Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netbox 3.0 or 3.0.2 #45

Open
RyanMesser opened this issue Sep 17, 2021 · 20 comments
Open

Netbox 3.0 or 3.0.2 #45

RyanMesser opened this issue Sep 17, 2021 · 20 comments
Assignees
@jeremyschulman
Labels
close-planned under-review In review discussions

Comments

@RyanMesser
Copy link

Hi,

This plugin works fine in Netbox 2.9.11 but when updating to 3.0 or 3.0.2 I get the below error and the container doesn't start. I tried adding this to the Dockerfile but has had no effect

RUN sed -i 's/base64.decodestring/base64.decodebytes/g' /opt/netbox/venv/lib/python3.9/site-packages/saml2/saml.py

The error I get in the logs is the below
File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/saml.py", line 91, in ,
_b64_encode_fn = getattr(base64, 'encodebytes', base64.encodestring)

Any ideas on what I could do to fix?
@duviful
Copy link

duviful commented Sep 20, 2021

Hello,
Same problem for me on NetBox v3.0.2 (image built from a custom Dockerfile)

AttributeError: module 'base64' has no attribute 'decodestring'

I'm available for testing and troubleshooting.
Thanks

@maekee
Copy link

maekee commented Sep 24, 2021

"If using NetBox's built-in remote authentication backend, update REMOTE_AUTH_BACKEND to 'netbox.authentication.RemoteUserBackend', as the authentication class has moved."

https://netbox.readthedocs.io/en/stable/release-notes/version-2.9/#configuration-changes

@duviful
Copy link

duviful commented Sep 27, 2021

I'm using the plugin to handle SAML authentication and not the build-in auth backend, this is a snippet of the extra.py file working with v2.11

REMOTE_AUTH_BACKEND = "django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend"
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = 'Viewers'
REMOTE_AUTH_DEFAULT_PERMISSIONS= 'None'

PLUGINS = ['django3_saml2_nbplugin']
PLUGINS_CONFIG = {
    'django3_saml2_nbplugin': {
        'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,

your suggestion is to change REMOTE_AUTH_BACKEND from django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend to netbox.authentication.RemoteUserBackend?

wouldn't it just revert to the built-in auth and lose SAML functionalities?

@RyanMesser
Copy link
Author

I'm using the plugin to handle SAML authentication and not the build-in auth backend, this is a snippet of the extra.py file working with v2.11

REMOTE_AUTH_BACKEND = "django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend"
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = 'Viewers'
REMOTE_AUTH_DEFAULT_PERMISSIONS= 'None'

PLUGINS = ['django3_saml2_nbplugin']
PLUGINS_CONFIG = {
    'django3_saml2_nbplugin': {
        'AUTHENTICATION_BACKEND': REMOTE_AUTH_BACKEND,

your suggestion is to change REMOTE_AUTH_BACKEND from django3_saml2_nbplugin.backends.SAML2CustomAttrUserBackend to netbox.authentication.RemoteUserBackend?

wouldn't it just revert to the built-in auth and lose SAML functionalities?

I concur with this, how does this modification effect that this plugin doesn't build when using Netbox 3.0.2 ?

@jacobhrussell
Copy link

I am also getting the AttributeError: module 'base64' has no attribute 'decodestring' error after upgrading to v3 and using netbox-docker. Looks like decodestring has been deprecated and is finally causing some issues — you can read more about it on this SO question and also from the Python docs. Latest netbox-docker image uses alpine with python at 3.9 I believe.

I think the root issue is the pysaml2 dependency used in django3-auth-saml2 which is in turn used by the plugin:

File "/opt/netbox/venv/lib/python3.9/site-packages/django3_auth_saml2/urls.py", line 3, in <module>
from . import views
File "/opt/netbox/venv/lib/python3.9/site-packages/saml2/saml.py", line 90, in <module>
_b64_decode_fn = getattr(base64, 'decodebytes', base64.decodestring)

Looks like pysaml2 was updated by dependabot in the django3-auth-saml2 repo, but there hasn't been a release to pypi since then per this issue. Maybe go give that issue some love! Maintainer just might now know this is an issue since NetBox v3 is still relatively new.

@jacobhrussell
Copy link

This solution will depend on your deployment, but I was able to resolve the issue by adding RUN /opt/netbox/venv/bin/pip install pysaml2==6.5.0 -U to the end of my Dockerfile-Plugins.

It will give you the following error when you build the image:

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
django3-auth-saml2 0.2.0 requires pysaml2==5.0.0, but you have pysaml2 6.5.0 which is incompatible.

This can be ignored as far as I can tell. Once the new version of django3-auth-saml2 is pushed to pypi this should go away.

@RyanMesser
Copy link
Author

This solution will depend on your deployment, but I was able to resolve the issue by adding RUN /opt/netbox/venv/bin/pip install pysaml2==6.5.0 -U to the end of my Dockerfile-Plugins.

It will give you the following error when you build the image:

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
django3-auth-saml2 0.2.0 requires pysaml2==5.0.0, but you have pysaml2 6.5.0 which is incompatible.

This can be ignored as far as I can tell. Once the new version of django3-auth-saml2 is pushed to pypi this should go away.

Thanks, this worked for me. Got the error you mentioned on build but afterwards it seems to work fine. I've tested this on the latest version of Nextbox (3.0.7).

@jeremyschulman
Copy link
Owner

@jacobhrussell - thank you for digging into this issue and finding the root cause. There is another package that needs to be installed, which is here: https://github.com/jeremyschulman/django3-auth-saml2/blob/master/requirements.txt and that does have the pysaml2 library pinned to 6.5.0.

@jeremyschulman jeremyschulman added the under-review In review discussions label Oct 11, 2021
@jacobhrussell
Copy link

@jeremyschulman my pleasure and thanks for the awesome plugin!

@jasonbyatt
Copy link

jasonbyatt commented Nov 18, 2021
edited
Loading

Hey all

I've recently deployed Netbox 3.0.10 and I'm currently getting this issue. I upgrade pysaml2 to 6.5.0 however the problem is still occurring. Any ideas on anything else I can check? This is a pretty fresh install (not using docker)

Thanks

@devon-mar
Copy link
Contributor

Here's my Dockerfile (DockerHub). I needed to explicitly pin pysaml2 to 6.5.2 to get it to work.

@devon-mar devon-mar mentioned this issue Dec 2, 2021
Open
@celldara
Copy link

celldara commented Dec 2, 2021

for those of us not using Docker and who must have repeatable Ansible scripts, these workarounds are not a proper method to solve this. We need a proper solution (django3-auth-saml2 updated in pypi to support pysaml2 >= 6.5.2 (latest is 7.1.0). I'm also not able to pull from github due to airgapped servers and have to rely on replicated pypi repo, so if it isn't in pypi, I can't use it.

@jeremyschulman
Copy link
Owner

@celldara - I can fix this. I think the right thing to do is to unpin the version of pysaml2 in the django3-auth-saml2 repo. If I did that then I believe you would most likely need to install pysaml2 first with the version you need, and then install the django3 repo. Would that approach work for you?

@jeremyschulman jeremyschulman self-assigned this Dec 2, 2021
@celldara
Copy link

celldara commented Dec 2, 2021
edited
Loading

@jeremyschulman as long as it makes it into the pypi repository. I can only use it if it is pushed to pypi. You already have a version that supports pysaml2==6.5.0 but it isn't pushed to pypi either.

Maybe set a minimum version of 6.5.2 (which seems to work with Python 3.9) and let it match at least that

@jeremyschulman
Copy link
Owner

jeremyschulman commented Dec 2, 2021 via email

@celldara
Copy link

celldara commented Dec 2, 2021

Thank you. I was dreading doing the SAML2 auth to NetBox when I found your solution. Much nicer than doing it in Apache using mod_auth_mellon.

@jeremyschulman
Copy link
Owner

@celldara - ok, I just pushed a version of django repo that sets saml2 to >= 6.5.0. The new release version is 0.2.1. Please give that a try and let me know if that works for you; or if not we can work through the issues.

@celldara
Copy link

celldara commented Dec 2, 2021

I'll have to wait for the pypi repo to replicate here. I still have lots of work to finish up on what is needed to migrate our old data to the new servers, so it may be a couple days before I test.

@celldara
Copy link

celldara commented Dec 3, 2021

@jeremyschulman The new version pushed to pypi worked great. It allowed install of pysaml2 7.1.0 (it just installed the latest version by default without having to specify a version). SAML2 Auth with Azure SSO works great with Python 3.9 now. Thanks

@jeremyschulman
Copy link
Owner

@celldara - excellent. I would like to close this issue @RyanMesser. Would that be AOK with you?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeremyschulman jeremyschulman

Labels
close-planned under-review In review discussions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@jeremyschulman @maekee @jasonbyatt @devon-mar @jacobhrussell @duviful @celldara @RyanMesser