From d9ff19fd30a12245fe595b3c67c0e31583146e17 Mon Sep 17 00:00:00 2001 From: NeodymiumFerBore <32781483+NeodymiumFerBore@users.noreply.github.com> Date: Mon, 2 Sep 2024 17:27:37 +0000 Subject: [PATCH 1/7] Support for multiple AUTH_LDAP_REQUIRE_GROUP from environment variable --- configuration/ldap/ldap_config.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py index 82fad72a8..d25b3e821 100644 --- a/configuration/ldap/ldap_config.py +++ b/configuration/ldap/ldap_config.py @@ -2,7 +2,7 @@ from os import environ import ldap -from django_auth_ldap.config import LDAPSearch +from django_auth_ldap.config import LDAPGroupQuery, LDAPSearch # Read secret from file @@ -86,12 +86,22 @@ def _import_group_type(group_type_name): # Define a group required to login. AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN') +# If non-empty string, AUTH_LDAP_REQUIRE_GROUP will be treated as a list delimited by this separator +AUTH_LDAP_REQUIRE_GROUP_SEPARATOR = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN_SEPARATOR', '') + # Define special user types using groups. Exercise great caution when assigning superuser status. AUTH_LDAP_USER_FLAGS_BY_GROUP = {} if AUTH_LDAP_REQUIRE_GROUP is not None: + # Build an LDAPGroupQuery when AUTH_LDAP_REQUIRE_GROUP should be treated as a list + if AUTH_LDAP_REQUIRE_GROUP_SEPARATOR: + _groups = list(filter(None, AUTH_LDAP_REQUIRE_GROUP.split(AUTH_LDAP_REQUIRE_GROUP_SEPARATOR))) + AUTH_LDAP_REQUIRE_GROUP = LDAPGroupQuery(_groups[0]) + for i in range(1, len(_groups)): + AUTH_LDAP_REQUIRE_GROUP |= LDAPGroupQuery(_groups[i]) + AUTH_LDAP_USER_FLAGS_BY_GROUP = { - "is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''), + "is_active": AUTH_LDAP_REQUIRE_GROUP, "is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''), "is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '') } From 671f5e94111fc73954d8d8e5f8f0d3a07d16042b Mon Sep 17 00:00:00 2001 From: NeodymiumFerBore <32781483+NeodymiumFerBore@users.noreply.github.com> Date: Mon, 2 Sep 2024 17:29:17 +0000 Subject: [PATCH 2/7] Adapt ldap/extra: LDAPGroupQuery is now imported in ldap_config --- configuration/ldap/extra.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/configuration/ldap/extra.py b/configuration/ldap/extra.py index 45051978e..b76047a07 100644 --- a/configuration/ldap/extra.py +++ b/configuration/ldap/extra.py @@ -1,11 +1,10 @@ #### ## This file contains extra configuration options that can't be configured ## directly through environment variables. -## All vairables set here overwrite any existing found in ldap_config.py +## All variables set here overwrite any existing found in ldap_config.py #### # # This Python script inherits all the imports from ldap_config.py -# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py # # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin. # AUTH_LDAP_REQUIRE_GROUP = ( From 6e735fd431383f429012707cc1d5ae0ebc04b125 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 20:03:58 +0000 Subject: [PATCH 3/7] Update dependency sentry-sdk to v2.13.0 --- requirements-container.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-container.txt b/requirements-container.txt index d23301033..fd97e0f2a 100644 --- a/requirements-container.txt +++ b/requirements-container.txt @@ -2,4 +2,4 @@ django-auth-ldap==4.8.0 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.4 dulwich==0.22.1 python3-saml==1.16.0 --no-binary lxml,xmlsec -sentry-sdk[django]==2.12.0 +sentry-sdk[django]==2.13.0 From 52f80cc7ca2fa24b8672fca52c628414c1e06e0c Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Wed, 4 Sep 2024 07:25:04 +0200 Subject: [PATCH 4/7] Fix #1300: Disable ARM64 release --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 910c3a13a..c94c1f95a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - ./build.sh feature - ./build.sh develop platform: - - linux/amd64,linux/arm64 + - linux/amd64 fail-fast: false runs-on: ubuntu-latest name: Builds new NetBox Docker Images From f13a6bf5e47c0fccb76187d13c6030e606f828f6 Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Wed, 4 Sep 2024 07:25:44 +0200 Subject: [PATCH 5/7] Preparation for 3.0.1 --- VERSION | 2 +- docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 4a36342fc..cb2b00e4f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.0.0 +3.0.1 diff --git a/docker-compose.yml b/docker-compose.yml index 9d68b0e9a..34ce41d7f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ services: netbox: &netbox - image: docker.io/netboxcommunity/netbox:${VERSION-v4.1-3.0.0} + image: docker.io/netboxcommunity/netbox:${VERSION-v4.1-3.0.1} depends_on: - postgres - redis From a24c19c503fb236b1900883ea18f326856bc415a Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Wed, 4 Sep 2024 10:17:05 +0200 Subject: [PATCH 6/7] Use Docker Build Cloud for releases With QEMU the ARM64 builds are slow and not reliable. If we use the Docker Cloud builders we reduce the build times considerably. As a Docker OSS organisation we get 400 build minutes per month, which should be fine, because we already use checks if builds are really needed. The Docker Cloud also uses a cache that should reduce build times a little bit more. --- .github/workflows/release.yml | 33 ++++++++++++++++----------------- build.sh | 7 +++++++ 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c94c1f95a..7c2759488 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - ./build.sh feature - ./build.sh develop platform: - - linux/amd64 + - linux/amd64,linux/arm64 fail-fast: false runs-on: ubuntu-latest name: Builds new NetBox Docker Images @@ -35,19 +35,11 @@ jobs: name: Get Version of NetBox Docker run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT" shell: bash - - id: qemu-setup - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - id: buildx-setup - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - id: docker-build - name: Build the image with '${{ matrix.build_cmd }}' + - id: check-build-needed + name: Check if the build is needed for '${{ matrix.build_cmd }}' + env: + CHECK_ONLY: "true" run: ${{ matrix.build_cmd }} - - id: test-image - name: Test the image - run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh - if: steps.docker-build.outputs.skipped != 'true' # docker.io - id: docker-io-login name: Login to docker.io @@ -56,7 +48,14 @@ jobs: registry: docker.io username: ${{ secrets.dockerhub_username }} password: ${{ secrets.dockerhub_password }} - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' + - id: buildx-setup + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: "lab:latest" + driver: cloud + endpoint: "netboxcommunity/netbox-default" # quay.io - id: quay-io-login name: Login to Quay.io @@ -65,7 +64,7 @@ jobs: registry: quay.io username: ${{ secrets.quayio_username }} password: ${{ secrets.quayio_password }} - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' # ghcr.io - id: ghcr-io-login name: Login to GitHub Container Registry @@ -74,11 +73,11 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' - id: build-and-push name: Push the image run: ${{ matrix.build_cmd }} --push - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' env: BUILDX_PLATFORM: ${{ matrix.platform }} BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }} diff --git a/build.sh b/build.sh index 071596969..df85df7c2 100755 --- a/build.sh +++ b/build.sh @@ -103,6 +103,8 @@ GH_ACTION If defined, special 'echo' statements are enabled that set the - FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable ${_GREEN}Default:${_CLEAR} undefined +CHECK_ONLY Only checks if the build is needed and sets the GH Action output. + ${_BOLD}Examples:${_CLEAR} ${0} master @@ -355,6 +357,11 @@ else fi gh_echo "::endgroup::" +if [ "${CHECK_ONLY}" = "true" ]; then + echo "Only check if build needed was requested. Exiting" + exit 0 +fi + ### # Build the image ### From 942f978ed26217b4795a5a22fb4e42661b311b4a Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Wed, 4 Sep 2024 17:53:24 +0200 Subject: [PATCH 7/7] Revert "Feature: Support for multiple AUTH_LDAP_REQUIRE_GROUP from environment variables" --- configuration/ldap/extra.py | 3 ++- configuration/ldap/ldap_config.py | 14 ++------------ 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/configuration/ldap/extra.py b/configuration/ldap/extra.py index b76047a07..45051978e 100644 --- a/configuration/ldap/extra.py +++ b/configuration/ldap/extra.py @@ -1,10 +1,11 @@ #### ## This file contains extra configuration options that can't be configured ## directly through environment variables. -## All variables set here overwrite any existing found in ldap_config.py +## All vairables set here overwrite any existing found in ldap_config.py #### # # This Python script inherits all the imports from ldap_config.py +# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py # # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin. # AUTH_LDAP_REQUIRE_GROUP = ( diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py index d25b3e821..82fad72a8 100644 --- a/configuration/ldap/ldap_config.py +++ b/configuration/ldap/ldap_config.py @@ -2,7 +2,7 @@ from os import environ import ldap -from django_auth_ldap.config import LDAPGroupQuery, LDAPSearch +from django_auth_ldap.config import LDAPSearch # Read secret from file @@ -86,22 +86,12 @@ def _import_group_type(group_type_name): # Define a group required to login. AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN') -# If non-empty string, AUTH_LDAP_REQUIRE_GROUP will be treated as a list delimited by this separator -AUTH_LDAP_REQUIRE_GROUP_SEPARATOR = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN_SEPARATOR', '') - # Define special user types using groups. Exercise great caution when assigning superuser status. AUTH_LDAP_USER_FLAGS_BY_GROUP = {} if AUTH_LDAP_REQUIRE_GROUP is not None: - # Build an LDAPGroupQuery when AUTH_LDAP_REQUIRE_GROUP should be treated as a list - if AUTH_LDAP_REQUIRE_GROUP_SEPARATOR: - _groups = list(filter(None, AUTH_LDAP_REQUIRE_GROUP.split(AUTH_LDAP_REQUIRE_GROUP_SEPARATOR))) - AUTH_LDAP_REQUIRE_GROUP = LDAPGroupQuery(_groups[0]) - for i in range(1, len(_groups)): - AUTH_LDAP_REQUIRE_GROUP |= LDAPGroupQuery(_groups[i]) - AUTH_LDAP_USER_FLAGS_BY_GROUP = { - "is_active": AUTH_LDAP_REQUIRE_GROUP, + "is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''), "is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''), "is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '') }