starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Dynamically pass credentials to the Napalm module #1743

New Issue
Closed
opened 2025-12-29 16:34:55 +01:00 by adam · 5 comments
adam commented 2025-12-29 16:34:55 +01:00
Owner
Copy Link

Originally created by @Random6554 on GitHub (May 24, 2018).

Issue type

[x] Feature request
[ ] Bug report
[ ] Documentation

Environment

  • Python version: 3.5.4
  • NetBox version: 2.1.3

Description

Please implement a way to pass SSH credentials to the Napalm module via the web interface or login creds.

I require a dynamic way to pass the --user and --password Naplam values to the module. My goal is to hookup NetBox to LDAP therefore allowing users to auth with NetBox and query devices using Napalm with the same creds.

Thanks,

Originally created by @Random6554 on GitHub (May 24, 2018). <!-- Before opening a new issue, please search through the existing issues to see if your topic has already been addressed. Note that you may need to remove the "is:open" filter from the search bar to include closed issues. Check the appropriate type for your issue below by placing an x between the brackets. For assistance with installation issues, or for any other issues other than those listed below, please raise your topic for discussion on our mailing list: https://groups.google.com/forum/#!forum/netbox-discuss Please note that issues which do not fall under any of the below categories will be closed. Due to an excessive backlog of feature requests, we are not currently accepting any proposals which extend NetBox's feature scope. Do not prepend any sort of tag to your issue's title. An administrator will review your issue and assign labels as appropriate. ---> ### Issue type [x] Feature request <!-- An enhancement of existing functionality --> [ ] Bug report <!-- Unexpected or erroneous behavior --> [ ] Documentation <!-- A modification to the documentation --> <!-- Please describe the environment in which you are running NetBox. (Be sure to verify that you are running the latest stable release of NetBox before submitting a bug report.) If you are submitting a bug report and have made any changes to the code base, please first validate that your bug can be recreated while running an official release. --> ### Environment * Python version: 3.5.4 <!-- Example: 3.5.4 --> * NetBox version: 2.1.3 <!-- Example: 2.1.3 --> <!-- BUG REPORTS must include: * A list of the steps needed for someone else to reproduce the bug * A description of the expected and observed behavior * Any relevant error messages (screenshots may also help) FEATURE REQUESTS must include: * A detailed description of the proposed functionality * A use case for the new feature * A rough description of any necessary changes to the database schema * Any relevant third-party libraries which would be needed --> ### Description Please implement a way to pass SSH credentials to the Napalm module via the web interface or login creds. I require a dynamic way to pass the --user and --password Naplam values to the module. My goal is to hookup NetBox to LDAP therefore allowing users to auth with NetBox and query devices using Napalm with the same creds. Thanks,
adam added the status: acceptedtype: feature labels 2025-12-29 16:34:55 +01:00
adam closed this issue 2025-12-29 16:34:55 +01:00
adam commented 2025-12-29 16:34:55 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jun 7, 2018):

I require a dynamic way to pass the --user and --password Naplam values to the module.

What is the modification being proposed?

@jeremystretch commented on GitHub (Jun 7, 2018): > I require a dynamic way to pass the --user and --password Naplam values to the module. What is the modification being proposed?
adam commented 2025-12-29 16:34:55 +01:00
Author
Owner
Copy Link

@hdinthkld commented on GitHub (Jun 24, 2018):

Could the device details be edited to provide an option to specify a "secret" that is defined in NetBox that can then be passed to NAPALM?

I don't believe applying such a setting anywhere other than per-device makes much other sense, unless a "Device Group" feature is implemented in the future.

This would be very scaleable as if the login is used across a range of devices (such as per-customer), editing it in one place (say when the RADIUS/TACACS password is updated) and then all devices that it applies to, NAPALM will use the correct details.

Thanks for putting together such a great tool...keep these improvements coming.

@hdinthkld commented on GitHub (Jun 24, 2018): Could the device details be edited to provide an option to specify a "secret" that is defined in NetBox that can then be passed to NAPALM? I don't believe applying such a setting anywhere other than per-device makes much other sense, unless a "Device Group" feature is implemented in the future. This would be very scaleable as if the login is used across a range of devices (such as per-customer), editing it in one place (say when the RADIUS/TACACS password is updated) and then all devices that it applies to, NAPALM will use the correct details. Thanks for putting together such a great tool...keep these improvements coming.
adam commented 2025-12-29 16:34:56 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jul 18, 2018):

Could the device details be edited to provide an option to specify a "secret" that is defined in NetBox that can then be passed to NAPALM?

You would still need to pass an active session key to NetBox to unlock the secret so that its plaintext value can be fed to NAPALM. I don't think that will work for a GET API request, since we need to keep any sensitive data out of the query string. So, we would need to extend the NAPALM API endpoint to accept POST requests as well.

This might be okay for the API request, but I'm not a fan of extending the device model to point to a secret to use for NAPALM. That feels very hacky, and would be difficult to manage at scale.

@jeremystretch commented on GitHub (Jul 18, 2018): > Could the device details be edited to provide an option to specify a "secret" that is defined in NetBox that can then be passed to NAPALM? You would still need to pass an active session key to NetBox to unlock the secret so that its plaintext value can be fed to NAPALM. I don't think that will work for a GET API request, since we need to keep any sensitive data out of the query string. So, we would need to extend the NAPALM API endpoint to accept POST requests as well. This might be okay for the API request, but I'm not a fan of extending the device model to point to a secret to use for NAPALM. That feels very hacky, and would be difficult to manage at scale.
adam commented 2025-12-29 16:34:56 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Aug 1, 2018):

An alternative to using POST requests would be to pass the username and password as HTTP headers. For example:

curl \
-H "Authorization: Token <TOKEN>" \
-H "NAPALM-Username: <USERNAME>" \
-H "NAPALM-Password: <PASSWORD>" \
-H "Content-Type: application/json" \
-H "Accept: application/json; indent=4" \
https://netbox/api/dcim/devices/<PK>/napalm/?method=get_facts

The provided parameters would override the statically configured credentials. This approach could be extended to support other arguments as well.

@jeremystretch commented on GitHub (Aug 1, 2018): An alternative to using POST requests would be to pass the username and password as HTTP headers. For example: ``` curl \ -H "Authorization: Token <TOKEN>" \ -H "NAPALM-Username: <USERNAME>" \ -H "NAPALM-Password: <PASSWORD>" \ -H "Content-Type: application/json" \ -H "Accept: application/json; indent=4" \ https://netbox/api/dcim/devices/<PK>/napalm/?method=get_facts ``` The provided parameters would override the statically configured credentials. This approach could be extended to support other arguments as well.
adam commented 2025-12-29 16:34:56 +01:00
Author
Owner
Copy Link

@tb-killa commented on GitHub (May 20, 2019):

we are currently running into exactly the same problem described above and asking for a possible solution period or a way to "bypass" the issue at the moment ?

We use different static usernames and passwords for different devices.

How about getting the usernames and passwords from the "Contextual Configuration Data" ?

@tb-killa commented on GitHub (May 20, 2019): we are currently running into exactly the same problem described above and asking for a possible solution period or a way to "bypass" the issue at the moment ? We use different static usernames and passwords for different devices. How about getting the usernames and passwords from the "Contextual Configuration Data" ?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label status: accepted type: feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#1743
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?