-
Notifications
You must be signed in to change notification settings - Fork 252
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feature: Secrets integration, including Secrets Providers and Secrets…
… Groups (#868) * Initial model, UI, and REST API for Secrets * Secrets providers API, initial TextFile and EnvironmentVariable provider implementations (#887) * Add Secret.value property, add EnvironmentVariable provider, add dummy-plugin Constant provider, add tests * Add TextFileSecretProvider * Add docs * Improve display of secret providers in the UI * Refactor SecretsProvider registration to use the Nautobot registry instead of python entry_points * Refactor slightly * Add ability for secrets providers to define an HTML form for parameter inputs * Fix default value for JSONField and add error handling in JS * Add username_secret and token_secret support to GitRepository * Docs updates * Review feedback - add description field, etc. * Revise secrets docs; add SecretError exceptions instead of returning None on various failures * One of these days I'll remember to run flake8 before pushing * Review comments * SecretsGroup feature (#1042) * WIP * More WIP * WIP remove SecretType model * Such WIP. Wow * WIP: working secretsgroup-edit UI * More WIP * Change Category/Meaning to Access Type/Secret Type * Add SecretsGroup key to Device model; get tests passing * Add test coverage for REST API and filters * Add SecretsGroup view tests * Linting fixes * Docs updates * Cleanup leftover SecretType cruft * Update nautobot/docs/user-guides/git-data-source.md Co-authored-by: Jathan McCollum <jathan@gmail.com> * Fix egregious issues Co-authored-by: Jathan McCollum <jathan@gmail.com> * Support Jinja2 templating of secret parameters (#1058) * Support Jinja2 templating of secret parameters * Add secrets providers to plugin detail view * Doc updates * Include SecretsGroupAssociation in GraphQL * Move 'Secrets' to a top-level menu * Don't try to sort `SecretsProvider` class objects in plugin config features registry (#1065) * Fix TypeError when trying to sort `SecretsProvider` class objects * Don't sort `secrets_providers` when added to features. * Add release-note content for Secrets * Update nautobot/extras/views.py Co-authored-by: John Anderson <lampwins@gmail.com> * Change FK to SecretsGroup behavior to SET_NULL * Use render_jinja2() in rendered_parameters() Co-authored-by: Jathan McCollum <jathan@gmail.com> Co-authored-by: John Anderson <lampwins@gmail.com>
- Loading branch information
1 parent
7a8b30b
commit 75d755f
Showing
65 changed files
with
3,036 additions
and
148 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
from django import forms | ||
|
||
from nautobot.utilities.forms import BootstrapMixin | ||
from nautobot.extras.secrets import SecretsProvider | ||
|
||
|
||
class ConstantValueSecretsProvider(SecretsProvider): | ||
""" | ||
Example of a plugin-provided SecretsProvider - this one just uses a user-specified constant value. | ||
Obviously this is insecure and not something you'd want to actually use! | ||
""" | ||
|
||
slug = "constant-value" | ||
name = "Constant Value" | ||
|
||
class ParametersForm(BootstrapMixin, forms.Form): | ||
""" | ||
User-friendly form for specifying the required parameters of this provider. | ||
""" | ||
|
||
constant = forms.CharField( | ||
required=True, | ||
help_text="Constant secret value. <strong>Example Only - DO NOT USE FOR REAL SENSITIVE DATA</strong>", | ||
) | ||
|
||
@classmethod | ||
def get_value_for_secret(cls, secret, obj=None, **kwargs): | ||
""" | ||
Return the value defined in the Secret.parameters "constant" key. | ||
A more realistic SecretsProvider would make calls to external APIs, etc. to retrieve a secret from storage. | ||
Args: | ||
secret (nautobot.extras.models.Secret): The secret whose value should be retrieved. | ||
obj (object): The object (Django model or similar) providing context for the secret's parameters. | ||
""" | ||
return secret.rendered_parameters(obj=obj).get("constant") | ||
|
||
|
||
secrets_providers = [ConstantValueSecretsProvider] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Generated by Django 3.1.13 on 2021-11-15 13:10 | ||
|
||
from django.db import migrations, models | ||
import django.db.models.deletion | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
("extras", "0016_secret"), | ||
("dcim", "0006_auto_slug"), | ||
] | ||
|
||
operations = [ | ||
migrations.AddField( | ||
model_name="device", | ||
name="secrets_group", | ||
field=models.ForeignKey( | ||
blank=True, | ||
default=None, | ||
null=True, | ||
on_delete=django.db.models.deletion.SET_NULL, | ||
to="extras.secretsgroup", | ||
), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.