815 lines
29 KiB
Python
815 lines
29 KiB
Python
import hashlib
|
|
import importlib
|
|
import importlib.util
|
|
import os
|
|
import platform
|
|
import requests
|
|
import sys
|
|
import warnings
|
|
from urllib.parse import urlencode, urlsplit
|
|
|
|
import django
|
|
from django.contrib.messages import constants as messages
|
|
from django.core.exceptions import ImproperlyConfigured, ValidationError
|
|
from django.core.validators import URLValidator
|
|
from django.utils.encoding import force_str
|
|
from django.utils.translation import gettext_lazy as _
|
|
try:
|
|
import sentry_sdk
|
|
except ModuleNotFoundError:
|
|
pass
|
|
|
|
from netbox.config import PARAMS
|
|
from netbox.constants import RQ_QUEUE_DEFAULT, RQ_QUEUE_HIGH, RQ_QUEUE_LOW
|
|
from netbox.plugins import PluginConfig
|
|
|
|
|
|
#
|
|
# Environment setup
|
|
#
|
|
|
|
VERSION = '3.7.5-dev'
|
|
|
|
# Hostname
|
|
HOSTNAME = platform.node()
|
|
|
|
# Set the base directory two levels up
|
|
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
|
|
# Validate Python version
|
|
if sys.version_info < (3, 8):
|
|
raise RuntimeError(
|
|
f"NetBox requires Python 3.8 or later. (Currently installed: Python {platform.python_version()})"
|
|
)
|
|
|
|
#
|
|
# Configuration import
|
|
#
|
|
|
|
# Import configuration parameters
|
|
config_path = os.getenv('NETBOX_CONFIGURATION', 'netbox.configuration')
|
|
try:
|
|
configuration = importlib.import_module(config_path)
|
|
except ModuleNotFoundError as e:
|
|
if getattr(e, 'name') == config_path:
|
|
raise ImproperlyConfigured(
|
|
f"Specified configuration module ({config_path}) not found. Please define netbox/netbox/configuration.py "
|
|
f"per the documentation, or specify an alternate module in the NETBOX_CONFIGURATION environment variable."
|
|
)
|
|
raise
|
|
|
|
# Enforce required configuration parameters
|
|
for parameter in ['ALLOWED_HOSTS', 'DATABASE', 'SECRET_KEY', 'REDIS']:
|
|
if not hasattr(configuration, parameter):
|
|
raise ImproperlyConfigured(f"Required parameter {parameter} is missing from configuration.")
|
|
|
|
# Set required parameters
|
|
ALLOWED_HOSTS = getattr(configuration, 'ALLOWED_HOSTS')
|
|
DATABASE = getattr(configuration, 'DATABASE')
|
|
REDIS = getattr(configuration, 'REDIS')
|
|
SECRET_KEY = getattr(configuration, 'SECRET_KEY')
|
|
|
|
# Enforce minimum length for SECRET_KEY
|
|
if type(SECRET_KEY) is not str:
|
|
raise ImproperlyConfigured(f"SECRET_KEY must be a string (found {type(SECRET_KEY).__name__})")
|
|
if len(SECRET_KEY) < 50:
|
|
raise ImproperlyConfigured(
|
|
f"SECRET_KEY must be at least 50 characters in length. To generate a suitable key, run the following command:\n"
|
|
f" python {BASE_DIR}/generate_secret_key.py"
|
|
)
|
|
|
|
# Calculate a unique deployment ID from the secret key
|
|
DEPLOYMENT_ID = hashlib.sha256(SECRET_KEY.encode('utf-8')).hexdigest()[:16]
|
|
|
|
# Set static config parameters
|
|
ADMINS = getattr(configuration, 'ADMINS', [])
|
|
ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', True)
|
|
AUTH_PASSWORD_VALIDATORS = getattr(configuration, 'AUTH_PASSWORD_VALIDATORS', [])
|
|
BASE_PATH = getattr(configuration, 'BASE_PATH', '')
|
|
if BASE_PATH:
|
|
BASE_PATH = BASE_PATH.strip('/') + '/' # Enforce trailing slash only
|
|
CSRF_COOKIE_PATH = LANGUAGE_COOKIE_PATH = SESSION_COOKIE_PATH = f'/{BASE_PATH.rstrip("/")}'
|
|
CENSUS_REPORTING_ENABLED = getattr(configuration, 'CENSUS_REPORTING_ENABLED', True)
|
|
CORS_ORIGIN_ALLOW_ALL = getattr(configuration, 'CORS_ORIGIN_ALLOW_ALL', False)
|
|
CORS_ORIGIN_REGEX_WHITELIST = getattr(configuration, 'CORS_ORIGIN_REGEX_WHITELIST', [])
|
|
CORS_ORIGIN_WHITELIST = getattr(configuration, 'CORS_ORIGIN_WHITELIST', [])
|
|
CSRF_COOKIE_NAME = getattr(configuration, 'CSRF_COOKIE_NAME', 'csrftoken')
|
|
CSRF_COOKIE_SECURE = getattr(configuration, 'CSRF_COOKIE_SECURE', False)
|
|
CSRF_TRUSTED_ORIGINS = getattr(configuration, 'CSRF_TRUSTED_ORIGINS', [])
|
|
DATA_UPLOAD_MAX_MEMORY_SIZE = getattr(configuration, 'DATA_UPLOAD_MAX_MEMORY_SIZE', 2621440)
|
|
DATE_FORMAT = getattr(configuration, 'DATE_FORMAT', 'N j, Y')
|
|
DATETIME_FORMAT = getattr(configuration, 'DATETIME_FORMAT', 'N j, Y g:i a')
|
|
DEBUG = getattr(configuration, 'DEBUG', False)
|
|
DEFAULT_DASHBOARD = getattr(configuration, 'DEFAULT_DASHBOARD', None)
|
|
DEFAULT_PERMISSIONS = getattr(configuration, 'DEFAULT_PERMISSIONS', {
|
|
# Permit users to manage their own bookmarks
|
|
'extras.view_bookmark': ({'user': '$user'},),
|
|
'extras.add_bookmark': ({'user': '$user'},),
|
|
'extras.change_bookmark': ({'user': '$user'},),
|
|
'extras.delete_bookmark': ({'user': '$user'},),
|
|
# Permit users to manage their own API tokens
|
|
'users.view_token': ({'user': '$user'},),
|
|
'users.add_token': ({'user': '$user'},),
|
|
'users.change_token': ({'user': '$user'},),
|
|
'users.delete_token': ({'user': '$user'},),
|
|
})
|
|
DEVELOPER = getattr(configuration, 'DEVELOPER', False)
|
|
DOCS_ROOT = getattr(configuration, 'DOCS_ROOT', os.path.join(os.path.dirname(BASE_DIR), 'docs'))
|
|
EMAIL = getattr(configuration, 'EMAIL', {})
|
|
EVENTS_PIPELINE = getattr(configuration, 'EVENTS_PIPELINE', (
|
|
'extras.events.process_event_queue',
|
|
))
|
|
EXEMPT_VIEW_PERMISSIONS = getattr(configuration, 'EXEMPT_VIEW_PERMISSIONS', [])
|
|
FIELD_CHOICES = getattr(configuration, 'FIELD_CHOICES', {})
|
|
FILE_UPLOAD_MAX_MEMORY_SIZE = getattr(configuration, 'FILE_UPLOAD_MAX_MEMORY_SIZE', 2621440)
|
|
HTTP_PROXIES = getattr(configuration, 'HTTP_PROXIES', None)
|
|
INTERNAL_IPS = getattr(configuration, 'INTERNAL_IPS', ('127.0.0.1', '::1'))
|
|
JINJA2_FILTERS = getattr(configuration, 'JINJA2_FILTERS', {})
|
|
LANGUAGE_CODE = getattr(configuration, 'DEFAULT_LANGUAGE', 'en-us')
|
|
LOGGING = getattr(configuration, 'LOGGING', {})
|
|
LOGIN_PERSISTENCE = getattr(configuration, 'LOGIN_PERSISTENCE', False)
|
|
LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', False)
|
|
LOGIN_TIMEOUT = getattr(configuration, 'LOGIN_TIMEOUT', None)
|
|
LOGOUT_REDIRECT_URL = getattr(configuration, 'LOGOUT_REDIRECT_URL', 'home')
|
|
MEDIA_ROOT = getattr(configuration, 'MEDIA_ROOT', os.path.join(BASE_DIR, 'media')).rstrip('/')
|
|
METRICS_ENABLED = getattr(configuration, 'METRICS_ENABLED', False)
|
|
PLUGINS = getattr(configuration, 'PLUGINS', [])
|
|
PLUGINS_CONFIG = getattr(configuration, 'PLUGINS_CONFIG', {})
|
|
QUEUE_MAPPINGS = getattr(configuration, 'QUEUE_MAPPINGS', {})
|
|
RELEASE_CHECK_URL = getattr(configuration, 'RELEASE_CHECK_URL', None)
|
|
REMOTE_AUTH_AUTO_CREATE_USER = getattr(configuration, 'REMOTE_AUTH_AUTO_CREATE_USER', False)
|
|
REMOTE_AUTH_AUTO_CREATE_GROUPS = getattr(configuration, 'REMOTE_AUTH_AUTO_CREATE_GROUPS', False)
|
|
REMOTE_AUTH_BACKEND = getattr(configuration, 'REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend')
|
|
REMOTE_AUTH_DEFAULT_GROUPS = getattr(configuration, 'REMOTE_AUTH_DEFAULT_GROUPS', [])
|
|
REMOTE_AUTH_DEFAULT_PERMISSIONS = getattr(configuration, 'REMOTE_AUTH_DEFAULT_PERMISSIONS', {})
|
|
REMOTE_AUTH_ENABLED = getattr(configuration, 'REMOTE_AUTH_ENABLED', False)
|
|
REMOTE_AUTH_HEADER = getattr(configuration, 'REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
|
|
REMOTE_AUTH_USER_FIRST_NAME = getattr(configuration, 'REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME')
|
|
REMOTE_AUTH_USER_LAST_NAME = getattr(configuration, 'REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME')
|
|
REMOTE_AUTH_USER_EMAIL = getattr(configuration, 'REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL')
|
|
REMOTE_AUTH_GROUP_HEADER = getattr(configuration, 'REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP')
|
|
REMOTE_AUTH_GROUP_SYNC_ENABLED = getattr(configuration, 'REMOTE_AUTH_GROUP_SYNC_ENABLED', False)
|
|
REMOTE_AUTH_SUPERUSER_GROUPS = getattr(configuration, 'REMOTE_AUTH_SUPERUSER_GROUPS', [])
|
|
REMOTE_AUTH_SUPERUSERS = getattr(configuration, 'REMOTE_AUTH_SUPERUSERS', [])
|
|
REMOTE_AUTH_STAFF_GROUPS = getattr(configuration, 'REMOTE_AUTH_STAFF_GROUPS', [])
|
|
REMOTE_AUTH_STAFF_USERS = getattr(configuration, 'REMOTE_AUTH_STAFF_USERS', [])
|
|
REMOTE_AUTH_GROUP_SEPARATOR = getattr(configuration, 'REMOTE_AUTH_GROUP_SEPARATOR', '|')
|
|
REPORTS_ROOT = getattr(configuration, 'REPORTS_ROOT', os.path.join(BASE_DIR, 'reports')).rstrip('/')
|
|
RQ_DEFAULT_TIMEOUT = getattr(configuration, 'RQ_DEFAULT_TIMEOUT', 300)
|
|
RQ_RETRY_INTERVAL = getattr(configuration, 'RQ_RETRY_INTERVAL', 60)
|
|
RQ_RETRY_MAX = getattr(configuration, 'RQ_RETRY_MAX', 0)
|
|
SCRIPTS_ROOT = getattr(configuration, 'SCRIPTS_ROOT', os.path.join(BASE_DIR, 'scripts')).rstrip('/')
|
|
SEARCH_BACKEND = getattr(configuration, 'SEARCH_BACKEND', 'netbox.search.backends.CachedValueSearchBackend')
|
|
SECURE_SSL_REDIRECT = getattr(configuration, 'SECURE_SSL_REDIRECT', False)
|
|
SENTRY_DSN = getattr(configuration, 'SENTRY_DSN', None)
|
|
SENTRY_ENABLED = getattr(configuration, 'SENTRY_ENABLED', False)
|
|
SENTRY_SAMPLE_RATE = getattr(configuration, 'SENTRY_SAMPLE_RATE', 1.0)
|
|
SENTRY_TRACES_SAMPLE_RATE = getattr(configuration, 'SENTRY_TRACES_SAMPLE_RATE', 0)
|
|
SENTRY_TAGS = getattr(configuration, 'SENTRY_TAGS', {})
|
|
SESSION_FILE_PATH = getattr(configuration, 'SESSION_FILE_PATH', None)
|
|
SESSION_COOKIE_NAME = getattr(configuration, 'SESSION_COOKIE_NAME', 'sessionid')
|
|
SESSION_COOKIE_SECURE = getattr(configuration, 'SESSION_COOKIE_SECURE', False)
|
|
SHORT_DATE_FORMAT = getattr(configuration, 'SHORT_DATE_FORMAT', 'Y-m-d')
|
|
SHORT_DATETIME_FORMAT = getattr(configuration, 'SHORT_DATETIME_FORMAT', 'Y-m-d H:i')
|
|
SHORT_TIME_FORMAT = getattr(configuration, 'SHORT_TIME_FORMAT', 'H:i:s')
|
|
STORAGE_BACKEND = getattr(configuration, 'STORAGE_BACKEND', None)
|
|
STORAGE_CONFIG = getattr(configuration, 'STORAGE_CONFIG', {})
|
|
TIME_FORMAT = getattr(configuration, 'TIME_FORMAT', 'g:i a')
|
|
TIME_ZONE = getattr(configuration, 'TIME_ZONE', 'UTC')
|
|
ENABLE_LOCALIZATION = getattr(configuration, 'ENABLE_LOCALIZATION', False)
|
|
CHANGELOG_SKIP_EMPTY_CHANGES = getattr(configuration, 'CHANGELOG_SKIP_EMPTY_CHANGES', True)
|
|
|
|
# Check for hard-coded dynamic config parameters
|
|
for param in PARAMS:
|
|
if hasattr(configuration, param.name):
|
|
globals()[param.name] = getattr(configuration, param.name)
|
|
|
|
# Validate update repo URL and timeout
|
|
if RELEASE_CHECK_URL:
|
|
validator = URLValidator(
|
|
message=(
|
|
"RELEASE_CHECK_URL must be a valid API URL. Example: "
|
|
"https://api.github.com/repos/netbox-community/netbox"
|
|
)
|
|
)
|
|
try:
|
|
validator(RELEASE_CHECK_URL)
|
|
except ValidationError as err:
|
|
raise ImproperlyConfigured(str(err))
|
|
|
|
|
|
#
|
|
# Database
|
|
#
|
|
|
|
if 'ENGINE' not in DATABASE:
|
|
# Only PostgreSQL is supported
|
|
if METRICS_ENABLED:
|
|
DATABASE.update({
|
|
'ENGINE': 'django_prometheus.db.backends.postgresql'
|
|
})
|
|
else:
|
|
DATABASE.update({
|
|
'ENGINE': 'django.db.backends.postgresql'
|
|
})
|
|
|
|
DATABASES = {
|
|
'default': DATABASE,
|
|
}
|
|
|
|
|
|
#
|
|
# Media storage
|
|
#
|
|
|
|
if STORAGE_BACKEND is not None:
|
|
DEFAULT_FILE_STORAGE = STORAGE_BACKEND
|
|
|
|
# django-storages
|
|
if STORAGE_BACKEND.startswith('storages.'):
|
|
|
|
try:
|
|
import storages.utils # type: ignore
|
|
except ModuleNotFoundError as e:
|
|
if getattr(e, 'name') == 'storages':
|
|
raise ImproperlyConfigured(
|
|
f"STORAGE_BACKEND is set to {STORAGE_BACKEND} but django-storages is not present. It can be "
|
|
f"installed by running 'pip install django-storages'."
|
|
)
|
|
raise e
|
|
|
|
# Monkey-patch django-storages to fetch settings from STORAGE_CONFIG
|
|
def _setting(name, default=None):
|
|
if name in STORAGE_CONFIG:
|
|
return STORAGE_CONFIG[name]
|
|
return globals().get(name, default)
|
|
storages.utils.setting = _setting
|
|
|
|
if STORAGE_CONFIG and STORAGE_BACKEND is None:
|
|
warnings.warn(
|
|
"STORAGE_CONFIG has been set in configuration.py but STORAGE_BACKEND is not defined. STORAGE_CONFIG will be "
|
|
"ignored."
|
|
)
|
|
|
|
|
|
#
|
|
# Redis
|
|
#
|
|
|
|
# Background task queuing
|
|
if 'tasks' not in REDIS:
|
|
raise ImproperlyConfigured(
|
|
"REDIS section in configuration.py is missing the 'tasks' subsection."
|
|
)
|
|
TASKS_REDIS = REDIS['tasks']
|
|
TASKS_REDIS_HOST = TASKS_REDIS.get('HOST', 'localhost')
|
|
TASKS_REDIS_PORT = TASKS_REDIS.get('PORT', 6379)
|
|
TASKS_REDIS_SENTINELS = TASKS_REDIS.get('SENTINELS', [])
|
|
TASKS_REDIS_USING_SENTINEL = all([
|
|
isinstance(TASKS_REDIS_SENTINELS, (list, tuple)),
|
|
len(TASKS_REDIS_SENTINELS) > 0
|
|
])
|
|
TASKS_REDIS_SENTINEL_SERVICE = TASKS_REDIS.get('SENTINEL_SERVICE', 'default')
|
|
TASKS_REDIS_SENTINEL_TIMEOUT = TASKS_REDIS.get('SENTINEL_TIMEOUT', 10)
|
|
TASKS_REDIS_USERNAME = TASKS_REDIS.get('USERNAME', '')
|
|
TASKS_REDIS_PASSWORD = TASKS_REDIS.get('PASSWORD', '')
|
|
TASKS_REDIS_DATABASE = TASKS_REDIS.get('DATABASE', 0)
|
|
TASKS_REDIS_SSL = TASKS_REDIS.get('SSL', False)
|
|
TASKS_REDIS_SKIP_TLS_VERIFY = TASKS_REDIS.get('INSECURE_SKIP_TLS_VERIFY', False)
|
|
TASKS_REDIS_CA_CERT_PATH = TASKS_REDIS.get('CA_CERT_PATH', False)
|
|
|
|
# Caching
|
|
if 'caching' not in REDIS:
|
|
raise ImproperlyConfigured(
|
|
"REDIS section in configuration.py is missing caching subsection."
|
|
)
|
|
CACHING_REDIS_HOST = REDIS['caching'].get('HOST', 'localhost')
|
|
CACHING_REDIS_PORT = REDIS['caching'].get('PORT', 6379)
|
|
CACHING_REDIS_DATABASE = REDIS['caching'].get('DATABASE', 0)
|
|
CACHING_REDIS_USERNAME = REDIS['caching'].get('USERNAME', '')
|
|
CACHING_REDIS_USERNAME_HOST = '@'.join(filter(None, [CACHING_REDIS_USERNAME, CACHING_REDIS_HOST]))
|
|
CACHING_REDIS_PASSWORD = REDIS['caching'].get('PASSWORD', '')
|
|
CACHING_REDIS_SENTINELS = REDIS['caching'].get('SENTINELS', [])
|
|
CACHING_REDIS_SENTINEL_SERVICE = REDIS['caching'].get('SENTINEL_SERVICE', 'default')
|
|
CACHING_REDIS_PROTO = 'rediss' if REDIS['caching'].get('SSL', False) else 'redis'
|
|
CACHING_REDIS_SKIP_TLS_VERIFY = REDIS['caching'].get('INSECURE_SKIP_TLS_VERIFY', False)
|
|
CACHING_REDIS_CA_CERT_PATH = REDIS['caching'].get('CA_CERT_PATH', False)
|
|
|
|
CACHES = {
|
|
'default': {
|
|
'BACKEND': 'django_redis.cache.RedisCache',
|
|
'LOCATION': f'{CACHING_REDIS_PROTO}://{CACHING_REDIS_USERNAME_HOST}:{CACHING_REDIS_PORT}/{CACHING_REDIS_DATABASE}',
|
|
'OPTIONS': {
|
|
'CLIENT_CLASS': 'django_redis.client.DefaultClient',
|
|
'PASSWORD': CACHING_REDIS_PASSWORD,
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
if CACHING_REDIS_SENTINELS:
|
|
DJANGO_REDIS_CONNECTION_FACTORY = 'django_redis.pool.SentinelConnectionFactory'
|
|
CACHES['default']['LOCATION'] = f'{CACHING_REDIS_PROTO}://{CACHING_REDIS_SENTINEL_SERVICE}/{CACHING_REDIS_DATABASE}'
|
|
CACHES['default']['OPTIONS']['CLIENT_CLASS'] = 'django_redis.client.SentinelClient'
|
|
CACHES['default']['OPTIONS']['SENTINELS'] = CACHING_REDIS_SENTINELS
|
|
if CACHING_REDIS_SKIP_TLS_VERIFY:
|
|
CACHES['default']['OPTIONS'].setdefault('CONNECTION_POOL_KWARGS', {})
|
|
CACHES['default']['OPTIONS']['CONNECTION_POOL_KWARGS']['ssl_cert_reqs'] = False
|
|
if CACHING_REDIS_CA_CERT_PATH:
|
|
CACHES['default']['OPTIONS'].setdefault('CONNECTION_POOL_KWARGS', {})
|
|
CACHES['default']['OPTIONS']['CONNECTION_POOL_KWARGS']['ssl_ca_certs'] = CACHING_REDIS_CA_CERT_PATH
|
|
|
|
#
|
|
# Sessions
|
|
#
|
|
|
|
if LOGIN_TIMEOUT is not None:
|
|
# Django default is 1209600 seconds (14 days)
|
|
SESSION_COOKIE_AGE = LOGIN_TIMEOUT
|
|
SESSION_SAVE_EVERY_REQUEST = bool(LOGIN_PERSISTENCE)
|
|
if SESSION_FILE_PATH is not None:
|
|
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
|
|
|
|
|
|
#
|
|
# Email
|
|
#
|
|
|
|
EMAIL_HOST = EMAIL.get('SERVER')
|
|
EMAIL_HOST_USER = EMAIL.get('USERNAME')
|
|
EMAIL_HOST_PASSWORD = EMAIL.get('PASSWORD')
|
|
EMAIL_PORT = EMAIL.get('PORT', 25)
|
|
EMAIL_SSL_CERTFILE = EMAIL.get('SSL_CERTFILE')
|
|
EMAIL_SSL_KEYFILE = EMAIL.get('SSL_KEYFILE')
|
|
EMAIL_SUBJECT_PREFIX = '[NetBox] '
|
|
EMAIL_USE_SSL = EMAIL.get('USE_SSL', False)
|
|
EMAIL_USE_TLS = EMAIL.get('USE_TLS', False)
|
|
EMAIL_TIMEOUT = EMAIL.get('TIMEOUT', 10)
|
|
SERVER_EMAIL = EMAIL.get('FROM_EMAIL')
|
|
|
|
|
|
#
|
|
# Django
|
|
#
|
|
|
|
INSTALLED_APPS = [
|
|
'django.contrib.admin',
|
|
'django.contrib.auth',
|
|
'django.contrib.contenttypes',
|
|
'django.contrib.sessions',
|
|
'django.contrib.messages',
|
|
'django.contrib.staticfiles',
|
|
'django.contrib.humanize',
|
|
'django.forms',
|
|
'corsheaders',
|
|
'debug_toolbar',
|
|
'graphiql_debug_toolbar',
|
|
'django_filters',
|
|
'django_tables2',
|
|
'django_prometheus',
|
|
'graphene_django',
|
|
'mptt',
|
|
'rest_framework',
|
|
'social_django',
|
|
'taggit',
|
|
'timezone_field',
|
|
'core',
|
|
'account',
|
|
'circuits',
|
|
'dcim',
|
|
'ipam',
|
|
'extras',
|
|
'tenancy',
|
|
'users',
|
|
'utilities',
|
|
'virtualization',
|
|
'vpn',
|
|
'wireless',
|
|
'django_rq', # Must come after extras to allow overriding management commands
|
|
'drf_spectacular',
|
|
'drf_spectacular_sidecar',
|
|
]
|
|
|
|
# Middleware
|
|
MIDDLEWARE = [
|
|
'graphiql_debug_toolbar.middleware.DebugToolbarMiddleware',
|
|
'django_prometheus.middleware.PrometheusBeforeMiddleware',
|
|
'corsheaders.middleware.CorsMiddleware',
|
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
'django.middleware.locale.LocaleMiddleware',
|
|
'django.middleware.common.CommonMiddleware',
|
|
'django.middleware.csrf.CsrfViewMiddleware',
|
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
'django.contrib.messages.middleware.MessageMiddleware',
|
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
'django.middleware.security.SecurityMiddleware',
|
|
'netbox.middleware.RemoteUserMiddleware',
|
|
'netbox.middleware.CoreMiddleware',
|
|
'netbox.middleware.MaintenanceModeMiddleware',
|
|
'django_prometheus.middleware.PrometheusAfterMiddleware',
|
|
]
|
|
|
|
if not ENABLE_LOCALIZATION:
|
|
MIDDLEWARE.remove("django.middleware.locale.LocaleMiddleware")
|
|
|
|
ROOT_URLCONF = 'netbox.urls'
|
|
|
|
TEMPLATES_DIR = BASE_DIR + '/templates'
|
|
TEMPLATES = [
|
|
{
|
|
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
|
'DIRS': [TEMPLATES_DIR],
|
|
'APP_DIRS': True,
|
|
'OPTIONS': {
|
|
'builtins': [
|
|
'utilities.templatetags.builtins.filters',
|
|
'utilities.templatetags.builtins.tags',
|
|
],
|
|
'context_processors': [
|
|
'django.template.context_processors.debug',
|
|
'django.template.context_processors.request',
|
|
'django.template.context_processors.media',
|
|
'django.contrib.auth.context_processors.auth',
|
|
'django.contrib.messages.context_processors.messages',
|
|
'netbox.context_processors.settings_and_registry',
|
|
],
|
|
},
|
|
},
|
|
]
|
|
|
|
# This allows us to override Django's stock form widget templates
|
|
FORM_RENDERER = 'django.forms.renderers.TemplatesSetting'
|
|
|
|
# Set up authentication backends
|
|
if type(REMOTE_AUTH_BACKEND) not in (list, tuple):
|
|
REMOTE_AUTH_BACKEND = [REMOTE_AUTH_BACKEND]
|
|
AUTHENTICATION_BACKENDS = [
|
|
*REMOTE_AUTH_BACKEND,
|
|
'netbox.authentication.ObjectPermissionBackend',
|
|
]
|
|
|
|
# Time zones
|
|
USE_TZ = True
|
|
|
|
# WSGI
|
|
WSGI_APPLICATION = 'netbox.wsgi.application'
|
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
|
USE_X_FORWARDED_HOST = True
|
|
X_FRAME_OPTIONS = 'SAMEORIGIN'
|
|
|
|
# Static files (CSS, JavaScript, Images)
|
|
STATIC_ROOT = BASE_DIR + '/static'
|
|
STATIC_URL = f'/{BASE_PATH}static/'
|
|
STATICFILES_DIRS = (
|
|
os.path.join(BASE_DIR, 'project-static', 'dist'),
|
|
os.path.join(BASE_DIR, 'project-static', 'img'),
|
|
os.path.join(BASE_DIR, 'project-static', 'js'),
|
|
('docs', os.path.join(BASE_DIR, 'project-static', 'docs')), # Prefix with /docs
|
|
)
|
|
|
|
# Media
|
|
MEDIA_URL = '/{}media/'.format(BASE_PATH)
|
|
|
|
# Disable default limit of 1000 fields per request. Needed for bulk deletion of objects. (Added in Django 1.10.)
|
|
DATA_UPLOAD_MAX_NUMBER_FIELDS = None
|
|
|
|
# Messages
|
|
MESSAGE_TAGS = {
|
|
messages.ERROR: 'danger',
|
|
}
|
|
|
|
# Authentication URLs
|
|
LOGIN_URL = f'/{BASE_PATH}login/'
|
|
LOGIN_REDIRECT_URL = f'/{BASE_PATH}'
|
|
|
|
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
|
|
|
|
# Exclude potentially sensitive models from wildcard view exemption. These may still be exempted
|
|
# by specifying the model individually in the EXEMPT_VIEW_PERMISSIONS configuration parameter.
|
|
EXEMPT_EXCLUDE_MODELS = (
|
|
('auth', 'group'),
|
|
('auth', 'user'),
|
|
('extras', 'configrevision'),
|
|
('users', 'objectpermission'),
|
|
('users', 'token'),
|
|
)
|
|
|
|
# All URLs starting with a string listed here are exempt from login enforcement
|
|
AUTH_EXEMPT_PATHS = (
|
|
f'/{BASE_PATH}api/',
|
|
f'/{BASE_PATH}graphql/',
|
|
f'/{BASE_PATH}login/',
|
|
f'/{BASE_PATH}oauth/',
|
|
f'/{BASE_PATH}metrics',
|
|
)
|
|
|
|
# All URLs starting with a string listed here are exempt from maintenance mode enforcement
|
|
MAINTENANCE_EXEMPT_PATHS = (
|
|
f'/{BASE_PATH}admin/',
|
|
f'/{BASE_PATH}extras/config-revisions/', # Allow modifying the configuration
|
|
LOGIN_URL,
|
|
LOGIN_REDIRECT_URL,
|
|
LOGOUT_REDIRECT_URL
|
|
)
|
|
|
|
SERIALIZATION_MODULES = {
|
|
'json': 'utilities.serializers.json',
|
|
}
|
|
|
|
|
|
#
|
|
# Sentry
|
|
#
|
|
|
|
if SENTRY_ENABLED:
|
|
try:
|
|
from sentry_sdk.integrations.django import DjangoIntegration
|
|
except ModuleNotFoundError:
|
|
raise ImproperlyConfigured("SENTRY_ENABLED is True but the sentry-sdk package is not installed.")
|
|
if not SENTRY_DSN:
|
|
raise ImproperlyConfigured("SENTRY_ENABLED is True but SENTRY_DSN has not been defined.")
|
|
# Initialize the SDK
|
|
sentry_sdk.init(
|
|
dsn=SENTRY_DSN,
|
|
release=VERSION,
|
|
integrations=[DjangoIntegration()],
|
|
sample_rate=SENTRY_SAMPLE_RATE,
|
|
traces_sample_rate=SENTRY_TRACES_SAMPLE_RATE,
|
|
send_default_pii=True,
|
|
http_proxy=HTTP_PROXIES.get('http') if HTTP_PROXIES else None,
|
|
https_proxy=HTTP_PROXIES.get('https') if HTTP_PROXIES else None
|
|
)
|
|
# Assign any configured tags
|
|
for k, v in SENTRY_TAGS.items():
|
|
sentry_sdk.set_tag(k, v)
|
|
|
|
|
|
#
|
|
# Census collection
|
|
#
|
|
|
|
CENSUS_URL = 'https://census.netbox.dev/api/v1/'
|
|
CENSUS_PARAMS = {
|
|
'version': VERSION,
|
|
'python_version': sys.version.split()[0],
|
|
'deployment_id': DEPLOYMENT_ID,
|
|
}
|
|
if CENSUS_REPORTING_ENABLED and not DEBUG and 'test' not in sys.argv:
|
|
try:
|
|
# Report anonymous census data
|
|
requests.get(f'{CENSUS_URL}?{urlencode(CENSUS_PARAMS)}', timeout=3, proxies=HTTP_PROXIES)
|
|
except requests.exceptions.RequestException:
|
|
pass
|
|
|
|
|
|
#
|
|
# Django social auth
|
|
#
|
|
|
|
SOCIAL_AUTH_PIPELINE = (
|
|
'social_core.pipeline.social_auth.social_details',
|
|
'social_core.pipeline.social_auth.social_uid',
|
|
'social_core.pipeline.social_auth.social_user',
|
|
'social_core.pipeline.user.get_username',
|
|
'social_core.pipeline.user.create_user',
|
|
'social_core.pipeline.social_auth.associate_user',
|
|
'netbox.authentication.user_default_groups_handler',
|
|
'social_core.pipeline.social_auth.load_extra_data',
|
|
'social_core.pipeline.user.user_details',
|
|
)
|
|
|
|
# Load all SOCIAL_AUTH_* settings from the user configuration
|
|
for param in dir(configuration):
|
|
if param.startswith('SOCIAL_AUTH_'):
|
|
globals()[param] = getattr(configuration, param)
|
|
|
|
# Force usage of PostgreSQL's JSONB field for extra data
|
|
SOCIAL_AUTH_JSONFIELD_ENABLED = True
|
|
SOCIAL_AUTH_CLEAN_USERNAME_FUNCTION = 'users.utils.clean_username'
|
|
|
|
#
|
|
# Django Prometheus
|
|
#
|
|
|
|
PROMETHEUS_EXPORT_MIGRATIONS = False
|
|
|
|
|
|
#
|
|
# Django filters
|
|
#
|
|
|
|
FILTERS_NULL_CHOICE_LABEL = 'None'
|
|
FILTERS_NULL_CHOICE_VALUE = 'null'
|
|
|
|
|
|
#
|
|
# Django REST framework (API)
|
|
#
|
|
|
|
REST_FRAMEWORK_VERSION = '.'.join(VERSION.split('-')[0].split('.')[:2]) # Use major.minor as API version
|
|
REST_FRAMEWORK = {
|
|
'ALLOWED_VERSIONS': [REST_FRAMEWORK_VERSION],
|
|
'COERCE_DECIMAL_TO_STRING': False,
|
|
'DEFAULT_AUTHENTICATION_CLASSES': (
|
|
'rest_framework.authentication.SessionAuthentication',
|
|
'netbox.api.authentication.TokenAuthentication',
|
|
),
|
|
'DEFAULT_FILTER_BACKENDS': (
|
|
'django_filters.rest_framework.DjangoFilterBackend',
|
|
'rest_framework.filters.OrderingFilter',
|
|
),
|
|
'DEFAULT_METADATA_CLASS': 'netbox.api.metadata.BulkOperationMetadata',
|
|
'DEFAULT_PAGINATION_CLASS': 'netbox.api.pagination.OptionalLimitOffsetPagination',
|
|
'DEFAULT_PARSER_CLASSES': (
|
|
'rest_framework.parsers.JSONParser',
|
|
'rest_framework.parsers.MultiPartParser',
|
|
),
|
|
'DEFAULT_PERMISSION_CLASSES': (
|
|
'netbox.api.authentication.TokenPermissions',
|
|
),
|
|
'DEFAULT_RENDERER_CLASSES': (
|
|
'rest_framework.renderers.JSONRenderer',
|
|
'netbox.api.renderers.FormlessBrowsableAPIRenderer',
|
|
),
|
|
'DEFAULT_SCHEMA_CLASS': 'core.api.schema.NetBoxAutoSchema',
|
|
'DEFAULT_VERSION': REST_FRAMEWORK_VERSION,
|
|
'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.AcceptHeaderVersioning',
|
|
'SCHEMA_COERCE_METHOD_NAMES': {
|
|
# Default mappings
|
|
'retrieve': 'read',
|
|
'destroy': 'delete',
|
|
# Custom operations
|
|
'bulk_destroy': 'bulk_delete',
|
|
},
|
|
'VIEW_NAME_FUNCTION': 'utilities.api.get_view_name',
|
|
}
|
|
|
|
#
|
|
# DRF Spectacular
|
|
#
|
|
|
|
SPECTACULAR_SETTINGS = {
|
|
'TITLE': 'NetBox REST API',
|
|
'LICENSE': {'name': 'Apache v2 License'},
|
|
'VERSION': VERSION,
|
|
'COMPONENT_SPLIT_REQUEST': True,
|
|
'REDOC_DIST': 'SIDECAR',
|
|
'SERVERS': [{
|
|
'url': BASE_PATH,
|
|
'description': 'NetBox',
|
|
}],
|
|
'SWAGGER_UI_DIST': 'SIDECAR',
|
|
'SWAGGER_UI_FAVICON_HREF': 'SIDECAR',
|
|
'POSTPROCESSING_HOOKS': [],
|
|
}
|
|
|
|
#
|
|
# Graphene
|
|
#
|
|
|
|
GRAPHENE = {
|
|
# Avoids naming collision on models with 'type' field; see
|
|
# https://github.com/graphql-python/graphene-django/issues/185
|
|
'DJANGO_CHOICE_FIELD_ENUM_V3_NAMING': True,
|
|
}
|
|
|
|
|
|
#
|
|
# Django RQ (events backend)
|
|
#
|
|
|
|
if TASKS_REDIS_USING_SENTINEL:
|
|
RQ_PARAMS = {
|
|
'SENTINELS': TASKS_REDIS_SENTINELS,
|
|
'MASTER_NAME': TASKS_REDIS_SENTINEL_SERVICE,
|
|
'SOCKET_TIMEOUT': None,
|
|
'CONNECTION_KWARGS': {
|
|
'socket_connect_timeout': TASKS_REDIS_SENTINEL_TIMEOUT
|
|
},
|
|
}
|
|
else:
|
|
RQ_PARAMS = {
|
|
'HOST': TASKS_REDIS_HOST,
|
|
'PORT': TASKS_REDIS_PORT,
|
|
'SSL': TASKS_REDIS_SSL,
|
|
'SSL_CERT_REQS': None if TASKS_REDIS_SKIP_TLS_VERIFY else 'required',
|
|
}
|
|
RQ_PARAMS.update({
|
|
'DB': TASKS_REDIS_DATABASE,
|
|
'USERNAME': TASKS_REDIS_USERNAME,
|
|
'PASSWORD': TASKS_REDIS_PASSWORD,
|
|
'DEFAULT_TIMEOUT': RQ_DEFAULT_TIMEOUT,
|
|
})
|
|
|
|
if TASKS_REDIS_CA_CERT_PATH:
|
|
RQ_PARAMS.setdefault('REDIS_CLIENT_KWARGS', {})
|
|
RQ_PARAMS['REDIS_CLIENT_KWARGS']['ssl_ca_certs'] = TASKS_REDIS_CA_CERT_PATH
|
|
|
|
RQ_QUEUES = {
|
|
RQ_QUEUE_HIGH: RQ_PARAMS,
|
|
RQ_QUEUE_DEFAULT: RQ_PARAMS,
|
|
RQ_QUEUE_LOW: RQ_PARAMS,
|
|
}
|
|
|
|
# Add any queues defined in QUEUE_MAPPINGS
|
|
RQ_QUEUES.update({
|
|
queue: RQ_PARAMS for queue in set(QUEUE_MAPPINGS.values()) if queue not in RQ_QUEUES
|
|
})
|
|
|
|
#
|
|
# Localization
|
|
#
|
|
|
|
LANGUAGES = (
|
|
('en', _('English')),
|
|
('es', _('Spanish')),
|
|
('fr', _('French')),
|
|
('ja', _('Japanese')),
|
|
('pt', _('Portuguese')),
|
|
('ru', _('Russian')),
|
|
('tr', _('Turkish')),
|
|
)
|
|
|
|
LOCALE_PATHS = (
|
|
BASE_DIR + '/translations',
|
|
)
|
|
|
|
if not ENABLE_LOCALIZATION:
|
|
USE_I18N = False
|
|
USE_L10N = False
|
|
|
|
#
|
|
# Plugins
|
|
#
|
|
|
|
for plugin_name in PLUGINS:
|
|
# Import plugin module
|
|
try:
|
|
plugin = importlib.import_module(plugin_name)
|
|
except ModuleNotFoundError as e:
|
|
if getattr(e, 'name') == plugin_name:
|
|
raise ImproperlyConfigured(
|
|
"Unable to import plugin {}: Module not found. Check that the plugin module has been installed within the "
|
|
"correct Python environment.".format(plugin_name)
|
|
)
|
|
raise e
|
|
|
|
# Determine plugin config and add to INSTALLED_APPS.
|
|
try:
|
|
plugin_config: PluginConfig = plugin.config
|
|
except AttributeError:
|
|
raise ImproperlyConfigured(
|
|
"Plugin {} does not provide a 'config' variable. This should be defined in the plugin's __init__.py file "
|
|
"and point to the PluginConfig subclass.".format(plugin_name)
|
|
)
|
|
|
|
plugin_module = "{}.{}".format(plugin_config.__module__, plugin_config.__name__) # type: ignore
|
|
|
|
# Gather additional apps to load alongside this plugin
|
|
django_apps = plugin_config.django_apps
|
|
if plugin_name in django_apps:
|
|
django_apps.pop(plugin_name)
|
|
if plugin_module not in django_apps:
|
|
django_apps.append(plugin_module)
|
|
|
|
# Test if we can import all modules (or its parent, for PluginConfigs and AppConfigs)
|
|
for app in django_apps:
|
|
if "." in app:
|
|
parts = app.split(".")
|
|
spec = importlib.util.find_spec(".".join(parts[:-1]))
|
|
else:
|
|
spec = importlib.util.find_spec(app)
|
|
if spec is None:
|
|
raise ImproperlyConfigured(
|
|
f"Failed to load django_apps specified by plugin {plugin_name}: {django_apps} "
|
|
f"The module {app} cannot be imported. Check that the necessary package has been "
|
|
"installed within the correct Python environment."
|
|
)
|
|
|
|
INSTALLED_APPS.extend(django_apps)
|
|
|
|
# Preserve uniqueness of the INSTALLED_APPS list, we keep the last occurence
|
|
sorted_apps = reversed(list(dict.fromkeys(reversed(INSTALLED_APPS))))
|
|
INSTALLED_APPS = list(sorted_apps)
|
|
|
|
# Validate user-provided configuration settings and assign defaults
|
|
if plugin_name not in PLUGINS_CONFIG:
|
|
PLUGINS_CONFIG[plugin_name] = {}
|
|
plugin_config.validate(PLUGINS_CONFIG[plugin_name], VERSION)
|
|
|
|
# Add middleware
|
|
plugin_middleware = plugin_config.middleware
|
|
if plugin_middleware and type(plugin_middleware) in (list, tuple):
|
|
MIDDLEWARE.extend(plugin_middleware)
|
|
|
|
# Create RQ queues dedicated to the plugin
|
|
# we use the plugin name as a prefix for queue name's defined in the plugin config
|
|
# ex: mysuperplugin.mysuperqueue1
|
|
if type(plugin_config.queues) is not list:
|
|
raise ImproperlyConfigured(
|
|
"Plugin {} queues must be a list.".format(plugin_name)
|
|
)
|
|
RQ_QUEUES.update({
|
|
f"{plugin_name}.{queue}": RQ_PARAMS for queue in plugin_config.queues
|
|
})
|