starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Allow definition of webhook headers in configuration.py #8733

New Issue
Closed
opened 2025-12-29 20:40:31 +01:00 by adam · 4 comments
adam commented 2025-12-29 20:40:31 +01:00
Owner
Copy Link

Originally created by @aronjohanns on GitHub (Oct 9, 2023).

NetBox version

v3.6.3

Feature type

New functionality

Proposed functionality

Allow users to define webhook headers in configuration.py. Add a field in the webhook form that allows the user to select a header by name (not exposing the contents of the header). The header would then be added to the request when the webhook is processed.

Example in configuration.py

WEBHOOK_HEADERS = [
    {
       "name": "librenms",
       "header": "{"some-key": "some-value"}
    }
]

This could be extended in the future to support base url for webhook endpoints. Allowing users to easily switch the base url for example development and production instances using the configuration.py file.

Use case

Right now the only reason I am not using webhooks in my netbox instance is because I would need to define the headers in every webhook and any senstive data would be visible in clear text. Many headers also include api tokens that expire and I would have to go to each webhook to update the token.

Making these changes I would be able to use environment variable for sensitve data and the header would not be shown in the UI.

Database changes

Some changes probably required depending on implementation

External dependencies

No external dependencies

Originally created by @aronjohanns on GitHub (Oct 9, 2023). ### NetBox version v3.6.3 ### Feature type New functionality ### Proposed functionality Allow users to define webhook headers in configuration.py. Add a field in the webhook form that allows the user to select a header by name (not exposing the contents of the header). The header would then be added to the request when the webhook is processed. Example in configuration.py ```python WEBHOOK_HEADERS = [ { "name": "librenms", "header": "{"some-key": "some-value"} } ] ``` This could be extended in the future to support base url for webhook endpoints. Allowing users to easily switch the base url for example development and production instances using the configuration.py file. ### Use case Right now the only reason I am not using webhooks in my netbox instance is because I would need to define the headers in every webhook and any senstive data would be visible in clear text. Many headers also include api tokens that expire and I would have to go to each webhook to update the token. Making these changes I would be able to use environment variable for sensitve data and the header would not be shown in the UI. ### Database changes Some changes probably required depending on implementation ### External dependencies No external dependencies
adam added the type: featurepending closure labels 2025-12-29 20:40:31 +01:00
adam closed this issue 2025-12-29 20:40:32 +01:00
adam commented 2025-12-29 20:40:32 +01:00
Author
Owner
Copy Link

@arthanson commented on GitHub (Dec 7, 2023):

After discussion with Jeremy, this sounds more like it is leaning towards defining the header fields in the database instead of configuration.py, but would need to be discussed / fleshed out more. Also note #14345 which is related.

Rough outline:

  • have webhook headers defined in a DB table {name: value}
  • Have some of them secure? so secrets can be hidden from read-only users
  • provide these in the jinja2 context so they can be referenced in the additional_headers for inclusion

For Discussion:

For simplicity we can probably make the whole table just protected instead of individual fields as these shouldn't be changing much. i.e. security on the table itself instead of each field?

There should also probably be a way to easily reference a set of these for a webhook so you don't have to reference several common ones for each webhook, but that might be overkill.

@arthanson commented on GitHub (Dec 7, 2023): After discussion with Jeremy, this sounds more like it is leaning towards defining the header fields in the database instead of configuration.py, but would need to be discussed / fleshed out more. Also note #14345 which is related. Rough outline: * have webhook headers defined in a DB table {name: value} * Have some of them secure? so secrets can be hidden from read-only users * provide these in the jinja2 context so they can be referenced in the additional_headers for inclusion For Discussion: For simplicity we can probably make the whole table just protected instead of individual fields as these shouldn't be changing much. i.e. security on the table itself instead of each field? There should also probably be a way to easily reference a set of these for a webhook so you don't have to reference several common ones for each webhook, but that might be overkill.
adam commented 2025-12-29 20:40:32 +01:00
Author
Owner
Copy Link

@aronjohanns commented on GitHub (Dec 8, 2023):

After discussion with Jeremy, this sounds more like it is leaning towards defining the header fields in the database instead of configuration.py, but would need to be discussed / fleshed out more. Also note #14345 which is related.

IMO it would be better if it could be loaded from configuration.py and not stored in database for security reasons. We would also be able to use environment variables to define the values for the header. The downside is that the webhook table would then be weakly referencing something that is not in the database. There would be no cascading effect if the header is removed from configuration. But defining them in database table would be better then current setup.

  • Have some of them secure? so secrets can be hidden from read-only users
  • provide these in the jinja2 context so they can be referenced in the additional_headers for inclusion

What I had in mind is that the pre defined headers would be rendered in the frontend with multiple choice field using the name or a label for the header but the value would not be in the rendered template. Then when the webhook is processed the header and the value is added to the request.

There should also probably be a way to easily reference a set of these for a webhook so you don't have to reference several common ones for each webhook, but that might be overkill.

I don't mind having to individually select the headers for each webhook. But if I change the value for a header, I would want all webhooks that use that header to use the updated value without going to individual webhooks and updating the values of the headers.

@aronjohanns commented on GitHub (Dec 8, 2023): > After discussion with Jeremy, this sounds more like it is leaning towards defining the header fields in the database instead of configuration.py, but would need to be discussed / fleshed out more. Also note #14345 which is related. IMO it would be better if it could be loaded from configuration.py and not stored in database for security reasons. We would also be able to use environment variables to define the values for the header. The downside is that the webhook table would then be weakly referencing something that is not in the database. There would be no cascading effect if the header is removed from configuration. But defining them in database table would be better then current setup. > * Have some of them secure? so secrets can be hidden from read-only users > * provide these in the jinja2 context so they can be referenced in the additional_headers for inclusion What I had in mind is that the pre defined headers would be rendered in the frontend with multiple choice field using the name or a label for the header but the value would not be in the rendered template. Then when the webhook is processed the header and the value is added to the request. > There should also probably be a way to easily reference a set of these for a webhook so you don't have to reference several common ones for each webhook, but that might be overkill. I don't mind having to individually select the headers for each webhook. But if I change the value for a header, I would want all webhooks that use that header to use the updated value without going to individual webhooks and updating the values of the headers.
adam commented 2025-12-29 20:40:33 +01:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Mar 8, 2024):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. NetBox is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. Do not attempt to circumvent this process by "bumping" the issue; doing so will result in its immediate closure and you may be barred from participating in any future discussions. Please see our contributing guide.

@github-actions[bot] commented on GitHub (Mar 8, 2024): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. NetBox is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. **Do not** attempt to circumvent this process by "bumping" the issue; doing so will result in its immediate closure and you may be barred from participating in any future discussions. Please see our [contributing guide](https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md).
adam commented 2025-12-29 20:40:33 +01:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (May 15, 2024):

This issue has been automatically closed due to lack of activity. In an effort to reduce noise, please do not comment any further. Note that the core maintainers may elect to reopen this issue at a later date if deemed necessary.

@github-actions[bot] commented on GitHub (May 15, 2024): This issue has been automatically closed due to lack of activity. In an effort to reduce noise, please do not comment any further. Note that the core maintainers may elect to reopen this issue at a later date if deemed necessary.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label pending closure type: feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#8733
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?