v2.0.6¶
Release Date¶
2026-04-16
Summary¶
v2.0.6 is a major feature and fix release — the largest since v2.0.0. It adds nine new platform capabilities (NUTS verification engine, fw_rule intent type with multi-vendor Jinja templates, Catalyst Center adapter, intent dependency graph, Approve/Reject workflow UI, .intentignore support, Retired intent status, four management intent types, and VXLAN VNI Pool UI) alongside four bug fixes covering credential resolution, PostgreSQL migration atomicity, Python 3.13 compatibility, and lifecycle status seeding on fresh installs.
Added¶
-
Management intent types — four new intent types for the Management & Operations domain:
mgmt_motd,mgmt_netconf,mgmt_dhcp_server, andmgmt_global_config. -
Retiredintent status — intents can be set toRetiredto remain in Git but remain non-actionable. Reconciliation silently skips retired intents; the only permitted transition out ofRetiredis back toDraft. -
fw_rule(Firewall Rule) intent type — stateful and stateless firewall policy support with a resolver and Jinja2 templates for all six vendor platforms (Cisco IOS-XE, IOS-XR, NX-OS, Juniper Junos, Aruba AOS-CX, Arista EOS). Includes aFirewallControllerAdapterfor centralized firewall management via Palo Alto Panorama and Fortinet FortiManager. -
.intentignorefile support — place a.intentignorefile in the repo root or an intent subdirectory to exclude files from Git sync usingfnmatchglob patterns (same syntax as.gitignore). -
Approve/Reject workflow UI — Approve and Reject buttons are now displayed on the intent detail page. Added support for Nautobot native Approval Workflow callbacks (
on_workflow_approved,on_workflow_denied,on_workflow_canceled).is_approvednow accepts approval from either a customIntentApprovalrecord or a native NautobotApprovalWorkflow. -
Catalyst Center adapter — new
controller_type,controller_site, andcontroller_orgfields on theIntentmodel for targeting Cisco Catalyst Center (formerly DNA Center) as a deployment controller. -
Intent dependency graph — a new
ManyToManyFieldonIntentallows operators to declare deployment ordering between intents. The reconciliation pipeline respects declared dependencies when sequencing deployments. -
NUTS verification engine — replaced pyATS/Genie with NUTS (Network Unit Testing System). NUTS uses NAPALM and Netmiko for multi-vendor device-state validation and includes 20+ built-in test classes across 70+ network platforms (Arista EOS, Cisco IOS-XE/XR/NX-OS, Juniper JunOS, Nokia SR-OS, and more).
-
VXLAN VNI Pool management UI — list, create, edit, and delete views for VNI Pools are now accessible from the Intent Engine nav menu under VNI Pools. Adds a
VxlanVniPoolSerializerfor the REST API at/api/plugins/intent-networking/vxlan-vni-pools/.
Fixed¶
-
PostgreSQL migration atomicity — migrations
0010and0013now setatomic = False, resolving"pending trigger events"errors that occurred when runningpost_upgradeagainst PostgreSQL. -
Python 3.13 compatibility — pinned Python to
>=3.10,<3.13inpyproject.toml. pyATS/Genie do not publish Python 3.13 wheels; builds now fail explicitly with a clear error rather than silently at install time. -
Lifecycle status seeding — data migration
0015_seed_intent_lifecycle_statusesensures all eight Intent lifecycle statuses (Draft,Validated,Deploying,Deployed,Failed,Rolled Back,Deprecated,Retired) are created duringpost_upgradeon any Nautobot instance. Previously these were only seeded by the development script, causingStatus.DoesNotExisterrors on fresh production installs. -
Device credential resolution — credentials are now resolved per-device from the SecretsGroup assigned to the device record in Nautobot using
access_type="SSH"(the convention used bynautobot_plugin_nornir). Previouslyaccess_type="Generic"was used, causing a silent exception and unconditional fallback to environment variables even whendevice_secrets_groupwas configured. Lookup order:- SecretsGroup on the device record in Nautobot (Device → Secrets Group field) —
access_type="SSH" - Global
device_secrets_groupfromPLUGINS_CONFIG—access_type="SSH" DEVICE_USERNAME/DEVICE_PASSWORDenvironment variables as a last resort
- SecretsGroup on the device record in Nautobot (Device → Secrets Group field) —
Upgrade¶
pip install --upgrade nautobot-app-intent-networking==2.0.6
nautobot-server post_upgrade
sudo systemctl restart nautobot nautobot-worker nautobot-scheduler
Database migrations included
v2.0.5 includes several new migrations. post_upgrade will run them automatically, including 0015_seed_intent_lifecycle_statuses which seeds the Intent lifecycle statuses on any instance that is missing them.
Action required if you use device_secrets_group
If you have device_secrets_group configured in PLUGINS_CONFIG, verify that the SecretsGroup assignments in Nautobot use Access Type: SSH (not Generic) for both the username and password secrets. This matches the convention expected by nautobot_plugin_nornir.
Full changelog: v2.0.5...v2.0.6