search

netbox-community / netbox

The premier source of truth powering network automation. Open source under Apache 2. Try NetBox Cloud free: https://netboxlabs.com/free-netbox-cloud/
http://netboxlabs.com/oss/netbox/
Apache License 2.0
16.03k stars 2.57k forks source link

Introduce a custom permission action for rendering configuration templates #16681

Open jeremystretch opened 4 months ago

jeremystretch commented 4 months ago

NetBox version

v4.0.5

Feature type

Change to existing functionality

Proposed functionality

Rendering a configuration template for a device or virtual machine will require a new custom permission action, render_config.

Currently, rendering a configuration template via the UI does not require any permissions beyond view for the relevant object type (e.g. dcim.view_device). However, rendering a configuration template via the REST API currently requires the add permission (e.g. dcim.add_device). While the requirement for write permission makes sense for API calls (because we're accepting and processing arbitrary user data), the specific permission for creating devices does not and has been captured as a bug in #14634.

Use case

This new permission action can be used to allow config rendering via the REST API without needing to grant users permission to create new devices/VMs.

Database changes

None

External dependencies

None

jeremystretch commented 4 months ago

Tagging #14400 as related

mraerino commented 1 month ago

could we do the same for the /api/extras/config-templates/{id}/render/ route? it seems logical since both of them basically have the same implications and similar use cases. only difference is that this API route does not require any permissions on a device, just on the template itself