Bug 36256 - Multiple policies of the same type attached to one object
Multiple policies of the same type attached to one object
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Policies
UCS 3.2
Other Linux
: P5 enhancement (vote)
: UCS 4.0-2-errata
Assigned To: Florian Best
Philipp Hahn
:
: 21473 34152 34539 (view as bug list)
Depends on:
Blocks: 36255 36275 38663
  Show dependency treegraph
 
Reported: 2014-10-21 22:33 CEST by Sönke Schwardt-Krummrich
Modified: 2023-10-18 12:10 CEST (History)
7 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
Traceback (4.33 KB, text/plain)
2015-07-10 15:43 CEST, Philipp Hahn
Details
Warning (6.90 KB, text/plain)
2015-07-10 15:43 CEST, Philipp Hahn
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2014-10-21 22:33:45 CEST
The UDM CLI/python lib already supports multiple policies of the same type attached to one object. But UMC only shows one policy and overwrites the list of attached polices when saving the object. This advanced feature of attaching multiple policies has not to be supported by the UMC for now. But UMC must not overwrite the list of attached policies, too.

Required steps:
1) univention-policy-result has to deal with multiple policies of the same type. 
   Maybe the LDAP filter does not match and therefore does not affect the 
   specified object (see bug 36255)
1a) if multiple policies with matching LDAP filter are found and both/all 
    policies define the required attribute, then the policy with the 
    (alphanumeric) smallest name wins. The other policies shall be ignored.
2) If multiple polices of the same type are attached, the UMC policy view should 
   show no policy details but only the hint "2 policies attached". The user has 
   to remove the policy references via UDM CLI to be able to work with the UMC 
   again.
3) Check UDM CLI if all policies are show (ideally the list of policies is sorted 
   in alphanumeric order)
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2014-10-22 14:27:58 CEST
*** Bug 34152 has been marked as a duplicate of this bug. ***
Comment 2 Stefan Gohmann univentionstaff 2015-05-07 06:29:55 CEST
Move to UCS 4.0-2-errata. Once it has been fixed for UCS 4, we should check a backport to UCS 3.2.
Comment 3 Florian Best univentionstaff 2015-06-04 11:12:02 CEST
Why do we want to prevent the functionality via UMC instead of displaying all attached policies underneath (which makes it possible to remove it by setting it to "Inherited") in the first step? The API has to be touched in any case.
Comment 4 Stefan Gohmann univentionstaff 2015-06-04 11:17:49 CEST
(In reply to Florian Best from comment #3)
> Why do we want to prevent the functionality via UMC instead of displaying
> all attached policies underneath (which makes it possible to remove it by
> setting it to "Inherited") in the first step? The API has to be touched in
> any case.

If it is not too expensive, it would be nice to show them.
Comment 5 Florian Best univentionstaff 2015-06-04 12:30:23 CEST
(In reply to Stefan Gohmann from comment #4)
> If it is not too expensive, it would be nice to show them.
I think I got a working implementation.
If multiple policies are attached to one object the preview of values have to be disabled / invisible. The UDM code currently does not use univention-policy-result to show the values so they cannot really be *correctly* merged. It's also not possible to differentiate which policy set which value so that the edit link for each field can't be set. I would suggest to add one edit link per policy and remove the edit links from the values.
Comment 6 Florian Best univentionstaff 2015-06-05 11:38:47 CEST
*** Bug 34539 has been marked as a duplicate of this bug. ***
Comment 7 Florian Best univentionstaff 2015-06-05 18:45:19 CEST
*** Bug 37667 has been marked as a duplicate of this bug. ***
Comment 8 Florian Best univentionstaff 2015-06-25 15:18:30 CEST
Added two commits. (One fixes that the wrong policy type was opened when pressing 'edit').

univention-management-console-module-udm (5.1.25-71):
r61485 | Bug #36256: remove warning if multiple policies are referenced
r61484 | Bug #36256: fixed scope of policyType variable

The warning has been removed/revoked. Instead the workflow is that one can edit the policy references if there are more than 1 reference assigned. Otherwise the [+] is not shown. The merged result from python univention-policy-result is displayed in any case.
Comment 9 Philipp Hahn univentionstaff 2015-07-01 16:30:24 CEST
Jenkins regression: {s4,s4}×{Master,Backup}

<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-2/job/Autotest%20MultiEnv/51/SambaVersion=s3,Systemrolle=master/testReport/60_umc-system/24_umc-service-create-group/test/>

[2015-06-30 22:10:31.127609]Creating a test group with a name 'umc_test_group_hzui6h'
[2015-06-30 22:10:32.361482]Adding a 'default-udm-self' policy to a test group 'umc_test_group_hzui6h'
[2015-06-30 22:10:32.564138]### FAIL ###
[2015-06-30 22:10:32.564238]Exception while making 'udm/put' request: 500 on master090 (udm/put): {"status": 591, "message": "Die Ausf\u00fchrung des Kommandos udm/put groups/group ist fehlgeschlagen:\n\nTraceback (most recent call last):\n  File &quot;/usr/lib/pymodules/python2.7/univention/management/console/base.py&quot;, line 207, in _decorated\n    return function(self, request, *args, **kwargs)\n  File &quot;/usr/lib/pymodules/python2.7/notifier/threads.py&quot;, line 82, in _run\n    tmp = self._function()\n  File &quot;/usr/lib/pymodules/python2.7/notifier/__init__.py&quot;, line 104, in __call__\n    return self._function( *tmp, **self._kwargs )\n  File &quot;/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py&quot;, line 424, in _thread\n    module.modify(properties)\n  File &quot;/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py&quot;, line 163, in _decorated\n    return func(*args, **kwargs)\n  File &quot;/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py&quot;, line 146, in wrapper_func\n    return _func(*args, **kwargs)\n  File &quot;/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py&quot;, line 139, in _func\n    ret = func(*args, **kwargs)\n  File &quot;/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py&quot;, line 549, in modify\n    obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), [])\n  File &quot;/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py&quot;, line 549, in &lt;lambda&gt;\n    obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), [])\nTypeError: can only concatenate list (not &quot;str&quot;) to list\n"}
[2015-06-30 22:10:32.564251]###      ###
[2015-06-30 22:10:32.564264]Removing created test group if it exists
[2015-06-30 22:10:32.766253]Deleting test object 'groups' with a name: 'umc_test_group_hzui6h'

Probably caused by r61055:
branches/ucs-4.0/ucs-4.0-2/management/univention-management-console-module-udm/umc/python/udm/udm_ldap.py
 362 +»··»···»···»···obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), [])
 549 »···»···»···»···obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), [])

ucs-4.0-2/test/ucs-test/tests/60_umc-system/24_umc-service-create-group needs to be updated, as it works on the low-level UMC interface, where the API was changed.
Comment 10 Florian Best univentionstaff 2015-07-01 16:50:33 CEST
(In reply to Philipp Hahn from comment #9)
> ucs-4.0-2/test/ucs-test/tests/60_umc-system/24_umc-service-create-group
> needs to be updated, as it works on the low-level UMC interface, where the
> API was changed.
yes, I missed that. Fixed in svn r61619. ucs-test rebuilds.
Comment 11 Philipp Hahn univentionstaff 2015-07-10 15:38:18 CEST
OK: Code r61055 r61063 r61076 r61344 r61484 r61485
OK: YAML r61082 r61377 r61488
OK: Test r61083 r61619

OK: aptitude install -y '?source-package(^univention-management-console-module-udm$)~i'
OK: Multiple policies are shown
OK: Adding a new policy overwrites all previous policy references
OK: Removing one policy
OK: Removing all policies
OK: Editing the selected policy
OK: Editing the inherited value

REOPEN: If I open an object with just one active policy, for a short time a see two lines, which are then reduced to one line.

TODO: Update documentation: "Inherited" is no longer shown.
Comment 12 Philipp Hahn univentionstaff 2015-07-10 15:43:13 CEST
Created attachment 7019 [details]
Traceback

I got the attached traceback multiple times, but I'm unsure how to re-produce it.
I think it did occur when I edited the object after deleting some policy references.
Comment 13 Philipp Hahn univentionstaff 2015-07-10 15:43:48 CEST
Created attachment 7020 [details]
Warning

Lots of warnings from the JS console
Comment 14 Philipp Hahn univentionstaff 2015-07-10 15:51:13 CEST
Please have a look:
 1. Reference two policies from object via CLI
 2. Open in UMC
 3. Click to create new policy
 4. Save new policy
 5. Two policy reference lines are shown, where the newly creates policy is selected in line 1, while in line 2 the drop-down list is empty.
    I thinks there should be only on line.
 (6. FYI: I can then select a 2nd policy there, which is stored correctly. So it works, but should be possible because of 5.)
Comment 15 Philipp Hahn univentionstaff 2015-07-10 15:57:07 CEST
(In reply to Philipp Hahn from comment #12)
> Created attachment 7019 [details]
> Traceback
> 
> I got the attached traceback multiple times, but I'm unsure how to
> re-produce it.
> I think it did occur when I edited the object after deleting some policy
> references.

Again after opening an object with 3 policies attached.
I thinks it is timing related: 3 of ~10 times I get the traceback.

1. Open $ldap_base
2. Switch to [Policies] tab
3. Expand "Policy: DHCP boot"
4. Close object without saving
5. GOTO 1.
Comment 16 Florian Best univentionstaff 2015-07-13 13:38:36 CEST
(In reply to Philipp Hahn from comment #11)
> REOPEN: If I open an object with just one active policy, for a short time a
> see two lines, which are then reduced to one line.
yes, fixed that. r62068/r62069

(In reply to Philipp Hahn from comment #12)
> Created attachment 7019 [details]
> Traceback
> 
> I got the attached traceback multiple times, but I'm unsure how to
> re-produce it.
> I think it did occur when I edited the object after deleting some policy
> references.
I could reproduce the traceback. It happened due to a already removed widget when the http request took a little bit longer. With the svn-commit I could not reproduce this anymore.

(In reply to Philipp Hahn from comment #13)
> Created attachment 7020 [details]
> Warning
> 
> Lots of warnings from the JS console
There are 2 types of warning:
* deprecated grid.setStructure() → has nothing to do with this bug + have to be fixed in UMC. (I will commit a fix when working on UCS 4.1)
* missing widget 'name' for the policy preview → It is stripped out on purpose

(In reply to Philipp Hahn from comment #14)
> Please have a look:
>  1. Reference two policies from object via CLI
>  2. Open in UMC
>  3. Click to create new policy
>  4. Save new policy
>  5. Two policy reference lines are shown, where the newly creates policy is
> selected in line 1, while in line 2 the drop-down list is empty.
>     I thinks there should be only on line.
>  (6. FYI: I can then select a 2nd policy there, which is stored correctly.
> So it works, but should be possible because of 5.)
IMHO this is okay. If there are initially multiple policies attached to the object the user should be able to set/edit/modify multiple policies.
Comment 17 Florian Best univentionstaff 2015-07-14 10:21:58 CEST
*** Bug 21473 has been marked as a duplicate of this bug. ***
Comment 18 Philipp Hahn univentionstaff 2015-07-15 17:00:31 CEST
OK: r62068 r62069
OK: univention-management-console-module-udm=5.1.25-77.588.201507131338
OK: errata-announce -V 2015-05-12-univention-management-console-module-udm.yaml
FIXED: 2015-05-12-univention-management-console-module-udm.yaml → r62138
Comment 19 Janek Walkenhorst univentionstaff 2015-08-06 17:55:44 CEST
<http://errata.univention.de/ucs/4.0/265.html>