First Last Prev Next    This bug is not in your last search results.
Bug 55506 - POST /school" does not work on singleserver
POST /school" does not work on singleserver
Status: NEW
Product: UCS@school
Classification: Unclassified
Component: HTTP-API (Kelvin)
UCS@school 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS@school maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-12-19 08:57 CET by Carlos García-Mauriño
Modified: 2023-05-26 10:49 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos García-Mauriño univentionstaff 2022-12-19 08:57:13 CET 
System info:

```
root@ucs-1868:~# univention-app info
UCS: 5.0-2 errata515
Installed: cups=2.2.1 samba4=4.16 squid=3.5 ucsschool=5.0 v3 4.4/ucsschool-kelvin-rest-api=1.8.1 4.4/ucsschool-veyon-proxy=4.7.4.14-0
Upgradable:
```

VM IP: 10.200.68.5 (`ssh skurup "virsh start cgarcia_school_singlemaster_68.5"`)
Sanpshot of the bug: `bug_create_school_singleserver`

Kelvin call:

```
curl -X 'POST' \
  'http://10.200.68.5/ucsschool/kelvin/v1/schools/' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "string"
}'
```

Response from Kelvin(400):

```
{
  "detail": "Failed to create school 'string': [HTTP 400]: for operation 'get' on 'computers/domaincontroller_slave' with arguments {'dn': 'cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet'}: Bad Request"
}
```

Response from UDM (400):

```
root@ucs-1868:~# curl -u Administrator:univention "http://localhost/univention/udm/computers/domaincontroller_slave/cn=ucs-1868,
cn=dc,cn=computers,dc=test,dc=intranet"
<!DOCTYPE html>
<html>
        <head>
                <title>HTTP-Error 400: </title>
                <meta content="text/html; charset=utf-8" http-equiv="content-type">
                <link href="http://localhost/univention/udm/computers/domaincontroller_slave/cn%3Ducs-1868%2Ccn%3Ddc%2Ccn%3Dcomputers%2Cdc%3Dtest%2Cdc%3Dintranet" rel="self" title="HTTP-Error 400: ">
                <link href="http://localhost/univention/udm/css/style.css" rel="stylesheet">
        </head>
        <body dir="ltr">
                <header>
                        <nav>
                                <h1 id="logo">
                                        <a href="http://localhost/" rel="home"> </a>
                                </h1>
                                <a href="http://localhost/univention/udm/computers/domaincontroller_slave/cn%3Ducs-1868%2Ccn%3Ddc%2Ccn%3Dcomputers%2Cdc%3Dtest%2Cdc%3Dintranet" rel="self" title="HTTP-Error 400: ">›› HTTP-Error 400: </a>
                        </nav>
                </header>
                <nav>
                        <ul></ul>
                </nav>
                <main>
                        <div>
                                <h1>HTTP-Error 400: </h1>
                                <p style="white-space: pre">The object type of this object differs from the specified object type. cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as computers/domaincontroller_slave.</p>
                        </div>
                </main>
        </body>
```

Kelvin traceback:

```
19.12.22 07:41:30        INFO      (      589) : 200 GET /udm/groups/group/cn=OUtestou7219-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=test,dc=intranet (127.0.0.1) 16.26ms
19.12.22 07:41:30       ERROR      (     1347) : Uncaught exception 3dc61d5b89: GET /udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet (0.0.0.0)
    HTTPServerRequest(protocol='http', host='ucs-1868.test.intranet', method='GET', uri='/udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet', version='HTTP/1.1', remote_ip='0.0.0.0')
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 719, in get
        obj = self.module.object(None, ldap_connection, None, ldap_dn, superordinate, attributes=attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/computers/__base.py", line 72, in __init__
        univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1917, in __init__
        simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 229, in __init__
        raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module))
    univention.admin.uexceptions.wrongObjectType: cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as computers/domaincontroller_slave.

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 3063, in get
        module, obj = await self.pool_submit(self.get_module_object, object_type, dn)
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1141, in run
        yielded = self.gen.throw(*exc_info)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 396, in pool_submit
        return (yield future)
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3.7/concurrent/futures/_base.py", line 425, in result
        return self.__get_result()
      File "/usr/lib/python3.7/concurrent/futures/_base.py", line 384, in __get_result
        raise self._exception
      File "/usr/lib/python3.7/concurrent/futures/thread.py", line 57, in run
        result = self.fn(*self.args, **self.kwargs)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 494, in get_module_object
        obj = module.get(dn)
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 731, in get
        UDM_Error(exc).reraise()
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 366, in reraise
        six.reraise(self.__class__, self, self.exc_info[2])
      File "/usr/lib/python3/dist-packages/six.py", line 692, in reraise
        raise value.with_traceback(tb)
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 719, in get
        obj = self.module.object(None, ldap_connection, None, ldap_dn, superordinate, attributes=attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/computers/__base.py", line 72, in __init__
        univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1917, in __init__
        simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 229, in __init__
        raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module))
    univention.management.console.modules.udm.udm_ldap.UDM_Error: The object type of this object differs from the specified object type. cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as computers/domaincontroller_slave.
19.12.22 07:41:30     WARNING      (     1347) : 400 3dc61d5b89: GET /udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet (0.0.0.0) 21.41ms
19.12.22 07:41:30     WARNING      (      589) : 400 GET /udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet (127.0.0.1) 24.52ms
```
Comment 1 Carlos García-Mauriño univentionstaff 2022-12-19 09:04:26 CET 
```
root@ucs-1868:~# ucr get ucsschool/singlemaster
true
```

In both the host (primary) and the Kelvin container.
Comment 2 Florian Best univentionstaff 2022-12-19 21:32:33 CET 
what does
univention-ldapsearch -LLLb 'cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet'
say?
Comment 3 Carlos García-Mauriño univentionstaff 2022-12-20 07:54:37 CET 
(In reply to Florian Best from comment #2)
> what does
> univention-ldapsearch -LLLb
> 'cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet'
> say?

```
root@ucs-1868:~/kelvin-rest-api-client# univention-ldapsearch -LLLb 'cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet'
dn: cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
krb5KeyVersionNumber: 1
uidNumber: 2001
krb5Key:: MEmhEzARoAMCAQGhCgQIGtUZaFJP2UyiMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MEmhEzARoAMCAQOhCgQIGtUZaFJP2UyiMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MEmhEzARoAMCAQKhCgQIGtUZaFJP2UyiMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MGGhKzApoAMCARKhIgQg0MBDbIsHNb529N5SfV7dXB3pSZLHXDIlC4USlflsqt6iMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MFGhGzAZoAMCARGhEgQQsRNJcF6WUzZvLV6KLJEQp6IyMDCgAwIBA6EpBCdURVNULklOVFJBTkVUaG9zdHVjcy0xODY4LnRlc3QuaW50cmFuZXQ=
krb5Key:: MFmhIzAhoAMCARChGgQYdXoxhoBMdhWtB+DlOyyutn/mRkz9FiBMojIwMKADAgEDoSkEJ1RFU1QuSU5UUkFORVRob3N0dWNzLTE4NjgudGVzdC5pbnRyYW5ldA==
krb5Key:: MFGhGzAZoAMCARehEgQQPs0coA2J1ClXEboK2LM/C6IyMDCgAwIBA6EpBCdURVNULklOVFJBTkVUaG9zdHVjcy0xODY4LnRlc3QuaW50cmFuZXQ=
userPassword:: e2NyeXB0fSQ2JC92Q0RqQ2gybWFUdGNSZ1ckWE1WcE1zbERCYjRxMDdIcmRzcWtnQjA1dGdpeTZlcUJiZDB2UTJ3dUQxb0pIRHJaMXd4VzFDL1FSL3FQeTA1ME1EWjJ0MC9GN2lOWUtnUkZ0eG1BRS8=
sambaNTPassword: 3ECD1CA00D89D4295711BA0AD8B33F0B
sambaAcctFlags: [S          ]
displayName: ucs-1868
univentionServerRole: master
aRecord: 10.200.68.5
sn: ucs-1868
cn: ucs-1868
associatedDomain: test.intranet
homeDirectory: /dev/null
loginShell: /bin/sh
uid: ucs-1868$
krb5PrincipalName: host/ucs-1868.test.intranet@TEST.INTRANET
univentionObjectType: computers/domaincontroller_master
gidNumber: 5005
univentionOperatingSystem: Univention Corporate Server
univentionNagiosEnabled: 1
objectClass: posixAccount
objectClass: univentionNagiosHostClass
objectClass: univentionObject
objectClass: person
objectClass: krb5Principal
objectClass: sambaSamAccount
objectClass: top
objectClass: shadowAccount
objectClass: univentionHost
objectClass: krb5KDCEntry
objectClass: univentionDomainController
objectClass: ucsschoolServer
univentionOperatingSystemVersion: 5.0-2
sambaSID: S-1-5-21-1168332164-926753259-1399136823-1000
shadowLastChange: 19343
sambaPwdLastSet: 1671270990
sambaPrimaryGroupSID: S-1-5-21-1168332164-926753259-1399136823-1110
univentionService: LDAP
univentionService: Univention Directory Manager REST
univentionService: NFS
univentionService: DNS
univentionService: univention-saml
univentionService: Univention Management Console
univentionService: UCS Monitoring
univentionService: PROXY
univentionService: Samba 4
univentionService: S4 Connector
univentionService: Print
univentionService: UCS@school
univentionService: UCS@school Education
ucsschoolRole: dc_master:school:-
ucsschoolRole: single_master:school:-
ucsschoolRole: single_master:school:DEMOSCHOOL
ucsschoolRole: single_master:school:test
ucsschoolRole: single_master:school:string
```
Comment 4 Florian Best univentionstaff 2022-12-20 12:37:35 CET 
So this is a domaincontroller master object but Kelvin tries to treat it as domaincontroller slave.
Comment 5 Carlos García-Mauriño univentionstaff 2022-12-21 06:58:05 CET 
Additionally, this might happen in multiserver domains after running the tests. I fear that some test might affect the computer object leaving it in a bad state. I go this error from a Jenkins run:

```
auth_header = {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOnsidXNlcm5hbWUiOiJBZG1pbmlzdHJhdG9yIiwia2VsdmluX2FkbWluIjp0cnVlLCJzY2hvb2xzIjpbXSwicm9sZXMiOltdfSwiZXhwIjoxNjcxNTYxMDkwfQ.CktfyVYmuZu7TDhiUU5LTv1uJ90wFSa7lTEK_iCzu08'}
docker_host_name = 'primary.school.test'
random_school_create_model = <class 'conftest.SchoolCreateModelFactory'>
schedule_delete_ou_using_ssh = <function schedule_delete_ou_using_ssh.<locals>._func at 0x7fa8f3afc430>

    @pytest.mark.asyncio
    async def test_create_udm_error_forwarding(
        auth_header,
        docker_host_name,
        random_school_create_model,
        schedule_delete_ou_using_ssh,
    ):
        school_create_model: SchoolCreateModel = random_school_create_model()
        attrs = school_create_model.dict()
        attrs["udm_properties"] = {"description": "DESCRIPTION", "userPath": "_xxx"}
        schedule_delete_ou_using_ssh(school_create_model.name, docker_host_name)
        client = TestClient(app, base_url="http://test.server")
        response = client.post(
            app.url_path_for("school_create"),
            headers={"Content-Type": "application/json", **auth_header},
            json=attrs,
        )
>       assert response.status_code == 422, response.json()
E       AssertionError: {'detail': "Failed to create school 'db-55': [HTTP 400]: for operation 'get' on 'computers/domaincontroller_slave' with arguments {'dn': 'cn=primary,cn=dc,cn=computers,dc=school,dc=test'}: Bad Request"}
E       assert 400 == 422
E         +400
E         -422

attrs      = {'administrative_servers': ['admdb-55'], 'class_share_file_server': 'admdb-55', 'display_name': 'displ name db-55', 'educational_servers': ['edudb-55'], ...}
auth_header = {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOnsidXNlcm5hbWUiOiJBZG1pbmlzdHJhdG9yIiwia2VsdmluX2FkbWluIjp0cnVlLCJzY2hvb2xzIjpbXSwicm9sZXMiOltdfSwiZXhwIjoxNjcxNTYxMDkwfQ.CktfyVYmuZu7TDhiUU5LTv1uJ90wFSa7lTEK_iCzu08'}
client     = <starlette.testclient.TestClient object at 0x7fa8f456f0a0>
docker_host_name = 'primary.school.test'
random_school_create_model = <class 'conftest.SchoolCreateModelFactory'>
response   = <Response [400 Bad Request]>
schedule_delete_ou_using_ssh = <function schedule_delete_ou_using_ssh.<locals>._func at 0x7fa8f3afc430>
school_create_model = SchoolCreateModel(udm_properties={}, name='db-55', display_name='displ name db-55', educational_servers=['edudb-55'], administrative_servers=['admdb-55'], class_share_file_server='admdb-55', home_share_file_server='admdb-55')

tests/test_route_school.py:241: AssertionError
```
First Last Prev Next    This bug is not in your last search results.