Merge pull request #171 from nautobot/develop

v2 release

.github/workflows/ci.yml

@@ -76,8 +76,8 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        python-version: ["3.7"]
-        nautobot-version: ["1.4.1"]
+        python-version: ["3.11"]
+        nautobot-version: ["2.0.0"]
     env:
       INVOKE_NAUTOBOT_FIREWALL_MODELS_PYTHON_VER: "${{ matrix.python-version }}"
       INVOKE_NAUTOBOT_FIREWALL_MODELS_NAUTOBOT_VER: "${{ matrix.nautobot-version }}"
@@ -113,23 +113,22 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10"]
+        python-version: ["3.8"]
         db-backend: ["postgresql"]
-        nautobot-version: ["latest"]
+        nautobot-version: ["2.0.0"]
         # The include is a method to limit the amount of jobs ran. This essentially
         # means that in addition to standard postgres and stable, also the lowest
         # supported version and with mysql
         include:
-          - python-version: "3.10"
+          - python-version: "3.11"
             db-backend: "postgresql"
-            nautobot-version: "1.4.1"
-            # TODO: Include the following, once mysql is working on CI
-            #   - python-version: "3.7"
-            #     db-backend: "mysql"
-            #     nautobot-version: "1.4.1"
-            #   - python-version: "3.10"
-            #     db-backend: "mysql"
-            #     nautobot-version: "latest"
+            nautobot-version: "2.0.0"
+          - python-version: "3.11"
+            db-backend: "postgresql"
+            nautobot-version: "stable"
+          # - python-version: "3.11"
+          #   db-backend: "mysql"
+          #   nautobot-version: "2.0.0-rc.4"
     runs-on: "ubuntu-20.04"
     env:
       INVOKE_NAUTOBOT_FIREWALL_MODELS_PYTHON_VER: "${{ matrix.python-version }}"

development/Dockerfile

@@ -6,11 +6,11 @@
 # -------------------------------------------------------------------------------------
 # !!! USE CAUTION WHEN MODIFYING LINES BELOW
 
-# Accepts a desired Nautobot version as build argument, default to 1.5
-ARG NAUTOBOT_VER="1.4"
+# Accepts a desired Nautobot version as build argument, default to `2.0.0-rc.2`
+ARG NAUTOBOT_VER="2.0.0"
 
-# Accepts a desired Python version as build argument, default to 3.8
-ARG PYTHON_VER="3.8"
+# Accepts a desired Python version as build argument, default to 3.11
+ARG PYTHON_VER="3.11"
 
 # Retrieve published development image of Nautobot base which should include most CI dependencies
 FROM ghcr.io/nautobot/nautobot-dev:${NAUTOBOT_VER}-py${PYTHON_VER}
@@ -26,7 +26,7 @@ ENV NAUTOBOT_ROOT ${NAUTOBOT_ROOT}
 # and CI and local development may have a newer version of Poetry
 # Since this is only used for development and we don't ship this container, pinning Poetry back is not expressly necessary
 # We also don't need virtual environments in container
-RUN curl -sSL https://install.python-poetry.org | python3 - && \
+RUN which poetry || curl -sSL https://install.python-poetry.org | python3 - && \
   poetry config virtualenvs.create false
 
 # !!! USE CAUTION WHEN MODIFYING LINES ABOVE
@@ -68,7 +68,7 @@ RUN sort poetry_freeze_base.txt poetry_freeze_all.txt | uniq -u > poetry_freeze_
 
 # Install all local project as editable, constrained on Nautobot version, to get any additional
 #   direct dependencies of the app
-RUN pip install -c constraints.txt -e .
+RUN pip install -c constraints.txt -e .[all]
 
 # Install any dev dependencies frozen from Poetry
 # Can be improved in Poetry 1.2 which allows `poetry install --only dev`

development/development_mysql.env

@@ -1,4 +1,3 @@
 # Custom ENVs for Mysql
 # Due to docker image limitations for Mysql, we need "root" user to create more than one database table
 NAUTOBOT_DB_USER=root
-MYSQL_USER=${NAUTOBOT_DB_USER}

development/nautobot_config.py

@@ -80,12 +80,12 @@
         "handlers": {
             "normal_console": {
                 "level": "INFO",
-                "class": "rq.utils.ColorizingStreamHandler",
+                "class": "logging.StreamHandler",
                 "formatter": "normal",
             },
             "verbose_console": {
                 "level": "DEBUG",
-                "class": "rq.utils.ColorizingStreamHandler",
+                "class": "logging.StreamHandler",
                 "formatter": "verbose",
             },
         },
@@ -95,10 +95,6 @@
                 "handlers": ["verbose_console" if DEBUG else "normal_console"],
                 "level": LOG_LEVEL,
             },
-            "rq.worker": {
-                "handlers": ["verbose_console" if DEBUG else "normal_console"],
-                "level": LOG_LEVEL,
-            },
         },
     }
 

docs/admin/compatibility_matrix.md

@@ -5,3 +5,4 @@
 | 1.0.X         | 1.2.0                | 1.5.99        |
 | 1.1.X         | 1.4.0                | 1.5.99        |
 | 1.2.X         | 1.4.0                | 1.5.99        |
+| 2.0.X         | 2.0.0                | 2.9999        |

docs/admin/install.md

@@ -4,7 +4,7 @@ Here you will find detailed instructions on how to **install** and **configure**
 
 ## Prerequisites
 
-- The plugin is compatible with Nautobot 1.4.0 and higher.
+- The plugin is compatible with Nautobot 2.0.0 and higher.
 - Databases supported: PostgreSQL, MySQL
 
 !!! note

docs/admin/release_notes/version_2.0.md

@@ -0,0 +1,19 @@
+# v2.0 Release Notes
+
+This document describes all new features and changes in the release `2.0`. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## v2.0.0 - 2023-05-03
+
+### Changed
+
+- [#167](https://github.com/nautobot/nautobot-plugin-firewall-models/pull/167) Nautobot 2.0.0 as minimum dependency
+- [#167](https://github.com/nautobot/nautobot-plugin-firewall-models/pull/167) Substantial updates to API
+- [#167](https://github.com/nautobot/nautobot-plugin-firewall-models/pull/167) on_delete=PROTECT was moved from the model custom through field to a DB signal
+
+### Added
+
+- [#167](https://github.com/nautobot/nautobot-plugin-firewall-models/pull/167) Added support for Python 3.11
+
+### Removed
+
+- [#167](https://github.com/nautobot/nautobot-plugin-firewall-models/pull/167) Dropped support for Python 3.7

docs/admin/upgrade.md

@@ -2,6 +2,10 @@
 
 Here you will find any steps necessary to upgrade the App in your Nautobot environment.
 
+## Upgrade Nautobot 1.X to Nautobot 2.X
+
+As part of the upgrade for Nautobot 2.0 it is recommended to perform a stepped upgrade by first upgrading Nautobot the lastest stable release within these constraints `>=1.6.2,<2.0.0`. After performing the initial upgrade of Nautobot you will need to run `nautobot-server populate_platform_network_driver --no-use-napalm-driver-field`. This will populate the `network_driver` attribute on Platform objects from the `slug` field.
+
 ## Upgrade Guide
 
 When a new release comes out it may be necessary to run a migration of the database to account for any changes in the data models used by this plugin. Execute the command `nautobot-server post-upgrade` within the runtime environment of your Nautobot installation after updating the `nautobot-firewall-models` package via `pip`.

docs/user/capirca.md

@@ -35,7 +35,7 @@ Service Group               | *.svc
 * An object (policy, policy rule, src-addr, dst-addr, etc.) is put into and out of use based on whether or not the status is `active` or as defined in your plugin configuration
     * Anything other than active or defined in plugin setting `allowed_status` is ignored
 * Removing the last active object in an source-address, destination-address, or service will fail the process to avoid your policy failing open
-* The Platform slug must match the Capirca generator name
+* The Platform `network_driver` must match the Capirca generator name
     * You can optionally provide a mapping in the settings `capirca_os_map` to map from the current platform name, to the Capirca generator name
 * The action of "remark" on a rule is not conidered, you can set the setting `capirca_remark_pass=False` if you want it to fail by default rather than silently skipping
 

docs/user/external_interactions.md

@@ -197,53 +197,3 @@ Example GraphQL query showing how to get instances for each of the models provid
   }
 }
 ```
-
-### REST
-
-Below is an example response to the REST API GET request for a Policy object at `/api/plugins/firewall/policy/<uuid>/`. The detail API view for a Policy Object accepts in `deep=True` IF you would like to see a nested representation of all nested objects, this query param is not available on the list API view. Use this feature with caution as the query time for large sets of data can be substatial along with the size of the JSON payload.
-
-#### Response
-
-```json
-{
-  "id": "246a037f-9858-4848-90a5-7ca967a3583f",
-  "tags": [],
-  "display": "Policy 3",
-  "policy_rules": [
-    {
-      "rule": "03182134-11a7-40a9-b433-169ab2df721b",
-      "index": 10
-    },
-    {
-      "rule": "f78c677d-feaa-41b2-90f8-a4e8c8a62791",
-      "index": 20
-    },
-    {
-      "rule": "b9aab2e9-5490-4dd7-b2b7-ca4c71247a10",
-      "index": 30
-    },
-    {
-      "rule": "3b92704a-9913-4f02-b499-f083d6a4912a",
-      "index": 99
-    },
-    {
-      "rule": "e10a4346-9d28-4b3f-b501-2ed8bd12a453",
-      "index": 100
-    }
-  ],
-  "assigned_devices": [],
-  "assigned_dynamic_groups": [
-    {
-      "dynamic_group": "eaa19dba-bfe0-4072-a458-b47e1e1375e6",
-      "weight": 1000
-    }
-  ],
-  "created": "2022-06-09",
-  "last_updated": "2022-06-09T01:35:14.230438Z",
-  "_custom_field_data": {},
-  "description": "",
-  "name": "Policy 3",
-  "status": "35206353-47f4-4e71-9e2c-807092b6c439",
-  "tenant": "5fabe6c7-84a6-45af-95a0-384f9ebcbeb8"
-}
-```

invoke.example.yml

@@ -1,11 +1,12 @@
 ---
 nautobot_firewall_models:
   project_name: "nautobot_firewall_models"
-  nautobot_ver: "1.3.5"
+  nautobot_ver: "2.0.0"
   local: false
-  python_ver: "3.8"
+  python_ver: "3.11"
   compose_dir: "development"
   compose_files:
-    - "docker-compose.requirements.yml"
+    - "docker-compose.postgres.yml"
+    - "docker-compose.redis.yml"
     - "docker-compose.base.yml"
     - "docker-compose.dev.yml"

invoke.mysql.yml

@@ -1,12 +1,12 @@
 ---
 nautobot_firewall_models:
   project_name: "nautobot_firewall_models"
-  nautobot_ver: "1.3.5"
+  nautobot_ver: "2.0.0"
   local: false
-  python_ver: "3.8"
+  python_ver: "3.11"
   compose_dir: "development"
   compose_files:
-    - "docker-compose.base.yml"
-    - "docker-compose.redis.yml"
     - "docker-compose.mysql.yml"
+    - "docker-compose.redis.yml"
+    - "docker-compose.base.yml"
     - "docker-compose.dev.yml"

nautobot_firewall_models/__init__.py

@@ -1,10 +1,7 @@
 """Plugin declaration for nautobot_firewall_models."""
 # Metadata is inherited from Nautobot. If not including Nautobot in the environment, this should be added
-try:
-    from importlib import metadata
-except ImportError:
-    # Python version < 3.8
-    import importlib_metadata as metadata
+from importlib import metadata
+
 
 __version__ = metadata.version(__name__)
 
@@ -21,11 +18,21 @@ class NautobotFirewallModelsConfig(PluginConfig):
     description = "Nautobot App to model firewall and security objects. Allows users to model policies in a vendor-neutral manner and use that data to drive network security automation."
     base_url = "firewall"
     required_settings = []
-    min_version = "1.4.0"
-    max_version = "1.9999"
-    default_settings = {"capirca_remark_pass": True, "capirca_os_map": {}, "allowed_status": ["active"]}
-    caching_config = {"*": {"timeout": 0}}
+    min_version = "2.0.0"
+    max_version = "2.9999"
+    default_settings = {
+        "capirca_remark_pass": True,
+        "capirca_os_map": {},
+        "allowed_status": ["Active"],
+        "protect_on_delete": True,
+    }
     docs_view_name = "plugins:nautobot_firewall_models:docs"
 
+    def ready(self):
+        """Register custom signals."""
+        import nautobot_firewall_models.signals  # noqa: F401, pylint: disable=import-outside-toplevel,unused-import
+
+        super().ready()
+
 
 config = NautobotFirewallModelsConfig  # pylint:disable=invalid-name