feat: plugin configuration further improvements (#34)

* fix: clear diode permissions

Signed-off-by: Michal Fiedorowicz <[email protected]>

* feat: allow configuration of diode usernames via PLUGINS_CONFIG

Signed-off-by: Michal Fiedorowicz <[email protected]>

* feat: update settings with diode users details

Signed-off-by: Michal Fiedorowicz <[email protected]>

* feat: update ingestion logs view

Signed-off-by: Michal Fiedorowicz <[email protected]>

* update settings copy for env vars

Signed-off-by: Michal Fiedorowicz <[email protected]>

* create users using usernames provided with plugin config

Signed-off-by: Michal Fiedorowicz <[email protected]>

* python fmt

Signed-off-by: Michal Fiedorowicz <[email protected]>

* update migration for creating setting using diode target from plugin config

Signed-off-by: Michal Fiedorowicz <[email protected]>

* use diode_target_override from plugin config or from database

block modifying diode target via GUI if diode_target_override is present

Signed-off-by: Michal Fiedorowicz <[email protected]>

* migration to rename legacy users

new usernames obtained from plugin config (either default ones or PLUGINS_CONFIG)

Signed-off-by: Michal Fiedorowicz <[email protected]>

* fix 0001_initial migration

Signed-off-by: Michal Fiedorowicz <[email protected]>

* tidy up 0002_setting migration

Signed-off-by: Michal Fiedorowicz <[email protected]>

* adjust unit tests to plugin config changes

Signed-off-by: Michal Fiedorowicz <[email protected]>

* tidy up forms

Signed-off-by: Michal Fiedorowicz <[email protected]>

* disable PLUGINS_CONFIG for docker by default

Signed-off-by: Michal Fiedorowicz <[email protected]>

* update README

Signed-off-by: Michal Fiedorowicz <[email protected]>

* handle missing diode users

Signed-off-by: Michal Fiedorowicz <[email protected]>

* unit tests for handling missing diode users

Signed-off-by: Michal Fiedorowicz <[email protected]>

* rename reconciled to changes in ingestion logs metrics gauges

Signed-off-by: Michal Fiedorowicz <[email protected]>

---------

Signed-off-by: Michal Fiedorowicz <[email protected]>

Author: mfiedorowicz

README.md

@@ -40,17 +40,30 @@ PLUGINS = [
 ]
 ```
 
-Also in your `configuration.py` file, add `netbox_diode_plugin`to the `PLUGINS_CONFIG` dictionary, e.g.:
+Also in your `configuration.py` file, in order to customise the plugin settings, add `netbox_diode_plugin`to the
+`PLUGINS_CONFIG` dictionary, e.g.:
 
 ```python
 PLUGINS_CONFIG = {
     "netbox_diode_plugin": {
-        "diode_target": "grpc://localhost:8080/diode", # The Diode gRPC target for communication with Diode server, default: "grpc://localhost:8080/diode"
-        "disallow_diode_target_override": True, # Disallow the Diode target to be overridden by the user, default: False
-    }
+        # Diode gRPC target for communication with Diode server
+        "diode_target_override": "grpc://localhost:8080/diode",
+
+        # User allowed for Diode to NetBox communication
+        "diode_to_netbox_username": "diode-to-netbox",
+
+        # User allowed for NetBox to Diode communication
+        "netbox_to_diode_username": "netbox-to-diode",
+
+        # # User allowed for data ingestion
+        "diode_username": "diode-ingestion",
+    },
 }
 ```
 
+Note: Once you customise usernames with PLUGINS_CONFIG during first installation, you should not change or remove them
+later on. Doing so will cause the plugin to stop working properly.
+
 Restart NetBox services to load the plugin:
 
 ```

docker/netbox/configuration/plugins.py

@@ -6,9 +6,18 @@
 
 PLUGINS = ["netbox_diode_plugin"]
 
-PLUGINS_CONFIG = {
-    "netbox_diode_plugin": {
-        "diode_target": "grpc://localhost:8080/diode", # The Diode gRPC target for communication with Diode server, default: "grpc://localhost:8080/diode"
-        "disallow_diode_target_override": False, # Disallow the Diode target to be overridden by the user, default: False
-    }
-}
+# PLUGINS_CONFIG = {
+#     "netbox_diode_plugin": {
+#         # Diode gRPC target for communication with Diode server
+#         "diode_target_override": "grpc://localhost:8080/diode",
+#
+#         # User allowed for Diode to NetBox communication
+#         "diode_to_netbox_username": "diode-to-netbox",
+#
+#         # User allowed for NetBox to Diode communication
+#         "netbox_to_diode_username": "netbox-to-diode",
+#
+#         # User allowed for data ingestion
+#         "diode_username": "diode-ingestion",
+#     },
+# }

netbox_diode_plugin/__init__.py

@@ -16,6 +16,19 @@ class NetBoxDiodePluginConfig(PluginConfig):
     version = version_semver()
     base_url = "diode"
     min_version = "3.7.2"
+    default_settings = {
+        # Default Diode gRPC target for communication with Diode server
+        "diode_target": "grpc://localhost:8080/diode",
+
+        # User allowed for Diode to NetBox communication
+        "diode_to_netbox_username": "diode-to-netbox",
+
+        # User allowed for NetBox to Diode communication
+        "netbox_to_diode_username": "netbox-to-diode",
+
+        # User allowed for data ingestion
+        "diode_username": "diode-ingestion",
+    }
 
 
 config = NetBoxDiodePluginConfig

netbox_diode_plugin/forms.py

@@ -1,8 +1,8 @@
 # !/usr/bin/env python
 # Copyright 2024 NetBox Labs Inc
 """Diode NetBox Plugin - Forms."""
-from django.conf import settings as netbox_settings
 from netbox.forms import NetBoxModelForm
+from netbox.plugins import get_plugin_config
 from utilities.forms.rendering import FieldSet
 
 from netbox_diode_plugin.models import Setting
@@ -29,12 +29,12 @@ def __init__(self, *args, **kwargs):
         """Initialize the form."""
         super().__init__(*args, **kwargs)
 
-        disallow_diode_target_override = netbox_settings.PLUGINS_CONFIG.get(
-            "netbox_diode_plugin", {}
-        ).get("disallow_diode_target_override", False)
+        diode_target_override = get_plugin_config(
+            "netbox_diode_plugin", "diode_target_override"
+        )
 
-        if disallow_diode_target_override:
+        if diode_target_override:
             self.fields["diode_target"].disabled = True
             self.fields["diode_target"].help_text = (
-                "This field is not allowed to be overridden."
+                "This field is not allowed to be modified."
             )

netbox_diode_plugin/migrations/0001_initial.py

@@ -5,11 +5,13 @@
 import os
 
 from django.apps import apps as django_apps
-from django.conf import settings
+from django.conf import settings as netbox_settings
 from django.contrib.contenttypes.management import create_contenttypes
 from django.db import migrations, models
 from users.models import Token as NetBoxToken
 
+from netbox_diode_plugin.plugin_config import get_diode_usernames
+
 
 # Read secret from file
 def _read_secret(secret_name, default=None):
@@ -22,8 +24,10 @@ def _read_secret(secret_name, default=None):
             return f.readline().strip()
 
 
-def _create_user_with_token(apps, username, group, is_superuser: bool = False):
-    User = apps.get_model(settings.AUTH_USER_MODEL)
+def _create_user_with_token(
+    apps, user_category, username, group, is_superuser: bool = False
+):
+    User = apps.get_model(netbox_settings.AUTH_USER_MODEL)
     """Create a user with the given username and API key if it does not exist."""
     try:
         user = User.objects.get(username=username)
@@ -38,7 +42,7 @@ def _create_user_with_token(apps, username, group, is_superuser: bool = False):
     Token = apps.get_model("users", "Token")
 
     if not Token.objects.filter(user=user).exists():
-        key = f"{username}_API_KEY"
+        key = f"{user_category.upper()}_API_KEY"
         api_key = _read_secret(key.lower(), os.getenv(key))
         if api_key is None:
             api_key = NetBoxToken.generate_key()
@@ -49,18 +53,18 @@ def _create_user_with_token(apps, username, group, is_superuser: bool = False):
 
 def configure_plugin(apps, schema_editor):
     """Configure the plugin."""
-    diode_to_netbox_username = "DIODE_TO_NETBOX"
-    netbox_to_diode_username = "NETBOX_TO_DIODE"
-    diode_username = "DIODE"
-
     Group = apps.get_model("users", "Group")
     group, _ = Group.objects.get_or_create(name="diode")
 
-    diode_to_netbox_user = _create_user_with_token(
-        apps, diode_to_netbox_username, group
-    )
-    _ = _create_user_with_token(apps, netbox_to_diode_username, group, True)
-    _ = _create_user_with_token(apps, diode_username, group)
+    diode_to_netbox_user_id = None
+
+    for user_category, username in get_diode_usernames().items():
+        is_superuser = user_category in ("netbox_to_diode",)
+        user = _create_user_with_token(
+            apps, user_category, username, group, is_superuser
+        )
+        if user_category == "diode_to_netbox":
+            diode_to_netbox_user_id = user.id
 
     app_config = django_apps.get_app_config("netbox_diode_plugin")
 
@@ -78,8 +82,7 @@ def configure_plugin(apps, schema_editor):
         actions=["add", "view"],
     )
 
-    permission.groups.set([group.id])
-    permission.users.set([diode_to_netbox_user.id])
+    permission.users.set([diode_to_netbox_user_id])
     permission.object_types.set([diode_plugin_object_type.id])
 
 

netbox_diode_plugin/migrations/0002_setting.py

@@ -3,17 +3,18 @@
 """Diode Netbox Plugin - Database migrations."""
 
 import utilities.json
-from django.conf import settings as netbox_settings
 from django.db import migrations, models
+from netbox.plugins import get_plugin_config
 
 
 def create_settings_entity(apps, schema_editor):
     """Create a Setting entity."""
     Setting = apps.get_model("netbox_diode_plugin", "Setting")
 
-    diode_target = netbox_settings.PLUGINS_CONFIG.get(
-        "netbox_diode_plugin", {}
-    ).get("diode_target", "grpc://localhost:8080/diode")
+    default_diode_target = get_plugin_config("netbox_diode_plugin", "diode_target")
+    diode_target = get_plugin_config(
+        "netbox_diode_plugin", "diode_target_override", default_diode_target
+    )
 
     Setting.objects.create(diode_target=diode_target)
 

netbox_diode_plugin/migrations/0003_clear_permissions.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+# Copyright 2024 NetBox Labs Inc
+"""Diode Netbox Plugin - Database migrations."""
+
+from django.db import migrations
+
+
+def clear_diode_group_permissions(apps, schema_editor):
+    """Clear Diode group permissions."""
+    ObjectPermission = apps.get_model("users", "ObjectPermission")
+    permission = ObjectPermission.objects.get(name="Diode")
+    permission.groups.clear()
+
+
+class Migration(migrations.Migration):
+    """0003_clear_permissions migration."""
+
+    dependencies = [
+        ("netbox_diode_plugin", "0001_initial"),
+        ("netbox_diode_plugin", "0002_setting"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            code=clear_diode_group_permissions, reverse_code=migrations.RunPython.noop
+        ),
+    ]

netbox_diode_plugin/migrations/0004_rename_legacy_users.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+# Copyright 2024 NetBox Labs Inc
+"""Diode Netbox Plugin - Database migrations."""
+
+from django.db import migrations
+
+from netbox_diode_plugin.plugin_config import get_diode_usernames
+
+
+def rename_legacy_users(apps, schema_editor):
+    """Rename legacy users."""
+    legacy_usernames_to_user_category_map = {
+        "DIODE_TO_NETBOX": "diode_to_netbox",
+        "NETBOX_TO_DIODE": "netbox_to_diode",
+        "DIODE": "diode",
+    }
+
+    User = apps.get_model("users", "User")
+    users = User.objects.filter(
+        username__in=legacy_usernames_to_user_category_map.keys(),
+        groups__name="diode",
+    )
+
+    for user in users:
+        user_category = legacy_usernames_to_user_category_map.get(user.username)
+        user.username = get_diode_usernames().get(user_category)
+        user.save()
+
+
+class Migration(migrations.Migration):
+    """0004_rename_legacy_users migration."""
+
+    dependencies = [
+        ("netbox_diode_plugin", "0001_initial"),
+        ("netbox_diode_plugin", "0002_setting"),
+        ("netbox_diode_plugin", "0003_clear_permissions"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            code=rename_legacy_users, reverse_code=migrations.RunPython.noop
+        ),
+    ]

netbox_diode_plugin/plugin_config.py

@@ -0,0 +1,23 @@
+# !/usr/bin/env python
+# Copyright 2024 NetBox Labs Inc
+"""Diode NetBox Plugin - Plugin Settings."""
+
+from netbox.plugins import get_plugin_config
+
+__all__ = ("get_diode_usernames", "get_diode_username_for_user_category")
+
+
+def get_diode_usernames():
+    """Returns a dictionary of diode user categories and their configured usernames."""
+    diode_user_categories = ("diode_to_netbox", "netbox_to_diode", "diode")
+    return {
+        user_category: get_plugin_config(
+            "netbox_diode_plugin", f"{user_category}_username"
+        )
+        for user_category in diode_user_categories
+    }
+
+
+def get_diode_username_for_user_category(user_category):
+    """Returns a diode username for a given user category."""
+    return get_plugin_config("netbox_diode_plugin", f"{user_category}_username")

netbox_diode_plugin/templates/diode/ingestion_logs.html

@@ -7,10 +7,16 @@
 {% block title %}{% trans "Ingestion Logs" %}{% endblock %}
 
 {% block content %}
-{% if error %}
+
+{% if netbox_to_diode_user_error %}
+<div class="alert alert-danger mt-3" role="alert">
+    <h4 class="alert-heading">{% trans "Error" %}</h4>
+    <p>{{ netbox_to_diode_user_error }}</p>
+</div>
+{% elif ingestion_logs_error %}
 <div class="alert alert-danger mt-3" role="alert">
     <h4 class="alert-heading">{% trans "Error" %}</h4>
-    <p>{{ error.status_code }}: {{ error.details }}</p>
+    <p>{{ ingestion_logs_error.status_code }}: {{ ingestion_logs_error.details }}</p>
 </div>
 {% else %}
 <div>
@@ -24,7 +30,7 @@ <h4 class="alert-heading">{% trans "Error" %}</h4>
                     </div>
                     <div class="w-auto p-0">
                         <canvas id="ingestions-reconciled"></canvas>
-                        <div class="text-center metric-label">Reconciled</div>
+                        <div class="text-center metric-label">Changes</div>
                     </div>
                     <div class="w-auto p-0">
                         <canvas id="ingestions-failed"></canvas>