From bade14f2ed4d815706aff42d8f6a2453ad9d3977 Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Thu, 18 Jul 2024 17:50:39 -0400 Subject: [PATCH 01/29] Update README.md --- README.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 16e3e817..07454198 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,17 @@ # Diode -Diode is a service designed to streamline the process of data ingestion and reconciliation for NetBox users. It aims to lower the barriers to entry for integrating existing network infrastructure data into NetBox and reduce the maintenance efforts required to keep the data up-to-date. +Diode is a NetBox data ingestion service that greatly simplifies and enhances the process to add and update network data in NetBox, ensuring your network source of truth is always accurate and can be trusted to power your network automation pipelines. Our guiding principle in designing Diode has been to make it as easy as possible to get data into NetBox, removing as much burden as possible from the user while shifting that effort to technology. -## Usage +To achieve this, Diode sits in front of NetBox and provides an API purpose built for ingestion of complex network data. Diode eliminates the need to preprocess data to make it conform to the strict object hierarchy imposed by the NetBox data model. This allows data to be sent to NetBox in a more freeform manner, in blocks that are intuitive for network engineers (such as by device or by interface) with much of the related information treated as attributes or properties of these components of interest. Then, Diode takes care of the heavy lifting, automatically transforming the data to align it with NetBox’s structured and comprehensive data model. Diode can even create placeholder objects to compensate for missing information, which means even fragmented information about the network can be captured in NetBox. + +## Get started + +Diode runs as a sidecar service to NetBox and can run anywhere with network connectivity with NetBox, whether on the same host or elsewhere. The overall Diode service is delivered through three main components (and a fourth optional component): + +1. Diode plugin - see how to [install the Diode plugin](https://github.com/netboxlabs/diode-netbox-plugin) +2. Diode server - see how to [run the Diode server](https://github.com/netboxlabs/diode/tree/develop/diode-server#readme) +3. Diode SDK - see how to [install the Diode client SDK](https://github.com/netboxlabs/diode-sdk-python) and [download Diode Python script examples](https://github.com/netboxlabs/netbox-learning/tree/develop/diode-private-preview/examples) +4. Diode agent (optional) - see how to [install and run the Diode discovery agent](https://github.com/netboxlabs/diode-agent) ## Related Projects From b3199dd160f3e66a0e12c321c2a0ab03158f3541 Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Thu, 18 Jul 2024 18:07:05 -0400 Subject: [PATCH 02/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 07454198..3df9e51f 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Diode runs as a sidecar service to NetBox and can run anywhere with network conn 1. Diode plugin - see how to [install the Diode plugin](https://github.com/netboxlabs/diode-netbox-plugin) 2. Diode server - see how to [run the Diode server](https://github.com/netboxlabs/diode/tree/develop/diode-server#readme) -3. Diode SDK - see how to [install the Diode client SDK](https://github.com/netboxlabs/diode-sdk-python) and [download Diode Python script examples](https://github.com/netboxlabs/netbox-learning/tree/develop/diode-private-preview/examples) +3. Diode SDK - see how to [install the Diode client SDK](https://github.com/netboxlabs/diode-sdk-python) and [download Diode Python script examples](https://github.com/netboxlabs/netbox-learning/tree/develop/diode/examples) 4. Diode agent (optional) - see how to [install and run the Diode discovery agent](https://github.com/netboxlabs/diode-agent) ## Related Projects From ed0e58ff8425f2cb1af4b02d818930fe485a316b Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Fri, 19 Jul 2024 08:21:45 -0400 Subject: [PATCH 03/29] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3df9e51f..fa7dd793 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,13 @@ Diode is a NetBox data ingestion service that greatly simplifies and enhances th To achieve this, Diode sits in front of NetBox and provides an API purpose built for ingestion of complex network data. Diode eliminates the need to preprocess data to make it conform to the strict object hierarchy imposed by the NetBox data model. This allows data to be sent to NetBox in a more freeform manner, in blocks that are intuitive for network engineers (such as by device or by interface) with much of the related information treated as attributes or properties of these components of interest. Then, Diode takes care of the heavy lifting, automatically transforming the data to align it with NetBox’s structured and comprehensive data model. Diode can even create placeholder objects to compensate for missing information, which means even fragmented information about the network can be captured in NetBox. +## Project status + +The Diode project is currently in the _Public Preview_ stage. Please see [NetBox Labs Product and Feature Lifecycle](https://docs.netboxlabs.com/product_feature_lifecycle/) for more details. We actively welcome feedback to help identify and prioritize bugs, new features and areas of improvement. + ## Get started -Diode runs as a sidecar service to NetBox and can run anywhere with network connectivity with NetBox, whether on the same host or elsewhere. The overall Diode service is delivered through three main components (and a fourth optional component): +Diode runs as a sidecar service to NetBox and can run anywhere with network connectivity to NetBox, whether on the same host or elsewhere. The overall Diode service is delivered through three main components (and a fourth optional component): 1. Diode plugin - see how to [install the Diode plugin](https://github.com/netboxlabs/diode-netbox-plugin) 2. Diode server - see how to [run the Diode server](https://github.com/netboxlabs/diode/tree/develop/diode-server#readme) From 361538ba8ec49acf6b031e23295f6ed94dc0680b Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 13:34:00 +0100 Subject: [PATCH 04/29] fix: GHA - semantic-release Signed-off-by: Michal Fiedorowicz --- .github/workflows/server-release.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/server-release.yaml b/.github/workflows/server-release.yaml index e53585c0..dc4936dc 100644 --- a/.github/workflows/server-release.yaml +++ b/.github/workflows/server-release.yaml @@ -95,7 +95,6 @@ jobs: fail-fast: false matrix: app: ${{ fromJSON(needs.setup.outputs.apps) }} - if: needs.setup.outputs.app != '' with: app_name: diode-${{ matrix.app }} app_dir: diode-server From 3f2d5d0ad4309fcb054d1b4c00baf04045fad7d3 Mon Sep 17 00:00:00 2001 From: Leonardo Parente <23251360+leoparente@users.noreply.github.com> Date: Fri, 19 Jul 2024 10:40:42 -0300 Subject: [PATCH 05/29] Feat: update docker compose --- diode-server/docker/docker-compose.yaml | 6 +++--- diode-server/docker/sample.env | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index 967d7203..c66f37cc 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -8,7 +8,7 @@ services: } upstream netbox { - server netbox:8080; + server $NETBOX_EXTERNAL_URI; } server { @@ -38,7 +38,7 @@ services: - diode-reconciler diode-ingester: - image: netboxlabs/diode-ingester:${DIODE_VERSION}-${COMMIT_SHA} + image: netboxlabs/diode-ingester:latest environment: - API_KEY=${RECONCILER_API_KEY} - REDIS_PASSWORD=${REDIS_PASSWORD} @@ -55,7 +55,7 @@ services: - diode-reconciler diode-reconciler: - image: netboxlabs/diode-reconciler:${DIODE_VERSION}-${COMMIT_SHA} + image: netboxlabs/diode-reconciler:latest environment: - REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_HOST=${REDIS_HOST} diff --git a/diode-server/docker/sample.env b/diode-server/docker/sample.env index 058a843d..14a6b494 100644 --- a/diode-server/docker/sample.env +++ b/diode-server/docker/sample.env @@ -4,10 +4,11 @@ REDIS_HOST=diode-redis REDIS_PORT=6379 RECONCILER_GRPC_HOST=diode-reconciler RECONCILER_GRPC_PORT=8081 -NETBOX_DIODE_PLUGIN_API_BASE_URL=http://netbox:8080/netbox/api/plugins/diode +NETBOX_EXTERNAL_URI=CHANGE_.ME:8000 +NETBOX_DIODE_PLUGIN_API_BASE_URL=http://ingress-nginx/netbox/api/plugins/diode DIODE_TO_NETBOX_API_KEY=1368dbad13e418d5a443d93cf255edde03a2a754 NETBOX_TO_DIODE_API_KEY=1e99338b8cab5fc637bc55f390bda1446f619c42 INGESTION_API_KEY=5a52c45ee8231156cb620d193b0291912dd15433 -NETBOX_API_URL=http://netbox:8000/netbox/api +NETBOX_API_URL=http://ingress-nginx/netbox/api LOGGING_LEVEL=DEBUG SENTRY_DSN= From c01acc06699ad6a33fbe7ecd19201e6ecb1e772b Mon Sep 17 00:00:00 2001 From: Leonardo Parente <23251360+leoparente@users.noreply.github.com> Date: Fri, 19 Jul 2024 11:02:53 -0300 Subject: [PATCH 06/29] update nginx --- diode-server/docker/docker-compose.yaml | 13 ------------- diode-server/docker/sample.env | 5 ++--- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index c66f37cc..2bf706c7 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -7,10 +7,6 @@ services: server diode-ingester:8081; } - upstream netbox { - server $NETBOX_EXTERNAL_URI; - } - server { listen 80; http2 on; @@ -19,15 +15,6 @@ services: rewrite /diode/(.*) /$1 break; grpc_pass grpc://diode; } - location /netbox/static/ { - proxy_pass http://netbox/static/; - } - location /netbox/ { - proxy_pass http://netbox; - proxy_set_header X-Forwarded-Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-Proto $$scheme; - } }' > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" restart: always diff --git a/diode-server/docker/sample.env b/diode-server/docker/sample.env index 14a6b494..2a73e565 100644 --- a/diode-server/docker/sample.env +++ b/diode-server/docker/sample.env @@ -4,11 +4,10 @@ REDIS_HOST=diode-redis REDIS_PORT=6379 RECONCILER_GRPC_HOST=diode-reconciler RECONCILER_GRPC_PORT=8081 -NETBOX_EXTERNAL_URI=CHANGE_.ME:8000 -NETBOX_DIODE_PLUGIN_API_BASE_URL=http://ingress-nginx/netbox/api/plugins/diode +NETBOX_DIODE_PLUGIN_API_BASE_URL=http://NETBOX_HOST/netbox/api/plugins/diode DIODE_TO_NETBOX_API_KEY=1368dbad13e418d5a443d93cf255edde03a2a754 NETBOX_TO_DIODE_API_KEY=1e99338b8cab5fc637bc55f390bda1446f619c42 INGESTION_API_KEY=5a52c45ee8231156cb620d193b0291912dd15433 -NETBOX_API_URL=http://ingress-nginx/netbox/api +NETBOX_API_URL=http://NETBOX_HOST/netbox/api LOGGING_LEVEL=DEBUG SENTRY_DSN= From 5e319c7e76370e586d9fe2c92c04e7135505cabf Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 15:51:04 +0100 Subject: [PATCH 07/29] chore: docker-compose - remove port export Signed-off-by: Michal Fiedorowicz --- diode-server/docker/docker-compose.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index 2bf706c7..b271cc07 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -55,8 +55,7 @@ services: - LOGGING_LEVEL=${LOGGING_LEVEL} - SENTRY_DSN=${SENTRY_DSN} restart: always - ports: - - "8082:8081" + ports: [ ] depends_on: - diode-redis diode-redis: From 19104e86f757c1c6a6a1647d232eb4360b81c240 Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 15:51:53 +0100 Subject: [PATCH 08/29] chore: dev makefile - remove building diode images with netbox Signed-off-by: Michal Fiedorowicz --- diode-server/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/diode-server/Makefile b/diode-server/Makefile index 79d3a583..910a33e4 100644 --- a/diode-server/Makefile +++ b/diode-server/Makefile @@ -71,7 +71,7 @@ docker-compose-down: @DIODE_VERSION=$(DIODE_VERSION) COMMIT_SHA=$(COMMIT_SHA) \ $(DOCKER_COMPOSE) --env-file docker/sample.env -f docker/docker-compose.yaml down --remove-orphans -docker-compose-netbox-up: docker-all +docker-compose-netbox-up: $(DOCKER_COMPOSE) -f docker/docker-compose.netbox.yaml up -d --build docker-compose-netbox-down: From d79b94debd1de630f5ae042e4b4704c0ceb9708f Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 15:58:25 +0100 Subject: [PATCH 09/29] chore: move docker-compose into root directory Signed-off-by: Michal Fiedorowicz --- diode-server/Makefile | 4 ++-- .../docker/docker-compose.yaml => docker-compose.yaml | 0 diode-server/docker/sample.env => sample.env | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename diode-server/docker/docker-compose.yaml => docker-compose.yaml (100%) rename diode-server/docker/sample.env => sample.env (100%) diff --git a/diode-server/Makefile b/diode-server/Makefile index 910a33e4..2c79f9a3 100644 --- a/diode-server/Makefile +++ b/diode-server/Makefile @@ -65,11 +65,11 @@ docker-all: $(DOCKER_SERVICES) docker-compose-up: docker-all @DIODE_VERSION=$(DIODE_VERSION) COMMIT_SHA=$(COMMIT_SHA) \ - $(DOCKER_COMPOSE) --env-file docker/sample.env -f docker/docker-compose.yaml up -d --build + $(DOCKER_COMPOSE) --env-file $(ROOT_DIR)/sample.env -f $(ROOT_DIR)/docker-compose.yaml up -d --build docker-compose-down: @DIODE_VERSION=$(DIODE_VERSION) COMMIT_SHA=$(COMMIT_SHA) \ - $(DOCKER_COMPOSE) --env-file docker/sample.env -f docker/docker-compose.yaml down --remove-orphans + $(DOCKER_COMPOSE) --env-file $(ROOT_DIR)/sample.env -f $(ROOT_DIR)/docker-compose.yaml down --remove-orphans docker-compose-netbox-up: $(DOCKER_COMPOSE) -f docker/docker-compose.netbox.yaml up -d --build diff --git a/diode-server/docker/docker-compose.yaml b/docker-compose.yaml similarity index 100% rename from diode-server/docker/docker-compose.yaml rename to docker-compose.yaml diff --git a/diode-server/docker/sample.env b/sample.env similarity index 100% rename from diode-server/docker/sample.env rename to sample.env From 3293adbfa803b383aabcd70830b7e1febe626bca Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 16:23:08 +0100 Subject: [PATCH 10/29] chore: docker-compose - remove redis port export Signed-off-by: Michal Fiedorowicz --- docker-compose.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index b271cc07..2e5cd4eb 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -66,8 +66,7 @@ services: - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD --loadmodule /opt/redis-stack/lib/rejson.so --loadmodule /opt/redis-stack/lib/redisearch.so environment: - REDIS_PASSWORD=${REDIS_PASSWORD} - ports: - - "6379:6379" + ports: [ ] volumes: - diode-redis-data:/data diode-redis-cli: From 438d2fc050dc06730003ad2c9638812c5ce7d4cd Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 16:25:53 +0100 Subject: [PATCH 11/29] chore: docker-compose - remove redundant volume Signed-off-by: Michal Fiedorowicz --- docker-compose.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 2e5cd4eb..4b3fcc16 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -77,8 +77,6 @@ services: environment: - REDIS_HOST=${REDIS_HOST} - REDIS_PASSWORD=${REDIS_PASSWORD} - volumes: - - ./diode/redis:/home/redis volumes: diode-redis-data: driver: local \ No newline at end of file From 0ee8787a3374f394fe21b1dc57ab3685944d3b1d Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 16:32:51 +0100 Subject: [PATCH 12/29] chore: docker-compose - cleanup Signed-off-by: Michal Fiedorowicz --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 4b3fcc16..90aef286 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -12,7 +12,7 @@ services: http2 on; server_name localhost; location /diode { - rewrite /diode/(.*) /$1 break; + rewrite /diode/(.*) /$$1 break; grpc_pass grpc://diode; } }' From 23339d747262266254fdd539a72a6416ea1ab5eb Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 17:12:51 +0100 Subject: [PATCH 13/29] chore: docker-compose - more cleanup Signed-off-by: Michal Fiedorowicz --- docker-compose.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 90aef286..7e122cd7 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -74,9 +74,6 @@ services: links: - diode-redis command: redis-cli -h "$REDIS_HOST" -p 6379 -a "$REDIS_PASSWORD" FT.CREATE ingest-entity ON JSON PREFIX 1 "ingest-entity:" SCHEMA $.data_type AS data_type TEXT $.state AS state NUMERIC - environment: - - REDIS_HOST=${REDIS_HOST} - - REDIS_PASSWORD=${REDIS_PASSWORD} volumes: diode-redis-data: driver: local \ No newline at end of file From af2a69b13d29ca471f9fb7064a5e39844ebe5f0e Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 18:56:04 +0100 Subject: [PATCH 14/29] chore: docker-compose - adjustments Signed-off-by: Michal Fiedorowicz --- docker-compose.yaml | 23 ++++++++++++----------- sample.env | 6 +++--- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 7e122cd7..34085966 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -8,7 +8,7 @@ services: } server { - listen 80; + listen 8080; http2 on; server_name localhost; location /diode { @@ -19,7 +19,7 @@ services: > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" restart: always ports: - - "80:80" + - "8080:8080" depends_on: - diode-ingester - diode-reconciler @@ -27,13 +27,13 @@ services: diode-ingester: image: netboxlabs/diode-ingester:latest environment: - - API_KEY=${RECONCILER_API_KEY} - - REDIS_PASSWORD=${REDIS_PASSWORD} - - REDIS_HOST=${REDIS_HOST} - - REDIS_PORT=${REDIS_PORT} - - RECONCILER_GRPC_HOST=${RECONCILER_GRPC_HOST} - - RECONCILER_GRPC_PORT=${RECONCILER_GRPC_PORT} - - SENTRY_DSN=${SENTRY_DSN} + - API_KEY=${RECONCILER_API_KEY} + - REDIS_PASSWORD=${REDIS_PASSWORD} + - REDIS_HOST=${REDIS_HOST} + - REDIS_PORT=${REDIS_PORT} + - RECONCILER_GRPC_HOST=${RECONCILER_GRPC_HOST} + - RECONCILER_GRPC_PORT=${RECONCILER_GRPC_PORT} + - SENTRY_DSN=${SENTRY_DSN} restart: always ports: - "8081:8081" @@ -63,9 +63,10 @@ services: command: - sh - -c - - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD --loadmodule /opt/redis-stack/lib/rejson.so --loadmodule /opt/redis-stack/lib/redisearch.so + - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD --loadmodule /opt/redis-stack/lib/rejson.so --loadmodule /opt/redis-stack/lib/redisearch.so --port $$REDIS_PORT environment: - REDIS_PASSWORD=${REDIS_PASSWORD} + - REDIS_PORT=${REDIS_PORT} ports: [ ] volumes: - diode-redis-data:/data @@ -73,7 +74,7 @@ services: image: redis/redis-stack-server:latest links: - diode-redis - command: redis-cli -h "$REDIS_HOST" -p 6379 -a "$REDIS_PASSWORD" FT.CREATE ingest-entity ON JSON PREFIX 1 "ingest-entity:" SCHEMA $.data_type AS data_type TEXT $.state AS state NUMERIC + command: redis-cli -h "$REDIS_HOST" -p "$REDIS_PORT" -a "$REDIS_PASSWORD" FT.CREATE ingest-entity ON JSON PREFIX 1 "ingest-entity:" SCHEMA $.data_type AS data_type TEXT $.state AS state NUMERIC volumes: diode-redis-data: driver: local \ No newline at end of file diff --git a/sample.env b/sample.env index 2a73e565..6937417d 100644 --- a/sample.env +++ b/sample.env @@ -1,13 +1,13 @@ RECONCILER_API_KEY=CHANGE_.ME REDIS_PASSWORD=@FmnLoA*VnebyVnZoL.!-.6z REDIS_HOST=diode-redis -REDIS_PORT=6379 +REDIS_PORT=6378 RECONCILER_GRPC_HOST=diode-reconciler RECONCILER_GRPC_PORT=8081 -NETBOX_DIODE_PLUGIN_API_BASE_URL=http://NETBOX_HOST/netbox/api/plugins/diode +NETBOX_DIODE_PLUGIN_API_BASE_URL=http://NETBOX_HOST/api/plugins/diode DIODE_TO_NETBOX_API_KEY=1368dbad13e418d5a443d93cf255edde03a2a754 NETBOX_TO_DIODE_API_KEY=1e99338b8cab5fc637bc55f390bda1446f619c42 INGESTION_API_KEY=5a52c45ee8231156cb620d193b0291912dd15433 -NETBOX_API_URL=http://NETBOX_HOST/netbox/api +NETBOX_API_URL=http://NETBOX_HOST/api LOGGING_LEVEL=DEBUG SENTRY_DSN= From c8add24bb3608af41183f64cfbbfb9ca8e8aa481 Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 18:56:35 +0100 Subject: [PATCH 15/29] chore: docker-compose - move back to diode-server/docker Signed-off-by: Michal Fiedorowicz --- docker-compose.yaml => diode-server/docker/docker-compose.yaml | 0 sample.env => diode-server/docker/sample.env | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename docker-compose.yaml => diode-server/docker/docker-compose.yaml (100%) rename sample.env => diode-server/docker/sample.env (100%) diff --git a/docker-compose.yaml b/diode-server/docker/docker-compose.yaml similarity index 100% rename from docker-compose.yaml rename to diode-server/docker/docker-compose.yaml diff --git a/sample.env b/diode-server/docker/sample.env similarity index 100% rename from sample.env rename to diode-server/docker/sample.env From 067e25971ea4317a75880df83b5642eb517019d6 Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 19:01:37 +0100 Subject: [PATCH 16/29] chore: docker-compose - more fixes Signed-off-by: Michal Fiedorowicz --- diode-server/docker/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index 34085966..68a9568a 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -74,7 +74,7 @@ services: image: redis/redis-stack-server:latest links: - diode-redis - command: redis-cli -h "$REDIS_HOST" -p "$REDIS_PORT" -a "$REDIS_PASSWORD" FT.CREATE ingest-entity ON JSON PREFIX 1 "ingest-entity:" SCHEMA $.data_type AS data_type TEXT $.state AS state NUMERIC + command: redis-cli -h "$REDIS_HOST" -p "$REDIS_PORT" -a "$REDIS_PASSWORD" FT.CREATE ingest-entity ON JSON PREFIX 1 "ingest-entity:" SCHEMA $$.data_type AS data_type TEXT $$.state AS state NUMERIC volumes: diode-redis-data: driver: local \ No newline at end of file From e5ff62ca0b674934a0456a45da7da93b8c2ed0dd Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 19:39:44 +0100 Subject: [PATCH 17/29] apply suggestion Co-authored-by: Leonardo Parente <23251360+leoparente@users.noreply.github.com> --- diode-server/docker/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index 34085966..68a9568a 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -74,7 +74,7 @@ services: image: redis/redis-stack-server:latest links: - diode-redis - command: redis-cli -h "$REDIS_HOST" -p "$REDIS_PORT" -a "$REDIS_PASSWORD" FT.CREATE ingest-entity ON JSON PREFIX 1 "ingest-entity:" SCHEMA $.data_type AS data_type TEXT $.state AS state NUMERIC + command: redis-cli -h "$REDIS_HOST" -p "$REDIS_PORT" -a "$REDIS_PASSWORD" FT.CREATE ingest-entity ON JSON PREFIX 1 "ingest-entity:" SCHEMA $$.data_type AS data_type TEXT $$.state AS state NUMERIC volumes: diode-redis-data: driver: local \ No newline at end of file From e423edf159129b2d200002868c8199a90acb3480 Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 19:43:49 +0100 Subject: [PATCH 18/29] chore: makefile - revert changes Signed-off-by: Michal Fiedorowicz --- diode-server/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/diode-server/Makefile b/diode-server/Makefile index 2c79f9a3..910a33e4 100644 --- a/diode-server/Makefile +++ b/diode-server/Makefile @@ -65,11 +65,11 @@ docker-all: $(DOCKER_SERVICES) docker-compose-up: docker-all @DIODE_VERSION=$(DIODE_VERSION) COMMIT_SHA=$(COMMIT_SHA) \ - $(DOCKER_COMPOSE) --env-file $(ROOT_DIR)/sample.env -f $(ROOT_DIR)/docker-compose.yaml up -d --build + $(DOCKER_COMPOSE) --env-file docker/sample.env -f docker/docker-compose.yaml up -d --build docker-compose-down: @DIODE_VERSION=$(DIODE_VERSION) COMMIT_SHA=$(COMMIT_SHA) \ - $(DOCKER_COMPOSE) --env-file $(ROOT_DIR)/sample.env -f $(ROOT_DIR)/docker-compose.yaml down --remove-orphans + $(DOCKER_COMPOSE) --env-file docker/sample.env -f docker/docker-compose.yaml down --remove-orphans docker-compose-netbox-up: $(DOCKER_COMPOSE) -f docker/docker-compose.netbox.yaml up -d --build From 9f7dcbae994b70294ecb508b4823a679137b976d Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:50:32 -0400 Subject: [PATCH 19/29] Update README.md --- diode-server/README.md | 65 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 2 deletions(-) diff --git a/diode-server/README.md b/diode-server/README.md index 5145e14d..baf23a6e 100644 --- a/diode-server/README.md +++ b/diode-server/README.md @@ -1,6 +1,17 @@ -# Diode servers +# Diode server -Diode server is splited into two services: +The Diode server is a required component of the [Diode](https://github.com/netboxlabs/diode) ingestion service. + +Diode is a NetBox ingestion service that greatly simplifies and enhances the process to add and update network data +in NetBox, ensuring your network source of truth is always accurate and can be trusted to power your network automation +pipelines. + +More information about Diode can be found +at [https://netboxlabs.com/blog/introducing-diode-streamlining-data-ingestion-in-netbox/](https://netboxlabs.com/blog/introducing-diode-streamlining-data-ingestion-in-netbox/). + +## Diode services + +Diode server is comprised of two services: ### Ingester Service @@ -14,3 +25,53 @@ Diode server is splited into two services: - Processes data from Redis streams and converts it for storage. - Manages data sources and their API keys. - Implements a reconciliation engine to detect and store deltas between ingested data and the current NetBox object state. + +## Compatibility + +The Diode server has been tested with NetBox versions 3.7.2 and above. The Diode server also requires the [Diode NetBox Plugin](https://github.com/netboxlabs/diode-netbox-plugin). + +## Running the Diode server + +### Requirements + +Diode server requires Docker version 27.0.3 or above. + +### Installation + +Diode requires a configuration file and an environment file to execute successfully: + +* `docker-compose.yml` - to configure and run the Diode server containers +* `.env` - to store the specific environmental settings + +We recommend placing both files in a clean directory: + +```bash +mkdir /opt/diode +cd /opt/diode +``` + +Download the default `docker-compose.yml` and `.env` files from this repository: + +```bash +curl -o docker-compose.yml https://raw.githubusercontent.com/netboxlabs/diode/develop/diode-server/docker/docker-compose.yaml +curl -o .env https://raw.githubusercontent.com/netboxlabs/diode/develop/diode-server/docker/.env +``` + +Edit the `.env` to match your environment: +* `NETBOX_DIODE_PLUGIN_API_BASE_URL`: URL for the Diode NetBox plugin API +* `NETBOX_API_URL`: URL for your NetBox +* `DIODE_TO_NETBOX_API_KEY`: API key generated with the Diode NetBox plugin installaion +* `INGESTION_API_KEY`: API key generated with the Diode NetBox plugin installaion +* `NETBOX_TO_DIODE_API_KEY`: API key generated with the Diode NetBox plugin installaion + +### Running the Diode server + +Start the Diode server: + +```bash +docker compose -f docker-compose.yaml up -d +``` + +## License + +Distributed under the PolyForm Shield License 1.0.0 License. See [LICENSE.md](./LICENSE.md) for more information. From a86f6aa3199b9f0e6ac63599ac252b19bcdf320d Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Fri, 19 Jul 2024 19:52:01 +0100 Subject: [PATCH 20/29] chore: docker-compose - add DIODE_NGINX_PORT env var Signed-off-by: Michal Fiedorowicz --- diode-server/docker/docker-compose.yaml | 6 ++++-- diode-server/docker/sample.env | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index 68a9568a..cf29f00a 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -8,7 +8,7 @@ services: } server { - listen 8080; + listen ${DIODE_NGINX_PORT}; http2 on; server_name localhost; location /diode { @@ -18,8 +18,10 @@ services: }' > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" restart: always + environment: + - DIODE_NGINX_PORT=${DIODE_NGINX_PORT} ports: - - "8080:8080" + - ${DIODE_NGINX_PORT}:80 depends_on: - diode-ingester - diode-reconciler diff --git a/diode-server/docker/sample.env b/diode-server/docker/sample.env index 6937417d..72954fde 100644 --- a/diode-server/docker/sample.env +++ b/diode-server/docker/sample.env @@ -1,3 +1,4 @@ +DIODE_NGINX_PORT=8080 RECONCILER_API_KEY=CHANGE_.ME REDIS_PASSWORD=@FmnLoA*VnebyVnZoL.!-.6z REDIS_HOST=diode-redis From 3de715034492244cb27c51a78117763771602af9 Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:58:02 -0400 Subject: [PATCH 21/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fa7dd793..479ed791 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Diode runs as a sidecar service to NetBox and can run anywhere with network conn 1. Diode plugin - see how to [install the Diode plugin](https://github.com/netboxlabs/diode-netbox-plugin) 2. Diode server - see how to [run the Diode server](https://github.com/netboxlabs/diode/tree/develop/diode-server#readme) -3. Diode SDK - see how to [install the Diode client SDK](https://github.com/netboxlabs/diode-sdk-python) and [download Diode Python script examples](https://github.com/netboxlabs/netbox-learning/tree/develop/diode/examples) +3. Diode SDK - see how to [install the Diode client SDK](https://github.com/netboxlabs/diode-sdk-python) and [download Diode Python script examples](https://github.com/netboxlabs/netbox-learning/tree/develop/diode) 4. Diode agent (optional) - see how to [install and run the Diode discovery agent](https://github.com/netboxlabs/diode-agent) ## Related Projects From 9c407b1f10bb21fa325dbf976abee213b5996217 Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Fri, 19 Jul 2024 15:02:00 -0400 Subject: [PATCH 22/29] Update diode-server/README.md Co-authored-by: Leonardo Parente <23251360+leoparente@users.noreply.github.com> --- diode-server/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/diode-server/README.md b/diode-server/README.md index baf23a6e..41d51789 100644 --- a/diode-server/README.md +++ b/diode-server/README.md @@ -54,7 +54,7 @@ Download the default `docker-compose.yml` and `.env` files from this repository: ```bash curl -o docker-compose.yml https://raw.githubusercontent.com/netboxlabs/diode/develop/diode-server/docker/docker-compose.yaml -curl -o .env https://raw.githubusercontent.com/netboxlabs/diode/develop/diode-server/docker/.env +curl -o .env https://raw.githubusercontent.com/netboxlabs/diode/develop/diode-server/docker/sample.env ``` Edit the `.env` to match your environment: From 0cc550b90eca718abc17c4f4db21c44089ff96cb Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Fri, 19 Jul 2024 15:19:16 -0400 Subject: [PATCH 23/29] Update diode-server/README.md Co-authored-by: Leonardo Parente <23251360+leoparente@users.noreply.github.com> --- diode-server/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/diode-server/README.md b/diode-server/README.md index 41d51789..9a62d753 100644 --- a/diode-server/README.md +++ b/diode-server/README.md @@ -60,9 +60,9 @@ curl -o .env https://raw.githubusercontent.com/netboxlabs/diode/develop/diode-se Edit the `.env` to match your environment: * `NETBOX_DIODE_PLUGIN_API_BASE_URL`: URL for the Diode NetBox plugin API * `NETBOX_API_URL`: URL for your NetBox -* `DIODE_TO_NETBOX_API_KEY`: API key generated with the Diode NetBox plugin installaion -* `INGESTION_API_KEY`: API key generated with the Diode NetBox plugin installaion -* `NETBOX_TO_DIODE_API_KEY`: API key generated with the Diode NetBox plugin installaion +* `DIODE_TO_NETBOX_API_KEY`: API key generated with the Diode NetBox plugin installation +* `INGESTION_API_KEY`: API key generated with the Diode NetBox plugin installation +* `NETBOX_TO_DIODE_API_KEY`: API key generated with the Diode NetBox plugin installation ### Running the Diode server From 141f9ede5ddfc43c5315db57ca5b5dfbfa528407 Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Fri, 19 Jul 2024 16:12:15 -0400 Subject: [PATCH 24/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 479ed791..619e2132 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Diode runs as a sidecar service to NetBox and can run anywhere with network conn 1. Diode plugin - see how to [install the Diode plugin](https://github.com/netboxlabs/diode-netbox-plugin) 2. Diode server - see how to [run the Diode server](https://github.com/netboxlabs/diode/tree/develop/diode-server#readme) 3. Diode SDK - see how to [install the Diode client SDK](https://github.com/netboxlabs/diode-sdk-python) and [download Diode Python script examples](https://github.com/netboxlabs/netbox-learning/tree/develop/diode) -4. Diode agent (optional) - see how to [install and run the Diode discovery agent](https://github.com/netboxlabs/diode-agent) +4. Diode agent (optional) - see how to [install and run the Diode NAPALM discovery agent](https://github.com/netboxlabs/diode-agent/tree/develop/diode-napalm-agent)) ## Related Projects From 12048e4e9660b91d17ef61ce062fb72e2228627f Mon Sep 17 00:00:00 2001 From: Richard Boucher <58948528+rboucher-me@users.noreply.github.com> Date: Fri, 19 Jul 2024 16:12:59 -0400 Subject: [PATCH 25/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 619e2132..c8d01113 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Diode runs as a sidecar service to NetBox and can run anywhere with network conn 1. Diode plugin - see how to [install the Diode plugin](https://github.com/netboxlabs/diode-netbox-plugin) 2. Diode server - see how to [run the Diode server](https://github.com/netboxlabs/diode/tree/develop/diode-server#readme) 3. Diode SDK - see how to [install the Diode client SDK](https://github.com/netboxlabs/diode-sdk-python) and [download Diode Python script examples](https://github.com/netboxlabs/netbox-learning/tree/develop/diode) -4. Diode agent (optional) - see how to [install and run the Diode NAPALM discovery agent](https://github.com/netboxlabs/diode-agent/tree/develop/diode-napalm-agent)) +4. Diode agent (optional) - see how to [install and run the Diode NAPALM discovery agent](https://github.com/netboxlabs/diode-agent/tree/develop/diode-napalm-agent) ## Related Projects From f4355b6858b79bf8d36971ca58861941dd959881 Mon Sep 17 00:00:00 2001 From: Shannon Weyrick Date: Fri, 19 Jul 2024 18:48:13 -0400 Subject: [PATCH 26/29] Update README.md Add copyright --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index c8d01113..0dbe3142 100644 --- a/README.md +++ b/README.md @@ -28,3 +28,8 @@ Diode runs as a sidecar service to NetBox and can run anywhere with network conn Distributed under the PolyForm Shield License 1.0.0 License. See [LICENSE.md](./LICENSE.md) for more information. Diode protocol buffers are distributed under the Apache 2.0 License. See [LICENSE.txt](./diode-proto/LICENSE.txt) for more information. + +## Required Notice + +Copyright NetBox Labs, Inc. + From a7aa856288ae5b3d2b25badfb1fdf8841031127c Mon Sep 17 00:00:00 2001 From: Michal Fiedorowicz Date: Mon, 22 Jul 2024 13:50:07 +0100 Subject: [PATCH 27/29] chore: docker-compose - increase nginx client_max_body_size Signed-off-by: Michal Fiedorowicz --- diode-server/docker/docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index cf29f00a..fc9144ec 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -11,6 +11,7 @@ services: listen ${DIODE_NGINX_PORT}; http2 on; server_name localhost; + client_max_body_size 25m; location /diode { rewrite /diode/(.*) /$$1 break; grpc_pass grpc://diode; From b855cc7ac928548ebf986fc6ad243d3e7688686a Mon Sep 17 00:00:00 2001 From: Leonardo Parente <23251360+leoparente@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:53:58 -0300 Subject: [PATCH 28/29] feat: OBS-489 - allow change tls verification by setting env variable (#127) * feat: OBS-489 - allow change tls verification by setting env variable * feat: OBS-489 - add unit tests --- diode-server/README.md | 1 - diode-server/docker/docker-compose.yaml | 1 - diode-server/docker/sample.env | 1 - diode-server/netboxdiodeplugin/client.go | 40 +++++++++- diode-server/netboxdiodeplugin/client_test.go | 76 +++++++++++++++++-- diode-server/reconciler/config.go | 1 - 6 files changed, 110 insertions(+), 10 deletions(-) diff --git a/diode-server/README.md b/diode-server/README.md index 9a62d753..b49434fc 100644 --- a/diode-server/README.md +++ b/diode-server/README.md @@ -59,7 +59,6 @@ curl -o .env https://raw.githubusercontent.com/netboxlabs/diode/develop/diode-se Edit the `.env` to match your environment: * `NETBOX_DIODE_PLUGIN_API_BASE_URL`: URL for the Diode NetBox plugin API -* `NETBOX_API_URL`: URL for your NetBox * `DIODE_TO_NETBOX_API_KEY`: API key generated with the Diode NetBox plugin installation * `INGESTION_API_KEY`: API key generated with the Diode NetBox plugin installation * `NETBOX_TO_DIODE_API_KEY`: API key generated with the Diode NetBox plugin installation diff --git a/diode-server/docker/docker-compose.yaml b/diode-server/docker/docker-compose.yaml index fc9144ec..cc856146 100644 --- a/diode-server/docker/docker-compose.yaml +++ b/diode-server/docker/docker-compose.yaml @@ -54,7 +54,6 @@ services: - DIODE_TO_NETBOX_API_KEY=${DIODE_TO_NETBOX_API_KEY} - NETBOX_TO_DIODE_API_KEY=${NETBOX_TO_DIODE_API_KEY} - INGESTION_API_KEY=${INGESTION_API_KEY} - - NETBOX_API_URL=${NETBOX_API_URL} - LOGGING_LEVEL=${LOGGING_LEVEL} - SENTRY_DSN=${SENTRY_DSN} restart: always diff --git a/diode-server/docker/sample.env b/diode-server/docker/sample.env index 72954fde..98644e8d 100644 --- a/diode-server/docker/sample.env +++ b/diode-server/docker/sample.env @@ -9,6 +9,5 @@ NETBOX_DIODE_PLUGIN_API_BASE_URL=http://NETBOX_HOST/api/plugins/diode DIODE_TO_NETBOX_API_KEY=1368dbad13e418d5a443d93cf255edde03a2a754 NETBOX_TO_DIODE_API_KEY=1e99338b8cab5fc637bc55f390bda1446f619c42 INGESTION_API_KEY=5a52c45ee8231156cb620d193b0291912dd15433 -NETBOX_API_URL=http://NETBOX_HOST/api LOGGING_LEVEL=DEBUG SENTRY_DSN= diff --git a/diode-server/netboxdiodeplugin/client.go b/diode-server/netboxdiodeplugin/client.go index 697ed485..f5b158bc 100644 --- a/diode-server/netboxdiodeplugin/client.go +++ b/diode-server/netboxdiodeplugin/client.go @@ -3,11 +3,13 @@ package netboxdiodeplugin import ( "bytes" "context" + "crypto/tls" "encoding/json" "errors" "fmt" "io" "log/slog" + "net" "net/http" "net/url" "os" @@ -30,6 +32,9 @@ const ( // BaseURLEnvVarName is the environment variable name for the NetBox Diode plugin HTTP base URL BaseURLEnvVarName = "NETBOX_DIODE_PLUGIN_API_BASE_URL" + // TLSSkipVerifyEnvVarName is the environment variable name for Netbox Diode plugin TLS verification + TLSSkipVerifyEnvVarName = "NETBOX_DIODE_PLUGIN_SKIP_TLS_VERIFY" + // TimeoutSecondsEnvVarName is the environment variable name for the NetBox Diode plugin HTTP timeout TimeoutSecondsEnvVarName = "NETBOX_DIODE_PLUGIN_API_TIMEOUT_SECONDS" @@ -94,9 +99,30 @@ type Client struct { baseURL *url.URL } +// NewHTTPTransport creates a http Transport Layer +func NewHTTPTransport() *http.Transport { + return &http.Transport{ + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).DialContext, + ForceAttemptHTTP2: true, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: skipTLS(), + }, + } +} + // NewClient creates a new NetBox Diode plugin client func NewClient(logger *slog.Logger, apiKey string) (*Client, error) { - rt, err := newAPIRoundTripper(apiKey, http.DefaultTransport) + transport := NewHTTPTransport() + + rt, err := newAPIRoundTripper(apiKey, transport) if err != nil { return nil, err } @@ -137,6 +163,18 @@ func baseURL() string { return u } +func skipTLS() bool { + skipTLS, ok := os.LookupEnv(TLSSkipVerifyEnvVarName) + if !ok { + return false + } + skip, err := strconv.ParseBool(skipTLS) + if err != nil { + return false + } + return skip +} + func httpTimeout() (time.Duration, error) { timeoutSecondsStr, ok := os.LookupEnv(TimeoutSecondsEnvVarName) if !ok || len(timeoutSecondsStr) == 0 { diff --git a/diode-server/netboxdiodeplugin/client_test.go b/diode-server/netboxdiodeplugin/client_test.go index ffa876f1..492975f7 100644 --- a/diode-server/netboxdiodeplugin/client_test.go +++ b/diode-server/netboxdiodeplugin/client_test.go @@ -17,6 +17,34 @@ import ( "github.com/netboxlabs/diode/diode-server/netboxdiodeplugin" ) +func TestTransportSecurity(t *testing.T) { + tests := []struct { + name string + expectedInsecure bool + }{ + { + name: "enable insecure mode", + expectedInsecure: true, + }, + { + name: "default secure TLS config", + expectedInsecure: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + cleanUpEnvVars() + + if tt.expectedInsecure { + _ = os.Setenv(netboxdiodeplugin.TLSSkipVerifyEnvVarName, "true") + } + + httpTransport := netboxdiodeplugin.NewHTTPTransport() + assert.Equal(t, tt.expectedInsecure, httpTransport.TLSClientConfig.InsecureSkipVerify) + }) + } +} + func TestNewClient(t *testing.T) { tests := []struct { name string @@ -25,6 +53,7 @@ func TestNewClient(t *testing.T) { timeout string setBaseURLEnvVar bool setTimeoutEnvVar bool + setTLSSkipEnvVar bool shouldError bool }{ { @@ -34,6 +63,7 @@ func TestNewClient(t *testing.T) { timeout: "5", setBaseURLEnvVar: true, setTimeoutEnvVar: true, + setTLSSkipEnvVar: false, shouldError: false, }, { @@ -52,6 +82,7 @@ func TestNewClient(t *testing.T) { timeout: "5", setBaseURLEnvVar: true, setTimeoutEnvVar: true, + setTLSSkipEnvVar: false, shouldError: true, }, { @@ -61,6 +92,7 @@ func TestNewClient(t *testing.T) { timeout: "", setBaseURLEnvVar: true, setTimeoutEnvVar: false, + setTLSSkipEnvVar: false, shouldError: false, }, { @@ -70,6 +102,7 @@ func TestNewClient(t *testing.T) { timeout: "-1", setBaseURLEnvVar: true, setTimeoutEnvVar: true, + setTLSSkipEnvVar: false, shouldError: true, }, { @@ -79,8 +112,19 @@ func TestNewClient(t *testing.T) { timeout: "5", setBaseURLEnvVar: true, setTimeoutEnvVar: true, + setTLSSkipEnvVar: false, shouldError: true, }, + { + name: "set TLS skip verify", + apiKey: "test", + baseURL: "", + timeout: "5", + setBaseURLEnvVar: false, + setTimeoutEnvVar: true, + setTLSSkipEnvVar: true, + shouldError: false, + }, } logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug, AddSource: false})) @@ -95,6 +139,9 @@ func TestNewClient(t *testing.T) { if tt.setTimeoutEnvVar { _ = os.Setenv(netboxdiodeplugin.TimeoutSecondsEnvVarName, tt.timeout) } + if tt.setTLSSkipEnvVar { + _ = os.Setenv(netboxdiodeplugin.TLSSkipVerifyEnvVarName, "true") + } client, err := netboxdiodeplugin.NewClient(logger, tt.apiKey) if tt.shouldError { @@ -115,6 +162,7 @@ func TestRetrieveObjectState(t *testing.T) { apiKey string mockServerResponse string response any + tlsSkipVerify bool shouldError bool }{ { @@ -132,7 +180,8 @@ func TestRetrieveObjectState(t *testing.T) { }, }, }, - shouldError: false, + tlsSkipVerify: true, + shouldError: false, }, { name: "valid response for DCIM site with query", @@ -150,7 +199,8 @@ func TestRetrieveObjectState(t *testing.T) { }, }, }, - shouldError: false, + tlsSkipVerify: true, + shouldError: false, }, { name: "valid response for DCIM device with query and additional attributes", @@ -173,7 +223,8 @@ func TestRetrieveObjectState(t *testing.T) { }, }, }, - shouldError: false, + tlsSkipVerify: true, + shouldError: false, }, { name: "response for invalid object - empty object", @@ -187,13 +238,23 @@ func TestRetrieveObjectState(t *testing.T) { Device: &netbox.DcimDevice{}, }, }, - shouldError: false, + tlsSkipVerify: true, + shouldError: false, }, { name: "invalid server response", params: netboxdiodeplugin.RetrieveObjectStateQueryParams{ObjectType: netbox.DcimDeviceObjectType, ObjectID: 1}, apiKey: "barfoo", mockServerResponse: ``, + tlsSkipVerify: true, + shouldError: true, + }, + { + name: "tls bad certificate", + params: netboxdiodeplugin.RetrieveObjectStateQueryParams{ObjectType: netbox.DcimDeviceObjectType, ObjectID: 1}, + apiKey: "barfoo", + mockServerResponse: ``, + tlsSkipVerify: false, shouldError: true, }, } @@ -220,12 +281,16 @@ func TestRetrieveObjectState(t *testing.T) { assert.Equal(t, r.Header.Get("User-Agent"), fmt.Sprintf("%s/%s", netboxdiodeplugin.SDKName, netboxdiodeplugin.SDKVersion)) _, _ = w.Write([]byte(tt.mockServerResponse)) } + mux := http.NewServeMux() mux.HandleFunc("/api/diode/object-state/", handler) - ts := httptest.NewServer(mux) + ts := httptest.NewTLSServer(mux) defer ts.Close() _ = os.Setenv(netboxdiodeplugin.BaseURLEnvVarName, fmt.Sprintf("%s/api/diode", ts.URL)) + if tt.tlsSkipVerify { + _ = os.Setenv(netboxdiodeplugin.TLSSkipVerifyEnvVarName, "true") + } client, err := netboxdiodeplugin.NewClient(logger, tt.apiKey) require.NoError(t, err) @@ -347,6 +412,7 @@ func TestApplyChangeSet(t *testing.T) { func cleanUpEnvVars() { _ = os.Unsetenv(netboxdiodeplugin.BaseURLEnvVarName) _ = os.Unsetenv(netboxdiodeplugin.TimeoutSecondsEnvVarName) + _ = os.Unsetenv(netboxdiodeplugin.TLSSkipVerifyEnvVarName) } func ptrInt(i int) *int { diff --git a/diode-server/reconciler/config.go b/diode-server/reconciler/config.go index 7bac55b5..7899ecb6 100644 --- a/diode-server/reconciler/config.go +++ b/diode-server/reconciler/config.go @@ -8,7 +8,6 @@ type Config struct { RedisPassword string `envconfig:"REDIS_PASSWORD" required:"true"` RedisDB int `envconfig:"REDIS_DB" default:"0"` RedisStreamDB int `envconfig:"REDIS_STREAM_DB" default:"1"` - NetBoxAPIURL string `envconfig:"NETBOX_API_URL" required:"true"` // API keys DiodeToNetBoxAPIKey string `envconfig:"DIODE_TO_NETBOX_API_KEY" required:"true"` From 472120bea82879759cc383a3689ef46766daa6fa Mon Sep 17 00:00:00 2001 From: Leonardo Parente <23251360+leoparente@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:41:39 -0300 Subject: [PATCH 29/29] feat: OBS-499 - increase diode-server sever tests (#133) --- diode-server/server/server_test.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/diode-server/server/server_test.go b/diode-server/server/server_test.go index f363b070..8a269071 100644 --- a/diode-server/server/server_test.go +++ b/diode-server/server/server_test.go @@ -19,51 +19,65 @@ func TestNewServer(t *testing.T) { serverName string loggingLevel string loggingFormat string + sentryDSN string }{ { desc: "diode-test-server with debug level and json format", serverName: "diode-test-server", loggingLevel: "debug", loggingFormat: "json", + sentryDSN: "", }, { desc: "diode-test-server2 with debug level and text format", serverName: "diode-test-server2", loggingLevel: "debug", loggingFormat: "text", + sentryDSN: "", }, { desc: "diode-test-server with info level and json format", serverName: "diode-test-server", loggingLevel: "info", loggingFormat: "json", + sentryDSN: "", }, { desc: "diode-test-server with info level and text format", serverName: "diode-test-server", loggingLevel: "warn", loggingFormat: "json", + sentryDSN: "", }, { desc: "diode-test-server with error level and text format", serverName: "diode-test-server", loggingLevel: "error", loggingFormat: "text", + sentryDSN: "", }, { desc: "diode-test-server with error level and empty format", serverName: "diode-test-server", loggingLevel: "error", loggingFormat: "", + sentryDSN: "", }, { desc: "diode-test-server with empty level and text format", serverName: "diode-test-server", loggingLevel: "", loggingFormat: "text", + sentryDSN: "", + }, + { + desc: "diode-test-server with sentry DSN", + serverName: "diode-test-server", + loggingLevel: "error", + loggingFormat: "text", + sentryDSN: "https://public@sentry.example.com/1", }, } - for _, tt := range tests { t.Run(tt.desc, func(t *testing.T) { ctx := context.Background() @@ -71,6 +85,8 @@ func TestNewServer(t *testing.T) { require.NoError(t, err) err = os.Setenv("LOGGING_FORMAT", tt.loggingFormat) require.NoError(t, err) + err = os.Setenv("SENTRY_DSN", tt.sentryDSN) + require.NoError(t, err) s := server.New(ctx, tt.serverName)