fix(ipam): Prevent reassignment of OOB IPs

Disable reassignment of IP addresses designated as primary or OOB for
parent objects. Adds validation to block changes when an IP is marked as
the OOB IP.

Fixes #21050

docs/features/change-logging.md

@@ -10,11 +10,9 @@ Change records are exposed in the API via the read-only endpoint `/api/extras/ob
 
 ## User Messages
 
-When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message (up to 200 characters) that will appear in the change record. This can be helpful to capture additional context, such as the reason for a change or a reference to an external ticket.
+!!! info "This feature was introduced in NetBox v4.4."
 
-When editing an object via the web UI, the "Changelog message" field appears at the bottom of the form. This field is optional. The changelog message field is available in object create forms, object edit forms, delete confirmation dialogs, and bulk operations.
-
-For information on including changelog messages when making changes via the REST API, see [Changelog Messages](../integrations/rest-api.md#changelog-messages).
+When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message that will appear in the change record. This can be helpful to capture additional context, such as the reason for the change.
 
 ## Correlating Changes by Request
 

docs/integrations/rest-api.md

@@ -610,7 +610,9 @@ http://netbox/api/dcim/sites/ \
 
 ## Changelog Messages
 
-Most objects in NetBox support [change logging](../features/change-logging.md), which generates a detailed record each time an object is created, modified, or deleted. Additionally, users can attach a message to the change record as well. This is accomplished via the REST API by including a `changelog_message` field in the object representation.
+!!! info "This feature was introduced in NetBox v4.4."
+
+Most objects in NetBox support [change logging](../features/change-logging.md), which generates a detailed record each time an object is created, modified, or deleted. Beginning in NetBox v4.4, users can attach a message to the change record as well. This is accomplished via the REST API by including a `changelog_message` field in the object representation.
 
 For example, the following API request will create a new site and record a message in the resulting changelog entry:
 
@@ -626,7 +628,7 @@ http://netbox/api/dcim/sites/ \
 }'
 ```
 
-This approach works when creating, modifying, or deleting objects, either individually or in bulk. For more information about change logging, see [Change Logging](../features/change-logging.md).
+This approach works when creating, modifying, or deleting objects, either individually or in bulk.
 
 ## Uploading Files
 

netbox/core/api/serializers_/data.py

@@ -44,4 +44,3 @@ class DataFileSerializer(NetBoxModelSerializer):
             'id', 'url', 'display_url', 'display', 'source', 'path', 'last_updated', 'size', 'hash',
         ]
         brief_fields = ('id', 'url', 'display', 'path')
-        read_only_fields = ['path', 'last_updated', 'size', 'hash']

netbox/dcim/graphql/filter_mixins.py

@@ -38,15 +38,6 @@ class ScopedFilterMixin:
 
 @dataclass
 class ComponentModelFilterMixin:
-    _site: Annotated['SiteFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
-        strawberry_django.filter_field(name='site')
-    )
-    _location: Annotated['LocationFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
-        strawberry_django.filter_field(name='location')
-    )
-    _rack: Annotated['RackFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
-        strawberry_django.filter_field(name='rack')
-    )
     device: Annotated['DeviceFilter', strawberry.lazy('dcim.graphql.filters')] | None = strawberry_django.filter_field()
     device_id: ID | None = strawberry_django.filter_field()
     name: FilterLookup[str] | None = strawberry_django.filter_field()

netbox/extras/api/serializers_/configcontexts.py

@@ -28,7 +28,7 @@ class ConfigContextProfileSerializer(PrimaryModelSerializer):
     )
     data_file = DataFileSerializer(
         nested=True,
-        required=False
+        read_only=True
     )
 
     class Meta:
@@ -143,7 +143,7 @@ class ConfigContextSerializer(OwnerMixin, ChangeLogMessageSerializer, ValidatedM
     )
     data_file = DataFileSerializer(
         nested=True,
-        required=False
+        read_only=True
     )
 
     class Meta:

netbox/extras/tests/test_api.py

@@ -1,5 +1,4 @@
 import datetime
-import hashlib
 
 from django.contrib.contenttypes.models import ContentType
 from django.urls import reverse
@@ -8,7 +7,7 @@ from rest_framework import status
 
 from core.choices import ManagedFileRootPathChoices
 from core.events import *
-from core.models import DataFile, DataSource, ObjectType
+from core.models import ObjectType
 from dcim.models import Device, DeviceRole, DeviceType, Manufacturer, Rack, Location, RackRole, Site
 from extras.choices import *
 from extras.models import *
@@ -732,51 +731,6 @@ class ConfigContextProfileTest(APIViewTestCases.APIViewTestCase):
         )
         ConfigContextProfile.objects.bulk_create(profiles)
 
-    def test_update_data_source_and_data_file(self):
-        """
-        Regression test: Ensure data_source and data_file can be assigned via the API.
-
-        This specifically covers PATCHing a ConfigContext with integer IDs for both fields.
-        """
-        self.add_permissions(
-            'core.view_datafile',
-            'core.view_datasource',
-            'extras.view_configcontextprofile',
-            'extras.change_configcontextprofile',
-        )
-        config_context_profile = ConfigContextProfile.objects.first()
-
-        # Create a data source and file
-        datasource = DataSource.objects.create(
-            name='Data Source 1',
-            type='local',
-            source_url='file:///tmp/netbox-datasource/',
-        )
-        # Generate a valid dummy YAML file
-        file_data = b'profile: configcontext\n'
-        datafile = DataFile.objects.create(
-            source=datasource,
-            path='dir1/file1.yml',
-            last_updated=now(),
-            size=len(file_data),
-            hash=hashlib.sha256(file_data).hexdigest(),
-            data=file_data,
-        )
-
-        url = self._get_detail_url(config_context_profile)
-        payload = {
-            'data_source': datasource.pk,
-            'data_file': datafile.pk,
-        }
-        response = self.client.patch(url, payload, format='json', **self.header)
-        self.assertHttpStatus(response, status.HTTP_200_OK)
-
-        config_context_profile.refresh_from_db()
-        self.assertEqual(config_context_profile.data_source_id, datasource.pk)
-        self.assertEqual(config_context_profile.data_file_id, datafile.pk)
-        self.assertEqual(response.data['data_source']['id'], datasource.pk)
-        self.assertEqual(response.data['data_file']['id'], datafile.pk)
-
 
 class ConfigContextTest(APIViewTestCases.APIViewTestCase):
     model = ConfigContext
@@ -858,51 +812,6 @@ class ConfigContextTest(APIViewTestCases.APIViewTestCase):
         rendered_context = device.get_config_context()
         self.assertEqual(rendered_context['bar'], 456)
 
-    def test_update_data_source_and_data_file(self):
-        """
-        Regression test: Ensure data_source and data_file can be assigned via the API.
-
-        This specifically covers PATCHing a ConfigContext with integer IDs for both fields.
-        """
-        self.add_permissions(
-            'core.view_datafile',
-            'core.view_datasource',
-            'extras.view_configcontext',
-            'extras.change_configcontext',
-        )
-        config_context = ConfigContext.objects.first()
-
-        # Create a data source and file
-        datasource = DataSource.objects.create(
-            name='Data Source 1',
-            type='local',
-            source_url='file:///tmp/netbox-datasource/',
-        )
-        # Generate a valid dummy YAML file
-        file_data = b'context: config\n'
-        datafile = DataFile.objects.create(
-            source=datasource,
-            path='dir1/file1.yml',
-            last_updated=now(),
-            size=len(file_data),
-            hash=hashlib.sha256(file_data).hexdigest(),
-            data=file_data,
-        )
-
-        url = self._get_detail_url(config_context)
-        payload = {
-            'data_source': datasource.pk,
-            'data_file': datafile.pk,
-        }
-        response = self.client.patch(url, payload, format='json', **self.header)
-        self.assertHttpStatus(response, status.HTTP_200_OK)
-
-        config_context.refresh_from_db()
-        self.assertEqual(config_context.data_source_id, datasource.pk)
-        self.assertEqual(config_context.data_file_id, datafile.pk)
-        self.assertEqual(response.data['data_source']['id'], datasource.pk)
-        self.assertEqual(response.data['data_file']['id'], datafile.pk)
-
 
 class ConfigTemplateTest(APIViewTestCases.APIViewTestCase):
     model = ConfigTemplate

netbox/ipam/forms/model_forms.py

@@ -372,8 +372,8 @@ class IPAddressForm(TenancyForm, PrimaryModelForm):
                     'virtual_machine_id': instance.assigned_object.virtual_machine.pk,
                 })
 
-        # Disable object assignment fields if the IP address is designated as primary
-        if self.initial.get('primary_for_parent'):
+        # Disable object assignment fields if the IP address is designated as primary or OOB
+        if self.initial.get('primary_for_parent') or self.initial.get('oob_for_parent'):
             self.fields['interface'].disabled = True
             self.fields['vminterface'].disabled = True
             self.fields['fhrpgroup'].disabled = True

netbox/ipam/models/ip.py

@@ -940,6 +940,13 @@ class IPAddress(ContactsMixin, PrimaryModel):
                     _("Cannot reassign IP address while it is designated as the primary IP for the parent object")
                 )
 
+            # can't use is_oob_ip as self.assigned_object might be changed
+            if hasattr(original_parent, 'oob_ip') and original_parent.oob_ip_id == self.pk:
+                if parent != original_parent:
+                    raise ValidationError(
+                        _("Cannot reassign IP address while it is designated as the OOB IP for the parent object")
+                    )
+
         # Validate IP status selection
         if self.status == IPAddressStatusChoices.STATUS_SLAAC and self.family != 6:
             raise ValidationError({

netbox/project-static/dist/graphiql/plugin-explorer-style.css

@@ -1 +1 @@
-.docExplorerWrap{height:unset!important;min-width:unset!important;width:unset!important}.docExplorerWrap svg{display:unset}.doc-explorer-title{font-size:var(--font-size-h2);font-weight:var(--font-weight-medium)}.doc-explorer-rhs{display:none}.graphiql-explorer-root{font-family:var(--font-family-mono)!important;font-size:var(--font-size-body)!important;padding:0!important}.graphiql-explorer-root>div>div{padding-top:var(--px-16);border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important}.graphiql-explorer-root>div{overflow:auto!important}.graphiql-explorer-root input{background:unset}.graphiql-explorer-root select{border:1px solid hsla(var(--color-neutral),var(--alpha-secondary));border-radius:var(--border-radius-4);margin:0 var(--px-8);padding:var(--px-4)var(--px-6);background:hsl(var(--color-base))!important;color:hsl(var(--color-neutral))!important}.toolbar-button{all:unset;cursor:pointer;margin-left:var(--px-6);color:hsl(var(--color-primary));line-height:0!important;font-size:var(--font-size-h3)!important}.graphiql-explorer-slug .toolbar-button,.graphiql-explorer-graphql-arguments .toolbar-button{font-size:inherit!important}.graphiql-explorer-graphql-arguments input{min-width:2rem;line-height:0}.graphiql-explorer-actions{border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important}
+.docExplorerWrap{height:unset!important;min-width:unset!important;width:unset!important}.docExplorerWrap svg{display:unset}.doc-explorer-title{font-size:var(--font-size-h2);font-weight:var(--font-weight-medium)}.doc-explorer-rhs{display:none}.graphiql-explorer-root{font-family:var(--font-family-mono)!important;font-size:var(--font-size-body)!important;padding:0!important}.graphiql-explorer-root>div>div{border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important;padding-top:var(--px-16)}.graphiql-explorer-root input{background:unset}.graphiql-explorer-root select{background:hsl(var(--color-base))!important;border:1px solid hsla(var(--color-neutral),var(--alpha-secondary));border-radius:var(--border-radius-4);color:hsl(var(--color-neutral))!important;margin:0 var(--px-8);padding:var(--px-4) var(--px-6)}.graphiql-operation-title-bar .toolbar-button{line-height:0;margin-left:var(--px-8);color:hsla(var(--color-neutral),var(--alpha-secondary, .6));font-size:var(--font-size-h3);vertical-align:middle}.graphiql-explorer-graphql-arguments input{line-height:0}.graphiql-explorer-actions{border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important}

netbox/project-static/netbox-graphiql/package.json

@@ -6,7 +6,7 @@
   "license": "Apache-2.0",
   "private": true,
   "dependencies": {
-    "@graphiql/plugin-explorer": "4.0.6",
+    "@graphiql/plugin-explorer": "3.2.6",
     "graphiql": "4.1.2",
     "graphql": "16.12.0",
     "js-cookie": "3.0.5",

netbox/project-static/yarn.lock

@@ -294,10 +294,10 @@
     react-compiler-runtime "19.1.0-rc.1"
     zustand "^5"
 
-"@graphiql/plugin-explorer@4.0.6":
-  version "4.0.6"
-  resolved "https://registry.yarnpkg.com/@graphiql/plugin-explorer/-/plugin-explorer-4.0.6.tgz#bec1207dc27334914590ab31f46c2e944bbf4ebf"
-  integrity sha512-TppIi92YPER3v70nlF01KTQrq9AiYqkZicSd1hpU7aqGmbqw/pLwBNLUEcfENBoJtw574Qxjswb01+GaYK0Tzw==
+"@graphiql/plugin-explorer@3.2.6":
+  version "3.2.6"
+  resolved "https://registry.npmjs.org/@graphiql/plugin-explorer/-/plugin-explorer-3.2.6.tgz"
+  integrity sha512-MXzG/zVNzZfes4Em253bHyAbD/lwwAZkPKvxCAQkjz0i3dtcv4uF3D8iqJ7214iu3SCphbORYZZUC93fik1yew==
   dependencies:
     graphiql-explorer "^0.9.0"