Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow netbox api access token to be templated #806

Merged
merged 1 commit into from
Sep 18, 2022
Merged

Allow netbox api access token to be templated #806

merged 1 commit into from
Sep 18, 2022

Conversation

TWitzenrath
Copy link
Contributor

New Behavior

You can use jinja templating for the API access token in the nb_inventory
config.

Contrast to Current Behavior

The only possibility not to have the token in clear text in the config was to
use ansible vault.

Discussion: Benefits and Drawbacks

This makes it possible to use a lookup() to retrieve the token, i.e. from a
password-manager.

Idea is stolen from the hcloud inventory.

Changes to the Documentation

token: NetBox API token to be able to read against NetBox. This may be templated with jinja i.e. to use lookup().

Proposed Release Note Entry

inventory token: can now use jinja templating i.e. to use lookup()

Double Check

  • I have read the comments and followed the CONTRIBUTING.md.
  • I have explained my PR according to the information in the comments or in a linked issue.
  • My PR targets the devel branch.

Allow netbox api access token to be templated
9439b03 
Allow jinja-templating of the api access token. This makes it possible to
use a lookup() to retrieve the token, i.e. from a password-manager. Idea
is stolen from the hcloud inventory.
@bk2zsto
Copy link
Contributor

bk2zsto commented Sep 7, 2022

omgz! Just wasted a day trying to figure out how to do this. I can confirm it works. Thank you!

@rodvand
Copy link
Contributor

rodvand commented Sep 7, 2022

Hi @TWitzenrath ! Thanks for the PR, and sorry for the slow response. Could you elaborate a bit on how this would be used? As in an example we can provide in the documentation.

@TWitzenrath
Copy link
Contributor Author

TWitzenrath commented Sep 7, 2022
edited
Loading

@rodvand sure:
right now, you can put

plugin: netbox.netbox.nb_inventory
api_endpoint: "https://netbox.example.com/"
token: !vault | [...]

or

plugin: netbox.netbox.nb_inventory
api_endpoint: "https://netbox.example.com/"
token: cleartexttoken

in your inventory yaml file. The ansible-vault encrypted token will be replaced by ansible, but anything else will be left as is, so if you put i.e. "{{ my_token }}" as a token, nb_inventory will NOT send the content of my_token to netbox as API-token, but will send the literal string "{{ my_token }}".

With the change merged, you can put i.e.

plugin: netbox.netbox.nb_inventory
api_endpoint: "https://netbox.example.com/"
token: "{{ lookup('community.hashi_vault.hashi_vault','secret=[...path...]/netbox:api_token')}}"

to retrieve the netbox api token from the hashi_vault plugin or any other lookup/jinja template.

@rodvand rodvand merged commit c2d2cd3 into netbox-community:devel Sep 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TWitzenrath @bk2zsto @rodvand