed8f51). Eleven existing FK params now accept $null to clear: Platform, Tenant, Cluster, Rack, Position, Virtual_Chassis, VC_Priority, VC_Position, Primary_IP4, Primary_IP6, Owner. New -Description parameter added. [Nullable[uint64]] / [Nullable[uint16]] pattern follows the precedent set by PR #366 (Set-NBDCIMDeviceBay). Co-authored by Matt Karel.

Refactoring

  • Dead-code cleanup — InterfaceConnection functions removed (commit ac72491). The /api/dcim/interface-connections/ endpoint was removed in NetBox 4.0, so the corresponding cmdlets have been dead for two years; they returned 404 against every supported NetBox version.

Security hardening (PRs #403#407)

This release lands the Tier 2 security review work plus the supply-chain provenance pipeline:

  • #404 — Tier 2 security review: STRIDE threat model, OWASP API Top 10 (client-side), supply-chain audit. Fixes pagination .next URL SSRF via origin validation — when NetBox returns a next URL whose host differs from the originally-requested host, PowerNetbox now refuses to follow it and emits a clear error message rather than blindly chasing the URL with the user's token.

  • #403 — gitleaks CI: pre-commit and CI-time secret scanning with an allowlist file. Catches accidental token commits before they hit the remote.

  • #405 — SECURITY.md + PRIVACY.md + README code-signing section: vulnerability reporting policy, data-handling statement, and a documented authenticity story.

  • #406 — Release-pipeline hardening: Pester / PSScriptAnalyzer pinned via RequiredVersion, .github/dependabot.yml configured for github-actions ecosystem, and actions/attest-build-provenance@v2 integrated into release.yml. Every PSGallery release from this version onwards ships with a cryptographic build-provenance attestation. Consumers can verify with:

    gh attestation verify $module.Path --repo ctrl-alt-automate/PowerNetbox

  • #407 — Dependabot grouping fix: actions-minor-patch group now correctly applies to all action updates via patterns: ['*'].

Documentation

  • #408new-netbox-endpoint reference skill: a project-level Claude Code skill (.claude/skills/new-netbox-endpoint/SKILL.md) that's auto-loaded when adding a new NetBox endpoint. Contains the current cmdlet templates, test patterns, and the pitfalls table previously embedded in CLAUDE.md. Discoverable but local — does not ship to PSGallery.
  • README updated for NetBox 4.5.8 compat, function/test counts corrected, changelog table extended through v4.5.8.1.
  • SignPath Foundation OSS-cert application declined (insufficient external reputation signals); README's "Authenticity & provenance" section reframed around GitHub build-provenance attestations as the sole authenticity anchor for v4.6.0+.

Deferred for v4.6.x.x — tracked in #395

Surface Reference
VirtualMachineType endpoint — 4 new cmdlets netbox-community/netbox#5795
CableBundle endpoint — 4 new cmdlets netbox-community/netbox#20151
RackGroup endpoint — 4 new cmdlets + Rack.rack_group FK netbox-community/netbox#20961
VM -Device parameter, Cluster nullable netbox-community/netbox#12024
ASN.role field netbox-community/netbox#17654
DeviceBay / ModuleBay.enabled field netbox-community/netbox#20152
Partial tag assignment (add_tags / remove_tags) netbox-community/netbox#21771
ETag + If-Match optimistic concurrency netbox-community/netbox#21356
Cursor-based pagination ?start= in -All netbox-community/netbox#21363
Django 6.0 error-format regressions netbox-community/netbox#20984 — covered by integration matrix

Other open items rolled forward

  • #411 — 7 missing writable Device fields (location, airflow, oob_ip, latitude, longitude, config_template, local_context_data). Distinct from #409's set.
  • #412Device.position typed as [uint16] loses precision on half-U positions (1.5U). Latent precision bug, no recent reports.
  • #413 — Virtual Disks endpoint (mkarel feature request).
  • #417-All returns 403 on second page (reverse-proxy header config issue, not a PowerNetbox bug; v4.6.0's pagination origin-validation will produce a clearer error for this scenario).
  • #418_ArgumentCompleters.ps1 triggers auto-loading of installed module during fork-development tests (Wolfgang Wagner / @danubie offered to submit a PR).

Contributors

Thanks to @danubie (Wolfgang Wagner — ContactAssignment fix #414/#416, plus active bug-reporting on #414, #417 discussion, #418) and @mkarel (Matt Karel — Set-NBDCIMDevice nullable FK params #409 contributed via #410, pre-empted to dev with Co-Authored-By credit).

🔐 Authenticity: Verify this release's PowerShell module against the GitHub build-provenance attestation:

$module = Get-Module -Name PowerNetbox -ListAvailable | Where-Object Version -eq '4.6.0.0' | Select-Object -First 1
gh attestation verify $module.Path --repo ctrl-alt-automate/PowerNetbox

Contributors

mkarel and danubie
Assets 2
Loading