starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Allow jinja2 code in webhook payload_url #5913

New Issue
Closed
opened 2025-12-29 19:34:09 +01:00 by adam · 7 comments
adam commented 2025-12-29 19:34:09 +01:00
Owner
Copy Link

Originally created by @rodvand on GitHub (Jan 9, 2022).

Originally assigned to: @rodvand on GitHub.

NetBox version

v3.1.5

Feature type

New functionality

Proposed functionality

Allow the use of jinja2 code in the webhook payload_url.

Use case

I have a custom field where I store the ID of an object in my NMS. This allows me to utilise NetBox to control my monitoring (pause monitoring if the device is set to offline as an example). The current setup requires some middleware where I POST to a generic URL and this web server again make a call to the REST API of the monitoring system using the ID in the custom field from the payload data. If I could reference the obj.cf_nms_id directly in the payload_url it would allow me to skip this middleware.

The payload_url would have to be generated on each webhook event.

Database changes

None

External dependencies

No response

Originally created by @rodvand on GitHub (Jan 9, 2022). Originally assigned to: @rodvand on GitHub. ### NetBox version v3.1.5 ### Feature type New functionality ### Proposed functionality Allow the use of jinja2 code in the webhook payload_url. ### Use case I have a custom field where I store the ID of an object in my NMS. This allows me to utilise NetBox to control my monitoring (pause monitoring if the device is set to offline as an example). The current setup requires some middleware where I POST to a generic URL and this web server again make a call to the REST API of the monitoring system using the ID in the custom field from the payload data. If I could reference the obj.cf_nms_id directly in the payload_url it would allow me to skip this middleware. The payload_url would have to be generated on each webhook event. ### Database changes None ### External dependencies _No response_
adam added the status: acceptedtype: feature labels 2025-12-29 19:34:09 +01:00
adam closed this issue 2025-12-29 19:34:09 +01:00
adam commented 2025-12-29 19:34:10 +01:00
Author
Owner
Copy Link

@rodvand commented on GitHub (Jan 9, 2022):

I've had a quick look in the code and you could probably extend the Webhook model with a method

def render_payload_url(self, context):
        """
        Render the payload_url
        """
        return render_jinja2(self.payload_url, context)

and then reference it in the method f94c1e91ea/netbox/extras/webhooks_worker.py (L31) to get the generated URL.

If the FR is ok and accepted I can provide a PR for consideration.

@rodvand commented on GitHub (Jan 9, 2022): I've had a quick look in the code and you could probably extend the Webhook model with a method ``` def render_payload_url(self, context): """ Render the payload_url """ return render_jinja2(self.payload_url, context) ``` and then reference it in the method https://github.com/netbox-community/netbox/blob/f94c1e91ea20c805528125407193371476ccbcd8/netbox/extras/webhooks_worker.py#L31 to get the generated URL. If the FR is ok and accepted I can provide a PR for consideration.
adam commented 2025-12-29 19:34:10 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jan 10, 2022):

The current setup requires some middleware where I POST to a generic URL and this web server again make a call to the REST API of the monitoring system using the ID in the custom field from the payload data.

Just as illustration for the use case, I take it you want to do something like this?

POST https://nms.local/devices/{{ object.cf.nms_id }}/edit/

Makes sense to me. My only concern is the potential for conflict with existing URLs if we enable Jinja2 rendering (for example, if someone has a URL defined that is evaluated as invalid Jinja2 code), although I'd expect such instances to be very rare.

@jeremystretch commented on GitHub (Jan 10, 2022): > The current setup requires some middleware where I POST to a generic URL and this web server again make a call to the REST API of the monitoring system using the ID in the custom field from the payload data. Just as illustration for the use case, I take it you want to do something like this? ``` POST https://nms.local/devices/{{ object.cf.nms_id }}/edit/ ``` Makes sense to me. My only concern is the potential for conflict with existing URLs if we enable Jinja2 rendering (for example, if someone has a URL defined that is evaluated as invalid Jinja2 code), although I'd expect such instances to be very rare.
adam commented 2025-12-29 19:34:10 +01:00
Author
Owner
Copy Link

@rodvand commented on GitHub (Jan 10, 2022):

The current setup requires some middleware where I POST to a generic URL and this web server again make a call to the REST API of the monitoring system using the ID in the custom field from the payload data.

Just as illustration for the use case, I take it you want to do something like this?


POST https://nms.local/devices/{{ object.cf.nms_id }}/edit/

Yes, that's pretty much exactly my use case

Makes sense to me. My only concern is the potential for conflict with existing URLs if we enable Jinja2 rendering (for example, if someone has a URL defined that is evaluated as invalid Jinja2 code), although I'd expect such instances to be very rare.

I thought about the same thing, but couldn't really wrap my head around how a URL like that would look.

@rodvand commented on GitHub (Jan 10, 2022): > > The current setup requires some middleware where I POST to a generic URL and this web server again make a call to the REST API of the monitoring system using the ID in the custom field from the payload data. > > > > Just as illustration for the use case, I take it you want to do something like this? > > > > ``` > > POST https://nms.local/devices/{{ object.cf.nms_id }}/edit/ > > ``` Yes, that's pretty much exactly my use case > > > Makes sense to me. My only concern is the potential for conflict with existing URLs if we enable Jinja2 rendering (for example, if someone has a URL defined that is evaluated as invalid Jinja2 code), although I'd expect such instances to be very rare. I thought about the same thing, but couldn't really wrap my head around how a URL like that would look.
adam commented 2025-12-29 19:34:10 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jan 10, 2022):

I thought about the same thing, but couldn't really wrap my head around how a URL like that would look.

I've learned never to underestimate the bizarre ways in which some enterprise application will abuse URL query parameters. 😆 But maybe it would be sufficient to gate this change in a milestone release (e.g. v3.2 or v3.3).

@jeremystretch commented on GitHub (Jan 10, 2022): > I thought about the same thing, but couldn't really wrap my head around how a URL like that would look. I've learned never to underestimate the bizarre ways in which some enterprise application will abuse URL query parameters. :laughing: But maybe it would be sufficient to gate this change in a milestone release (e.g. v3.2 or v3.3).
adam commented 2025-12-29 19:34:10 +01:00
Author
Owner
Copy Link

@geor-g commented on GitHub (Jan 11, 2022):

This could potentially be gated via a config option, to lower potential risks, and make this opt-int; although I believe the risk is low in any case.

@geor-g commented on GitHub (Jan 11, 2022): This could potentially be gated via a config option, to lower potential risks, and make this opt-int; although I believe the risk is low in any case.
adam commented 2025-12-29 19:34:11 +01:00
Author
Owner
Copy Link

@rodvand commented on GitHub (Jan 12, 2022):

I thought about the same thing, but couldn't really wrap my head around how a URL like that would look.

I've learned never to underestimate the bizarre ways in which some enterprise application will abuse URL query parameters. 😆 But maybe it would be sufficient to gate this change in a milestone release (e.g. v3.2 or v3.3).

I agree it would make sense to add this potential breaking change to a milestone release. If it breaks an URL it should just be some small adjustments to make it work with jinja2.

@rodvand commented on GitHub (Jan 12, 2022): > > I thought about the same thing, but couldn't really wrap my head around how a URL like that would look. > > I've learned never to underestimate the bizarre ways in which some enterprise application will abuse URL query parameters. 😆 But maybe it would be sufficient to gate this change in a milestone release (e.g. v3.2 or v3.3). I agree it would make sense to add this potential breaking change to a milestone release. If it breaks an URL it should just be some small adjustments to make it work with jinja2.
adam commented 2025-12-29 19:34:11 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jan 12, 2022):

@rodvand assigning this to you since you volunteered earlier. Just be sure to work off of the feature branch. (Or just let me know if you'd prefer I take it.) Thanks!

@jeremystretch commented on GitHub (Jan 12, 2022): @rodvand assigning this to you since you volunteered earlier. Just be sure to work off of the `feature` branch. (Or just let me know if you'd prefer I take it.) Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label status: accepted type: feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#5913
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?