[Tracking] ValidateSet drift audit vs NetBox v4.5.7 — 20 findings (17 actionable)

[ctrl-alt-automate]

Summary

Initial run of the new scripts/Verify-ValidateSetParity.ps1 tool (#391) against NetBox v4.5.7 found 20 ValidateSet discrepancies across 17 unique parameters. Three are already being addressed by #390 (Cable_Profile), leaving 17 actionable findings tracked here.

This issue is a parent tracker — each finding should either be fixed in its own focused PR or explicitly deferred (and added to scripts/validateset-parity-exclusions.txt with a comment).

How to reproduce

./scripts/Verify-ValidateSetParity.ps1 -NetboxVersion v4.5.7

Requires PR #391 to be merged, or check out the tooling/validateset-parity-check branch.

Findings — by severity

🔴 High — users cannot create or filter on real API values

Finding	Files	Missing API values
VPN Tunnel -Encapsulation	New-NBVPNTunnel, Set-NBVPNTunnel	l2tp, openvpn, pptp, wireguard — mainstream VPN types completely absent
VPN IKE Proposal -Authentication_Method	New-NBVPNIKEProposal	dsa-signatures, rsa-signatures
Get-NBDCIMInterface -Type	Get-NBDCIMInterface	104 interface types missing. Get- was not kept in sync with New-/Set- (which have all 216 types). Users cannot filter devices by the newer types (100GBASE, 400GBASE, 800GBASE, 1.6TbE, etc.).
VM -Status	Get-, New-, Set-NBVirtualMachine	paused (added in recent NetBox)
Rack -Status	Get-, New-, Set-NBDCIMRack	available
EventRule -Action_Type	New-, Set-NBEventRule	notification
VirtualMachineInterface -Mode	New-NBVirtualMachineInterface	q-in-q (NetBox 4.2+ feature)

🟡 Medium — catalog drift (users miss newer hardware types)

Finding	Files	Missing values
DCIM Cable -Type	New-NBDCIMCable	9 coax types: lmr-100/200/400, rg-6/8/11/59/62/213
FrontPort / RearPort -Type	New-NBDCIMFrontPort, New-NBDCIMRearPort	11 per file: fc-apc/pc/upc, usb-a/b/c/micro-a/b/ab/mini-a/b

🟢 Low — single-value gap, possibly deprecated endpoints

Finding	Files	Missing values
DCIMInterfaceConnection -Connection_Status	New-NBDCIMInterfaceConnection	decommissioning (this endpoint is the old-style interface connection, superseded by cables — worth verifying it's still in use before fixing)

✅ Already tracked (ignore here)

Finding	Status
Cable_Profile × 3 (New/Set/Get-NBDCIMCable)	Being fixed in #390

Script limitations documented

The script suppresses several known false positives via scripts/validateset-parity-exclusions.txt:

Exclusion	Reason
InvokeNetboxRequest.ps1::Method, Send-NBBulkRequest.ps1::Method	HTTP verb enums, not NetBox choices
Export-NBRackElevation.ps1::Face	Both is a PN-only SVG render flag
{New,Set}-NBCustomLink.ps1::Button_Class	Bootstrap button variants
{New,Set}-NBDCIMInterface.ps1::Mode	Accepts legacy numeric/title-case values translated in begin {} — see #360. This also suppresses the q-in-q gap for DCIM interfaces; that specific missing value should be added without removing the exclusion.

Recommended plan

1. Fix VPN Tunnel -Encapsulation (highest-impact — 4 mainstream VPN types absent)
2. Fix Get-NBDCIMInterface -Type drift — sync with New-/Set- which already have the full set. Also add the DCIM Interface q-in-q value in the same PR since the exclusion for Mode currently hides it.
3. Rack -Status available — small, quick win
4. VM -Status paused — small, quick win
5. VPN IKE Proposal -Authentication_Method — small
6. EventRule -Action_Type notification — small
7. VMInterface -Mode q-in-q — small
8. FrontPort/RearPort -Type + DCIMCable -Type catalog adds — bigger but low urgency; group per endpoint
9. DCIMInterfaceConnection -Connection_Status — research whether this endpoint is still worth maintaining first

Each fix should come with unit tests that iterate the full corrected value set and assert URI/body round-trip, using the same pattern as #390 does for Cable_Profile.

Raw script output

Full output of ./scripts/Verify-ValidateSetParity.ps1 -NetboxVersion v4.5.7 is ~600 lines; the file list and match scores are captured in this run:

Extracted 85 ChoiceSet classes from NetBox v4.5.7
Extracted 130 string-type ValidateSets from PowerNetbox
Loaded 7 exclusions from scripts/validateset-parity-exclusions.txt

Found 20 ValidateSet discrepancies vs NetBox v4.5.7

DCIM/Cables/Get-NBDCIMCable.ps1 :: -Cable_Profile     (100% name match, see #390)
DCIM/Cables/New-NBDCIMCable.ps1 :: -Cable_Profile     (100% name match, see #390)
DCIM/Cables/Set-NBDCIMCable.ps1 :: -Cable_Profile     (100% name match, see #390)
DCIM/Cables/New-NBDCIMCable.ps1 :: -Type              (missing 9 coax)
DCIM/FrontPorts/New-NBDCIMFrontPort.ps1 :: -Type      (missing 11 USB/FC)
DCIM/Interfaces/Get-NBDCIMInterface.ps1 :: -Type      (missing 104 — drift from New/Set)
DCIM/Interfaces/New-NBDCIMInterfaceConnection.ps1 :: -Connection_Status  (missing decommissioning)
DCIM/Racks/Get-NBDCIMRack.ps1 :: -Status              (missing available)
DCIM/Racks/New-NBDCIMRack.ps1 :: -Status              (missing available)
DCIM/Racks/Set-NBDCIMRack.ps1 :: -Status              (missing available)
DCIM/RearPorts/New-NBDCIMRearPort.ps1 :: -Type        (missing 11 USB/FC)
Extras/EventRules/New-NBEventRule.ps1 :: -Action_Type (missing notification)
Extras/EventRules/Set-NBEventRule.ps1 :: -Action_Type (missing notification)
Virtualization/VirtualMachine/Get-NBVirtualMachine.ps1 :: -Status  (missing paused)
Virtualization/VirtualMachine/New-NBVirtualMachine.ps1 :: -Status  (missing paused)
Virtualization/VirtualMachine/Set-NBVirtualMachine.ps1 :: -Status  (missing paused)
Virtualization/VirtualMachineInterface/New-NBVirtualMachineInterface.ps1 :: -Mode  (missing q-in-q)
VPN/IKEProposal/New-NBVPNIKEProposal.ps1 :: -Authentication_Method  (missing dsa-signatures, rsa-signatures)
VPN/Tunnel/New-NBVPNTunnel.ps1 :: -Encapsulation      (missing l2tp, openvpn, pptp, wireguard)
VPN/Tunnel/Set-NBVPNTunnel.ps1 :: -Encapsulation      (missing l2tp, openvpn, pptp, wireguard)

Related

• [Bug] New-NBDCIMInterface #360 — Interface Mode ValidateSet drift (fixed)
• Complete interface type ValidateSet (208 types) #369 — DCIMInterface Type drift to 208 (fixed, but Get-NBDCIMInterface was missed — item 2 above)
• [Bug] Get-NBBranch -Status ValidateSet is incorrect — contains non-existent value and misses 9 real statuses #385 — Get-NBBranch -Status drift (fixed)
• [Bug] -Cable_Profile ValidateSet on DCIMCable functions uses wrong API values (all 25 are broken) #389 / fix: Correct Cable_Profile ValidateSet on DCIMCable functions (#389) #390 — Cable_Profile drift (in progress)
• tooling: Add Verify-ValidateSetParity.ps1 — automated ValidateSet drift detection #391 — New tooling script that produced this report

[ctrl-alt-automate]

Item 2 addressed in PR #398 (squash b4f7f3d). Parity tool output went from 18 findings → 17:

# Before:  DCIM/Interfaces/Get-NBDCIMInterface.ps1 :: -Type  (missing 104 — drift from New/Set)
# After:   (line absent)

Tracker stays open for the remaining 16 actionable items. Next candidates for quick wins: VPN Tunnel -Encapsulation (4 missing mainstream VPN types) and Rack -Status (missing available).