Bug 38712 – univention-policy-result != univention.uldap.getPolicies()

Bug 38712 - univention-policy-result != univention.uldap.getPolicies()


Summary:	univention-policy-result != univention.uldap.getPolicies()

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	General
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-2-errata
Assigned To:	Philipp Hahn
QA Contact:	Florian Best

URL:
Keywords:

Depends on:	38663
Blocks:
	Show dependency tree / graph

Reported:	2015-06-15 16:05 CEST by Philipp Hahn
Modified:	2015-07-03 14:10 CEST (History)
CC List:	4 users (show)

See Also:	35423 33354
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Fix base/univention-python/modules/uldap.py getPolicies() (7.79 KB, patch) 2015-06-15 16:05 CEST, Philipp Hahn	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2015-06-15 16:05:02 CEST

Created attachment 6964 [details]
Fix base/univention-python/modules/uldap.py getPolicies()

The Python implementation "univention.uldap.getPolicies()" returns a different result than the C implementation "univention-policy-result".

-+-- base
 ++- container <<< POLICY[requiredObjectClasses=object]
  +- object

- base/univention-policy/lib/policy.c walks path from the object *up* to the root of the tree,
  and checks the policies against the *requested* object, e.g. POLICY(object)!

- base/univention-python/modules/uldap.py walks the path from the root of the tree *down* to the object,
 and checks the policy against the *currently processed* object, e.g. POLICY(container)!

+++ This bug was initially created as a clone of Bug #38663 +++

Comment 1 Philipp Hahn

2015-06-16 13:06:08 CEST

r61276 | Bug #38663 ucs-test: UDM CLI tests
r61275 | Bug #38663 ucs-test: Copyright 2015
r61274 | Bug #38712 Python: Fix policy_result
 Fixed Python implementation to use same order as the C implementation.
 ucs-test/tests/59_udm/* shows 4 differences:
  01_requiredObjectClasses: were applied to wrong tree level object
  02_prohibitedObjectClasses: were applied to wrong tree level object
  03_ldapFilter: was applied to wrong tree level object
  04_fixedAttributes: OKAY
  05_emptyAttributes: returned wrong parent policy instead of more specific policy

Package: univention-python
Version: 8.0.3-6.153.201506161253
Branch: ucs_4.0-0
Scope: errata4.0-2

Package: ucs-test
Version: 5.0.148-18.1062.201506161256
Branch: ucs_4.0-0
Scope: errata4.0-2

r61277 | Bug #38712 univention-python: YAML
 2015-06-05-univention-python.yaml

Comment 2 Philipp Hahn

2015-06-17 18:25:35 CEST

r61342 | Bug #38712 Python: Fix python2.7 set() syntax

Package: univention-python
Version: 8.0.3-7.154.201506171812
Branch: ucs_4.0-0
Scope: errata4.0-2

r61346 | Bug #38712 Python: Fix python2.7 set() syntax YAML
 2015-06-05-univention-python.yaml

Comment 3 Florian Best

2015-06-17 18:49:51 CEST

Please also adapt line 398 and 418.

Comment 4 Philipp Hahn

2015-06-17 21:25:05 CEST

(In reply to Florian Best from comment #3)
> Please also adapt line 398 and 418.

r61347 | Bug #38712 Python: Fix python2.7 set() syntax

Package: univention-python
Version: 8.0.3-8.155.201506172117
Branch: ucs_4.0-0
Scope: errata4.0-2

r61348 | Bug #38712 Python: Fix python2.7 set() syntax YANK
 2015-06-05-univention-python.yaml

Comment 5 Florian Best

2015-06-25 17:02:01 CEST

The format looks different:

C implementation:
root@master70:~# univention-policy-result -D cn=master70,cn=dc,cn=computers,dc=nstx,dc=local -y /etc/machine.secret cn=master70,cn=dc,cn=computers,dc=nstx,dc=local | grep Attribute | sort | uniq
Attribute: univentionCronActive
Attribute: univentionDhcpDomainName
Attribute: univentionDhcpDomainNameServers
Attribute: univentionInstallationShutdown
Attribute: univentionInstallationStartup
Attribute: univentionPWHistoryLen
Attribute: univentionPWLength
Attribute: univentionRegistry;entry-hex-626172
Attribute: univentionRegistry;entry-hex-62617a
Attribute: univentionRegistry;entry-hex-666f6f
Attribute: univentionUpdateActivate


Before patch:
root@master70:~# python -c "import univention.uldap;lo=univention.uldap.getMachineConnection(); print sorted(__import__('itertools').chain(*[x.keys() for x in lo.getPolicies('cn=master70,cn=dc,cn=computers,dc=nstx,dc=local').values()]))"
['univentionCronActive', 'univentionDhcpDomainName', 'univentionDhcpDomainNameServers', 'univentionInstallationShutdown', 'univentionInstallationStartup', 'univentionPWHistoryLen', 'univentionPWLength', 'univentionUpdateActivate']


After patch:
root@master70:~# python -c "import univention.uldap;lo=univention.uldap.getMachineConnection(); print sorted(__import__('itertools').chain(*[x.keys() for x in lo.getPolicies('cn=master70,cn=dc,cn=computers,dc=nstx,dc=local').values()]))"
['univentionCronActive', 'univentionInstallationShutdown', 'univentionInstallationStartup', 'univentionUpdateActivate']

→ There are some keys missing.

Comment 6 Florian Best

2015-06-25 18:27:47 CEST

Patch in line 382 of uldap.py:
-                               parent = self.get(dn, ['univentionPolicyReference'])
+                               parent = self.get(dn)

I think it should be fine after this patch?!

Comment 7 Philipp Hahn

2015-06-26 08:38:51 CEST

(In reply to Florian Best from comment #6)
> Patch in line 382 of uldap.py:
> -                               parent = self.get(dn,
> ['univentionPolicyReference'])
> +                               parent = self.get(dn)
> 
> I think it should be fine after this patch?!

Thanks for the hint/patch.
Implemented differently using exception.

r61500 | Bug #38663 UDM: LDAP policy inheritance
 ucs-test/tests/59_udm/06_inhertiance

r61499 | Bug #38712 policy: Fix policy inheritance
 univention-python/modules/uldap.py

Package: univention-python
Version: 8.0.3-9.156.201506260831
Branch: ucs_4.0-0
Scope: errata4.0-2

r61501 | Bug #38712 policy: Fix policy inheritance YAML
 2015-06-05-univention-python.yaml

Package: ucs-test
Version: 5.0.148-25.1067.201506260834
Branch: ucs_4.0-0
Scope: errata4.0-2

Comment 8 Philipp Hahn

2015-06-29 10:14:41 CEST

r61539 | Bug #38663 test: Use udm-test for != DC_Master/Backup
r61541 | Bug #38712 test: Use policy ihertitance tests

Package: ucs-test
Version: 5.0.148-27.1069.201506291010
Branch: ucs_4.0-0
Scope: errata4.0-2

Comment 9 Florian Best

2015-07-02 13:06:01 CEST

OK: The python implementation seems to be equal to the C implementation now (except 'break' instead of 'continue' if the parent object was not found).
OK: YAML
OK: ucs-test

Comment 10 Janek Walkenhorst

2015-07-03 14:10:47 CEST

<http://errata.univention.de/ucs/4.0/222.html>