Model for storing secure files and reports for scripts and plugins

[jchambers2012]

NetBox version

v4.0.8

Feature type

New functionality

Proposed functionality

I am seeing if a new API can be developed that can be used by custom scripts and plugins to “publish” files in a protected and secure way. This new model should support the ability to store reports and could expire or overwrite based on the Scripts/Plugin Needs.

Use case

Today I have several scripts that generates CSV reports. One script uses complex scripts and multiple models to virtually build a new green field site so that the project team can validate the device requirements for the new site for procurement , IPAM/ASN layout for management and user networks and cabling matrix before it is committed to the database for config generation. The script today just pushes them to the “/opt/netbox/netbox/media/random uuid-security key/report name.csv” and generates a link for the script runner to go to. A separate script needs to come around every so often to clean these files up.

Database changes

A new model that supports, but is not limited to:

• pk
• uuid – a random UUID that could be used to “bypass” the View permission if the requesting user does not have access to view all reports generated.
• file_name
• generated by - link to the script that ran it
• requesting user that generated the report
• request ID
• File data –or—file path to the file in question
• expire date/time – None for never – default new configuration setting maybe matching CHANGELOG_RETENTION of 90 days

The model should also include the PrimaryModel so it has access to ChangeLoggingMixin, JournalingMixin and TagsMixin for reports that do not expire. The model will also need a maintenance job to purge the expired reports from the database

The model might also need a new protected storage folder if the files should not be stored in the database and the media folder is deemed not secure enough for this operation.

External dependencies

Unknown if a Django app exists today to meet this need and work seamlessly with NetBox

[jeremystretch]

It sounds like you have the beginnings of a feature request in mind, but this needs quite a bit of refinement and expansion before it can be considered for work. It's also likely better served by a custom plugin, depending on the probable additional requirements for your specific use case.

I'm converting this to a discussion; maybe others in the community can help piece together a detailed implementation proposal that serves a generic use case.

[jchambers2012]

It might still be nice to have some core utilities added to support this new protected storage in netbox-docker and netbox. This would be to add a new folder that a plugin can attach too if this is deemed to be a standalone plugin much like how media is defined today so the data can be preserved and other plugins could hook into that folder in a standardized and predictable way.

Something like:

• /opt/netbox/netbox/media/app name/model/file
• /opt/netbox/netbox/media/plugins/netbox_reports/file UUID

But I look forward to more feedback

REF:

https://github.com/netbox-community/netbox-docker/blob/release/docker-compose.yml#L17
https://github.com/netbox-community/netbox/blob/v4.0.8/netbox/netbox/settings.py#L111