Univention Bugzilla – Bug 27816
Provide a RESTful API for UDM
Last modified: 2019-10-02 16:06:30 CEST
Die UMC sollte ihre Funktionen über eine REST-API bereitstellen.
This would be helpful for customers implementing externally reachable self-service web-pages or using customized HR software Ticket: #2012041721002657
Requested during competitor analysis of UCS@school.
(In reply to Michel Smidt from comment #2) > Requested during competitor analysis of UCS@school. Not specifically the UMC functionality but the directory functionality.
Requested at 2015100621000386
From the description it isn't really clear what exactly we need. For what do we need it? Do we need a API to receive/add/modify/delete LDAP objects? Do we need a API to set up system configurations like Language settings, UCR variables, etc.? Do we need a API to stop services or processes? Does the API needs to be RESTful? REST requires hypertext driven, stateless communication using a uniform interface (e.g. HTTP with its methods, status codes, headers and URI's for resource identification) where every representation of a resource is marked as (non-)cacheable and which especially uses a data format which allows hypertext driven application state and link-relations between different resources and states (=XML based). Or do we need a interface which uses correct HTTP verbs, headers, statuses and URIs; which is versionizable and reliable against changes and might support different versions; which gives access to various data format like application/json, some LDIF format or vendor/univention specific XML data formats and accept also formats like those.
(In reply to Florian Best from comment #5) > From the description it isn't really clear what exactly we need. > For what do we need it? > Do we need a API to receive/add/modify/delete LDAP objects? Yes, at least this was requested in my presales task. > Do we need a API to set up system configurations like Language settings, UCR > variables, etc.? I don't know because for my potential project the customer was actually far away from UCS product specifica. > Do we need a API to stop services or processes? See above. > > Does the API needs to be RESTful? Yes. This was the requirement. > ... > ...
There is a Customer ID set so I set the flag "Enterprise Customer affected".
The representation of LDAP objects should include a Last-Modified header, which is the value of the "modifyTimestamp" attribute (formatted as HTTP date). Then we can allow conditional requests like "If-Unmodified-Since". On backend / LDAP side since Bug #43628 we are able to use server controls for the LDAP operations. We can implement the following LDAP control when modifying objects: from ldap.controls.libldap import AssertionControl last_modified = http_date_to_ldap_date(request.headers.get('If-Unmodified-Since')) try: lo.modify(dn, ml, servercontrols=[AssertionControl(filterstr=filter_format('modifyTimestamp=%s', [last_modified]))]) except ldap.ASSERTION_FAILED: raise HTTPError(402, 'If-Unmodified-Since does not match.') The alternative is to use the E-Tag instead of the Last-Modified date, so that we don't need to transform HTTP Date → LDAP Date and vice versa.
reverted 6abfd3b2b48e3d46ec4c2bc7a59cfe82692034e1 univention-management-console 8bd2630545038bd309e6ea3c196027c8da5e84a9
27.06.19 09:05:41.950 MAIN ( PROCESS ) : SessionClient(0x7f1ffc066d10): _authenticated: success=True status=200 message=None 27.06.19 09:05:41.950 MAIN ( PROCESS ) : auth_type=None 27.06.19 09:06:22.902 MAIN ( PROCESS ) : CPCommand (192.168.0.28:45222) response status code: 591 27.06.19 09:06:22.903 MAIN ( PROCESS ) : CPCommand (192.168.0.28:45222) response message: Interner Server-Fehler in "appcenter/track". 27.06.19 09:06:22.903 MAIN ( PROCESS ) : CPCommand (192.168.0.28:45222) response result: None 27.06.19 09:06:22.903 MAIN ( PROCESS ) : CPCommand (192.168.0.28:45222) response error: {u'traceback': u'Traceback (most recent call last):\n File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 260, in execute\n function.__func__(self, request, *args, **kwargs)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response\n return function(self, request)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 318, in _response\n result = _multi_response(self, request)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response\n return function(self, request)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 440, in _response\n return list(function(self, iterator, *nones))\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 284, in _fake_func\n for args in iterator:\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 467, in next\n return [values[name] for name in self.names]\nKeyError: \'app\'\n', u'command': u'appcenter/track'} 27.06.19 09:06:22.903 MAIN ( ERROR ) : Interner Server-Fehler in "appcenter/track". Request: appcenter/track
QA for accessing REST API Only authorized groups have access. Groups can be authorized via directory/manager/rest/authorized-groups/* OK: by default "Domain Admins", "DC Backup Hosts" and "DC Slave Hosts" are authorized OK: Authorizing a new group via UCR variable OK: user who are not part of any authorized group cannot access API OK: test_authentication in 73_udm-rest/00_general_tests.py
git show 20c35b1d modules/univention/admin/uexceptions.py --- a/management/univention-directory-manager-modules/modules/univention/admin/uexceptions.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/uexceptions.py @@ -77,7 +77,10 @@ class noProperty(base): class valueError(base): - pass + + def __init__(self, *args, **kwargs): + self.property = kwargs.pop('property') + super(valueError, self).__init__(*args, **kwargs) i am not sure if this is good, we have a lot of code that just raises the valueError exception without the kwarg property so please make 'property' optional (several tests fail because of this 60_umc.60_udm_extended_attributes.master090 60_umc.70_udm_network_functionality.master090 72_udm-extensions.32_file_integrity_udm_module.master090 72_udm-extensions.42_test_udm_syntax.master090)
(In reply to Felix Botner from comment #12) > git show 20c35b1d modules/univention/admin/uexceptions.py > --- > a/management/univention-directory-manager-modules/modules/univention/admin/ > uexceptions.py > +++ > b/management/univention-directory-manager-modules/modules/univention/admin/ > uexceptions.py > @@ -77,7 +77,10 @@ class noProperty(base): > > > class valueError(base): > - pass > + > + def __init__(self, *args, **kwargs): > + self.property = kwargs.pop('property') > + super(valueError, self).__init__(*args, **kwargs) > > i am not sure if this is good, we have a lot of code that just raises the > valueError exception without the kwarg property > > so please make 'property' optional > > (several tests fail because of this > 60_umc.60_udm_extended_attributes.master090 > 60_umc.70_udm_network_functionality.master090 > 72_udm-extensions.32_file_integrity_udm_module.master090 > 72_udm-extensions.42_test_udm_syntax.master090) Oh sorry, yes! Fixed in univention-directory-manager-modules 14.0.13-13A~4.4.0.201909091135.
(In reply to Florian Best from comment #13) > (In reply to Felix Botner from comment #12) > > git show 20c35b1d modules/univention/admin/uexceptions.py > > --- > > a/management/univention-directory-manager-modules/modules/univention/admin/ > > uexceptions.py > > +++ > > b/management/univention-directory-manager-modules/modules/univention/admin/ > > uexceptions.py > > @@ -77,7 +77,10 @@ class noProperty(base): > > > > > > class valueError(base): > > - pass > > + > > + def __init__(self, *args, **kwargs): > > + self.property = kwargs.pop('property') > > + super(valueError, self).__init__(*args, **kwargs) > > > > i am not sure if this is good, we have a lot of code that just raises the > > valueError exception without the kwarg property > > > > so please make 'property' optional > > > > (several tests fail because of this > > 60_umc.60_udm_extended_attributes.master090 > > 60_umc.70_udm_network_functionality.master090 > > 72_udm-extensions.32_file_integrity_udm_module.master090 > > 72_udm-extensions.42_test_udm_syntax.master090) > > > Oh sorry, yes! > Fixed in univention-directory-manager-modules 14.0.13-13A~4.4.0.201909091135. greate, thanks
The UDM REST API has been implemented. Everything following up should be handled via different bugs. Package: univention-directory-manager-rest Version: 9.0.16-2A~4.4.0.201909221545 To not cause so much bugzilla mail spam, I'll move all Depends bugs to See-Also.
OK
UCS 4.4-2 has been released: https://docs.software-univention.de/release-notes-4.4-2-en.html https://docs.software-univention.de/release-notes-4.4-2-de.html If this error occurs again, please use "Clone This Bug".