# SPDX-FileCopyrightText: 2007-2025 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only
"""|UDM| module for the configuration registry policies"""
from __future__ import annotations
import codecs
import copy
import univention.admin.filter
import univention.admin.handlers
import univention.admin.localization
import univention.admin.syntax
import univention.admin.uexceptions
from univention.admin.layout import Group, Tab
from univention.admin.policy import (
emptyAttributesProperty, fixedAttributesProperty, ldapFilterProperty, policy_object_tab,
prohibitedObjectClassesProperty, register_policy_mapping, requiredObjectClassesProperty,
)
translation = univention.admin.localization.translation('univention.admin.handlers.policies')
_ = translation.translate
[docs]
class registryFixedAttributes(univention.admin.syntax.select):
name = 'registryFixedAttributes'
choices = [
('registry', _('UCR Variables')),
]
module = 'policies/registry'
operations = ['add', 'edit', 'remove', 'search']
policy_oc = 'univentionPolicyRegistry'
policy_apply_to = ['computers/domaincontroller_master', 'computers/domaincontroller_backup', 'computers/domaincontroller_slave', 'computers/memberserver']
policy_position_dn_prefix = 'cn=config-registry'
multivalue_policy = True
childs = False
short_description = _('Policy: Univention Configuration Registry')
object_name = _('Univention Configuration Registry policy')
object_name_plural = _('Univention Configuration Registry policies')
policy_short_description = _('Univention Configuration Registry')
long_description = ''
# fmt: off
options = {
'default': univention.admin.option(
short_description=short_description,
default=True,
objectClasses=['top', 'univentionPolicy', 'univentionPolicyRegistry'],
),
}
property_descriptions = dict({
'name': univention.admin.property(
short_description=_('Name'),
long_description='',
syntax=univention.admin.syntax.policyName,
include_in_default_search=True,
required=True,
may_change=False,
identifies=True,
),
'registry': univention.admin.property(
short_description=_('Configuration Registry'),
long_description='',
syntax=univention.admin.syntax.UCR_Variable,
multivalue=True,
),
}, **dict([
requiredObjectClassesProperty(),
prohibitedObjectClassesProperty(),
fixedAttributesProperty(syntax=registryFixedAttributes),
emptyAttributesProperty(syntax=registryFixedAttributes),
ldapFilterProperty(),
]))
layout = [
Tab(_('General'), _('These configuration settings will be set on the local UCS system.'), layout=[
Group(_('General Univention Configuration Registry settings'), layout=[
'name',
'registry',
]),
]),
policy_object_tab(),
]
mapping = univention.admin.mapping.mapping()
mapping.register('name', 'cn', None, univention.admin.mapping.ListToString)
register_policy_mapping(mapping)
# fmt: on
[docs]
class object(univention.admin.handlers.simplePolicy):
UCR_HEX = 'univentionRegistry;entry-hex-'
module = module
def _post_unmap(self, info: univention.admin.handlers._Properties, oldattr: univention.admin.handlers._Attributes) -> univention.admin.handlers._Properties:
info['registry'] = sorted(
[self._ucr_unhexlify(attr_name), ldap_value[0].decode('UTF-8').strip()]
for attr_name, ldap_value in oldattr.items()
if self._is_ucr_hex(attr_name)
)
return info
def _post_map(self, modlist, diff):
for key, old, new in diff:
if key == 'registry':
keys = [x[0] for x in new]
duplicated = {x for x in keys if keys.count(x) > 1}
if duplicated:
raise univention.admin.uexceptions.valueInvalidSyntax(_('Duplicated variables not allowed: %s') % (', '.join(map(repr, duplicated))), property='registry')
old_dict = dict(old)
new_dict = dict([k.strip(), v] for k, v in new) # strip leading and trailing whitespace in variable names
for key_name, old_value in old_dict.items():
if key_name not in new_dict: # UCR key has been removed
attr_name = self._ucr_hexlify(key_name)
modlist.append((attr_name, old_value.encode('UTF-8'), None))
elif old_value != new_dict[key_name]: # UCR variable has been changed
attr_name = self._ucr_hexlify(key_name)
modlist.append((attr_name, old_value.encode('UTF-8'), new_dict[key_name].encode('utf-8')))
for key_name, new_value in new_dict.items():
if key_name not in old_dict: # UCR key has been added
attr_name = self._ucr_hexlify(key_name)
modlist.append((attr_name, None, new_value.encode('UTF-8')))
break
return modlist
def _custom_policy_result_map(self):
values = {}
self.polinfo_more['registry'] = []
for attr_name, value_dict in self.policy_attrs.items():
value_dict = copy.deepcopy(value_dict)
values[attr_name] = copy.copy(value_dict['value'])
value_dict['value'] = [x.decode('UTF-8') for x in value_dict['value']]
if self._is_ucr_hex(attr_name):
key_name = self._ucr_unhexlify(attr_name)
value_dict['value'].insert(0, key_name)
self.polinfo_more['registry'].append(value_dict)
elif attr_name:
self.polinfo_more[self.mapping.unmapName(attr_name)] = value_dict
self.polinfo = univention.admin.mapping.mapDict(self.mapping, values)
self.polinfo = self._post_unmap(self.polinfo, values)
def _ucr_hexlify(self, key_name: str) -> str:
return '%s%s' % (self.UCR_HEX, codecs.encode(key_name.encode('utf-8'), 'hex').decode('ASCII'))
def _is_ucr_hex(self, attr_name: str) -> bool:
return attr_name.startswith(self.UCR_HEX)
def _ucr_unhexlify(self, attr_name: str) -> str:
return codecs.decode(attr_name[len(self.UCR_HEX):], 'hex').decode('UTF-8')
lookup = object.lookup
lookup_filter = object.lookup_filter
identify = object.identify
