diff --git a/config/netbox.env.example b/config/netbox.env.example index 18763383c..e6cce09ff 100644 --- a/config/netbox.env.example +++ b/config/netbox.env.example @@ -1,20 +1,20 @@ CORS_ORIGIN_ALLOW_ALL=True -ENFORCE_GLOBAL_UNIQUE=False -EXEMPT_VIEW_PERMISSIONS=* - # If using the NetBox interface to create API tokens, set this # (see https://docs.djangoproject.com/en/4.1/ref/settings/#csrf-trusted-origins) # CSRF_TRUSTED_ORIGINS=https://malcolm.example.org CSRF_TRUSTED_ORIGINS=http://* https://* - -# Remote authentication support allows Malcolm users to be created in NetBox automatically -# see https://github.com/netbox-community/netbox/blob/develop/docs/configuration/remote-authentication.md REMOTE_AUTH_ENABLED=True REMOTE_AUTH_BACKEND=netbox.authentication.RemoteUserBackend -REMOTE_AUTH_AUTO_CREATE_USER=True REMOTE_AUTH_HEADER=HTTP_X_REMOTE_AUTH -# REMOTE_AUTH_DEFAULT_PERMISSIONS is handled in extra.py - +REMOTE_AUTH_AUTO_CREATE_USER=True +REMOTE_AUTH_DEFAULT_GROUPS=standard +REMOTE_AUTH_DEFAULT_PERMISSIONS=standard_permission +REMOTE_AUTH_STAFF_GROUPS=administrator +REMOTE_AUTH_STAFF_USERS= +REMOTE_AUTH_SUPERUSER_GROUPS=administrator +REMOTE_AUTH_SUPERUSERS= +ENFORCE_GLOBAL_UNIQUE=False +EXEMPT_VIEW_PERMISSIONS=* DB_HOST=netbox-postgres DB_NAME=netbox EMAIL_FROM=netbox@bar.com diff --git a/netbox/config/extra.py b/netbox/config/extra.py index 336753a3e..8bd133716 100644 --- a/netbox/config/extra.py +++ b/netbox/config/extra.py @@ -29,588 +29,7 @@ ## Remote authentication support -REMOTE_AUTH_DEFAULT_PERMISSIONS = { - 'account.view_usertoken': None, - 'circuits.view_circuit': None, - 'circuits.view_circuitgroup': None, - 'circuits.view_circuitgroupassignment': None, - 'circuits.view_circuittermination': None, - 'circuits.view_circuittype': None, - 'circuits.view_provider': None, - 'circuits.view_provideraccount': None, - 'circuits.view_providernetwork': None, - 'contenttypes.view_contenttype': None, - 'core.view_autosyncrecord': None, - 'core.view_configrevision': None, - 'core.view_datafile': None, - 'core.view_datasource': None, - 'core.view_job': None, - 'core.view_managedfile': None, - 'core.view_objectchange': None, - 'core.view_objecttype': None, - 'db.view_testmodel': None, - 'dcim.view_cable': None, - 'dcim.view_cablepath': None, - 'dcim.view_cabletermination': None, - 'dcim.view_consoleport': None, - 'dcim.view_consoleporttemplate': None, - 'dcim.view_consoleserverport': None, - 'dcim.view_consoleserverporttemplate': None, - 'dcim.view_device': None, - 'dcim.view_devicebay': None, - 'dcim.view_devicebaytemplate': None, - 'dcim.view_devicerole': None, - 'dcim.view_devicetype': None, - 'dcim.view_frontport': None, - 'dcim.view_frontporttemplate': None, - 'dcim.view_interface': None, - 'dcim.view_interfacetemplate': None, - 'dcim.view_inventoryitem': None, - 'dcim.view_inventoryitemrole': None, - 'dcim.view_inventoryitemtemplate': None, - 'dcim.view_location': None, - 'dcim.view_manufacturer': None, - 'dcim.view_module': None, - 'dcim.view_modulebay': None, - 'dcim.view_modulebaytemplate': None, - 'dcim.view_moduletype': None, - 'dcim.view_platform': None, - 'dcim.view_powerfeed': None, - 'dcim.view_poweroutlet': None, - 'dcim.view_poweroutlettemplate': None, - 'dcim.view_powerpanel': None, - 'dcim.view_powerport': None, - 'dcim.view_powerporttemplate': None, - 'dcim.view_rack': None, - 'dcim.view_rackreservation': None, - 'dcim.view_rackrole': None, - 'dcim.view_racktype': None, - 'dcim.view_rearport': None, - 'dcim.view_rearporttemplate': None, - 'dcim.view_region': None, - 'dcim.view_site': None, - 'dcim.view_sitegroup': None, - 'dcim.view_virtualchassis': None, - 'dcim.view_virtualdevicecontext': None, - 'django_rq.view_queue': None, - 'extras.view_bookmark': None, - 'extras.view_branch': None, - 'extras.view_cachedvalue': None, - 'extras.view_configcontext': None, - 'extras.view_configtemplate': None, - 'extras.view_customfield': None, - 'extras.view_customfieldchoiceset': None, - 'extras.view_customlink': None, - 'extras.view_dashboard': None, - 'extras.view_eventrule': None, - 'extras.view_exporttemplate': None, - 'extras.view_imageattachment': None, - 'extras.view_journalentry': None, - 'extras.view_notification': None, - 'extras.view_notificationgroup': None, - 'extras.view_reportmodule': None, - 'extras.view_savedfilter': None, - 'extras.view_script': None, - 'extras.view_scriptmodule': None, - 'extras.view_stagedchange': None, - 'extras.view_subscription': None, - 'extras.view_tag': None, - 'extras.view_taggeditem': None, - 'extras.view_webhook': None, - 'ipam.view_aggregate': None, - 'ipam.view_asn': None, - 'ipam.view_asnrange': None, - 'ipam.view_fhrpgroup': None, - 'ipam.view_fhrpgroupassignment': None, - 'ipam.view_ipaddress': None, - 'ipam.view_iprange': None, - 'ipam.view_prefix': None, - 'ipam.view_rir': None, - 'ipam.view_role': None, - 'ipam.view_routetarget': None, - 'ipam.view_service': None, - 'ipam.view_servicetemplate': None, - 'ipam.view_vlan': None, - 'ipam.view_vlangroup': None, - 'ipam.view_vrf': None, - 'netbox_topology_views.view_circuitcoordinate': None, - 'netbox_topology_views.view_coordinate': None, - 'netbox_topology_views.view_coordinategroup': None, - 'netbox_topology_views.view_individualoptions': None, - 'netbox_topology_views.view_powerfeedcoordinate': None, - 'netbox_topology_views.view_powerpanelcoordinate': None, - 'netbox_topology_views.view_roleimage': None, - 'sessions.view_session': None, - 'social_django.view_association': None, - 'social_django.view_code': None, - 'social_django.view_nonce': None, - 'social_django.view_partial': None, - 'social_django.view_usersocialauth': None, - 'taggit.view_tag': None, - 'taggit.view_taggeditem': None, - 'tenancy.view_contact': None, - 'tenancy.view_contactassignment': None, - 'tenancy.view_contactgroup': None, - 'tenancy.view_contactrole': None, - 'tenancy.view_tenant': None, - 'tenancy.view_tenantgroup': None, - 'users.view_group': None, - 'users.view_user': None, - 'virtualization.view_cluster': None, - 'virtualization.view_clustergroup': None, - 'virtualization.view_clustertype': None, - 'virtualization.view_virtualdisk': None, - 'virtualization.view_virtualmachine': None, - 'virtualization.view_vminterface': None, - 'vpn.view_ikepolicy': None, - 'vpn.view_ikeproposal': None, - 'vpn.view_ipsecpolicy': None, - 'vpn.view_ipsecprofile': None, - 'vpn.view_ipsecproposal': None, - 'vpn.view_l2vpn': None, - 'vpn.view_l2vpntermination': None, - 'vpn.view_tunnel': None, - 'vpn.view_tunnelgroup': None, - 'vpn.view_tunneltermination': None, - 'wireless.view_wirelesslan': None, - 'wireless.view_wirelesslangroup': None, - 'wireless.view_wirelesslink': None, - 'account.add_usertoken': None, - 'circuits.add_circuit': None, - 'circuits.add_circuitgroup': None, - 'circuits.add_circuitgroupassignment': None, - 'circuits.add_circuittermination': None, - 'circuits.add_circuittype': None, - 'circuits.add_provider': None, - 'circuits.add_provideraccount': None, - 'circuits.add_providernetwork': None, - 'contenttypes.add_contenttype': None, - 'core.add_autosyncrecord': None, - 'core.add_configrevision': None, - 'core.add_datafile': None, - 'core.add_datasource': None, - 'core.add_job': None, - 'core.add_managedfile': None, - 'core.add_objectchange': None, - 'core.add_objecttype': None, - 'db.add_testmodel': None, - 'dcim.add_cable': None, - 'dcim.add_cablepath': None, - 'dcim.add_cabletermination': None, - 'dcim.add_consoleport': None, - 'dcim.add_consoleporttemplate': None, - 'dcim.add_consoleserverport': None, - 'dcim.add_consoleserverporttemplate': None, - 'dcim.add_device': None, - 'dcim.add_devicebay': None, - 'dcim.add_devicebaytemplate': None, - 'dcim.add_devicerole': None, - 'dcim.add_devicetype': None, - 'dcim.add_frontport': None, - 'dcim.add_frontporttemplate': None, - 'dcim.add_interface': None, - 'dcim.add_interfacetemplate': None, - 'dcim.add_inventoryitem': None, - 'dcim.add_inventoryitemrole': None, - 'dcim.add_inventoryitemtemplate': None, - 'dcim.add_location': None, - 'dcim.add_manufacturer': None, - 'dcim.add_module': None, - 'dcim.add_modulebay': None, - 'dcim.add_modulebaytemplate': None, - 'dcim.add_moduletype': None, - 'dcim.add_platform': None, - 'dcim.add_powerfeed': None, - 'dcim.add_poweroutlet': None, - 'dcim.add_poweroutlettemplate': None, - 'dcim.add_powerpanel': None, - 'dcim.add_powerport': None, - 'dcim.add_powerporttemplate': None, - 'dcim.add_rack': None, - 'dcim.add_rackreservation': None, - 'dcim.add_rackrole': None, - 'dcim.add_racktype': None, - 'dcim.add_rearport': None, - 'dcim.add_rearporttemplate': None, - 'dcim.add_region': None, - 'dcim.add_site': None, - 'dcim.add_sitegroup': None, - 'dcim.add_virtualchassis': None, - 'dcim.add_virtualdevicecontext': None, - 'django_rq.add_queue': None, - 'extras.add_bookmark': None, - 'extras.add_branch': None, - 'extras.add_cachedvalue': None, - 'extras.add_configcontext': None, - 'extras.add_configtemplate': None, - 'extras.add_customfield': None, - 'extras.add_customfieldchoiceset': None, - 'extras.add_customlink': None, - 'extras.add_dashboard': None, - 'extras.add_eventrule': None, - 'extras.add_exporttemplate': None, - 'extras.add_imageattachment': None, - 'extras.add_journalentry': None, - 'extras.add_notification': None, - 'extras.add_notificationgroup': None, - 'extras.add_reportmodule': None, - 'extras.add_savedfilter': None, - 'extras.add_script': None, - 'extras.add_scriptmodule': None, - 'extras.add_stagedchange': None, - 'extras.add_subscription': None, - 'extras.add_tag': None, - 'extras.add_taggeditem': None, - 'extras.add_webhook': None, - 'ipam.add_aggregate': None, - 'ipam.add_asn': None, - 'ipam.add_asnrange': None, - 'ipam.add_fhrpgroup': None, - 'ipam.add_fhrpgroupassignment': None, - 'ipam.add_ipaddress': None, - 'ipam.add_iprange': None, - 'ipam.add_prefix': None, - 'ipam.add_rir': None, - 'ipam.add_role': None, - 'ipam.add_routetarget': None, - 'ipam.add_service': None, - 'ipam.add_servicetemplate': None, - 'ipam.add_vlan': None, - 'ipam.add_vlangroup': None, - 'ipam.add_vrf': None, - 'netbox_topology_views.add_circuitcoordinate': None, - 'netbox_topology_views.add_coordinate': None, - 'netbox_topology_views.add_coordinategroup': None, - 'netbox_topology_views.add_individualoptions': None, - 'netbox_topology_views.add_powerfeedcoordinate': None, - 'netbox_topology_views.add_powerpanelcoordinate': None, - 'netbox_topology_views.add_roleimage': None, - 'sessions.add_session': None, - 'social_django.add_association': None, - 'social_django.add_code': None, - 'social_django.add_nonce': None, - 'social_django.add_partial': None, - 'social_django.add_usersocialauth': None, - 'taggit.add_tag': None, - 'taggit.add_taggeditem': None, - 'tenancy.add_contact': None, - 'tenancy.add_contactassignment': None, - 'tenancy.add_contactgroup': None, - 'tenancy.add_contactrole': None, - 'tenancy.add_tenant': None, - 'tenancy.add_tenantgroup': None, - 'users.add_group': None, - 'users.add_user': None, - 'virtualization.add_cluster': None, - 'virtualization.add_clustergroup': None, - 'virtualization.add_clustertype': None, - 'virtualization.add_virtualdisk': None, - 'virtualization.add_virtualmachine': None, - 'virtualization.add_vminterface': None, - 'vpn.add_ikepolicy': None, - 'vpn.add_ikeproposal': None, - 'vpn.add_ipsecpolicy': None, - 'vpn.add_ipsecprofile': None, - 'vpn.add_ipsecproposal': None, - 'vpn.add_l2vpn': None, - 'vpn.add_l2vpntermination': None, - 'vpn.add_tunnel': None, - 'vpn.add_tunnelgroup': None, - 'vpn.add_tunneltermination': None, - 'wireless.add_wirelesslan': None, - 'wireless.add_wirelesslangroup': None, - 'wireless.add_wirelesslink': None, - 'account.change_usertoken': None, - 'circuits.change_circuit': None, - 'circuits.change_circuitgroup': None, - 'circuits.change_circuitgroupassignment': None, - 'circuits.change_circuittermination': None, - 'circuits.change_circuittype': None, - 'circuits.change_provider': None, - 'circuits.change_provideraccount': None, - 'circuits.change_providernetwork': None, - 'contenttypes.change_contenttype': None, - 'core.change_autosyncrecord': None, - 'core.change_configrevision': None, - 'core.change_datafile': None, - 'core.change_datasource': None, - 'core.change_job': None, - 'core.change_managedfile': None, - 'core.change_objectchange': None, - 'core.change_objecttype': None, - 'db.change_testmodel': None, - 'dcim.change_cable': None, - 'dcim.change_cablepath': None, - 'dcim.change_cabletermination': None, - 'dcim.change_consoleport': None, - 'dcim.change_consoleporttemplate': None, - 'dcim.change_consoleserverport': None, - 'dcim.change_consoleserverporttemplate': None, - 'dcim.change_device': None, - 'dcim.change_devicebay': None, - 'dcim.change_devicebaytemplate': None, - 'dcim.change_devicerole': None, - 'dcim.change_devicetype': None, - 'dcim.change_frontport': None, - 'dcim.change_frontporttemplate': None, - 'dcim.change_interface': None, - 'dcim.change_interfacetemplate': None, - 'dcim.change_inventoryitem': None, - 'dcim.change_inventoryitemrole': None, - 'dcim.change_inventoryitemtemplate': None, - 'dcim.change_location': None, - 'dcim.change_manufacturer': None, - 'dcim.change_module': None, - 'dcim.change_modulebay': None, - 'dcim.change_modulebaytemplate': None, - 'dcim.change_moduletype': None, - 'dcim.change_platform': None, - 'dcim.change_powerfeed': None, - 'dcim.change_poweroutlet': None, - 'dcim.change_poweroutlettemplate': None, - 'dcim.change_powerpanel': None, - 'dcim.change_powerport': None, - 'dcim.change_powerporttemplate': None, - 'dcim.change_rack': None, - 'dcim.change_rackreservation': None, - 'dcim.change_rackrole': None, - 'dcim.change_racktype': None, - 'dcim.change_rearport': None, - 'dcim.change_rearporttemplate': None, - 'dcim.change_region': None, - 'dcim.change_site': None, - 'dcim.change_sitegroup': None, - 'dcim.change_virtualchassis': None, - 'dcim.change_virtualdevicecontext': None, - 'django_rq.change_queue': None, - 'extras.change_bookmark': None, - 'extras.change_branch': None, - 'extras.change_cachedvalue': None, - 'extras.change_configcontext': None, - 'extras.change_configtemplate': None, - 'extras.change_customfield': None, - 'extras.change_customfieldchoiceset': None, - 'extras.change_customlink': None, - 'extras.change_dashboard': None, - 'extras.change_eventrule': None, - 'extras.change_exporttemplate': None, - 'extras.change_imageattachment': None, - 'extras.change_journalentry': None, - 'extras.change_notification': None, - 'extras.change_notificationgroup': None, - 'extras.change_reportmodule': None, - 'extras.change_savedfilter': None, - 'extras.change_script': None, - 'extras.change_scriptmodule': None, - 'extras.change_stagedchange': None, - 'extras.change_subscription': None, - 'extras.change_tag': None, - 'extras.change_taggeditem': None, - 'extras.change_webhook': None, - 'ipam.change_aggregate': None, - 'ipam.change_asn': None, - 'ipam.change_asnrange': None, - 'ipam.change_fhrpgroup': None, - 'ipam.change_fhrpgroupassignment': None, - 'ipam.change_ipaddress': None, - 'ipam.change_iprange': None, - 'ipam.change_prefix': None, - 'ipam.change_rir': None, - 'ipam.change_role': None, - 'ipam.change_routetarget': None, - 'ipam.change_service': None, - 'ipam.change_servicetemplate': None, - 'ipam.change_vlan': None, - 'ipam.change_vlangroup': None, - 'ipam.change_vrf': None, - 'netbox_topology_views.change_circuitcoordinate': None, - 'netbox_topology_views.change_coordinate': None, - 'netbox_topology_views.change_coordinategroup': None, - 'netbox_topology_views.change_individualoptions': None, - 'netbox_topology_views.change_powerfeedcoordinate': None, - 'netbox_topology_views.change_powerpanelcoordinate': None, - 'netbox_topology_views.change_roleimage': None, - 'sessions.change_session': None, - 'social_django.change_association': None, - 'social_django.change_code': None, - 'social_django.change_nonce': None, - 'social_django.change_partial': None, - 'social_django.change_usersocialauth': None, - 'taggit.change_tag': None, - 'taggit.change_taggeditem': None, - 'tenancy.change_contact': None, - 'tenancy.change_contactassignment': None, - 'tenancy.change_contactgroup': None, - 'tenancy.change_contactrole': None, - 'tenancy.change_tenant': None, - 'tenancy.change_tenantgroup': None, - 'users.change_group': None, - 'users.change_user': None, - 'virtualization.change_cluster': None, - 'virtualization.change_clustergroup': None, - 'virtualization.change_clustertype': None, - 'virtualization.change_virtualdisk': None, - 'virtualization.change_virtualmachine': None, - 'virtualization.change_vminterface': None, - 'vpn.change_ikepolicy': None, - 'vpn.change_ikeproposal': None, - 'vpn.change_ipsecpolicy': None, - 'vpn.change_ipsecprofile': None, - 'vpn.change_ipsecproposal': None, - 'vpn.change_l2vpn': None, - 'vpn.change_l2vpntermination': None, - 'vpn.change_tunnel': None, - 'vpn.change_tunnelgroup': None, - 'vpn.change_tunneltermination': None, - 'wireless.change_wirelesslan': None, - 'wireless.change_wirelesslangroup': None, - 'wireless.change_wirelesslink': None, - 'account.delete_usertoken': None, - 'circuits.delete_circuit': None, - 'circuits.delete_circuitgroup': None, - 'circuits.delete_circuitgroupassignment': None, - 'circuits.delete_circuittermination': None, - 'circuits.delete_circuittype': None, - 'circuits.delete_provider': None, - 'circuits.delete_provideraccount': None, - 'circuits.delete_providernetwork': None, - 'contenttypes.delete_contenttype': None, - 'core.delete_autosyncrecord': None, - 'core.delete_configrevision': None, - 'core.delete_datafile': None, - 'core.delete_datasource': None, - 'core.delete_job': None, - 'core.delete_managedfile': None, - 'core.delete_objectchange': None, - 'core.delete_objecttype': None, - 'db.delete_testmodel': None, - 'dcim.delete_cable': None, - 'dcim.delete_cablepath': None, - 'dcim.delete_cabletermination': None, - 'dcim.delete_consoleport': None, - 'dcim.delete_consoleporttemplate': None, - 'dcim.delete_consoleserverport': None, - 'dcim.delete_consoleserverporttemplate': None, - 'dcim.delete_device': None, - 'dcim.delete_devicebay': None, - 'dcim.delete_devicebaytemplate': None, - 'dcim.delete_devicerole': None, - 'dcim.delete_devicetype': None, - 'dcim.delete_frontport': None, - 'dcim.delete_frontporttemplate': None, - 'dcim.delete_interface': None, - 'dcim.delete_interfacetemplate': None, - 'dcim.delete_inventoryitem': None, - 'dcim.delete_inventoryitemrole': None, - 'dcim.delete_inventoryitemtemplate': None, - 'dcim.delete_location': None, - 'dcim.delete_manufacturer': None, - 'dcim.delete_module': None, - 'dcim.delete_modulebay': None, - 'dcim.delete_modulebaytemplate': None, - 'dcim.delete_moduletype': None, - 'dcim.delete_platform': None, - 'dcim.delete_powerfeed': None, - 'dcim.delete_poweroutlet': None, - 'dcim.delete_poweroutlettemplate': None, - 'dcim.delete_powerpanel': None, - 'dcim.delete_powerport': None, - 'dcim.delete_powerporttemplate': None, - 'dcim.delete_rack': None, - 'dcim.delete_rackreservation': None, - 'dcim.delete_rackrole': None, - 'dcim.delete_racktype': None, - 'dcim.delete_rearport': None, - 'dcim.delete_rearporttemplate': None, - 'dcim.delete_region': None, - 'dcim.delete_site': None, - 'dcim.delete_sitegroup': None, - 'dcim.delete_virtualchassis': None, - 'dcim.delete_virtualdevicecontext': None, - 'django_rq.delete_queue': None, - 'extras.delete_bookmark': None, - 'extras.delete_branch': None, - 'extras.delete_cachedvalue': None, - 'extras.delete_configcontext': None, - 'extras.delete_configtemplate': None, - 'extras.delete_customfield': None, - 'extras.delete_customfieldchoiceset': None, - 'extras.delete_customlink': None, - 'extras.delete_dashboard': None, - 'extras.delete_eventrule': None, - 'extras.delete_exporttemplate': None, - 'extras.delete_imageattachment': None, - 'extras.delete_journalentry': None, - 'extras.delete_notification': None, - 'extras.delete_notificationgroup': None, - 'extras.delete_reportmodule': None, - 'extras.delete_savedfilter': None, - 'extras.delete_script': None, - 'extras.delete_scriptmodule': None, - 'extras.delete_stagedchange': None, - 'extras.delete_subscription': None, - 'extras.delete_tag': None, - 'extras.delete_taggeditem': None, - 'extras.delete_webhook': None, - 'ipam.delete_aggregate': None, - 'ipam.delete_asn': None, - 'ipam.delete_asnrange': None, - 'ipam.delete_fhrpgroup': None, - 'ipam.delete_fhrpgroupassignment': None, - 'ipam.delete_ipaddress': None, - 'ipam.delete_iprange': None, - 'ipam.delete_prefix': None, - 'ipam.delete_rir': None, - 'ipam.delete_role': None, - 'ipam.delete_routetarget': None, - 'ipam.delete_service': None, - 'ipam.delete_servicetemplate': None, - 'ipam.delete_vlan': None, - 'ipam.delete_vlangroup': None, - 'ipam.delete_vrf': None, - 'netbox_topology_views.delete_circuitcoordinate': None, - 'netbox_topology_views.delete_coordinate': None, - 'netbox_topology_views.delete_coordinategroup': None, - 'netbox_topology_views.delete_individualoptions': None, - 'netbox_topology_views.delete_powerfeedcoordinate': None, - 'netbox_topology_views.delete_powerpanelcoordinate': None, - 'netbox_topology_views.delete_roleimage': None, - 'sessions.delete_session': None, - 'social_django.delete_association': None, - 'social_django.delete_code': None, - 'social_django.delete_nonce': None, - 'social_django.delete_partial': None, - 'social_django.delete_usersocialauth': None, - 'taggit.delete_tag': None, - 'taggit.delete_taggeditem': None, - 'tenancy.delete_contact': None, - 'tenancy.delete_contactassignment': None, - 'tenancy.delete_contactgroup': None, - 'tenancy.delete_contactrole': None, - 'tenancy.delete_tenant': None, - 'tenancy.delete_tenantgroup': None, - 'users.delete_group': None, - 'users.delete_user': None, - 'virtualization.delete_cluster': None, - 'virtualization.delete_clustergroup': None, - 'virtualization.delete_clustertype': None, - 'virtualization.delete_virtualdisk': None, - 'virtualization.delete_virtualmachine': None, - 'virtualization.delete_vminterface': None, - 'vpn.delete_ikepolicy': None, - 'vpn.delete_ikeproposal': None, - 'vpn.delete_ipsecpolicy': None, - 'vpn.delete_ipsecprofile': None, - 'vpn.delete_ipsecproposal': None, - 'vpn.delete_l2vpn': None, - 'vpn.delete_l2vpntermination': None, - 'vpn.delete_tunnel': None, - 'vpn.delete_tunnelgroup': None, - 'vpn.delete_tunneltermination': None, - 'wireless.delete_wirelesslan': None, - 'wireless.delete_wirelesslangroup': None, - 'wireless.delete_wirelesslink': None, -} +# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} ## By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the diff --git a/netbox/scripts/netbox_init.py b/netbox/scripts/netbox_init.py index 8bc3b7576..c9b64af17 100755 --- a/netbox/scripts/netbox_init.py +++ b/netbox/scripts/netbox_init.py @@ -164,6 +164,22 @@ def main(): required=False, help="Site(s) to create", ) + parser.add_argument( + '--default-group', + dest='defaultGroupName', + type=str, + default=os.getenv('REMOTE_AUTH_DEFAULT_GROUPS', 'standard'), + required=False, + help="Name of default group for automatic NetBox user creation", + ) + parser.add_argument( + '--staff-group', + dest='staffGroupName', + type=str, + default=os.getenv('REMOTE_AUTH_STAFF_GROUPS', 'administrator'), + required=False, + help="Name of staff group for automatic NetBox user creation", + ) parser.add_argument( '-m', '--manufacturer', @@ -485,6 +501,8 @@ def main(): threading=True, ) sites = {} + groups = {} + permissions = {} prefixes = {} devices = {} interfaces = {} @@ -504,6 +522,94 @@ def main(): logging.debug("retrying in a few seconds...") time.sleep(5) + # GROUPS ##################################################################################################### + DEFAULT_GROUP_NAMES = ( + args.staffGroupName, + args.defaultGroupName, + ) + + try: + groupsPreExisting = {x.name: x for x in nb.users.groups.all()} + logging.debug(f"groups (before): { {k:v.id for k, v in groupsPreExisting.items()} }") + + # create groups that don't already exist + for groupName in [x for x in DEFAULT_GROUP_NAMES if x not in groupsPreExisting]: + try: + nb.users.groups.create({'name': groupName}) + except pynetbox.RequestError as nbe: + logging.warning(f"{type(nbe).__name__} processing group \"{groupName}\": {nbe}") + + groups = {x.name: x for x in nb.users.groups.all()} + logging.debug(f"groups (after): { {k:v.id for k, v in groups.items()} }") + except Exception as e: + logging.error(f"{type(e).__name__} processing groups: {e}") + + # PERMISSIONS ################################################################################################## + DEFAULT_PERMISSIONS = { + f'{args.staffGroupName}_permission': { + 'name': f'{args.staffGroupName}_permission', + 'enabled': True, + 'groups': [args.staffGroupName], + 'actions': [ + 'view', + 'add', + 'change', + 'delete', + ], + 'exclude_objects': [], + }, + f'{args.defaultGroupName}_permission': { + 'name': f'{args.defaultGroupName}_permission', + 'enabled': True, + 'groups': [args.defaultGroupName], + 'actions': [ + 'view', + 'add', + 'change', + 'delete', + ], + 'exclude_objects': [ + 'admin.logentry', + 'auth.group', + 'auth.permission', + 'auth.user', + 'users.admingroup', + 'users.adminuser', + 'users.objectpermission', + 'users.token', + 'users.userconfig', + ], + }, + } + + try: + # get all content types (for creating new permissions) + allObjectTypeNames = [f'{x.app_label}.{x.model}' for x in nb.extras.object_types.all()] + + permsPreExisting = {x.name: x for x in nb.users.permissions.all()} + logging.debug(f"permissions (before): { {k:v.id for k, v in permsPreExisting.items()} }") + + # create permissions that don't already exist + for permName, permConfig in { + k: v + for (k, v) in DEFAULT_PERMISSIONS.items() + if v.get('name', None) and v['name'] not in permsPreExisting + }.items(): + permConfig['groups'] = [groups[x].id for x in permConfig['groups']] + permConfig['object_types'] = [ + ct for ct in allObjectTypeNames if ct not in permConfig['exclude_objects'] + ] + permConfig.pop('exclude_objects', None) + try: + nb.users.permissions.create(permConfig) + except pynetbox.RequestError as nbe: + logging.warning(f"{type(nbe).__name__} processing permission \"{permConfig['name']}\": {nbe}") + + permissions = {x.name: x for x in nb.users.permissions.all()} + logging.debug(f"permissions (after): { {k:v.id for k, v in permissions.items()} }") + except Exception as e: + logging.error(f"{type(e).__name__} processing permissions: {e}") + # ###### MANUFACTURERS ######################################################################################### try: manufacturersPreExisting = {x.name: x for x in nb.dcim.manufacturers.all()}