Release 2.2.0

.cookiecutter.json

@@ -14,22 +14,23 @@
         "max_nautobot_version": "2.9999",
         "camel_name": "NautobotFirewallModels",
         "project_short_description": "Nautobot App to model firewall and security objects. Allows users to model policies in a vendor-neutral manner and use that data to drive network security automation",
-        "model_class_name": "None",
+        "model_class_name": "IPRange",
         "open_source_license": "Apache-2.0",
         "docs_base_url": "https://docs.nautobot.com",
         "docs_app_url": "https://docs.nautobot.com/projects/firewall-models/en/latest",
         "_drift_manager": {
             "template": "https://github.com/nautobot/cookiecutter-nautobot-app.git",
             "template_dir": "nautobot-app",
-            "template_ref": "refs/tags/nautobot-app-v2.2.1",
+            "template_ref": "refs/tags/nautobot-app-v2.4.0",
             "cookie_dir": "",
             "branch_prefix": "drift-manager",
             "pull_request_strategy": "create",
             "post_actions": [
-                "black"
+                "ruff",
+                "poetry"
             ],
-            "draft": true,
-            "baked_commit_ref": "1724c1ae2e9ba5efe0dc010cb84291b6269b5fa5"
+            "draft": false,
+            "baked_commit_ref": "40d9cefc5c5b9f7db4b1c9bdb3e6645a4dc4933c"
         }
     }
 }

.dockerignore

@@ -19,7 +19,6 @@ FAQ.md
 .git/
 .gitignore
 .github
-tasks.py
 LICENSE
 **/*.log
 **/.vscode/

.github/workflows/ci.yml

@@ -13,10 +13,10 @@ on: # yamllint disable-line rule:truthy rule:comments
   pull_request: ~
 
 env:
-  APP_NAME: "nautobot-app-firewall-models"
+  APP_NAME: "nautobot-firewall-models"
 
 jobs:
-  black:
+  ruff-format:
     runs-on: "ubuntu-22.04"
     env:
       INVOKE_NAUTOBOT_FIREWALL_MODELS_LOCAL: "True"
@@ -25,20 +25,9 @@ jobs:
         uses: "actions/checkout@v4"
       - name: "Setup environment"
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
-      - name: "Linting: black"
-        run: "poetry run invoke black"
-  bandit:
-    runs-on: "ubuntu-22.04"
-    env:
-      INVOKE_NAUTOBOT_FIREWALL_MODELS_LOCAL: "True"
-    steps:
-      - name: "Check out repository code"
-        uses: "actions/checkout@v4"
-      - name: "Setup environment"
-        uses: "networktocode/gh-action-setup-poetry-environment@v6"
-      - name: "Linting: bandit"
-        run: "poetry run invoke bandit"
-  ruff:
+      - name: "Linting: ruff format"
+        run: "poetry run invoke ruff --action format"
+  ruff-lint:
     runs-on: "ubuntu-22.04"
     env:
       INVOKE_NAUTOBOT_FIREWALL_MODELS_LOCAL: "True"
@@ -48,7 +37,7 @@ jobs:
       - name: "Setup environment"
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
       - name: "Linting: ruff"
-        run: "poetry run invoke ruff"
+        run: "poetry run invoke ruff --action lint"
   check-docs-build:
     runs-on: "ubuntu-22.04"
     env:
@@ -60,17 +49,6 @@ jobs:
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
       - name: "Check Docs Build"
         run: "poetry run invoke build-and-check-docs"
-  flake8:
-    runs-on: "ubuntu-22.04"
-    env:
-      INVOKE_NAUTOBOT_FIREWALL_MODELS_LOCAL: "True"
-    steps:
-      - name: "Check out repository code"
-        uses: "actions/checkout@v4"
-      - name: "Setup environment"
-        uses: "networktocode/gh-action-setup-poetry-environment@v6"
-      - name: "Linting: flake8"
-        run: "poetry run invoke flake8"
   poetry:
     runs-on: "ubuntu-22.04"
     env:
@@ -95,12 +73,10 @@ jobs:
         run: "poetry run invoke yamllint"
   check-in-docker:
     needs:
-      - "bandit"
-      - "ruff"
-      - "flake8"
+      - "ruff-format"
+      - "ruff-lint"
       - "poetry"
       - "yamllint"
-      - "black"
     runs-on: "ubuntu-22.04"
     strategy:
       fail-fast: true
@@ -115,6 +91,10 @@ jobs:
         uses: "actions/checkout@v4"
       - name: "Setup environment"
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
+      - name: "Constrain Nautobot version and regenerate lock file"
+        env:
+          INVOKE_NAUTOBOT_FIREWALL_MODELS_LOCAL: "true"
+        run: "poetry run invoke lock --constrain-nautobot-ver --constrain-python-ver"
       - name: "Set up Docker Buildx"
         id: "buildx"
         uses: "docker/setup-buildx-action@v3"
@@ -132,6 +112,7 @@ jobs:
           build-args: |
             NAUTOBOT_VER=${{ matrix.nautobot-version }}
             PYTHON_VER=${{ matrix.python-version }}
+            CI=true
       - name: "Copy credentials"
         run: "cp development/creds.example.env development/creds.env"
       - name: "Linting: pylint"
@@ -146,14 +127,14 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        python-version: ["3.8", "3.11"]
+        python-version: ["3.8", "3.12"]
         db-backend: ["postgresql"]
         nautobot-version: ["stable"]
         include:
           - python-version: "3.11"
             db-backend: "postgresql"
             nautobot-version: "2.0.0"
-          # - python-version: "3.11"
+          # - python-version: "3.12"
           #   db-backend: "mysql"
           #   nautobot-version: "stable"
     runs-on: "ubuntu-22.04"
@@ -165,6 +146,10 @@ jobs:
         uses: "actions/checkout@v4"
       - name: "Setup environment"
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
+      - name: "Constrain Nautobot version and regenerate lock file"
+        env:
+          INVOKE_NAUTOBOT_FIREWALL_MODELS_LOCAL: "true"
+        run: "poetry run invoke lock --constrain-nautobot-ver --constrain-python-ver"
       - name: "Set up Docker Buildx"
         id: "buildx"
         uses: "docker/setup-buildx-action@v3"
@@ -182,6 +167,7 @@ jobs:
           build-args: |
             NAUTOBOT_VER=${{ matrix.nautobot-version }}
             PYTHON_VER=${{ matrix.python-version }}
+            CI=true
       - name: "Copy credentials"
         run: "cp development/creds.example.env development/creds.env"
       - name: "Use Mysql invoke settings when needed"
@@ -190,9 +176,9 @@ jobs:
       - name: "Run Tests"
         run: "poetry run invoke unittest"
   changelog:
-    if: |
+    if: >
       contains(fromJson('["develop","ltm-1.6"]'), github.base_ref) &&
-      (github.head_ref != 'main')
+      (github.head_ref != 'main') && (!startsWith(github.head_ref, 'release'))
     runs-on: "ubuntu-22.04"
     steps:
       - name: "Check out repository code"
@@ -219,7 +205,7 @@ jobs:
       - name: "Set up Python"
         uses: "actions/setup-python@v5"
         with:
-          python-version: "3.11"
+          python-version: "3.12"
       - name: "Install Python Packages"
         run: "pip install poetry"
       - name: "Set env"
@@ -254,7 +240,7 @@ jobs:
       - name: "Set up Python"
         uses: "actions/setup-python@v5"
         with:
-          python-version: "3.11"
+          python-version: "3.12"
       - name: "Install Python Packages"
         run: "pip install poetry"
       - name: "Set env"

.github/workflows/upstream_testing.yml

@@ -4,10 +4,11 @@ name: "Nautobot Upstream Monitor"
 on:  # yamllint disable-line rule:truthy rule:comments
   schedule:
     - cron: "0 4 */2 * *"  # every other day at midnight
+  workflow_dispatch:
 
 jobs:
   upstream-test:
     uses: "nautobot/nautobot/.github/workflows/plugin_upstream_testing_base.yml@develop"
     with:  # Below could potentially be collapsed into a single argument if a concrete relationship between both is enforced
       invoke_context_name: "NAUTOBOT_FIREWALL_MODELS"
-      plugin_name: "nautobot-app-firewall-models"
+      plugin_name: "nautobot-firewall-models"

README.md

@@ -8,7 +8,7 @@
   <a href="https://pypi.org/project/nautobot-firewall-models/"><img src="https://img.shields.io/pypi/v/nautobot-firewall-models"></a>
   <a href="https://pypi.org/project/nautobot-firewall-models/"><img src="https://img.shields.io/pypi/dm/nautobot-firewall-models"></a>
   <br>
-  An <a href="https://www.networktocode.com/nautobot/apps/">App</a> for <a href="https://nautobot.com/">Nautobot</a>.
+  An <a href="https://networktocode.com/nautobot-apps/">App</a> for <a href="https://nautobot.com/">Nautobot</a>.
 </p>
 
 ## Overview

development/Dockerfile

@@ -53,29 +53,20 @@ RUN which poetry || curl -sSL https://install.python-poetry.org | python3 - && \
 WORKDIR /source
 COPY . /source
 
-# Get container's installed Nautobot version as a forced constraint
-# NAUTOBOT_VER may be a branch name and not a published release therefor we need to get the installed version
-#  so pip can use it to recognize local constraints.
-RUN pip show nautobot | grep "^Version: " | sed -e 's/Version: /nautobot==/' > constraints.txt
+# Build args must be declared in each stage
+ARG NAUTOBOT_VER
+ARG PYTHON_VER
 
-# Use Poetry to grab dev dependencies from the lock file
-# Can be improved in Poetry 1.2 which allows `poetry install --only dev`
-#
-# We can't use the entire freeze as it takes forever to resolve with rigidly fixed non-direct dependencies,
-#   especially those that are only direct to Nautobot but the container included versions slightly mismatch
-RUN poetry export -f requirements.txt --without-hashes --extras all --output poetry_freeze_base.txt
-RUN poetry export -f requirements.txt --without-hashes --extras all --with dev --output poetry_freeze_all.txt
-RUN sort poetry_freeze_base.txt poetry_freeze_all.txt | uniq -u > poetry_freeze_dev.txt
-
-# Install all local project as editable, constrained on Nautobot version, to get any additional
-#   direct dependencies of the app
-RUN --mount=type=cache,target="/root/.cache/pip",sharing=locked \
-    pip install -c constraints.txt -e .[all]
+# Constrain the Nautobot version to NAUTOBOT_VER, fall back to installing from git branch if not available on PyPi
+# In CI, this should be done outside of the Dockerfile to prevent cross-compile build failures
+ARG CI
+RUN if [ -z "${CI+x}" ]; then \
+    INSTALLED_NAUTOBOT_VER=$(pip show nautobot | grep "^Version" | sed "s/Version: //"); \
+    poetry add --lock nautobot@${INSTALLED_NAUTOBOT_VER} --python ${PYTHON_VER} || \
+    poetry add --lock git+https://github.com/nautobot/nautobot.git#${NAUTOBOT_VER} --python ${PYTHON_VER}; fi
 
-# Install any dev dependencies frozen from Poetry
-# Can be improved in Poetry 1.2 which allows `poetry install --only dev`
-RUN --mount=type=cache,target="/root/.cache/pip",sharing=locked \
-    pip install -c constraints.txt -r poetry_freeze_dev.txt
+# Install the app
+RUN poetry install --extras all --with dev
 
 COPY development/nautobot_config.py ${NAUTOBOT_ROOT}/nautobot_config.py
 # !!! USE CAUTION WHEN MODIFYING LINES ABOVE

development/app_config_schema.py

@@ -1,4 +1,5 @@
 """App Config Schema Generator and Validator."""
+
 import json
 from importlib import import_module
 from os import getenv

development/development.env

@@ -7,6 +7,7 @@ NAUTOBOT_BANNER_TOP="Local"
 NAUTOBOT_CHANGELOG_RETENTION=0
 
 NAUTOBOT_DEBUG=True
+NAUTOBOT_LOG_DEPRECATION_WARNINGS=True
 NAUTOBOT_LOG_LEVEL=DEBUG
 NAUTOBOT_METRICS_ENABLED=True
 NAUTOBOT_NAPALM_TIMEOUT=5

development/docker-compose.base.yml

@@ -13,7 +13,6 @@ x-nautobot-base: &nautobot-base
     - "creds.env"
   tty: true
 
-version: "3.8"
 services:
   nautobot:
     depends_on:

development/docker-compose.dev.yml

@@ -3,7 +3,6 @@
 # any override will need to include these volumes to use them.
 # see:  https://github.com/docker/compose/issues/3729
 ---
-version: "3.8"
 services:
   nautobot:
     command: "nautobot-server runserver 0.0.0.0:8080"

development/docker-compose.mysql.yml

@@ -1,6 +1,4 @@
 ---
-version: "3.8"
-
 services:
   nautobot:
     environment:
@@ -19,7 +17,6 @@ services:
   db:
     image: "mysql:8"
     command:
-      - "--default-authentication-plugin=mysql_native_password"
       - "--max_connections=1000"
     env_file:
       - "development.env"

development/docker-compose.postgres.yml

@@ -1,6 +1,4 @@
 ---
-version: "3.8"
-
 services:
   nautobot:
     environment:

development/docker-compose.redis.yml

@@ -1,5 +1,4 @@
 ---
-version: "3.8"
 services:
   redis:
     image: "redis:6-alpine"

development/nautobot_config.py

@@ -1,4 +1,5 @@
 """Nautobot development configuration file."""
+
 import os
 import sys
 
@@ -9,7 +10,7 @@
 # Debug
 #
 
-DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", False))
+DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", "false"))
 _TESTING = len(sys.argv) > 1 and sys.argv[1] == "test"
 
 if DEBUG and not _TESTING:
@@ -47,9 +48,10 @@
         "PASSWORD": os.getenv("NAUTOBOT_DB_PASSWORD", ""),  # Database password
         "HOST": os.getenv("NAUTOBOT_DB_HOST", "localhost"),  # Database server
         "PORT": os.getenv(
-            "NAUTOBOT_DB_PORT", default_db_settings[nautobot_db_engine]["NAUTOBOT_DB_PORT"]
+            "NAUTOBOT_DB_PORT",
+            default_db_settings[nautobot_db_engine]["NAUTOBOT_DB_PORT"],
         ),  # Database port, default to postgres
-        "CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", 300)),  # Database timeout
+        "CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", "300")),  # Database timeout
         "ENGINE": nautobot_db_engine,
     }
 }

development/towncrier_template.j2

@@ -1,4 +1,15 @@
 
+# v{{ versiondata.version.split(".")[:2] | join(".") }} Release Notes
+
+This document describes all new features and changes in the release. The format is based on [Keep a
+Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic
+Versioning](https://semver.org/spec/v2.0.0.html).
+
+## Release Overview
+
+- Major features or milestones
+- Changes to compatibility with Nautobot and/or other apps, libraries etc.
+
 {% if render_title %}
 ## [v{{ versiondata.version }} ({{ versiondata.date }})](https://github.com/nautobot/nautobot-app-firewall-models/releases/tag/v{{ versiondata.version}})
 
@@ -12,7 +23,11 @@
 {% if definitions[category]['showcontent'] %}
 {% for text, values in sections[section][category].items() %}
 {% for item in text.split('\n') %}
+{% if values %}
 - {{ values|join(', ') }} - {{ item.strip() }}
+{% else %}
+- {{ item.strip() }}
+{% endif %}
 {% endfor %}
 {% endfor %}