Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auto-create remote groups #7671

Closed
larsks opened this issue Oct 28, 2021 · 8 comments · Fixed by #12394
Closed

Auto-create remote groups #7671

larsks opened this issue Oct 28, 2021 · 8 comments · Fixed by #12394
Assignees
Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application

Comments

@larsks
Copy link
Contributor

larsks commented Oct 28, 2021

NetBox version

v3.0.8

Feature type

Change to existing functionality

Proposed functionality

Allow NetBox to auto-create groups referenced in the REMOTE_AUTH_GROUP_HEADER.

Use case

As a data center administrator using Keycloak to manage auth/authz, I would like NetBox to automatically instantiate groups provided by Keycloak when using REMOTE_AUTH_ENABLED.

With REMOTE_AUTH_ENABLED and REMOTE_AUTH_GROUP_SYNC_ENABLED, it's still necessary to manually create groups before the group sync is effective. I would like to see a REMOTE_AUTH_AUTO_CREATE_GROUPS setting, analagous to REMOTE_AUTH_AUTO_CREATE_USER but for groups, that would cause NetBox to automatically create any groups in the REMOTE_AUTH_GROUP_HEADER. This would allow authorization to be completely delegated to the identity management platform.

This is the same feature requested by this comment in #5775.

Database changes

No response

External dependencies

No response

@larsks larsks added the type: feature Introduction of new functionality to the application label Oct 28, 2021
larsks added a commit to larsks/netbox that referenced this issue Oct 28, 2021
When REMOTE_AUTH_AUTO_CREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.
larsks added a commit to larsks/netbox that referenced this issue Oct 28, 2021
When REMOTE_AUTH_AUTO_CREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.
larsks added a commit to larsks/moc-apps that referenced this issue Oct 28, 2021
This uses a custom image that includes a solution for
netbox-community/netbox#7671.
larsks added a commit to larsks/moc-apps that referenced this issue Oct 28, 2021
This uses a custom image that includes a solution for
netbox-community/netbox#7671.
larsks added a commit to larsks/moc-apps that referenced this issue Oct 28, 2021
This uses a custom image that includes a solution for
netbox-community/netbox#7671.
larsks added a commit to larsks/moc-apps that referenced this issue Oct 28, 2021
This uses a custom image that includes a solution for
netbox-community/netbox#7671.
larsks added a commit to larsks/moc-apps that referenced this issue Oct 28, 2021
Deploy netbox behind an oauth2 proxy configured to authenticate
against the MOC keycloak instance.

Deploys into the netbox-lars namespace. The changes in
overlays/lars-devel-2 should ultimately be moved over to the ocp-prod
overlay (if we think they make sense), and this commit should probably
just be discarded.

This includes a patched netbox image that includes a solution for
netbox-community/netbox#7671.
larsks added a commit to larsks/moc-apps that referenced this issue Oct 28, 2021
Deploy netbox behind an oauth2 proxy configured to authenticate
against the MOC keycloak instance.

Deploys into the netbox-lars namespace. The changes in
overlays/lars-devel-2 should ultimately be moved over to the ocp-prod
overlay (if we think they make sense), and this commit should probably
just be discarded.

This includes a patched netbox image that includes a solution for
netbox-community/netbox#7671.
@jeremystretch jeremystretch added the status: under review Further discussion is needed to determine this issue's scope and/or implementation label Nov 11, 2021
@larsks
Copy link
Contributor Author

larsks commented Nov 21, 2021

Hi @jeremystretch, I just wanted to check in on this issue and see if I should go ahead and submit a PR for it.

@github-actions
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. NetBox is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. Please see our contributing guide.

@github-actions github-actions bot added the pending closure Requires immediate attention to avoid being closed for inactivity label Jan 20, 2022
@netbox-community netbox-community deleted a comment from ITJamie Feb 9, 2022
larsks added a commit to larsks/netbox that referenced this issue Feb 10, 2022
When REMOTE_AUTH_AUTOCREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.

Closes netbox-community#7671
larsks added a commit to larsks/netbox that referenced this issue Mar 8, 2022
When REMOTE_AUTH_AUTOCREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.

Closes netbox-community#7671
larsks added a commit to larsks/netbox that referenced this issue Mar 8, 2022
When REMOTE_AUTH_AUTOCREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.

Closes netbox-community#7671
@github-actions
Copy link
Contributor

This issue has been automatically closed due to lack of activity. In an effort to reduce noise, please do not comment any further. Note that the core maintainers may elect to reopen this issue at a later date if deemed necessary.

@ITJamie
Copy link
Contributor

ITJamie commented Mar 12, 2022

Id still like to see this happen

@jeremystretch jeremystretch added status: accepted This issue has been accepted for implementation and removed status: under review Further discussion is needed to determine this issue's scope and/or implementation pending closure Requires immediate attention to avoid being closed for inactivity labels Apr 8, 2022
@jeremystretch jeremystretch reopened this Apr 8, 2022
@jeremystretch
Copy link
Member

@larsks looks like this one fell through the cracks unfortunately. Any chance you're still interested in submitting a PR?

@jeremystretch jeremystretch added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation and removed status: accepted This issue has been accepted for implementation labels Jan 5, 2023
@larsks
Copy link
Contributor Author

larsks commented Jan 6, 2023

@jeremystretch I'd be happy to update the previous PR. I'll take a look this weekend.

@kkthxbye-code
Copy link
Contributor

I unlocked the old PR here: #8603

You should be able to re-open it yourself now, otherwise let me know.

@kkthxbye-code kkthxbye-code added status: accepted This issue has been accepted for implementation and removed status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels Jan 6, 2023
@jeremystretch jeremystretch added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation and removed status: accepted This issue has been accepted for implementation labels Mar 16, 2023
jschewebbn added a commit to jschewebbn/netbox that referenced this issue Apr 28, 2023
When REMOTE_AUTH_AUTOCREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.

Work was done by Lars Kellogg-Stedman, I just rebased onto the current
develop branch.

Closes netbox-community#7671
jschewebbn pushed a commit to jschewebbn/netbox that referenced this issue Apr 28, 2023
When REMOTE_AUTH_AUTOCREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.

Closes netbox-community#7671
@jschewebbn
Copy link
Contributor

Given that this bug caused me problems this week I applied the changes to the current develop and opened PR #12394

@jeremystretch jeremystretch added status: accepted This issue has been accepted for implementation and removed status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation labels May 2, 2023
jeremystretch pushed a commit that referenced this issue May 12, 2023
* Add REMOTE_AUTH_AUTOCREATE_GROUPS

When REMOTE_AUTH_AUTOCREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.

Closes #7671

* Fix naming of parameter

Apply the fix requested by kkthxbye-code in #8603

---------

Co-authored-by: Lars Kellogg-Stedman <[email protected]>
jsenecal pushed a commit to jsenecal/netbox that referenced this issue May 18, 2023
* Add REMOTE_AUTH_AUTOCREATE_GROUPS

When REMOTE_AUTH_AUTOCREATE_GROUPS is True, Netbox will create groups
referenced in the REMOTE_AUTH_GROUP_HEADER that don't exist in the
database.

Closes netbox-community#7671

* Fix naming of parameter

Apply the fix requested by kkthxbye-code in netbox-community#8603

---------

Co-authored-by: Lars Kellogg-Stedman <[email protected]>
jsenecal pushed a commit to jsenecal/netbox that referenced this issue May 18, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application
Projects
None yet
5 participants