API Endpoints to submit arpnip and macsuck results (#942)

* Add macsuck worker to collect various PortAccessEntity (NAC) attributes * Incorporate PAE feedback on #937 * missing Result/Device.pm column added * pae_is... columns instead of pae_capabilities * moved most code to Util/PortAccessEntity.pm so the update can be done in discover and macsuck * Refactor PAE attributes during discover as separate Plugin * PortAccessEntity: don't use device->dns in log string * Fix "Experimental keys on scalar is now forbidden" test failure * Revamp pae_control and add missing attribute - device.pae_control (text) is now device.pae_is_enabled (bool) - also store pae_authconfig_port_control (port mode auto/force(un)Auth) * Fix "Experimental keys on scalar is now forbidden" test failure - ... again because of botched merge - at least perlgolfed away a set of curly braces * Update PortAccessEntity.pm * Incorporate @ollyg PR feedback * allow actions without transport to run when there are also no creds * initial refactor for separate gather, process, store phases for macsuck * factor out the vlan sanity check * additional help with log of action workers * cleanup logic in check macsuck * refactor to make main phases only * some fixes * implement file slurp. amazingly the whole thing works * remove outdated noop from test * treat error as critical, use cancel to suppress further drivers * big refactor to share mac sanity code to both paths * fix inverted logic on vlan sanity filter * some code tidy * fix error in default value * fix for vlan 0 nodes input from cli * ensure imported MACs are IEEE format * add api endpoint, no useful return status yet * exit status if error from nodes PUT * suppress other networked workers when direct workers are active * better log showing worker * fix status recording to get first error or last done message * implement arpnip API PUT * avoid package redeclaration error * make sure write API methods require admin status * add doc for passing JSON data to arpnip and macsuck * update manifest * remove option to do jobs in web handler; all by queue now * use job entry timestamp for offline queued jobs * fix store username and IP on api PUT * never de-duplicate user-submitted jobs; never reset DeviceSkip for offline jobs * myworker no longer needed * make logic cleaner Co-authored-by: Christian Ramseyer <ramseyer@netnea.com>
2022-11-25 15:24:23 +00:00
parent 1b2c15e083
commit 826e1db39d
23 changed files with 674 additions and 297 deletions
--- a/lib/App/Netdisco/Web/API/Objects.pm
+++ b/lib/App/Netdisco/Web/API/Objects.pm
@@ -5,6 +5,7 @@ use Dancer::Plugin::DBIC;
 use Dancer::Plugin::Swagger;
 use Dancer::Plugin::Auth::Extensible;

+use App::Netdisco::JobQueue 'jq_insert';
 use Try::Tiny;

 swagger_path {
@@ -151,6 +152,54 @@ swagger_path {
  return to_json [ map {$_->TO_JSON} $rows->all ];
 };

+swagger_path {
+  tags => ['Objects'],
+  path => (setting('api_base') || '').'/object/device/{ip}/nodes',
+  description => "Queue a job to store the nodes found on a given Device",
+  parameters  => [
+    ip => {
+      description => 'Canonical IP of the Device. Use Search methods to find this.',
+      required => 1,
+      in => 'path',
+    },
+    nodes => {
+      description => 'List of node tuples (port, VLAN, MAC)',
+      default => '[]',
+      schema => {
+        type => 'array',
+        items => {
+          type => 'object',
+          properties => {
+            port => {
+              type => 'string'
+            },
+            vlan => {
+              type => 'integer',
+              default => '1'
+            },
+            mac => {
+              type => 'string'
+            }
+          }
+        }
+      },
+      in => 'body',
+    },
+  ],
+  responses => { default => {} },
+}, put '/api/v1/object/device/:ip/nodes' => require_role api_admin => sub {
+
+  jq_insert([{
+    action => 'macsuck',
+    device => params->{ip},
+    subaction => request->body,
+    username => session('logged_in_user'),
+    userip => request->remote_address,
+  }]);
+
+  return to_json {};
+};
+
 swagger_path {
  tags => ['Objects'],
  path => (setting('api_base') || '').'/object/vlan/{vlan}/nodes',
@@ -178,4 +227,54 @@ swagger_path {
  return to_json [ map {$_->TO_JSON} $rows->all ];
 };

+swagger_path {
+  tags => ['Objects'],
+  path => (setting('api_base') || '').'/object/device/{ip}/arps',
+  description => "Queue a job to store the ARP entries found on a given Device",
+  parameters  => [
+    ip => {
+      description => 'Canonical IP of the Device. Use Search methods to find this.',
+      required => 1,
+      in => 'path',
+    },
+    arps => {
+      description => 'List of arp tuples (MAC, IP, DNS?). IPs will be resolved to FQDN by Netdisco.',
+      default => '[]',
+      schema => {
+        type => 'array',
+        items => {
+          type => 'object',
+          properties => {
+            mac => {
+              type => 'string',
+              required => 1,
+            },
+            ip => {
+              type => 'string',
+              required => 1,
+            },
+            dns => {
+              type => 'string',
+              required => 0,
+            }
+          }
+        }
+      },
+      in => 'body',
+    },
+  ],
+  responses => { default => {} },
+}, put '/api/v1/object/device/:ip/arps' => require_role api_admin => sub {
+
+  jq_insert([{
+    action => 'arpnip',
+    device => params->{ip},
+    subaction => request->body,
+    username => session('logged_in_user'),
+    userip => request->remote_address,
+  }]);
+
+  return to_json {};
+};
+
 true;
--- a/lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
+++ b/lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
@@ -96,7 +96,7 @@ sub get_user_roles {
    my $role_column = $settings->{role_column}        || 'role';

    return [ try {
-      $user->$roles->search({}, { bind => [setting('api_token_lifetime')] })
+      $user->$roles->search({}, { bind => [setting('api_token_lifetime'), setting('api_token_lifetime')] })
        ->get_column( $role_column )->all;
    } ];
 }