[Bug]: Unable to add secrets in netbox through the API using a python script

[pmarchal25]

NetBox Secrets plugin version

v1.8.5

NetBox version

v3.5.7

Steps to Reproduce

Create a python sript as the following:

secret_key=fichero.read()

nb = pynetbox.api(url=url, token=token)

where url is the IP address of your netbox installation, token is the token associated to your user netbox to access to the >#API, and secret_key is your private_key with you can decrypt or add new secrets to netbox

session_key = nb.plugins.secrets.session_keys.create(preserve_key=True, private_key=secret_key) session = requests.Session() session.headers = {'X-Session-Key': session_key.session_key} nb.http_session = session nb.plugins.secrets.secrets.create( assigned_object_type='dcim.device', assigned_object_id=426, name="test", plaintext="1234", role=1 )

Run the script to try to add the secret. Check that the update has been done correctly.

Expected Behavior

The secret has been added correctly

Observed Behavior

I think that the problem maybe is a bug in the plugin but i am not sure. The logs show: _Traceback (most recent call last): File "prueba4.py", line 49, in session_key = nb.plugins.secrets.session_keys.create(preserve_key=True, private_key=secret_key) File "/home/ubuntu/.local/lib/python3.6/site-packages/pynetbox/core/endpoint.py", line 415, in create ).post(args[0] if args else kwargs) File "/home/ubuntu/.local/lib/python3.6/site-packages/pynetbox/core/query.py", line 357, in post return self._make_call(verb="post", data=data) File "/home/ubuntu/.local/lib/python3.6/site-packages/pynetbox/core/query.py", line 247, in make_call raise RequestError(req) pynetbox.core.query.RequestError: The request failed with code 400 Bad Request but more specific details were not returned in json. Check the NetBox Logs or investigate this exception's error attribute.

[pmarchal25]

In the netbox logs appears: [22/Aug/2023 07:38:42] "POST /api/plugins/secrets/session-keys/ HTTP/1.1" 400 38

but the changes have not been done. And if we check the change logs of netbox in the netbox interface there is not nothing about it

[pmarchal25]

I have tried to update the netbox version to 3.5.8 and still there is the same problem

[abhi1693]

You have only shown that your NetBox is showing a POST request with 400 status which is not enough for us to reproduce and fix the issue. I can only speculate as to what may be happening and try to resolve the bug but this may not even fix the issue that you are encountering as we do not have the stack trace to match with the code you have provided.

[pmarchal25]

HI abhi, i am going to look for the logs (the problem is that i don't know where are them) and i will try to show you more info about the request.

Sorry and thank you

[pmarchal25]

Hi again, i have been researching and when i try to create the session key the script returns the following output:

### Request error: No UserKey found for the current user. Traceback (most recent call last): File "prueba4.py", line 54, in session.headers = {'X-Session-Key': session_key.session_key} NameError: name 'session_key' is not defined

However, i don't know why the UserKey was not found if i used the correct private_key:

### session_key = nb.plugins.secrets.session_keys.create(preserve_key=True, private_key=secret_key)

In addition, I created the userKey and the private key is the correct (secret_key is a string that contains the private_key)..

[abhi1693]

The API token used should also be for the same user as that's how the API knows which user key to use.

Is it possible that you have used a token from another user that doesn't have a user key and a private key is from a different user?

[pmarchal25]

Hi abhi, i think that the private key gives user information to the API, and not the API token. Anyway i have checked the token and there is no link to any user (in addition, i created the token with the same user). In addition, there is only one user key created (the user is pedrojm), therefore only it's possible to use this user key, but i don't know what is the problem, maybe is something of my code but i have checked it and i think it's right...

[abhi1693]

i think that the private key gives user information to the API

I'm unsure how that's the case. Are you suggesting the code should test the private key against every user's public key to determine who the user is? That's too much computation when this information can be decoded from the token provided.

there is only one user key created (the user is pedrojm), therefore only it's possible to use this user key

It's not possible that way. What if there are more than 1 user keys created, which one would the code should be using? As stated above, its the token of the user that determines the user to be used for logic.

As per request.user there is no user key for the user in question. The default authentication is TokenAuthentication on this endpoint which adds the user to the request and hence a token is the determining factor.

See this line for clarity https://github.com/Onemind-Services-LLC/netbox-secrets/blob/master/netbox_secrets/api/views.py#L200

[pmarchal25]

Hi Abhi,

I'm unsure how that's the case. Are you suggesting the code should test the private key against every user's public key to determine who the user is? That's too much computation when this information can be decoded from the token provided.

I was wrong then. Looking the code that you sent me the token is the responsible for giving user information to the API.

It's not possible that way. What if there are more than 1 user keys created, which one would the code should be using? As stated above, its the token of the user that determines the user to be used for logic.

Yes, i think that when you create a token with a user, instantly the token associates to this user.

I have just solved the problem, the token I was using was another different belonging to an older netbox version. I close the issue. Apologies for the inconveniences and thank you so much.

Best Regards.

Pedro

[pmarchal25]

Problem solved