v2025.11.01 release #35
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…a' and (1) matching existing interfaces and (2) making sure to also collect vmbr* interfaces
Site add works Device role add works Device type add works Add interface(s) to device type works Adding devices does *not* work. Need to investigate.
Adds mac addresses to discovered interfaces Needs to add support for vmbr* interfaces (and their physical mappings) Needs to map IP addresses to network interfaces Needs to add cluster and type to Proxmox Needs to associate devices with Proxmox cluster
…s on all devices.
…dress information
Tons of refactoring around how network configuration is discovered on Proxmox node(s)
Adds rudimentary (buggy!) branching support -- DO NOT USE
… interface object. Adds hasattr and findByMulti to give us a single object. Fixes class naming to that it is consistent in terms of case, i.e. Netbox -> NetBox
Adds Platforms creation for Devices
…ts in netbox_object.py
Reworks order of creation (of cluster type, group, cluster) and adds cluster creation to device creation rather than as a separate step
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| client = paramiko.SSHClient() | ||
|
|
||
| # Set policy for handling unknown host keys (AutoAddPolicy for convenience, RejectPolicy for security in production) | ||
| client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) |
Check failure
Code scanning / CodeQL
Accepting unknown SSH host keys when using Paramiko High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 22 days ago
The most robust and direct fix is to remove the explicit AutoAddPolicy assignment and ensure that a secure policy is used. By default, Paramiko uses RejectPolicy, which will cause the connection to fail if the host key is unknown. If needed, you can load known hosts from the user's ~/.ssh/known_hosts file using client.load_system_host_keys(), which is standard SSH behavior. This ensures that only known, trusted hosts are accepted.
To apply this fix:
- Remove or replace the line that sets the host key policy to
paramiko.AutoAddPolicy(). - Optionally, add
client.load_system_host_keys()after creating the client, so that host keys are checked against the system's list of known hosts. - Do not add
AutoAddPolicyorWarningPolicyanywhere in the function. - No extra imports are required, as everything is already present.
Suggested changeset
1
setup/helpers/netbox_proxmox_cluster.py
| @@ -81,10 +81,9 @@ | ||
|
|
||
| # Create an SSH client instance | ||
| client = paramiko.SSHClient() | ||
| client.load_system_host_keys() | ||
| # By default, SSHClient uses RejectPolicy, which is secure and will raise an exception if the host is not known. | ||
|
|
||
| # Set policy for handling unknown host keys (AutoAddPolicy for convenience, RejectPolicy for security in production) | ||
| client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | ||
|
|
||
| # Connect to the server | ||
| try: | ||
| if not 'login' in proxmox_node_info: |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
| if device_interface.name.startswith('vmbr'): | ||
| continue | ||
|
|
||
| print(f"device: {proxmox_node}, interface: {device_interface} {device_interface.type} {device_interface.mac_address}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 22 days ago
To fix the problem, we should avoid logging sensitive data such as the MAC address.
- The best solution is to remove
device_interface.mac_addressfrom log outputs. - Optionally, if logging is truly needed for operational reasons, one may consider redacting part of the MAC address or only logging non-sensitive attributes (like name, type), but never the full MAC.
- Specifically, in file
setup/netbox-discover-proxmox-cluster-and-nodes.py, line 211, modify the print statement to excludedevice_interface.mac_address. - No extra imports or methods are needed; simply alter the print statement accordingly.
Suggested changeset
1
setup/netbox-discover-proxmox-cluster-and-nodes.py
| @@ -208,7 +208,7 @@ | ||
| if device_interface.name.startswith('vmbr'): | ||
| continue | ||
|
|
||
| print(f"device: {proxmox_node}, interface: {device_interface} {device_interface.type} {device_interface.mac_address}") | ||
| print(f"device: {proxmox_node}, interface: {device_interface} {device_interface.type}") | ||
|
|
||
| try: | ||
| NetBoxDeviceInterfaceMacAddressMapping(nb_url, app_config['netbox_api_config']['api_token'], netbox_device_id, device_interface, nb_pxmx_cluster.discovered_proxmox_nodes_information[proxmox_node]['system']['network_interfaces'][device_interface.name]) |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.