Opinionated RBAC for NetBox
Project description
Introduction
This package is an opinionated implementation of role based access control for NetBox.
It completely replaces the default authentication backend, using Active Directory for authentication and determining group membership. A user's roles are updated only on login, and are stored in the database.
Once installed, a user may view their roles.
Installation
$ pip3 install netbox-rbac
Configuration
Add the following to urls.py.
_patterns += [
path('', include('netbox_rbac.urls') ),
]
Add the following to settings.py. Either the LDAP or MOCK driver can be used, but not both.
AUTHENTICATION_BACKENDS = [
'netbox_rbac.backend.Backend',
]
INSTALLED_APPS += (
'netbox_rbac',
)
MIDDLEWARE += (
'netbox_rbac.middleware.Middleware',
)
REST_FRAMEWORK.update({
'DEFAULT_PERMISSION_CLASSES': (
'netbox_rbac.api.TokenPermissions',
'netbox.api.TokenPermissions',
)
})
LOGGING.update({
'loggers': {
'netbox_rbac': {
'handlers': ['console'],
'level': 'INFO',
},
},
})
LDAP
RBAC = {
'AUTH': {
'LDAP': {
'domain': 'COMPANY.COM',
'server': 'ldap://ldap.company.com:3268',
'search': {
'group': {
'base': 'OU=Groups,DC=company,DC=com',
'filter': '(&(sAMAccountName=%s)(objectClass=group))',
},
'member': {
'base': 'OU=Accounts,DC=company,DC=com',
'filter': '(&(sAMAccountName=%s)(memberOf:1.2.840.113556.1.4.1941:=%s))',
},
'user': {
'base': 'OU=Accounts,DC=company,DC=com',
'filter': '(&(sAMAccountName=%s)(objectClass=user))',
},
},
},
},
'RULE': [
'/opt/netbox-rules/rules.yaml',
'https://rules.company.com/rules.yaml',
],
}
Mock
RBAC = {
'AUTH': {
'MOCK': {
'users': [{
'username': 'ebusto',
'password': 'pw12345',
'email': 'ebusto@nvidia.com',
'first_name': 'Eric',
'last_name': 'Busto',
'groups': ['Access-NetBox-Read', 'Access-NetBox-Admin-DCIM'],
}],
},
},
'RULE': [
'/opt/netbox-rules/rules.yaml',
'https://rules.company.com/rules.yaml',
],
}
Database
Generate and apply RBAC model migrations.
$ ./manage.py makemigrations netbox_rbac
$ ./manage.py showmigrations
$ ./manage.py migrate
Rules
See the example rules, and documentation. The rule paths can be local files or URLs, and the backend will try each path in turn until it succeeds.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file netbox-rbac-1.0.18.tar.gz.
File metadata
- Download URL: netbox-rbac-1.0.18.tar.gz
- Upload date:
- Size: 12.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/57.0.0 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 84078bfcb88988b36c5a702ded6cb5843a9f498f61b9b2382f7eb28e90d1c41a |
|
| MD5 | 53ac9ed279ac5dc57371a8e002ff909e |
|
| BLAKE2b-256 | 44a8943084456895f36a14f94c1e2e4512bbf48d6ff381d22450c2d78576dd8d |
File details
Details for the file netbox_rbac-1.0.18-py3-none-any.whl.
File metadata
- Download URL: netbox_rbac-1.0.18-py3-none-any.whl
- Upload date:
- Size: 15.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/57.0.0 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 878e9a55e53778c121f96270811fc1e9d07648bd2d15dc95d2c8a78108e72720 |
|
| MD5 | 63dde1958f0effe198f7d1b4791ace83 |
|
| BLAKE2b-256 | 2912505ae7c5cf08964c883668188cf6cb3d60e9f8b792249bc60bd911891f14 |
