Closed notscottsmith closed 2 months ago
I went back and re-read the error message again and noticed that it was to do with a logger reference and not the secrets (I jumped the gun, of sorts).
I changed line 37 of secrets.py from:
self.logger.log_failure(f"Can't fetch master_key: {str(e)}")
to:
self.log_failure(f"Can't fetch master_key: {str(e)}")
and it runs through the process just fine and reports a compliance issue.
However, the diff isn't rendering on the device page:
It is detecting the actual config vs rendered config in the config compliance area of the plugin, so it's finding them both just fine but the "diff" is empty.
Hi @notscottsmith thanks for opening issue, I will fix this
Hi @notscottsmith, I've pushed the fix to develop branch. Also, I made some optimizations when using data source with backups, script will not get creds from plugin variables or netbox secrets, so you don't have to specify variables USER_SECRET_ROLE and PASSWORD_SECRET_ROLE.
It all will be available in the next release 2.5.0.
NetBox version v3.7.8
Describe the bug
To Reproduce I've got netbox-secrets enabled and in use (I use it in conjunction with rancid and another python script to retrieve secrets). I have also configured the config-diff script to use a git data source rather than connecting to the device directly (different networks, it's not going to have direct access to the devices). I've configured the USERNAME and PASSWORD variables in the NETBOX_PLUGIN and the USER_SECRET_ROLE and PASSWORD_SECRET_ROLE as the name of the role itself - in this case it's "Credentials", is that correct? The documentation isn't clear (for me, anyway).
From what I understand, to retrieve a secret, you need an active session key, which can only be retrieved by sending a POST to /api/plugins/secrets/get-session-key/ with a "private_key" JSON payload. I'm not sure your code is doing that, thus not retrieving the session key successfully.