netbox wip

cisagov · Sep 20, 2022 · f6ecce5 · f6ecce5
1 parent bcd0ee9
commit f6ecce5
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 40 deletions.
diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml
@@ -265,11 +265,16 @@ x-filebeat-variables: &filebeat-variables
 x-netbox-variables: &netbox-variables
   # Parameters related to NetBox (and supporting tools). Note that other more specific parameters
   #   can also be configured in the env_file files for netbox* services
+  # The name of the default "site" to be created upon NetBox initialization
   NETBOX_DEFAULT_SITE : 'Malcolm'
+  # Whether to disable Malcolm's NetBox instance ('true') or not ('false')
   NETBOX_DISABLED : &netboxdisabled 'true'
   NETBOX_POSTGRES_DISABLED : *netboxdisabled
   NETBOX_REDIS_DISABLED : *netboxdisabled
   NETBOX_REDIS_CACHE_DISABLED : *netboxdisabled
+  # If using the NetBox interface to create API tokens, set this
+  #   (see https://docs.djangoproject.com/en/4.1/ref/settings/#csrf-trusted-origins)
+  # CSRF_TRUSTED_ORIGINS : 'https://malcolm.example.org'
 
 x-common-upload-variables: &common-upload-variables
   # Whether or not to automatically apply tags based (on the PCAP filename) to network traffic metadata

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -265,11 +265,16 @@ x-filebeat-variables: &filebeat-variables
 x-netbox-variables: &netbox-variables
   # Parameters related to NetBox (and supporting tools). Note that other more specific parameters
   #   can also be configured in the env_file files for netbox* services
+  # The name of the default "site" to be created upon NetBox initialization
   NETBOX_DEFAULT_SITE : 'Malcolm'
+  # Whether to disable Malcolm's NetBox instance ('true') or not ('false')
   NETBOX_DISABLED : &netboxdisabled 'true'
   NETBOX_POSTGRES_DISABLED : *netboxdisabled
   NETBOX_REDIS_DISABLED : *netboxdisabled
   NETBOX_REDIS_CACHE_DISABLED : *netboxdisabled
+  # If using the NetBox interface to create API tokens, set this
+  #   (see https://docs.djangoproject.com/en/4.1/ref/settings/#csrf-trusted-origins)
+  # CSRF_TRUSTED_ORIGINS : 'https://malcolm.example.org'
 
 x-common-upload-variables: &common-upload-variables
   # Whether or not to automatically apply tags based (on the PCAP filename) to network traffic metadata

diff --git a/netbox/scripts/netbox_init.py b/netbox/scripts/netbox_init.py
@@ -131,18 +131,21 @@ def main():
         args.defaultGroupName,
     )
 
-    # list existing groups
-    groupsPreExisting = [x.name for x in nb.users.groups.all()]
-    logging.debug(groupsPreExisting)
+    try:
+        # list existing groups
+        groupsPreExisting = [x.name for x in nb.users.groups.all()]
+        logging.debug(groupsPreExisting)
 
-    # create groups that don't already exist
-    for groupName in DEFAULT_GROUP_NAMES:
-        if groupName not in groupsPreExisting:
-            nb.users.groups.create({'name': groupName})
+        # create groups that don't already exist
+        for groupName in DEFAULT_GROUP_NAMES:
+            if groupName not in groupsPreExisting:
+                nb.users.groups.create({'name': groupName})
 
-    # get existing groups into name->id dictionary
-    groupNameIdDict = {x.name: x.id for x in nb.users.groups.all()}
-    logging.debug(groupNameIdDict)
+        # get existing groups into name->id dictionary
+        groupNameIdDict = {x.name: x.id for x in nb.users.groups.all()}
+        logging.debug(groupNameIdDict)
+    except Exception as e:
+        logging.error(f"{type(e).__name__} processing groups: {e}")
 
     ####### PERMISSIONS ###########################################################################################
     DEFAULT_PERMISSIONS = {
@@ -182,39 +185,47 @@ def main():
         },
     }
 
-    # get all content types (for creating new permissions)
-    allContentTypeNames = [f'{x.app_label}.{x.model}' for x in nb.extras.content_types.all()]
-
-    # get existing permissions
-    permsPreExisting = [x.name for x in nb.users.permissions.all()]
-    logging.debug(permsPreExisting)
-
-    # create permissions that don't already exist
-    for permName, permConfig in DEFAULT_PERMISSIONS.items():
-        if 'name' in permConfig and permConfig['name'] not in permsPreExisting:
-            permConfig['groups'] = [groupNameIdDict[x] for x in permConfig['groups']]
-            permConfig['object_types'] = [ct for ct in allContentTypeNames if ct not in permConfig['exclude_objects']]
-            permConfig.pop('exclude_objects', None)
-            nb.users.permissions.create(permConfig)
-
-    logging.debug([x.name for x in nb.users.permissions.all()])
+    try:
+        # get all content types (for creating new permissions)
+        allContentTypeNames = [f'{x.app_label}.{x.model}' for x in nb.extras.content_types.all()]
+
+        # get existing permissions
+        permsPreExisting = [x.name for x in nb.users.permissions.all()]
+        logging.debug(permsPreExisting)
+
+        # create permissions that don't already exist
+        for permName, permConfig in DEFAULT_PERMISSIONS.items():
+            if 'name' in permConfig and permConfig['name'] not in permsPreExisting:
+                permConfig['groups'] = [groupNameIdDict[x] for x in permConfig['groups']]
+                permConfig['object_types'] = [
+                    ct for ct in allContentTypeNames if ct not in permConfig['exclude_objects']
+                ]
+                permConfig.pop('exclude_objects', None)
+                nb.users.permissions.create(permConfig)
+
+        logging.debug([x.name for x in nb.users.permissions.all()])
+    except Exception as e:
+        logging.error(f"{type(e).__name__} processing permissions: {e}")
 
     # ###### PERMISSIONS ###########################################################################################
     # get existing sites
-    sitesPreExisting = [x.name for x in nb.dcim.sites.all()]
-    logging.debug(sitesPreExisting)
-
-    # create sites that don't already exist
-    for siteName in args.netboxSites:
-        if siteName not in sitesPreExisting:
-            nb.dcim.sites.create(
-                {
-                    "name": siteName,
-                    "slug": slugify(siteName),
-                },
-            )
-
-    logging.debug([f'{x.name} ({x.slug})' for x in nb.dcim.sites.all()])
+    try:
+        sitesPreExisting = [x.name for x in nb.dcim.sites.all()]
+        logging.debug(sitesPreExisting)
+
+        # create sites that don't already exist
+        for siteName in args.netboxSites:
+            if siteName not in sitesPreExisting:
+                nb.dcim.sites.create(
+                    {
+                        "name": siteName,
+                        "slug": slugify(siteName),
+                    },
+                )
+
+        logging.debug([f'{x.name} ({x.slug})' for x in nb.dcim.sites.all()])
+    except Exception as e:
+        logging.error(f"{type(e).__name__} processing sites: {e}")
 
 
 ###################################################################################################