Issue to launch import (cumstom ?) script (v3.0.5)

[Sandrus]

Hello everyone,

A colleague has set up Netbox few years ago and it supposed to be connected to AD to import the new devices (the connexion part seems OK, the credentials are still valid) but all his scheduled python tasks are failing, i think it's custom made so i would understand if it's too hard to troubleshoot.

The tenant scan script gives this :

Content of the python file : (it doesn't fill the Tenants.csv, but the PowerShell request is good, i can make it work on an ISE)

import requests
import json
import csv
from subprocess import Popen, PIPE
import helpers as helpers
import netbox as netbox

def tenant_scan():
	tenants = netbox.get_tenants()
	pscommand = (
		"import-module activedirectory; Get-ADUser -Filter * -Properties * -SearchBase \"dc=******,dc=********=*******=com\" | Where-Object {$_.Description -notmatch \"SVC:\" -and $_.Description -notmatch \"notemployee:\"}| Select Name, Description, Title, UserPrincipalName | Export-Csv -Path \".\\Tenants.csv\" -NoTypeInformation"
		)
	helpers.run_powershell(pscommand)
	file = open('Tenants.csv', 'r')
	reader = csv.reader(file)

	for line in reader:
		domain_name = line[3].split('@')[0].lower()
		print(domain_name)
		if domain_name not in tenants:
			is_user = helpers.ad_user_check(domain_name)
			if is_user:
				temp_dictionary = {
					'name': domain_name,
					'slug': 'user-'+domain_name,
					'description': line[0],
					'comments': line[2],
					'custom_fields': {
						'description': line[1]
					}
				}
				netbox.add_tenant(temp_dictionary)
	return None
tenant_scan()

And the netbox.py function is :

def get_tenants():
	full_url = base_url + 'tenancy/tenants/?limit=10000'
	data = requests.get(full_url, headers=headers, verify=False)
	json_data = json.loads(data.text)
	next_url = json_data['next']
	trigger = True
	netbox_tenants = {}

	for tenant in json_data['results']:
		netbox_tenants[tenant['name']] = tenant['id']

	return netbox_tenants

Any comment is welcome, i am no a developper at all unfortunately.

[kkthxbye-code]

Try to add a print after loading the json:

json_data = json.loads(data.text)
print(json_data)

That might shed some light on what's wrong.

[Sandrus]

Thanks for your reply

it seems it doesn't print anything

the full_url is giving the api result with all the data

[kkthxbye-code]

You have to print the data before the line:
next_url = json_data['next']

The full function would look like this:

def get_tenants():
	full_url = base_url + 'tenancy/tenants/?limit=10000'
	data = requests.get(full_url, headers=headers, verify=False)
	json_data = json.loads(data.text)
        print(json_data)
	next_url = json_data['next']
	trigger = True
	netbox_tenants = {}

	for tenant in json_data['results']:
		netbox_tenants[tenant['name']] = tenant['id']

	return netbox_tenants

[candlerb]

It was already in the correct place; you can see in the screenshot the response from the Netbox API is

{'detail': 'User inactive')

This comes from netbox/netbox/api/authentication.py

        if not user.is_active:
            raise exceptions.AuthenticationFailed("User inactive")

It looks to me like whatever API token is being uses to talk to the API, is associated with a user which has been disabled.

[kkthxbye-code]

Ahh missed that (screenshots of text is not my favorite), but problem solved then, he just needs to set the active flag of the user.

[candlerb]

That code doesn't check the response from Netbox. Try modifying as follows:

...
	data = requests.get(full_url, headers=headers, verify=False)
        # ADD THIS
        print(f"status_code = {data.status_code}")
        # AND/OR THIS
        data.raise_for_status()

The first will print the status code, so you can check if it's 200/4xx/5xx etc. The second will raise an exception if the status code is 4xx or 5xx. Reference

[Sandrus]

Hi,

Waow many thanks for looking into it.

So it gives me a 403 error, so that means that the API is using a token from a disabled used ? It's possible because the guy who did this as left and his AD account has been deleted

In the Netbox.py i can see this at the top :

base_url = 'https://netbox_url/api/'
headers = {"Content-Type": "application/json", "Accept": "application/json"}
requests.packages.urllib3.disable_warnings()
headers['Authorization'] = 'Token b76c1bae6d2xxxxxxxxxxe8b4e6cd8d90a4e6'

So i need to replace this token ? I hope i'm following you guys.

Edit : I have generate a new token with an active user, update the header but i'm still getting 403

[candlerb]

In the web UI, find the token (Admin > (Users) > Tokens). See if it has "Expires" set. If it does, and it's in the past, then remove the expiry date or put it to a date in the future.

Otherwise, look at what user that token is attached to. Find the corresponding user record (Admin > (Authentication & Authorization) > Users) and make sure that the "Active" flag is set.

[candlerb]

Edit : I have generate a new token with an active user, update the header but i'm still getting 403

Show the content of the error message - i.e. what does the print(json_data) show now?

[Sandrus]

Once the user has been re-activated in Netbox and the original Token Key re added, the script is now working, so now i'm looking to replace this user with another one. I will try to rename it instead of get a new account, might be easier !
Thank you all, i might come back if other script are failing.

[candlerb]

Once the user has been re-activated in Netbox and the original Token Key re added, the script is now working,

Great!

so now i'm looking to replace this user with another one

Why?

If you want to add a new user, then you'll have to make sure that all the necessary permissions that the old user had, are also available to the new user.

[Sandrus]

I have renamed it, don't bother why my last question :) Thank you candlerb