Skip to content

feat: implement OAuth2 authentication and permissions #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Parent: feat: diode data plugin 1.0 rc
merged 12 commits into from
Apr 23, 2025
Merged

feat: implement OAuth2 authentication and permissions #86

merged 12 commits into from
Apr 23, 2025

Conversation

@mfiedorowicz
Copy link
Member

@mfiedorowicz mfiedorowicz commented Apr 21, 2025
edited
Loading

This pull request introduces significant updates to the NetBox Diode plugin, including a major version upgrade, removal of deprecated features, and the addition of OAuth2-based authentication and permissions. These changes aim to streamline the plugin's configuration, improve security, and modernize its codebase.

Major Version Upgrade and Compatibility Updates:

  • Updated the plugin's compatibility to require NetBox version 4.2.3 and set the plugin release to 1.0.0. This reflects the new major version and ensures compatibility with the latest NetBox features. (README.md [1] netbox-plugin.yaml [2]

Configuration Simplifications:

  • Removed the auto_provision_users feature and associated user-specific configurations (diode_to_netbox_username, netbox_to_diode_username). Simplified the configuration to use a single diode_username for plugin-applied changes. (README.md [1] docker/netbox/plugins_dev.py [2] netbox_diode_plugin/__init__.py [3]

Security Enhancements:

  • Introduced OAuth2-based authentication with the new DiodeOAuth2Authentication class, enabling token introspection and caching for secure API access. (netbox_diode_plugin/api/authentication.py netbox_diode_plugin/api/authentication.pyR1-R82)
  • Replaced legacy permissions with scope-based OAuth2 permissions (SCOPE_NETBOX_READ, SCOPE_NETBOX_WRITE) for fine-grained access control. (netbox_diode_plugin/api/permissions.py [1] netbox_diode_plugin/api/views.py [2]

Codebase Modernization:

  • Updated copyright notices to 2025 across multiple files. (netbox_diode_plugin/__init__.py netbox_diode_plugin/init.pyL2-R2, netbox_diode_plugin/api/*.py)
  • Refactored code for improved readability and maintainability, including consistent use of double quotes and better formatting in methods like get_valid_entity_keys. (netbox_diode_plugin/api/views.py [1] [2]

Deprecation of API Key Management:

  • Removed the need for manually setting API keys in environment variables or during migrations, as these are now handled by the OAuth2 authentication mechanism. (README.md [1] docker/netbox/env/netbox.env [2]

@mfiedorowicz
feat: implement OAuth2 authentication and permissions for Diode NetBo…
e85ebf9 
…x Plugin

- Added DiodeOAuth2Authentication class for handling OAuth2 token validation.
- Introduced IsDiodeOAuth2Authenticated permission class to check OAuth2 authentication.
- Updated GenerateDiffView and ApplyChangeSetView to use the new authentication and permission classes.

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: update copyright year in authentication, permissions, and view…
f0a8af4 
…s files

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz mfiedorowicz requested a review from jajeffries April 21, 2025 11:22
@mfiedorowicz mfiedorowicz self-assigned this Apr 21, 2025
@mfiedorowicz
feat: diode auth authentication
ce2bf8f 
- authentication with OAuth2 instead of API keys
- squashed and removed old redundant migrations
- removed redundant setup step

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: update compatibility version in netbox-plugin.yaml
305ddf3 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
feat: adjust unit test to diode auth with oauth2
8ea3b2b 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: update copyright year in all plugin files to 2025
14149ac 
- remove unused imports

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
Merge branch 'feat-diode-data-plugin' into feat-authn-oauth2
99a1bb7
@mfiedorowicz
fix tests
35286bc 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@github-actions
Copy link

github-actions bot commented Apr 22, 2025
edited
Loading

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines Covered Coverage Threshold Status
2814 2626 93% 0% 🟢

New Files

File Coverage Status
netbox_diode_plugin/api/authentication.py 96% 🟢
netbox_diode_plugin/tests/test_authentication.py 99% 🟢
TOTAL 97% 🟢

Modified Files

File Coverage Status
netbox_diode_plugin/init.py 100% 🟢
netbox_diode_plugin/api/init.py 100% 🟢
netbox_diode_plugin/api/applier.py 93% 🟢
netbox_diode_plugin/api/differ.py 94% 🟢
netbox_diode_plugin/api/matcher.py 87% 🟢
netbox_diode_plugin/api/permissions.py 100% 🟢
netbox_diode_plugin/api/plugin_utils.py 85% 🟢
netbox_diode_plugin/api/serializers.py 0% 🟢
netbox_diode_plugin/api/transformer.py 90% 🟢
netbox_diode_plugin/api/urls.py 100% 🟢
netbox_diode_plugin/api/views.py 80% 🟢
netbox_diode_plugin/forms.py 100% 🟢
netbox_diode_plugin/models.py 100% 🟢
netbox_diode_plugin/navigation.py 100% 🟢
netbox_diode_plugin/plugin_config.py 96% 🟢
netbox_diode_plugin/tests/init.py 100% 🟢
netbox_diode_plugin/tests/test_api_apply_change_set.py 99% 🟢
netbox_diode_plugin/tests/test_api_diff_and_apply.py 100% 🟢
netbox_diode_plugin/tests/test_api_generate_diff.py 100% 🟢
netbox_diode_plugin/tests/test_forms.py 100% 🟢
netbox_diode_plugin/tests/test_models.py 100% 🟢
netbox_diode_plugin/tests/test_plugin_config.py 100% 🟢
netbox_diode_plugin/tests/test_updates.py 95% 🟢
netbox_diode_plugin/tests/test_version.py 100% 🟢
netbox_diode_plugin/tests/test_views.py 100% 🟢
netbox_diode_plugin/urls.py 100% 🟢
netbox_diode_plugin/version.py 100% 🟢
netbox_diode_plugin/views.py 100% 🟢
TOTAL 94% 🟢

updated for commit: 6bd1215 by action🐍

@mfiedorowicz
feat: enhance OAuth2 authentication and permissions in Diode NetBox P…
b66cbef 
…lugin

- Updated DiodeOAuth2Authentication to set user, token scopes, and token data on the request.
- Introduced HasScope permission class to enforce required OAuth2 token scopes.
- Refactored views to utilize IsAuthenticated and require_scopes for permission checks.
- Adjusted unit tests to mock the updated authentication behavior.

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: remove unspecified diode_username_override
c2f3a85 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
refactor: rename permission scope constants for consistency
612c991 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
refactor: remove redundant HasScope permission class
6bd1215 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@ltucker ltucker merged commit 9f3f219 into feat-diode-data-plugin Apr 23, 2025
3 checks passed
@ltucker ltucker deleted the feat-authn-oauth2 branch April 23, 2025 20:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ltucker ltucker ltucker approved these changes

@jajeffries jajeffries jajeffries approved these changes

@leoparente leoparente Awaiting requested review from leoparente

Assignees

@mfiedorowicz mfiedorowicz

Labels

markdown python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mfiedorowicz @ltucker @jajeffries