What's Changed
Bug Fixes
- fix(api):
ProxboxPluginSettingsViewSetnow overridesget_permissions()so GET/HEAD/OPTIONS require onlyIsAuthenticatedinstead ofObjectPermissionRequiredMixin. Any valid NetBox API token (v1 or v2) can read plugin settings without needingview_proxboxpluginsettingsexplicitly granted in NetBox admin. (proxbox-api #45) - fix(backend_sync): Use
effective_token_valuefor v1 token extraction in_netbox_endpoint_backend_payload; add fallback to FK token key for v2 when CharFields are empty; log warnings on missing credentials instead of silently sending an empty token. - fix(import): Accept
versionandrepoidheaders inProxmoxEndpointCSV import. - fix(sync): Retry on HTTP 429 (rate limit) responses during stage sync.
- fix(api): Add explicit
urlfield toNestedProxmoxStorageSerializer. - fix(api): Disable auto-generated
UniqueTogetherValidatoronNestedProxmoxStorageSerializerto prevent false validation errors.
CI
- Gate PyPI publish on
validate-testpypi(install + test matrix) instead ofe2e-docker-local, so a pre-existing Docker infrastructure issue no longer blocks package release. - Switch Proxmox mock container to
proxmox-sdk:dev-nginxfor HTTPS support in E2E stack. - Various E2E mock data fixes: LXC mp0 disk, VM config types, cluster/resources id fields, snapshot subtype comparison.
Root Cause (proxbox-api #45)
Two independent bugs caused HTTP 403 on GET /api/plugins/proxbox/settings/:
- This repo —
ProxboxPluginSettingsViewSetrequired explicitview_proxboxpluginsettingspermission. Standard API tokens don't carry this by default. Fixed by overridingget_permissions()for safe HTTP methods. - proxbox-api — v2 auth header was built incorrectly (
nbt <key>:<secret>instead ofBearer nbt_<key>.<secret>). Fixed in proxbox-api v0.0.7.post1.
Both fixes together restore automatic token exchange between the plugin and the backend so proxbox-api can fetch ProxboxPluginSettings without manual permission setup.