netbox-toolkit-plugin 0.1.0__py3-none-any.whl

netbox_toolkit/api/views/commands.py

@@ -0,0 +1,267 @@
+"""
+API ViewSet for Command resources
+"""
+from rest_framework import status
+from rest_framework.decorators import action
+from rest_framework.response import Response
+from django.db import transaction
+from drf_spectacular.utils import extend_schema_view
+from dcim.models import Device
+from netbox.api.viewsets import NetBoxModelViewSet
+
+from ... import models, filtersets
+from ...services.command_service import CommandExecutionService
+from ...services.rate_limiting_service import RateLimitingService
+from ..serializers import CommandSerializer, CommandExecutionSerializer
+from ..mixins import APIResponseMixin, PermissionCheckMixin
+from ..schemas import (
+    COMMAND_LIST_SCHEMA,
+    COMMAND_RETRIEVE_SCHEMA,
+    COMMAND_CREATE_SCHEMA,
+    COMMAND_UPDATE_SCHEMA,
+    COMMAND_PARTIAL_UPDATE_SCHEMA,
+    COMMAND_DESTROY_SCHEMA,
+    COMMAND_EXECUTE_SCHEMA,
+    COMMAND_BULK_EXECUTE_SCHEMA,
+)
+
+
+@extend_schema_view(
+    list=COMMAND_LIST_SCHEMA,
+    retrieve=COMMAND_RETRIEVE_SCHEMA,
+    create=COMMAND_CREATE_SCHEMA,
+    update=COMMAND_UPDATE_SCHEMA,
+    partial_update=COMMAND_PARTIAL_UPDATE_SCHEMA,
+    destroy=COMMAND_DESTROY_SCHEMA,
+)
+class CommandViewSet(NetBoxModelViewSet, APIResponseMixin, PermissionCheckMixin):
+    queryset = models.Command.objects.all()
+    serializer_class = CommandSerializer
+    filterset_class = filtersets.CommandFilterSet
+    # Using custom RateLimitingService instead of generic API throttling
+    # NetBox automatically handles object-based permissions - no need for explicit permission_classes
+    
+    def get_queryset(self):
+        """NetBox will automatically filter based on user's ObjectPermissions"""
+        # NetBox's object-based permission system will automatically filter this queryset
+        # based on the user's ObjectPermissions for 'view' action on Command objects
+        return super().get_queryset()
+    
+    @COMMAND_EXECUTE_SCHEMA
+    @action(detail=True, methods=['post'], url_path='execute')
+    def execute_command(self, request, pk=None):
+        """Execute a command on a device via API"""
+        command = self.get_object()
+        
+        # Validate input using serializer
+        execution_serializer = CommandExecutionSerializer(data=request.data)
+        if not execution_serializer.is_valid():
+            return Response(
+                {
+                    'error': 'Invalid input data',
+                    'details': execution_serializer.errors
+                },
+                status=status.HTTP_400_BAD_REQUEST
+            )
+        
+        validated_data = execution_serializer.validated_data
+        device_id = validated_data['device_id']
+        username = validated_data['username']
+        password = validated_data['password']
+        
+        # Get device object
+        try:
+            device = Device.objects.get(id=device_id)
+        except Device.DoesNotExist:
+            return Response(
+                {'error': f'Device with ID {device_id} not found'},
+                status=status.HTTP_404_NOT_FOUND
+            )
+        
+        # Check permissions based on command type using NetBox's object-based permissions
+        if command.command_type == 'config':
+            if not self._user_has_action_permission(request.user, command, 'execute_config'):
+                return Response(
+                    {'error': 'You do not have permission to execute configuration commands'}, 
+                    status=status.HTTP_403_FORBIDDEN
+                )
+        elif command.command_type == 'show':
+            if not self._user_has_action_permission(request.user, command, 'execute_show'):
+                return Response(
+                    {'error': 'You do not have permission to execute show commands'}, 
+                    status=status.HTTP_403_FORBIDDEN
+                )
+        
+        # Check custom rate limiting (device-specific with bypass rules)
+        rate_limiting_service = RateLimitingService()
+        rate_limit_check = rate_limiting_service.check_rate_limit(device, request.user)
+        
+        if not rate_limit_check['allowed']:
+            return Response(
+                {
+                    'error': 'Rate limit exceeded',
+                    'details': {
+                        'reason': rate_limit_check['reason'],
+                        'current_count': rate_limit_check['current_count'],
+                        'limit': rate_limit_check['limit'],
+                        'time_window_minutes': rate_limit_check['time_window_minutes']
+                    }
+                },
+                status=status.HTTP_429_TOO_MANY_REQUESTS
+            )
+        
+        # Execute command using the service
+        command_service = CommandExecutionService()
+        result = command_service.execute_command_with_retry(
+            command, device, username, password, max_retries=1
+        )
+        
+        # Determine overall success - failed if either execution failed or syntax error detected
+        overall_success = result.success and not result.has_syntax_error
+        
+        # Prepare response data
+        response_data = {
+            'success': overall_success,
+            'output': result.output,
+            'error_message': result.error_message,
+            'execution_time': result.execution_time,
+            'command': {
+                'id': command.id,
+                'name': command.name,
+                'command_type': command.command_type
+            },
+            'device': {
+                'id': device.id,
+                'name': device.name
+            }
+        }
+        
+        # Add syntax error information if detected
+        if result.has_syntax_error:
+            response_data['syntax_error'] = {
+                'detected': True,
+                'type': result.syntax_error_type,
+                'vendor': result.syntax_error_vendor,
+                'guidance_provided': True
+            }
+        else:
+            response_data['syntax_error'] = {
+                'detected': False
+            }
+        
+        # Add parsing information if available
+        if result.parsing_success and result.parsed_output:
+            response_data['parsed_output'] = {
+                'success': True,
+                'method': result.parsing_method,
+                'data': result.parsed_output
+            }
+        else:
+            response_data['parsed_output'] = {
+                'success': False,
+                'method': None,
+                'error': result.parsing_error
+            }
+        
+        # Return appropriate status code
+        status_code = status.HTTP_200_OK if overall_success else status.HTTP_400_BAD_REQUEST
+        
+        return Response(response_data, status=status_code)
+    
+    @COMMAND_BULK_EXECUTE_SCHEMA
+    @action(detail=False, methods=['post'], url_path='bulk-execute')
+    def bulk_execute(self, request):
+        """Execute multiple commands on multiple devices"""
+        executions = request.data.get('executions', [])
+        
+        if not executions:
+            return Response(
+                {'error': 'No executions provided'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+        
+        results = []
+        
+        with transaction.atomic():
+            for i, execution_data in enumerate(executions):
+                try:
+                    # Validate each execution
+                    command_id = execution_data.get('command_id')
+                    device_id = execution_data.get('device_id')
+                    username = execution_data.get('username')
+                    password = execution_data.get('password')
+                    
+                    if not all([command_id, device_id, username, password]):
+                        results.append({
+                            'execution_id': i + 1,
+                            'success': False,
+                            'error': 'Missing required fields'
+                        })
+                        continue
+                    
+                    # Get command and device objects
+                    try:
+                        command = models.Command.objects.get(id=command_id)
+                        device = Device.objects.get(id=device_id)
+                    except (models.Command.DoesNotExist, Device.DoesNotExist) as e:
+                        results.append({
+                            'execution_id': i + 1,
+                            'success': False,
+                            'error': f'Object not found: {str(e)}'
+                        })
+                        continue
+                    
+                    # Check permissions
+                    action = 'execute_config' if command.command_type == 'config' else 'execute_show'
+                    if not self._user_has_action_permission(request.user, command, action):
+                        results.append({
+                            'execution_id': i + 1,
+                            'success': False,
+                            'error': 'Insufficient permissions'
+                        })
+                        continue
+                    
+                    # Execute command
+                    command_service = CommandExecutionService()
+                    result = command_service.execute_command_with_retry(
+                        command, device, username, password, max_retries=1
+                    )
+                    
+                    # Create command log entry (this would typically be done by the service)
+                    log_entry = models.CommandLog.objects.create(
+                        command=command,
+                        device=device,
+                        user=request.user,
+                        output=result.output,
+                        error_message=result.error_message,
+                        execution_time=result.execution_time,
+                        success=result.success and not result.has_syntax_error
+                    )
+                    
+                    results.append({
+                        'execution_id': i + 1,
+                        'success': result.success and not result.has_syntax_error,
+                        'command_log_id': log_entry.id,
+                        'execution_time': result.execution_time
+                    })
+                    
+                except Exception as e:
+                    results.append({
+                        'execution_id': i + 1,
+                        'success': False,
+                        'error': f'Unexpected error: {str(e)}'
+                    })
+        
+        # Generate summary
+        total = len(results)
+        successful = sum(1 for r in results if r.get('success', False))
+        failed = total - successful
+        
+        return Response({
+            'results': results,
+            'summary': {
+                'total': total,
+                'successful': successful,
+                'failed': failed
+            }
+        }, status=status.HTTP_200_OK)

netbox_toolkit/config.py

@@ -0,0 +1,159 @@
+"""Configuration settings for the NetBox Toolkit plugin."""
+from typing import Dict, Any
+from django.conf import settings
+
+
+class ToolkitConfig:
+    """Configuration class for toolkit settings."""
+    
+    # Default connection timeouts
+    DEFAULT_TIMEOUTS = {
+        'socket': 15,
+        'transport': 15,
+        'ops': 30,
+        'banner': 15,
+        'auth': 15,
+    }
+    
+    # Device-specific timeout overrides
+    DEVICE_TIMEOUTS = {
+        'catalyst': {
+            'socket': 20,
+            'transport': 20,
+            'ops': 45,
+        },
+        'nexus': {
+            'socket': 25,
+            'transport': 25,
+            'ops': 60,
+        },
+    }
+    
+    # SSH transport options
+    SSH_TRANSPORT_OPTIONS = {
+        'disabled_algorithms': {
+            'kex': [],  # Don't disable any key exchange methods
+        },
+        'allowed_kex': [
+            # Modern algorithms
+            'diffie-hellman-group-exchange-sha256',
+            'diffie-hellman-group16-sha512',
+            'diffie-hellman-group18-sha512',
+            'diffie-hellman-group14-sha256',
+            # Legacy algorithms for older devices
+            'diffie-hellman-group-exchange-sha1',
+            'diffie-hellman-group14-sha1',
+            'diffie-hellman-group1-sha1',
+        ],
+    }
+    
+    # Netmiko configuration for fallback connections
+    NETMIKO_CONFIG = {
+        'banner_timeout': 20,
+        'auth_timeout': 20,
+        'global_delay_factor': 1,
+        'use_keys': False,           # Disable SSH key authentication
+        'allow_agent': False,        # Disable SSH agent
+        # Session logging (disabled by default)
+        'session_log': None,
+        # Connection options for legacy devices
+        'fast_cli': False,           # Disable for older devices
+        'session_log_record_writes': False,
+        'session_log_file_mode': 'write',
+    }
+    
+    # Retry configuration
+    RETRY_CONFIG = {
+        'max_retries': 2,
+        'retry_delay': 1,  # Reduced from 3s to 1s for faster fallback
+        'backoff_multiplier': 1.5,  # Reduced from 2 to 1.5 for faster progression
+    }
+    
+    # Fast connection test timeouts (for initial Scrapli viability testing)
+    FAST_TEST_TIMEOUTS = {
+        'socket': 8,      # Reduced from 15s to 8s for faster detection
+        'transport': 8,   # Reduced from 15s to 8s for faster detection
+        'ops': 15,        # Keep ops timeout reasonable for actual commands
+    }
+    
+    # Error patterns that should trigger immediate fallback to Netmiko
+    SCRAPLI_FAST_FAIL_PATTERNS = [
+        "No matching key exchange",
+        "No matching cipher",
+        "No matching MAC",
+        "connection not opened",
+        "Error reading SSH protocol banner",
+        "Connection refused", 
+        "Operation timed out",
+        "SSH handshake failed",
+        "Protocol version not supported",
+        "Unable to connect to port 22",
+        "Name or service not known",
+        "Network is unreachable"
+    ]
+    
+    # Platform mappings for better recognition
+    PLATFORM_ALIASES = {
+        'ios': 'cisco_ios',
+        'iosxe': 'cisco_ios',
+        'nxos': 'cisco_nxos',
+        'iosxr': 'cisco_iosxr',
+        'junos': 'juniper_junos',
+        'eos': 'arista_eos',
+    }
+    
+    @classmethod
+    def get_fast_test_timeouts(cls) -> Dict[str, int]:
+        """Get fast connection test timeouts for initial viability testing."""
+        return cls.FAST_TEST_TIMEOUTS.copy()
+    
+    @classmethod
+    def should_fast_fail_to_netmiko(cls, error_message: str) -> bool:
+        """Check if error message indicates immediate fallback to Netmiko is needed."""
+        error_lower = error_message.lower()
+        return any(pattern.lower() in error_lower for pattern in cls.SCRAPLI_FAST_FAIL_PATTERNS)
+    
+    @classmethod
+    def get_timeouts_for_device(cls, device_type_model: str = None) -> Dict[str, int]:
+        """Get timeout configuration for a specific device type."""
+        timeouts = cls.DEFAULT_TIMEOUTS.copy()
+        
+        if device_type_model:
+            model_lower = device_type_model.lower()
+            for device_keyword, custom_timeouts in cls.DEVICE_TIMEOUTS.items():
+                if device_keyword in model_lower:
+                    timeouts.update(custom_timeouts)
+                    break
+        
+        return timeouts
+    
+    @classmethod
+    def normalize_platform(cls, platform: str) -> str:
+        """Normalize platform name using aliases."""
+        if not platform:
+            return None
+        
+        platform_lower = platform.lower()
+        return cls.PLATFORM_ALIASES.get(platform_lower, platform_lower)
+    
+    @classmethod
+    def get_ssh_options(cls) -> Dict[str, Any]:
+        """Get SSH transport options."""
+        return cls.SSH_TRANSPORT_OPTIONS.copy()
+    
+    @classmethod
+    def get_retry_config(cls) -> Dict[str, int]:
+        """Get retry configuration."""
+        return cls.RETRY_CONFIG.copy()
+    
+    @classmethod
+    def get_ssh_transport_options(cls) -> Dict[str, Any]:
+        """Get SSH transport options for Scrapli."""
+        user_config = getattr(settings, 'NETBOX_TOOLKIT', {})
+        return {**cls.SSH_TRANSPORT_OPTIONS, **user_config.get('ssh_options', {})}
+    
+    @classmethod
+    def get_netmiko_config(cls) -> Dict[str, Any]:
+        """Get Netmiko configuration for fallback connections."""
+        user_config = getattr(settings, 'NETBOX_TOOLKIT', {})
+        return {**cls.NETMIKO_CONFIG, **user_config.get('netmiko', {})}

netbox_toolkit/connectors/__init__.py

@@ -0,0 +1,15 @@
+"""Connectors package for device connection logic."""
+
+from .base import BaseDeviceConnector, ConnectionConfig, CommandResult
+from .scrapli_connector import ScrapliConnector
+from .netmiko_connector import NetmikoConnector
+from .factory import ConnectorFactory
+
+__all__ = [
+    'BaseDeviceConnector',
+    'ConnectionConfig',
+    'CommandResult',
+    'ScrapliConnector',
+    'NetmikoConnector',
+    'ConnectorFactory',
+]

netbox_toolkit/connectors/base.py

@@ -0,0 +1,97 @@
+"""Base connector interface for device connections."""
+from abc import ABC, abstractmethod
+from typing import Dict, Any, Optional
+from dataclasses import dataclass
+
+from ..exceptions import DeviceConnectionError, CommandExecutionError
+
+
+@dataclass
+class ConnectionConfig:
+    """Configuration for device connections."""
+    hostname: str
+    username: str
+    password: str
+    port: int = 22
+    timeout_socket: int = 15
+    timeout_transport: int = 15
+    timeout_ops: int = 30
+    auth_strict_key: bool = False
+    transport: str = 'system'  # Default to system transport for Scrapli
+    platform: Optional[str] = None
+    extra_options: Optional[Dict[str, Any]] = None
+
+
+@dataclass
+class CommandResult:
+    """Result of command execution."""
+    command: str
+    output: str
+    success: bool
+    error_message: Optional[str] = None
+    execution_time: Optional[float] = None
+    # New fields for syntax error detection
+    has_syntax_error: bool = False
+    syntax_error_type: Optional[str] = None
+    syntax_error_vendor: Optional[str] = None
+    syntax_error_guidance: Optional[str] = None
+    # New fields for command output parsing
+    parsed_output: Optional[Dict[str, Any]] = None
+    parsing_success: bool = False
+    parsing_method: Optional[str] = None  # 'textfsm', 'genie', 'ttp'
+    parsing_error: Optional[str] = None
+
+
+class BaseDeviceConnector(ABC):
+    """Abstract base class for device connectors."""
+    
+    def __init__(self, config: ConnectionConfig):
+        self.config = config
+        self._connection = None
+    
+    @abstractmethod
+    def connect(self) -> None:
+        """Establish connection to the device."""
+        pass
+    
+    @abstractmethod
+    def disconnect(self) -> None:
+        """Close connection to the device."""
+        pass
+    
+    @abstractmethod
+    def execute_command(self, command: str, command_type: str = 'show') -> CommandResult:
+        """Execute a command on the device.
+        
+        Args:
+            command: The command string to execute
+            command_type: Type of command ('show' or 'config') for proper handling
+            
+        Returns:
+            CommandResult with execution details
+        """
+        pass
+    
+    @abstractmethod
+    def is_connected(self) -> bool:
+        """Check if connection is active."""
+        pass
+    
+    def __enter__(self):
+        """Context manager entry."""
+        self.connect()
+        return self
+    
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        """Context manager exit."""
+        self.disconnect()
+    
+    @property
+    def hostname(self) -> str:
+        """Get the hostname for this connection."""
+        return self.config.hostname
+    
+    @property
+    def platform(self) -> Optional[str]:
+        """Get the platform for this connection."""
+        return self.config.platform