Unable to read configs with netbox-secrets plugin enabled

[notscottsmith]

NetBox version v3.7.8

Describe the bug

An exception occurred: AttributeError: 'Logger' object has no attribute 'log_failure'

Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.11/site-packages/netbox_config_diff/compliance/secrets.py", line 34, in get_master_key
    self.master_key = sk.get_master_key(self.session_key)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox/venv/lib/python3.11/site-packages/netbox_secrets/models/secrets.py", line 198, in get_master_key
    raise InvalidKey("Invalid session key")
netbox_secrets.exceptions.InvalidKey: Invalid session key

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/netbox/netbox/extras/scripts.py", line 537, in _run_script
    script.output = script.run(data=data, commit=commit)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/etc/netbox/scripts/config_diff.py", line 12, in run
    self.run_script(data)
  File "/opt/netbox/venv/lib/python3.11/site-packages/netbox_config_diff/compliance/base.py", line 64, in run_script
    devices = list(self.get_devices_with_rendered_configs(devices))
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox/venv/lib/python3.11/site-packages/netbox_config_diff/compliance/base.py", line 130, in get_devices_with_rendered_configs
    self.check_netbox_secrets()
  File "/opt/netbox/venv/lib/python3.11/site-packages/netbox_config_diff/compliance/secrets.py", line 69, in check_netbox_secrets
    self.get_master_key()
  File "/opt/netbox/venv/lib/python3.11/site-packages/netbox_config_diff/compliance/secrets.py", line 37, in get_master_key
    self.logger.log_failure(f"Can't fetch master_key: {str(e)}")
    ^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Logger' object has no attribute 'log_failure'

To Reproduce I've got netbox-secrets enabled and in use (I use it in conjunction with rancid and another python script to retrieve secrets). I have also configured the config-diff script to use a git data source rather than connecting to the device directly (different networks, it's not going to have direct access to the devices). I've configured the USERNAME and PASSWORD variables in the NETBOX_PLUGIN and the USER_SECRET_ROLE and PASSWORD_SECRET_ROLE as the name of the role itself - in this case it's "Credentials", is that correct? The documentation isn't clear (for me, anyway).

From what I understand, to retrieve a secret, you need an active session key, which can only be retrieved by sending a POST to /api/plugins/secrets/get-session-key/ with a "private_key" JSON payload. I'm not sure your code is doing that, thus not retrieving the session key successfully.

[notscottsmith]

I went back and re-read the error message again and noticed that it was to do with a logger reference and not the secrets (I jumped the gun, of sorts).

I changed line 37 of secrets.py from: self.logger.log_failure(f"Can't fetch master_key: {str(e)}")

to: self.log_failure(f"Can't fetch master_key: {str(e)}")

and it runs through the process just fine and reports a compliance issue.

However, the diff isn't rendering on the device page:

It is detecting the actual config vs rendered config in the config compliance area of the plugin, so it's finding them both just fine but the "diff" is empty.

[miaow2]

Hi @notscottsmith thanks for opening issue, I will fix this

[miaow2]

Hi @notscottsmith, I've pushed the fix to develop branch. Also, I made some optimizations when using data source with backups, script will not get creds from plugin variables or netbox secrets, so you don't have to specify variables USER_SECRET_ROLE and PASSWORD_SECRET_ROLE.

It all will be available in the next release 2.5.0.