Merge branch 'main' into fix/disk-computation

.github/ISSUE_TEMPLATE/bug.yml

@@ -48,7 +48,7 @@ body:
       required: true
 
   - type: input
-    id: version
+    id: ssot-version
     attributes:
       label: Which version of netbox-ssot are you running
       description: |

.github/workflows/cd.yml

@@ -18,16 +18,13 @@ on:
 jobs:
   build_and_push:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     steps:
       - name: Login to ghcr.io
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
         with:
           registry: ghcr.io
           username: src-csm
-          password: ${{ secrets.GITHUB_TOKEN }}
+          password: ${{ secrets.GHCR_PAT }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3

.github/workflows/check_links.yml

@@ -8,6 +8,8 @@ on:
 
 jobs:
   linkChecker:
+    permissions:
+      issues: write # required for peter-evans/create-issue-from-file
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
@@ -16,7 +18,6 @@ jobs:
         id: lychee
         uses: lycheeverse/lychee-action@f613c4a64e50d792e0b31ec34bbcbba12263c6a6 # v2.3.0
         with:
-          token: ${{ secrets.GH_TOKEN }}
           fail: false
 
       - name: Create Issue From File
@@ -26,4 +27,3 @@ jobs:
           title: Link Checker Report
           content-filepath: ./lychee/out.md
           labels: report, automated issue
-          token: ${{ secrets.GH_TOKEN }}

.github/workflows/gorelease.yml

@@ -4,6 +4,7 @@ on:
   push:
     tags:
       - v\d+\.\d+\.\d+
+  workflow_dispatch:
 
 jobs:
   goreleaser:
@@ -25,3 +26,5 @@ jobs:
           distribution: goreleaser
           version: '~> v2'
           args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/osv-scanner.yml

@@ -0,0 +1,25 @@
+name: OSV-Scanner PR Scan
+
+# Change "main" to your default branch if you use a different name, i.e. "master"
+on:
+  pull_request:
+    branches: [main]
+  merge_group:
+    branches: [main]
+
+permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Only need to read contents
+  contents: read
+
+jobs:
+  scan-pr:
+    uses: "google/osv-scanner-action/.github/workflows/[email protected]"
+    with:
+      scan-args: |-
+        -r
+        --skip-git
+        ./

.github/workflows/replace_version.yml

@@ -7,13 +7,11 @@ on:
 jobs:
   replace_version:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.SVC_PAT }}
           ref: main
 
       - name: Replace image version in k8s manifests

.github/workflows/semantic_tag.yml

@@ -7,8 +7,6 @@ on:
 jobs:
   release:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
@@ -22,5 +20,5 @@ jobs:
 
       - name: Release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.SVC_PAT }}
         run: npx [email protected]

Dockerfile

@@ -50,6 +50,15 @@ RUN addgroup -S -g 10001 netbox && \
   chown -R netbox:netbox /app
 USER netbox:netbox
 
+# Also allow deprecated ssh algorithims for older devices
+# See https://github.com/SRC-doo/netbox-ssot/issues/498
+RUN mkdir -p /home/netbox/.ssh/ && \
+cat <<EOF > /home/netbox/.ssh/config
+Host *
+  HostKeyAlgorithms +ssh-rsa
+  PubkeyAcceptedKeyTypes +ssh-rsa
+EOF
+
 WORKDIR /app
 
 COPY --from=builder --chown=netbox:netbox /app/cmd/netbox-ssot/main ./main

README.md

@@ -94,7 +94,7 @@ Example configuration can be found [here](#example-config).
 | `source.ignoreAssetTags`                 | Don't sync asset tags of devices.                                                                                                                                                      | all                        | bool     | [true, false]                            | false      | No       |
 | `source.ignoreSerialNumbers`             | Don't sync serial numbers of devices.                                                                                                                                                  | all                        | bool     | [true, false]                            | false      | No       |
 | `source.ignoreVMTemplates`               | Don't sync vm templates.                                                                                                                                                               | [**vmware**]               | bool     | [true, false]                            | false      | No       |
-| `source.datacenterClusterGroupRelations` | Regex relations in format `regex = clusterGroupName`, that map each datacenter that satisfies regex to clusterGroupname (see [#130](https://github.com/bl4ko/netbox-ssot/issues/130)). | [**vmware**, **ovirt**]    | []string | any                                      | []         | No       |
+| `source.datacenterClusterGroupRelations` | Regex relations in format `regex = clusterGroupName`, that map each datacenter that satisfies regex to clusterGroupname. | [**vmware**, **ovirt**]    | []string | any                                      | []         | No       |
 | `source.hostSiteRelations`               | Regex relations in format `regex = siteName`, that map each host that satisfies regex to site.                                                                                         | all                        | []string | any                                      | []         | No       |
 | `source.clusterSiteRelations`            | Regex relations in format `regex = siteName`, that map each cluster that satisfies regex to site.                                                                                      | all                        | []string | any                                      | []         | No       |
 | `source.clusterTenantRelations`          | Regex relations in format `regex = tenantName`, that map each cluster that satisfies regex to tenant.                                                                                  | all                        | []string | any                                      | []         | No       |

go.sum

@@ -1,7 +1,5 @@
 github.com/PaloAltoNetworks/pango v0.10.2 h1:Tjn6vIzzAq6Dd7N0mDuiP8w8pz8k5W9zz/TTSUQCsQY=
 github.com/PaloAltoNetworks/pango v0.10.2/go.mod h1:GztcRnVLur7G+VFG7Z5ZKNFgScLtsycwPMp1qVebE5g=
-github.com/bl4ko/go-devicetype-library v0.1.54 h1:tf/yps5QnTGaVWmIAKOp0QfQndPAwrgi6s4eI5Mk2yk=
-github.com/bl4ko/go-devicetype-library v0.1.54/go.mod h1:Pzm1BlRyR4uECezsRINDA6ZieFPumdFL+6yySpXM6t8=
 github.com/bl4ko/go-devicetype-library v0.1.55 h1:LiWK/qMUbNXubzuyNIZD+kMal3sHhVUmgm74x5OHmPI=
 github.com/bl4ko/go-devicetype-library v0.1.55/go.mod h1:Pzm1BlRyR4uECezsRINDA6ZieFPumdFL+6yySpXM6t8=
 github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY=

internal/netbox/inventory/delete_items.go

@@ -128,6 +128,8 @@ func (nbi *NetboxInventory) softDelete(orphanItem objects.OrphanItem) error {
 			_, err = service.Patch[objects.WirelessLAN](nbi.OrphanManager.Ctx, nbi.NetboxAPI, orphanItem.GetID(), diffMap)
 		case *objects.WirelessLANGroup:
 			_, err = service.Patch[objects.WirelessLANGroup](nbi.OrphanManager.Ctx, nbi.NetboxAPI, orphanItem.GetID(), diffMap)
+		case *objects.MACAddress:
+			_, err = service.Patch[objects.MACAddress](nbi.OrphanManager.Ctx, nbi.NetboxAPI, orphanItem.GetID(), diffMap)
 		default:
 			return fmt.Errorf("unsupported type for orphan item%T", orphanItem)
 		}

internal/source/ios-xe/iosxe.go

@@ -33,7 +33,9 @@ func (is *IOSXESource) Init() error {
 		options.WithAuthUsername(is.SourceConfig.Username),
 		options.WithAuthPassword(is.SourceConfig.Password),
 		options.WithPort(is.SourceConfig.Port),
-		options.WithAuthNoStrictKey(), // inside container we can't confirm ssh key
+		options.WithAuthNoStrictKey(),
+		// See https://github.com/SRC-doo/netbox-ssot/issues/498
+		options.WithSSHConfigFile("~/.ssh/config"),
 	)
 	if err != nil {
 		return fmt.Errorf("failed to create driver: %s", err)

internal/source/vmware/vmware_sync.go

@@ -579,7 +579,7 @@ func (vc *VmwareSource) collectHostPhysicalNicData(
 					vlanIDMap[portgroupData.vlanID] = vlan
 				}
 			} else {
-				vlanName := fmt.Sprintf("VLAN%04d_%s", portgroupData.vlanID, portgroupName)
+				vlanName := portgroupName
 				vlanSite, err := common.MatchVlanToSite(vc.Ctx, nbi, vlanName, vc.SourceConfig.VlanSiteRelations)
 				if err != nil {
 					return nil, "", fmt.Errorf("match vlan to site: %s", err)

k8s/cronjob.yaml

@@ -10,7 +10,7 @@ spec:
         spec:
           containers:
             - name: netbox-ssot
-              image: ghcr.io/src-doo/netbox-ssot:v1.9.18
+              image: ghcr.io/src-doo/netbox-ssot:v1.10.1
               imagePullPolicy: Always
               resources:
                 limits:

k8s/cronjob_with_cert.yaml

@@ -10,7 +10,7 @@ spec:
         spec:
           containers:
             - name: netbox-ssot
-              image: ghcr.io/src-doo/netbox-ssot:v1.9.18
+              image: ghcr.io/src-doo/netbox-ssot:v1.10.1
               imagePullPolicy: Always
               resources:
                 limits: