Bug 41041

Summary: UCS_Server syntax lists Docker Containers
Product: UCS Reporter: Dirk Wiesenthal <wiesenthal>
Component: UDM (Generic)Assignee: Dirk Wiesenthal <wiesenthal>
Status: CLOSED FIXED QA Contact: Florian Best <best>
Severity: normal    
Priority: P5 CC: gohmann, walkenhorst
Version: UCS 4.1   
Target Milestone: UCS 4.1-1-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Dirk Wiesenthal univentionstaff 2016-04-13 03:07:39 CEST 
... but it most probably should not.

One may have to have a look at every attribute, but Docker Containers are somewhat "hidden", i.e., they do not count as full hosts, but instead they provide services for the Docker Host they are installed on.

Seen in shares, but also holds for user's MailHomeServer and so on.

One should just add:
  udm_filter = '!(univentionObjectFlag=docker)'
Comment 1 Dirk Wiesenthal univentionstaff 2016-04-13 03:28:23 CEST 
I have just added the filter to every syntax class that used "computers/*" modules. No exception.

QA: Is there any reason to include the Docker Containers in any syntax? Maybe the nagios one? But normally, these computers are not accessible from outside.

  univention-directory-manager-modules 11.0.2-25.1380.201604130322
Comment 2 Florian Best univentionstaff 2016-04-13 08:14:31 CEST 
OK: every syntax class exclude docker containers now:
for i in LDAP_Server HostDN IComputer_FQDN DomainController Windows_Server UCS_Server ServicePrint_FQDN MailHomeServer ServiceMail ServicePrint mailHomeServer nagiosHostsEnabledDn; do
  curl 'https://Administrator:univention@localhost/univention-management-console/command/udm/syntax/choices' -H 'Content-Type: application/json' -H 'X-Requested-With: XMLHttpRequest' --data-binary '{"options":{"syntax":"'$i'"}}' -ks | python -m json.tool;
done | less

Code-Review: Please add a correct LDAP filter next time (it's only luck that it works because most functions pass the filter through univention.admin.filter.parse() while there is one case where the brackets aren't automatically added (in udm_ldap.py +1269)):

>>> from univention.management.console.modules.udm import udm_ldap
>>> univention.management.console.modules.udm.udm_ldap.set_bind_function(lambda lo: lo.bind('uid=Administrator,cn=users,dc=school,dc=local', 'univention'))
>>> import univention.admin.syntax
>>> lo,po = univention.admin.uldap.getMachineConnection()
>>> lo.search(udm_ldap._create_ldap_filter(univention.admin.syntax.LDAP_Server(), {}))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 359, in search
    raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter))
univention.admin.uexceptions.ldapError: Bad search filter: !(univentionObjectFlag=docker)

YAML: OK
Comment 3 Janek Walkenhorst univentionstaff 2016-04-13 14:55:32 CEST 
<http://errata.software-univention.de/ucs/4.1/148.html>