netbox: carry different django patch

5 files changed, 39 insertions, 19 deletions

diff --git a/netbox/Dockerfile b/netbox/Dockerfile
index 3b63944..0ca36fa 100644
--- a/netbox/Dockerfile
+++ b/netbox/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer="Mike Crute <mike@crute.us>"
 ARG netbox_version
 
 ADD configuration.py /configuration.py
-ADD settings.patch /settings.patch
+ADD django.patch /django.patch
 
 RUN set -euxo pipefail; \
     \
@@ -30,17 +30,17 @@ RUN set -euxo pipefail; \
     rm "v${netbox_version}.tar.gz"; \
     mv /opt/netbox-${netbox_version}/ /opt/netbox/; \
     \
-    cd /; \
-    mv /configuration.py /opt/netbox/netbox/netbox/configuration.py; \
-    patch -p1 < /settings.patch; rm /settings.patch; \
-    \
     addgroup -S netbox; \
     adduser -S -G netbox netbox; \
     chown -R netbox:netbox /opt/netbox/netbox/media; \
     \
     cd /opt/netbox; \
     pip3 install -r requirements.txt; \
-    pip3 install django-postgresql-setrole; \
+    \
+    cd /; \
+    mv /configuration.py /opt/netbox/netbox/netbox/configuration.py; \
+    patch -p1 < /django.patch; rm /django.patch; \
+    cd /opt/netbox; \
     \
     export NETBOX_SECRET_KEY="testing key for running the build"; \
     export NETBOX_DB_PORT="0"; \
diff --git a/netbox/Makefile b/netbox/Makefile
index f572b39..2c15f43 100644
--- a/netbox/Makefile
+++ b/netbox/Makefile
@@ -1,6 +1,7 @@
 VERSION=3.3.9
-IMAGE=docker.crute.me/netbox:$(VERSION)
-LATEST=$(subst :$(VERSION),,$(IMAGE)):latest
+VERSION_TAG=$(VERSION)-1
+IMAGE=docker.crute.me/netbox:$(VERSION_TAG)
+LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest
 
 all:
         #docker pull alpine:latest
diff --git a/netbox/configuration.py b/netbox/configuration.py
index 9abd2aa..74d7a15 100644
--- a/netbox/configuration.py
+++ b/netbox/configuration.py
@@ -8,8 +8,10 @@ DATABASE = {
     'PORT': int(os.getenv("NETBOX_DB_PORT")),
     'USER': os.getenv("NETBOX_DB_USERNAME"),
     'PASSWORD': os.getenv("NETBOX_DB_PASSWORD"),
-    'SET_ROLE': os.getenv("NETBOX_SET_ROLE"),
     'CONN_MAX_AGE': 300,
+    'OPTIONS': {
+        'role': os.getenv("NETBOX_SET_ROLE"),
+    }
 }
 
 REDIS = {
diff --git a/netbox/django.patch b/netbox/django.patch
new file mode 100644
index 0000000..2cb8d76
--- /dev/null
+++ b/netbox/django.patch
@@ -0,0 +1,27 @@
+--- a/usr/lib/python3.10/site-packages/django/db/backends/postgresql/base.py 21:41:07.000000000 -0800
++++ b/usr/lib/python3.10/site-packages/django/db/backends/postgresql/base.py 19:52:18.092424193 -0800
+@@ -187,6 +187,7 @@
+         else:
+             conn_params = {**settings_dict["OPTIONS"]}
+
++        conn_params.pop("role", None)
+         conn_params.pop("isolation_level", None)
+         if settings_dict["USER"]:
+             conn_params["user"] = settings_dict["USER"]
+@@ -244,6 +245,16 @@
+             if not self.get_autocommit():
+                 self.connection.commit()
+
++        # Set the role on the connection. This is useful if the
++        # credential used to login is not the same as the role that
++        # owns database resources. This scenario can occur when using
++        # temporary credentials generated by an external system like
++        # Vault.
++        options = self.settings_dict["OPTIONS"]
++        if options["role"]:
++            with self.connection.cursor() as cursor:
++                cursor.execute("SET ROLE %s", (options["role"],))
++
+     @async_unsafe
+     def create_cursor(self, name=None):
+         if name:
diff --git a/netbox/settings.patch b/netbox/settings.patch
deleted file mode 100644
index 1141d64..0000000
--- a/netbox/settings.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/opt/netbox/netbox/netbox/settings.py      2022-11-30 13:14:00.000000000 -0800
-+++ b/opt/netbox/netbox/netbox/settings.py      2022-12-04 21:35:52.779482819 -0800
-@@ -302,6 +302,7 @@
- #
- 
- INSTALLED_APPS = [
-+    'postgresql_setrole',
-     'django.contrib.admin',
-     'django.contrib.auth',
-     'django.contrib.contenttypes',