feat: add support for NetBox v2 API tokens

Auto-detect v2 tokens by their nbt_ prefix and use the Bearer
authorization scheme instead of Token. V1 tokens are unchanged.

Update api_token provider description to document v2 support and
add tests verifying the correct auth scheme is sent for each token type.

Author: MrKeiKun

netbox/client.go

@@ -3,6 +3,7 @@ package netbox
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	netboxclient "github.com/fbreckle/go-netbox/netbox/client"
@@ -81,7 +82,11 @@ func (cfg *Config) Client() (*netboxclient.NetBoxAPI, error) {
 	}
 
 	transport := httptransport.NewWithClient(parsedURL.Host, parsedURL.Path+netboxclient.DefaultBasePath, desiredRuntimeClientSchemes, httpClient)
-	transport.DefaultAuthentication = httptransport.APIKeyAuth("Authorization", "header", fmt.Sprintf("Token %v", cfg.APIToken))
+	authScheme := "Token"
+	if strings.HasPrefix(cfg.APIToken, "nbt_") {
+		authScheme = "Bearer"
+	}
+	transport.DefaultAuthentication = httptransport.APIKeyAuth("Authorization", "header", fmt.Sprintf("%s %v", authScheme, cfg.APIToken))
 	transport.SetLogger(log.StandardLogger())
 	netboxClient := netboxclient.New(transport, nil)
 

netbox/client_test.go

@@ -87,6 +87,45 @@ func TestAdditionalHeadersSet(t *testing.T) {
 	client.Status.StatusList(req, nil)
 }
 
+func TestV1TokenUsesTokenScheme(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		auth := r.Header.Get("Authorization")
+		assert.Equal(t, "Token 07b12b765127747e4afd56cb531b7bf9c61f3c30", auth)
+	}))
+	defer ts.Close()
+
+	config := Config{
+		APIToken:  "07b12b765127747e4afd56cb531b7bf9c61f3c30",
+		ServerURL: ts.URL,
+	}
+
+	client, err := config.Client()
+	assert.NoError(t, err)
+
+	req := status.NewStatusListParams()
+	client.Status.StatusList(req, nil)
+}
+
+func TestV2TokenUsesBearerScheme(t *testing.T) {
+	v2Token := "nbt_abc1234567890abcdef.checksum1234"
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		auth := r.Header.Get("Authorization")
+		assert.Equal(t, "Bearer "+v2Token, auth)
+	}))
+	defer ts.Close()
+
+	config := Config{
+		APIToken:  v2Token,
+		ServerURL: ts.URL,
+	}
+
+	client, err := config.Client()
+	assert.NoError(t, err)
+
+	req := status.NewStatusListParams()
+	client.Status.StatusList(req, nil)
+}
+
 /* TODO
 func TestInvalidHttpsCertificate(t *testing.T) {}
 */

netbox/provider.go

@@ -225,7 +225,7 @@ func Provider() *schema.Provider {
 				Type:        schema.TypeString,
 				Required:    true,
 				DefaultFunc: schema.EnvDefaultFunc("NETBOX_API_TOKEN", nil),
-				Description: "Netbox API authentication token. Can be set via the `NETBOX_API_TOKEN` environment variable.",
+				Description: "Netbox API authentication token. Supports both v1 tokens (`Authorization: Token <key>`) and v2 tokens (`Authorization: Bearer nbt_<key>.<token>`). V2 tokens are auto-detected by their `nbt_` prefix. Can be set via the `NETBOX_API_TOKEN` environment variable.",
 			},
 			"allow_insecure_https": {
 				Type:        schema.TypeBool,

netbox/resource_netbox_token.go

@@ -32,7 +32,7 @@ func resourceNetboxToken() *schema.Resource {
 				Type:         schema.TypeString,
 				Sensitive:    true,
 				Optional:     true,
-				ValidateFunc: validation.StringLenBetween(40, 256),
+				ValidateFunc: validation.StringLenBetween(12, 40),
 			},
 			"allowed_ips": {
 				Type:     schema.TypeList,