Skip to content

Closes #129 - Add Source and Destination Assigned Object Support #275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 18 commits into
base: dev
Choose a base branch
from
Open

Closes #129 - Add Source and Destination Assigned Object Support #275

wants to merge 18 commits into from

Conversation

pheus
Copy link
Contributor

@pheus pheus commented Aug 18, 2025

Pull Request

Related Issue

Closes #129

New Behavior

ACL rules can now reference any of the following as source and/or destination:

  • Prefix (ipam.Prefix)
  • IP Range (ipam.IPRange)
  • IP Address (ipam.IPAddress)
  • Aggregate (ipam.Aggregate)

Implementation highlights

  • Introduces source and destination as GenericForeignKey fields backed by:
    • source_type / source_id
    • destination_type / destination_id
  • UI forms, table columns, API serializers, filtersets, and GraphQL types/filters are updated to support these generic objects.
  • Validation ensures only supported content types can be assigned.
  • Adds database indexes on (source_type, source_id) and (destination_type, destination_id) for efficient querying.
  • Comprehensive tests cover IPv4/IPv6, hosts, ranges, aggregates, and invalid combinations.

Result: You can define ACL rules directly against a single host, an arbitrary range (CIDR or IPRange object), or aggregates - without needing to create a dummy Prefix first.

Contrast to Current Behavior

  • Before: Only Prefix objects could be selected (source_prefix, destination_prefix).
  • After: source and destination accept generic objects (Prefix, IPAddress, IPRange, Aggregate) across the UI, REST API, and GraphQL.

Discussion: Benefits and Drawbacks

Benefits

  • Major usability improvement: rules can target single IPs and arbitrary ranges.
  • Eliminates the need for placeholder prefixes for “bogus” or one‑off ranges.
  • Consistent behavior across UI, REST, and GraphQL.
  • Better performance characteristics via added indexes and reduced join complexity.

Drawbacks / Risks

  • Breaking change: the old *_prefix fields are removed in favor of generic fields.
  • API/GraphQL clients using the legacy fields must update to the new schema.
  • Slightly more complex validation (ensuring allowed content types).

Compatibility

  • A data migration backfills the new generic fields from existing source_prefix / destination_prefix values to preserve behavior.
  • No change in rule evaluation semantics—only how endpoints are stored and referenced.

Changes to the Documentation

  • Update the ACL Rules section to show selecting Prefix / IP Range / IP Address / Aggregate in the forms.
  • Add REST API examples showing source_type / source_id and destination_type / destination_id.
  • Add GraphQL examples and call out the new filters for content type & object ID.
  • Add Upgrade Notes documenting the breaking field rename, the data migration, and client impacts.

Proposed Release Note Entry

  • Added: ACL rules now support generic source/destination assigned objects (Prefix, IP Range, IP Address, Aggregate), replacing the previous prefix‑only fields. Includes UI, REST, and GraphQL support.
  • Breaking: source_prefix / destination_prefix replaced by generic source / destination fields (*_type/*_id). Existing data is migrated automatically; API/GraphQL clients must update.

Migration & Upgrade Notes

  • Schema: Adds source_type/source_id and destination_type/destination_id; removes source_prefix/destination_prefix.
  • Data migration: Copies existing prefix assignments into the new generic fields to preserve behavior.
  • Indexes: Adds composite indexes over the new (type, id) pairs.
  • Client impact: API/GraphQL consumers must switch from prefix‑specific fields to the generic fields.

Double Check

  • I have explained my PR according to the information in the comments
    or in a linked issue.
  • My PR targets the dev branch.

pheus added 15 commits August 7, 2025 19:28
@pheus
feat(models): Add generic source/destination fields for ACL rules
50ad58f 
Refactors ACLStandardRule and ACLExtendedRule to support generic source
and destination fields. Introduces GenericForeignKey and related caching
for improved flexibility and performance.

BREAKING CHANGE: Updates source/destination field structures; existing
ACL data require migration.
@pheus
feat(migrations): Update ACL rule migrations for source/destination
a92f2e9 
Renames and updates fields in ACLStandardRule and ACLExtendedRule to
support generic source and destination objects. Introduces new fields,
indices, and foreign key relationships for improved flexibility and
query performance.

BREAKING CHANGE: Requires migration of existing ACL data to the new
field structure.
@pheus
feat(migrations): Add prefix assignment migration for ACL rules
d877eb4 
Introduces a data migration to copy source and destination prefix IDs
to the newly added GenericForeignKey fields in ACLStandardRule and
ACLExtendedRule. Ensures existing prefix assignments are preserved
during schema updates.
@pheus
feat(tests): Add generic object tests for ACL rules models
7387f20 
Extend test coverage for ACLStandardRule and ACLExtendedRule to include
validation of generic source and destination objects. Add scenarios for
aggregates, IP addresses, IP ranges, and validation of invalid objects.
Test updates ensure the robustness and accuracy of the new field
structure.
@pheus
feat(tables): Add generic src and dst columns for ACL rules
f2a1dc8 
Introduces new columns for source and destination with support for
generic objects in ACLStandardRule and ACLExtendedRule tables. Updates
field and default column configurations for improved flexibility
and alignment with the new data model.
@pheus
feat(filtersets): Extend filter support for ACL source/destination
3fcafb8 
Adds support for filtering by aggregates, IP addresses, and IP ranges in
both source and destination fields. Updates filter fields for better
alignment with the extended ACL rules model.
@pheus
feat(forms): Add generic source and destination fields for ACL rules
6924365 
Integrates generic object handling for source and destination fields in
ACLStandardRuleForm and ACLExtendedRuleForm. Introduces support for
content types, dynamic queries, and enhanced validation. Improves
alignment with the generic source/destination model update.
@pheus
feat(templates): Update source/destination field labels
0df9b01 
Rename labels for source and destination fields in ACL templates to
reflect the updated generic model structure. Improves clarity and
consistency with recent data model changes.
@pheus
feat(views): Update prefetch fields for ACL rules
2f1c747 
Replaces source_prefix and destination_prefix with generic source and
destination prefetches in views for ACLStandardRule and ACLExtendedRule.
Aligns view logic with the updated generic source/destination model for
better flexibility and consistency.
@pheus
feat(serializers): Add generic source/destination support
52a8f13 
Replaces source_prefix and destination_prefix with generic source and
destination fields in ACL serializers. Introduces support for content
types, dynamic querying, and enhanced validation in ACLStandardRule and
ACLExtendedRule. Aligns serializers with the generic source/destination
model for improved flexibility and consistency.
@pheus
feat(views): Improve view docstrings and adjust prefetch fields
9790043 
Updated docstrings for clarity by replacing "&" with "and" in multiple
view classes. Revised prefetch fields in ACLStandardRule and
ACLExtendedRule to align with the new generic source/destination model
changes for better consistency.
@pheus
feat(graphql): Add generic source/destination field support
dcf96d0 
Introduces generic source and destination fields in GraphQL types for
ACLStandardRule and ACLExtendedRule. Adds support for ContentType
relationships, caching related objects, and enhanced flexibility in
object handling. Aligns GraphQL implementation with the updated generic
model structure for consistency.
@pheus
feat(graphql): Add ContentType filters for ACL rules
6647390 
Introduces ContentType filtering for generic source and destination
fields in ACLStandardRule and ACLExtendedRule GraphQL filters. Adds
source_type, source_id, destination_type, and destination_id fields
to enhance filtering flexibility and alignment with generic models.
@pheus
feat(tests): Update ACL rule tests for generic fields
2b2f628 
Replaces `source_prefix` and `destination_prefix` with generic `source`
and `destination` fields in ACL rule tests. Updates test cases to
include `source_type`, `source_id`, `destination_type`, and
`destination_id` for better alignment with the updated generic model.
@pheus
fix(choices): Correct typos in docstrings for ACL choices
3732819 
Fixes multiple instances of "availble" to "available" in docstrings for
ACL action, rule action, type, and protocol choices. Ensures
documentation accuracy and readability.
@pheus pheus mentioned this pull request Aug 18, 2025
Open
alehaa
alehaa suggested changes Aug 18, 2025
View reviewed changes
alehaa
alehaa reviewed Aug 18, 2025
View reviewed changes
@pheus pheus force-pushed the 129-add-source-and-destination-assigned-object-support branch from 7bc0266 to c403313 Compare August 19, 2025 05:27
@pheus pheus requested a review from alehaa August 19, 2025 09:12
alehaa
alehaa suggested changes Aug 20, 2025
View reviewed changes
@pheus pheus force-pushed the 129-add-source-and-destination-assigned-object-support branch from 7bdf349 to 3732819 Compare August 20, 2025 11:40
@pheus pheus requested a review from alehaa August 20, 2025 11:46
alehaa
alehaa approved these changes Aug 20, 2025
View reviewed changes
Copy link

@alehaa alehaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears to be working as intended. I’ve tested creating ACL rules for aggregates, prefixes, IP ranges, and individual IP addresses.

@pheus
Copy link
Contributor Author

pheus commented Aug 20, 2025

Thanks so much for the review and for testing, @alehaa.
Really appreciate your time and care!

pheus added 3 commits August 23, 2025 16:19
@pheus
fix(filtersets): Update filter fields for ACL source/destination
5b8390a 
Refines field names and query attributes for source and destination
filters. Ensures consistency with related models and improves filtering
accuracy for aggregates, IP ranges, and IP addresses.
@pheus
feat(filtersets): Add remark and port filters for ACL rules
1fc9b60 
Introduces `remark`, `source_port`, and `destination_port` fields to ACL
filtersets for enhanced filtering capabilities. Aligns with the generic
source/destination model updates and improves flexibility in rule
definition.
@pheus
fix(migrations): Ensure database alias is used in ACL rule updates
dc69807 
Adds `using(db_alias)` to queries for ACLStandardRule and
ACLExtendedRule to ensure the correct database alias is used during
migration. Also adjusts formatting for dependency tuples to enhance
consistency.
@pheus pheus mentioned this pull request Aug 30, 2025
Draft
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@alehaa alehaa alehaa approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature]: source and destination range for acl have to be a prefix in Netbox?
2 participants
@pheus @alehaa