netbox-diode-project

sam/netbox-diode-project

Fork 0

Commit Graph

Author	SHA1	Message	Date
sam	fbde598be3	Add ingestion test and fix OAuth2 scopes and bootstrap logic - Add tests/test_ingestion.py for end-to-end Diode pipeline verification - Fix OAuth2 client scopes: reconciler uses diode:reconcile, netbox-to-diode needs diode:read diode:write netbox:read netbox:write - Rewrite bootstrap-clients.sh with upsert behavior (delete+recreate) so scope and secret changes are applied on restart - Rewrite nginx.conf in setup.sh to match upstream auth_request architecture - Update .claude/settings.json with expanded tool permissions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 01:55:37 -07:00
sam	2f459e6f4a	Fix Diode stack configuration to match upstream architecture Major changes to align with the official netboxlabs/diode docker-compose: docker-compose.yml: - Upgrade Hydra from v2.2 to v25.4.0 (latest stable) - Fix env var names: drop DIODE_ prefix on ingester/reconciler/auth (DIODE_REDIS_HOST -> REDIS_HOST, DIODE_GRPC_PORT -> removed, etc.) - Remove AUTH_GRPC_TARGET from ingester — auth is handled by nginx via HTTP subrequests to diode-auth, not by the ingester directly - Point DIODE_AUTH_TOKEN_URL to diode-auth:8080/token (not Hydra) - Add Postgres connection vars to reconciler (MIGRATION_ENABLED, etc.) - Mount nginx.conf as /etc/nginx/conf.d/default.conf (not nginx.conf) - Use netboxlabs/diode-auth image for bootstrap (has hydra CLI + jq) - Add Hydra JWT strategy config (STRATEGIES_ACCESS_TOKEN: jwt) - Add orb-agent run command with explicit config path - Expose Hydra ports 4444/4445 for external token requests - Add Hydra DB env vars to Postgres for init script nginx/nginx.conf: - Rewrite to match official Diode nginx architecture - Auth via auth_request subrequests to diode-auth:8080 (HTTP) - gRPC pass to ingester/reconciler on :8081 after auth - Add /diode/auth proxy for token endpoint access - Add error handlers for 401/403 oauth2/client/bootstrap-clients.sh: - Rewrite to use hydra CLI (create/get oauth2-client) instead of raw wget calls to Hydra admin API - Use jq for JSON parsing instead of python3 - Idempotent: checks if client exists before creating setup.sh: - Fix OAuth2 scope: diode:ingester -> diode:ingest - Rewrite orb-agent config to match current agent.yaml schema (config_manager, policies with cron schedules, scope-based targets) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-27 21:51:40 -07:00
sam	c5a0245dd2	Add project infrastructure and configuration files Docker Compose stack, nginx config, OAuth2 client bootstrap, Hydra DB init, setup script, and gitignore for secrets. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-27 20:46:59 -07:00

Author

SHA1

Message

Date

sam

fbde598be3

Add ingestion test and fix OAuth2 scopes and bootstrap logic

- Add tests/test_ingestion.py for end-to-end Diode pipeline verification
- Fix OAuth2 client scopes: reconciler uses diode:reconcile, netbox-to-diode
  needs diode:read diode:write netbox:read netbox:write
- Rewrite bootstrap-clients.sh with upsert behavior (delete+recreate) so
  scope and secret changes are applied on restart
- Rewrite nginx.conf in setup.sh to match upstream auth_request architecture
- Update .claude/settings.json with expanded tool permissions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-28 01:55:37 -07:00

sam

2f459e6f4a

Fix Diode stack configuration to match upstream architecture

Major changes to align with the official netboxlabs/diode docker-compose:

docker-compose.yml:
- Upgrade Hydra from v2.2 to v25.4.0 (latest stable)
- Fix env var names: drop DIODE_ prefix on ingester/reconciler/auth
  (DIODE_REDIS_HOST -> REDIS_HOST, DIODE_GRPC_PORT -> removed, etc.)
- Remove AUTH_GRPC_TARGET from ingester — auth is handled by nginx
  via HTTP subrequests to diode-auth, not by the ingester directly
- Point DIODE_AUTH_TOKEN_URL to diode-auth:8080/token (not Hydra)
- Add Postgres connection vars to reconciler (MIGRATION_ENABLED, etc.)
- Mount nginx.conf as /etc/nginx/conf.d/default.conf (not nginx.conf)
- Use netboxlabs/diode-auth image for bootstrap (has hydra CLI + jq)
- Add Hydra JWT strategy config (STRATEGIES_ACCESS_TOKEN: jwt)
- Add orb-agent run command with explicit config path
- Expose Hydra ports 4444/4445 for external token requests
- Add Hydra DB env vars to Postgres for init script

nginx/nginx.conf:
- Rewrite to match official Diode nginx architecture
- Auth via auth_request subrequests to diode-auth:8080 (HTTP)
- gRPC pass to ingester/reconciler on :8081 after auth
- Add /diode/auth proxy for token endpoint access
- Add error handlers for 401/403

oauth2/client/bootstrap-clients.sh:
- Rewrite to use hydra CLI (create/get oauth2-client) instead of
  raw wget calls to Hydra admin API
- Use jq for JSON parsing instead of python3
- Idempotent: checks if client exists before creating

setup.sh:
- Fix OAuth2 scope: diode:ingester -> diode:ingest
- Rewrite orb-agent config to match current agent.yaml schema
  (config_manager, policies with cron schedules, scope-based targets)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-27 21:51:40 -07:00

sam

c5a0245dd2

Add project infrastructure and configuration files

Docker Compose stack, nginx config, OAuth2 client bootstrap,
Hydra DB init, setup script, and gitignore for secrets.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-27 20:46:59 -07:00

3 Commits