Univention Bugzilla – Bug 36256
Multiple policies of the same type attached to one object
Last modified: 2023-10-18 12:10:03 CEST
The UDM CLI/python lib already supports multiple policies of the same type attached to one object. But UMC only shows one policy and overwrites the list of attached polices when saving the object. This advanced feature of attaching multiple policies has not to be supported by the UMC for now. But UMC must not overwrite the list of attached policies, too. Required steps: 1) univention-policy-result has to deal with multiple policies of the same type. Maybe the LDAP filter does not match and therefore does not affect the specified object (see bug 36255) 1a) if multiple policies with matching LDAP filter are found and both/all policies define the required attribute, then the policy with the (alphanumeric) smallest name wins. The other policies shall be ignored. 2) If multiple polices of the same type are attached, the UMC policy view should show no policy details but only the hint "2 policies attached". The user has to remove the policy references via UDM CLI to be able to work with the UMC again. 3) Check UDM CLI if all policies are show (ideally the list of policies is sorted in alphanumeric order)
*** Bug 34152 has been marked as a duplicate of this bug. ***
Move to UCS 4.0-2-errata. Once it has been fixed for UCS 4, we should check a backport to UCS 3.2.
Why do we want to prevent the functionality via UMC instead of displaying all attached policies underneath (which makes it possible to remove it by setting it to "Inherited") in the first step? The API has to be touched in any case.
(In reply to Florian Best from comment #3) > Why do we want to prevent the functionality via UMC instead of displaying > all attached policies underneath (which makes it possible to remove it by > setting it to "Inherited") in the first step? The API has to be touched in > any case. If it is not too expensive, it would be nice to show them.
(In reply to Stefan Gohmann from comment #4) > If it is not too expensive, it would be nice to show them. I think I got a working implementation. If multiple policies are attached to one object the preview of values have to be disabled / invisible. The UDM code currently does not use univention-policy-result to show the values so they cannot really be *correctly* merged. It's also not possible to differentiate which policy set which value so that the edit link for each field can't be set. I would suggest to add one edit link per policy and remove the edit links from the values.
*** Bug 34539 has been marked as a duplicate of this bug. ***
*** Bug 37667 has been marked as a duplicate of this bug. ***
Added two commits. (One fixes that the wrong policy type was opened when pressing 'edit'). univention-management-console-module-udm (5.1.25-71): r61485 | Bug #36256: remove warning if multiple policies are referenced r61484 | Bug #36256: fixed scope of policyType variable The warning has been removed/revoked. Instead the workflow is that one can edit the policy references if there are more than 1 reference assigned. Otherwise the [+] is not shown. The merged result from python univention-policy-result is displayed in any case.
Jenkins regression: {s4,s4}×{Master,Backup} <http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-2/job/Autotest%20MultiEnv/51/SambaVersion=s3,Systemrolle=master/testReport/60_umc-system/24_umc-service-create-group/test/> [2015-06-30 22:10:31.127609]Creating a test group with a name 'umc_test_group_hzui6h' [2015-06-30 22:10:32.361482]Adding a 'default-udm-self' policy to a test group 'umc_test_group_hzui6h' [2015-06-30 22:10:32.564138]### FAIL ### [2015-06-30 22:10:32.564238]Exception while making 'udm/put' request: 500 on master090 (udm/put): {"status": 591, "message": "Die Ausf\u00fchrung des Kommandos udm/put groups/group ist fehlgeschlagen:\n\nTraceback (most recent call last):\n File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 207, in _decorated\n return function(self, request, *args, **kwargs)\n File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run\n tmp = self._function()\n File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__\n return self._function( *tmp, **self._kwargs )\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 424, in _thread\n module.modify(properties)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 163, in _decorated\n return func(*args, **kwargs)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 146, in wrapper_func\n return _func(*args, **kwargs)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 139, in _func\n ret = func(*args, **kwargs)\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 549, in modify\n obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), [])\n File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 549, in <lambda>\n obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), [])\nTypeError: can only concatenate list (not "str") to list\n"} [2015-06-30 22:10:32.564251]### ### [2015-06-30 22:10:32.564264]Removing created test group if it exists [2015-06-30 22:10:32.766253]Deleting test object 'groups' with a name: 'umc_test_group_hzui6h' Probably caused by r61055: branches/ucs-4.0/ucs-4.0-2/management/univention-management-console-module-udm/umc/python/udm/udm_ldap.py 362 +»··»···»···»···obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), []) 549 »···»···»···»···obj.policies = reduce(lambda x,y: x+y, ldap_object['$policies$'].values(), []) ucs-4.0-2/test/ucs-test/tests/60_umc-system/24_umc-service-create-group needs to be updated, as it works on the low-level UMC interface, where the API was changed.
(In reply to Philipp Hahn from comment #9) > ucs-4.0-2/test/ucs-test/tests/60_umc-system/24_umc-service-create-group > needs to be updated, as it works on the low-level UMC interface, where the > API was changed. yes, I missed that. Fixed in svn r61619. ucs-test rebuilds.
OK: Code r61055 r61063 r61076 r61344 r61484 r61485 OK: YAML r61082 r61377 r61488 OK: Test r61083 r61619 OK: aptitude install -y '?source-package(^univention-management-console-module-udm$)~i' OK: Multiple policies are shown OK: Adding a new policy overwrites all previous policy references OK: Removing one policy OK: Removing all policies OK: Editing the selected policy OK: Editing the inherited value REOPEN: If I open an object with just one active policy, for a short time a see two lines, which are then reduced to one line. TODO: Update documentation: "Inherited" is no longer shown.
Created attachment 7019 [details] Traceback I got the attached traceback multiple times, but I'm unsure how to re-produce it. I think it did occur when I edited the object after deleting some policy references.
Created attachment 7020 [details] Warning Lots of warnings from the JS console
Please have a look: 1. Reference two policies from object via CLI 2. Open in UMC 3. Click to create new policy 4. Save new policy 5. Two policy reference lines are shown, where the newly creates policy is selected in line 1, while in line 2 the drop-down list is empty. I thinks there should be only on line. (6. FYI: I can then select a 2nd policy there, which is stored correctly. So it works, but should be possible because of 5.)
(In reply to Philipp Hahn from comment #12) > Created attachment 7019 [details] > Traceback > > I got the attached traceback multiple times, but I'm unsure how to > re-produce it. > I think it did occur when I edited the object after deleting some policy > references. Again after opening an object with 3 policies attached. I thinks it is timing related: 3 of ~10 times I get the traceback. 1. Open $ldap_base 2. Switch to [Policies] tab 3. Expand "Policy: DHCP boot" 4. Close object without saving 5. GOTO 1.
(In reply to Philipp Hahn from comment #11) > REOPEN: If I open an object with just one active policy, for a short time a > see two lines, which are then reduced to one line. yes, fixed that. r62068/r62069 (In reply to Philipp Hahn from comment #12) > Created attachment 7019 [details] > Traceback > > I got the attached traceback multiple times, but I'm unsure how to > re-produce it. > I think it did occur when I edited the object after deleting some policy > references. I could reproduce the traceback. It happened due to a already removed widget when the http request took a little bit longer. With the svn-commit I could not reproduce this anymore. (In reply to Philipp Hahn from comment #13) > Created attachment 7020 [details] > Warning > > Lots of warnings from the JS console There are 2 types of warning: * deprecated grid.setStructure() → has nothing to do with this bug + have to be fixed in UMC. (I will commit a fix when working on UCS 4.1) * missing widget 'name' for the policy preview → It is stripped out on purpose (In reply to Philipp Hahn from comment #14) > Please have a look: > 1. Reference two policies from object via CLI > 2. Open in UMC > 3. Click to create new policy > 4. Save new policy > 5. Two policy reference lines are shown, where the newly creates policy is > selected in line 1, while in line 2 the drop-down list is empty. > I thinks there should be only on line. > (6. FYI: I can then select a 2nd policy there, which is stored correctly. > So it works, but should be possible because of 5.) IMHO this is okay. If there are initially multiple policies attached to the object the user should be able to set/edit/modify multiple policies.
*** Bug 21473 has been marked as a duplicate of this bug. ***
OK: r62068 r62069 OK: univention-management-console-module-udm=5.1.25-77.588.201507131338 OK: errata-announce -V 2015-05-12-univention-management-console-module-udm.yaml FIXED: 2015-05-12-univention-management-console-module-udm.yaml → r62138
<http://errata.univention.de/ucs/4.0/265.html>