From 7720ceec41d0e279b4c8dc90c7ca611a2d1a01c5 Mon Sep 17 00:00:00 2001 From: Leo Kirchner Date: Thu, 19 Dec 2024 14:33:53 +0100 Subject: [PATCH 1/4] fixes typos in 3.0 changelog --- docs/admin/release_notes/version_3.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/release_notes/version_3.0.md b/docs/admin/release_notes/version_3.0.md index 153db103..757640c5 100644 --- a/docs/admin/release_notes/version_3.0.md +++ b/docs/admin/release_notes/version_3.0.md @@ -1,7 +1,7 @@ # v3.0 Release Notes !!! warning - Nautobot Device Onboarding v2.0.0-2.0.2 contains a vulnerability where the credentials used to log into a device may be visible in clear text on the Job Results page under the Additional Data tab. It is recommended to review all OnbaordingTasks from the affected releases, delete any affeccted JobResults, and upgrade to v3.0.0. For more information please see the full write up on the issue which is available as [a security advisory](https://github.com/nautobot/nautobot-app-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v) on the repo. Nautobot Device Onboarding app versions v2.0.0-2.0.2 have been removed for PyPI to ensure all gaps are closed. v2.0.3 is published with disabled functionality and banner message encouraging to upgrade to v3.0.0. [CVE-2023-48700](https://www.cve.org/CVERecord?id=CVE-2023-48700) has been issued for this vulnerability. + Nautobot Device Onboarding v2.0.0-2.0.2 contains a vulnerability where the credentials used to log into a device may be visible in clear text on the Job Results page under the Additional Data tab. It is recommended to review all OnboardingTasks from the affected releases, delete any affected JobResults, and upgrade to v3.0.0. For more information please see the full write up on the issue which is available as [a security advisory](https://github.com/nautobot/nautobot-app-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v) on the repo. Nautobot Device Onboarding app versions v2.0.0-2.0.2 have been removed for PyPI to ensure all gaps are closed. v2.0.3 is published with disabled functionality and banner message encouraging to upgrade to v3.0.0. [CVE-2023-48700](https://www.cve.org/CVERecord?id=CVE-2023-48700) has been issued for this vulnerability. ## Release Overview From 9926194cbb92e4d34dc44a60c12bc4074f0c884a Mon Sep 17 00:00:00 2001 From: Leo Kirchner Date: Thu, 19 Dec 2024 14:34:49 +0100 Subject: [PATCH 2/4] improves error handling for git repositories providing command mappers --- changes/289.added | 1 + changes/289.fixed | 2 ++ nautobot_device_onboarding/constants.py | 6 ++++ nautobot_device_onboarding/datasources.py | 35 +++++++++++++++++-- .../nornir_plays/transform.py | 9 +++-- .../tests/test_transform.py | 5 +-- 6 files changed, 51 insertions(+), 7 deletions(-) create mode 100644 changes/289.added create mode 100644 changes/289.fixed diff --git a/changes/289.added b/changes/289.added new file mode 100644 index 00000000..22ed0c32 --- /dev/null +++ b/changes/289.added @@ -0,0 +1 @@ +- Added additional error handling/logging to the git repository sync method \ No newline at end of file diff --git a/changes/289.fixed b/changes/289.fixed new file mode 100644 index 00000000..0ad50810 --- /dev/null +++ b/changes/289.fixed @@ -0,0 +1,2 @@ +- Fixed typos in the 3.0 changelog +- Fixed a logging typo in an adapter \ No newline at end of file diff --git a/nautobot_device_onboarding/constants.py b/nautobot_device_onboarding/constants.py index 18c4afa6..3b8e70ad 100644 --- a/nautobot_device_onboarding/constants.py +++ b/nautobot_device_onboarding/constants.py @@ -48,3 +48,9 @@ "FastEthernet": "100base-fx", "ethernet": "1000base-t", } + +# The git repository data source content identifier for custom command mappers. +ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER = "nautobot_device_onboarding.onboarding_command_mappers" + +# The git repository data source folder name for custom command mappers. +ONBOARDING_COMMAND_MAPPERS_REPOSITORY_FOLDER = "onboarding_command_mappers" diff --git a/nautobot_device_onboarding/datasources.py b/nautobot_device_onboarding/datasources.py index 2eda1278..c2c9a18f 100755 --- a/nautobot_device_onboarding/datasources.py +++ b/nautobot_device_onboarding/datasources.py @@ -1,15 +1,44 @@ """Datasources to override command_mapper yaml files.""" +from pathlib import Path + from nautobot.apps.datasources import DatasourceContent from nautobot.extras.choices import LogLevelChoices +from nautobot_device_onboarding.constants import ( + ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER, + ONBOARDING_COMMAND_MAPPERS_REPOSITORY_FOLDER, +) + def refresh_git_command_mappers(repository_record, job_result, delete=False): # pylint: disable=unused-argument """Callback for gitrepository updates on Command Mapper Repo.""" + # Since we don't create any DB records we can just ignore deletions. + if delete: + return + if ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER not in repository_record.provided_contents: + return job_result.log( - "Successfully Pulled Command Mapper Repo", - level_choice=LogLevelChoices.LOG_DEBUG, + "Refreshing network sync job command mappers...", + level_choice=LogLevelChoices.LOG_INFO, ) + repo_data_dir = Path(repository_record.filesystem_path) / ONBOARDING_COMMAND_MAPPERS_REPOSITORY_FOLDER + if not repo_data_dir.exists(): + # Shouldn't use an f string here as it is a log message. + job_result.log( + "Command mapper repo folder does not exist. Create a sub folder in the repository at '%'".format( # pylint: disable=consider-using-fstring + ), + level_choice=LogLevelChoices.LOG_WARNING, + ) + return + try: + next(repo_data_dir.glob("*.yml")) + except StopIteration: + job_result.log( + "Command mapper repo folder found, but it doesn't contain any command mapper files. " + "They need to have the '.yml' extension.", + level_choice=LogLevelChoices.LOG_WARNING, + ) datasource_contents = [ @@ -17,7 +46,7 @@ def refresh_git_command_mappers(repository_record, job_result, delete=False): # "extras.gitrepository", DatasourceContent( name="Network Sync Job Command Mappers", - content_identifier="nautobot_device_onboarding.onboarding_command_mappers", + content_identifier=ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER, icon="mdi-paw", callback=refresh_git_command_mappers, ), diff --git a/nautobot_device_onboarding/nornir_plays/transform.py b/nautobot_device_onboarding/nornir_plays/transform.py index d4638cb8..077971d7 100755 --- a/nautobot_device_onboarding/nornir_plays/transform.py +++ b/nautobot_device_onboarding/nornir_plays/transform.py @@ -5,6 +5,11 @@ import yaml from nautobot.extras.models import GitRepository +from nautobot_device_onboarding.constants import ( + ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER, + ONBOARDING_COMMAND_MAPPERS_REPOSITORY_FOLDER, +) + DATA_DIR = os.path.abspath(os.path.join(os.path.dirname(os.path.dirname(__file__)), "command_mappers")) @@ -17,7 +22,7 @@ def get_git_repo(): == 1 ): repository_record = GitRepository.objects.filter( - provided_contents=["nautobot_device_onboarding.onboarding_command_mappers"] + provided_contents=[ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER] ).first() return repository_record return None @@ -40,7 +45,7 @@ def add_platform_parsing_info(): """Merges platform command mapper from repo or defaults.""" repository_record = get_git_repo() if repository_record: - repo_data_dir = os.path.join(repository_record.filesystem_path, "onboarding_command_mappers") + repo_data_dir = os.path.join(repository_record.filesystem_path, ONBOARDING_COMMAND_MAPPERS_REPOSITORY_FOLDER) command_mappers_repo_path = load_command_mappers_from_dir(repo_data_dir) else: command_mappers_repo_path = {} diff --git a/nautobot_device_onboarding/tests/test_transform.py b/nautobot_device_onboarding/tests/test_transform.py index f572e22f..656feae0 100755 --- a/nautobot_device_onboarding/tests/test_transform.py +++ b/nautobot_device_onboarding/tests/test_transform.py @@ -11,6 +11,7 @@ from nautobot.extras.choices import JobResultStatusChoices from nautobot.extras.models import GitRepository, JobResult +from nautobot_device_onboarding.constants import ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER from nautobot_device_onboarding.nornir_plays.transform import add_platform_parsing_info, load_command_mappers_from_dir MOCK_DIR = os.path.join("nautobot_device_onboarding", "tests", "mock") @@ -56,7 +57,7 @@ def setUp(self): name="Test Git Repository", slug=self.repo_slug, remote_url="http://localhost/git.git", - provided_contents=["nautobot_device_onboarding.onboarding_command_mappers"], + provided_contents=[ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER], ) self.repo.save() self.job_result = JobResult.objects.create(name=self.repo.name) @@ -81,7 +82,7 @@ def populate_repo(self, path, url, *args, **kwargs): def test_git_repo_was_created(self, MockGitRepo): # pylint:disable=invalid-name repo_count = GitRepository.objects.filter( - provided_contents=["nautobot_device_onboarding.onboarding_command_mappers"] + provided_contents=[ONBOARDING_COMMAND_MAPPERS_CONTENT_IDENTIFIER] ).count() self.assertEqual(1, repo_count) From eb7d18240d52f35ea99980341ea1b7ecf96aaf22 Mon Sep 17 00:00:00 2001 From: Jeff Kala Date: Thu, 16 Jan 2025 14:40:02 -0600 Subject: [PATCH 3/4] fix log message --- nautobot_device_onboarding/datasources.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nautobot_device_onboarding/datasources.py b/nautobot_device_onboarding/datasources.py index c2c9a18f..9b48cde4 100755 --- a/nautobot_device_onboarding/datasources.py +++ b/nautobot_device_onboarding/datasources.py @@ -24,10 +24,9 @@ def refresh_git_command_mappers(repository_record, job_result, delete=False): # ) repo_data_dir = Path(repository_record.filesystem_path) / ONBOARDING_COMMAND_MAPPERS_REPOSITORY_FOLDER if not repo_data_dir.exists(): - # Shouldn't use an f string here as it is a log message. job_result.log( - "Command mapper repo folder does not exist. Create a sub folder in the repository at '%'".format( # pylint: disable=consider-using-fstring - ), + f"Command mapper repo folder does not exist. Create a sub folder in the repository at {repo_data_dir}", + repository_record, level_choice=LogLevelChoices.LOG_WARNING, ) return From 194f6799ea61eeee75c68f68d60a88a8aae05420 Mon Sep 17 00:00:00 2001 From: Jeff Kala Date: Thu, 16 Jan 2025 14:52:04 -0600 Subject: [PATCH 4/4] undo f-string to use best practices for log formatting --- nautobot_device_onboarding/datasources.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nautobot_device_onboarding/datasources.py b/nautobot_device_onboarding/datasources.py index 9b48cde4..79c454c8 100755 --- a/nautobot_device_onboarding/datasources.py +++ b/nautobot_device_onboarding/datasources.py @@ -25,7 +25,8 @@ def refresh_git_command_mappers(repository_record, job_result, delete=False): # repo_data_dir = Path(repository_record.filesystem_path) / ONBOARDING_COMMAND_MAPPERS_REPOSITORY_FOLDER if not repo_data_dir.exists(): job_result.log( - f"Command mapper repo folder does not exist. Create a sub folder in the repository at {repo_data_dir}", + "Command mapper repo folder does not exist. " # pylint: disable=consider-using-f-string + "Create a sub folder in the repository at %s" % repo_data_dir, repository_record, level_choice=LogLevelChoices.LOG_WARNING, )