Contents

UMC server

UMC server

Resources

Module definitions

The UMC server does not load the python modules to get the details about the modules name, description and functionality. Therefore each UMC module must provide an XML file containing this kind of information.

The following example defines a module with the id udm:

<?xml version="1.0" encoding="UTF-8"?>
<umc version="2.0">
        <module id="udm" icon="udm-module" version="1.0" python="3">
                <name>Univention Directory Manager</name>
                <description>Manages all UDM modules</description>
                <flavor icon="udm-users" id="users/user">
                        <name>Users</name>
                        <description>Managing users</description>
                </flavor>
                <categories>
                        <category name="domain" />
                </categories>
                <requiredCommands>
                        <requiredCommand name="udm/query" />
                </requiredCommands>
                <command name="udm/query" function="query" />
                <command name="udm/containers" function="containers" />
        </module>
</umc>

The module tag defines the basic details of a UMC module

id

This identifier must be unique among the modules of an UMC server. Other files may extend the definition of a module by adding more flavors or categories.

icon

The value of this attribute defines an identifier for the icon that should be used for the module. Details for installing icons can be found in the section Packaging

The child elements name and description define the English human readable name and description of the module. For other translations the build tools will create translation files. Details can be found in the section Packaging.

This example defines a so called flavor. A flavor defines a new name, description and icon for the same UMC module. This can be used to show several”virtual” modules in the overview of the web frontend. Additionally the flavor is passed to the UMC server with each request i.e. the UMC module has the possibility to act differently for a specific flavor.

As the next element categories is defined in the example. The child elements category set the categories wthin the overview where the module should be shown. Each module can be more than one category. The attribute name is to identify the category internally. The UMC server brings a set of pre-defined categories:

favorites

This category is intended to be filled by the user herself.

system

Tools manipulating the system itself (e.g. software installation) should go in here.

At the end of the definition file a list of commands is specified. The UMC server only passes commands to a UMC module that are defined. A command definition has two attributes:

name

is the name of the command that is passed to the UMC module. Within the UMCP message it is the first argument after the UMCP COMMAND.

function

defines the method to be invoked within the python module when the command is called.

keywords

defined keywords for the module to ensure searchability

The translations are stored in extra po files that are generated by the UMC build tools.

class univention.management.console.module.Command(name='', method=None, allow_anonymous=False)[source]

Bases: univention.management.console.tools.JSON_Object

Represents a UMCP command handled by a module

SEPARATOR = '/'
fromJSON(json)[source]
class univention.management.console.module.Flavor(id='', icon='', name='', description='', overwrites=None, deactivated=False, priority=- 1, translationId=None, keywords=None, categories=None, required_commands=None, version=None, hidden=False)[source]

Bases: univention.management.console.tools.JSON_Object

Defines a flavor of a module. This provides another name and icon in the overview and may influence the behavior of the module.

merge(other)[source]
class univention.management.console.module.Module(id='', name='', url='', description='', icon='', categories=None, flavors=None, commands=None, priority=- 1, keywords=None, translationId=None, required_commands=None, version=None)[source]

Bases: univention.management.console.tools.JSON_Object

Represents a command attribute

fromJSON(json)[source]
append_flavors(flavors)[source]
merge_flavors(other_flavors)[source]
merge(other)[source]

merge another Module object into current one

Bases: univention.management.console.module.Module

class univention.management.console.module.XML_Definition(root=None, filename=None)[source]

Bases: xml.etree.ElementTree.ElementTree

container for the interface description of a module

property name
property version
property url
property description
property keywords
property id
property priority
property translationId
property notifier
property python_version
property icon
property deactivated
property flavors

Retrieve list of flavor objects

property categories
commands()[source]

Generator to iterate over the commands

get_module()[source]
get_flavor(name)[source]

Retrieves details of a flavor

get_command(name)[source]

Retrieves details of a command

class univention.management.console.module.Manager[source]

Bases: dict

Manager of all available modules

DIRECTORY = '/usr/share/univention-management-console/modules'
modules()[source]

Returns list of module names

load()[source]

Loads the list of available modules. As the list is cleared before, the method can also be used for reloading

is_command_allowed(acls, command, hostname=None, options={}, flavor=None)[source]
permitted_commands(hostname, acls)[source]

Retrieves a list of all modules and commands available according to the ACLs (instance of LDAP_ACLs)

{ id : Module, … }

module_providing(modules, command)[source]

Searches a dictionary of modules (as returned by permitted_commands) for the given command. If found, the id of the module is returned, otherwise None

Category definitions

The UMC server provides the possibility to define categories used to sort the available UMC modules into groups. Each module can be in as many groups as desired.

The category definitions are stored in XML files that structured as in the following example

<?xml version="1.0" encoding="UTF-8"?>
<umc version="2.0">
        <categories>
                <category id="id1">
                        <name>Category 1</name>
                </category>
                <category id="id2">
                        <name>Category 2 on {hostname}.{domainname}</name>
                </category>
        </categories>
</umc>

Each file can define several categories. For each of these categories an unique identifier and the english description must be specified. The translations are stored in extra po files that are generated by the UMC build tools.

Within the description of a category UCR variable names can be used that will be substituted by the value. Therefore the name of the variables must be given in curly braces {VARIABLE}.

class univention.management.console.category.XML_Definition(root=None, filename=None, domain=None)[source]

Bases: xml.etree.ElementTree.ElementTree

Represents a category definition.

property name

Returns the descriptive name of the category

property id

Returns the unique identifier of the category

property icon
property color
property priority

Returns the priority of the category. If no priority is defined the default priority of -1 is returned. None is returned if the specified priority is not a valid float

Return type

float or None

json()[source]

Returns a JSON compatible representation of the category

Return type

dict

class univention.management.console.category.Manager[source]

Bases: dict

This class manages all available categories.

DIRECTORY = '/usr/share/univention-management-console/categories'
all()[source]
load()[source]

Locales

The translations provided by the UMC server are technically based on gettext library. As the server needs to provide translations for several different components that deliver their own translation files this module provides a simple way for the UMC server to get the required translations. Components that provide their own translation files:

  • the UMC core — python code directly imported by the UMC server

  • categories

  • module definitions

class univention.management.console.locales.I18N(locale=None, domain=None)[source]

Bases: object

Provides a translation function for a given language and translation domain.

Parameters

  • locale (str) – the locale to provide

  • domain (str) – the translation domain to use

LOCALE_DIR = '/usr/share/univention-management-console/i18n/'
load(locale=None, domain=None)[source]

Tries to load the translation file specified by the given locale and domain. If the given locale could not be found the method tries to find the translation domain for the systems default locale. No translation is provided when this fails too.

Parameters

  • locale (str) – the locale to provide

  • domain (str) – the translation domain to use

exists(message)[source]

Verifies if the translation file contains a translation for the given text.

Parameters

message (str) – the text to search for

Return type

bool

class univention.management.console.locales.I18N_Manager[source]

Bases: dict

This class handles the I18N instances within an UMC session.

As the UMC server handles all sessions opened on a system that may all use a different language it uses one I18N_Manager per session.

set_locale(locale)[source]

Sets the locale to use within the I18N_Manager.

Parameters

locale (str) – locale to use

Security

class univention.management.console.auth.AuthenticationResult(result, locale)[source]

Bases: object

class univention.management.console.auth.AuthHandler[source]

Bases: notifier.signals.Provider

authenticate(msg)[source]

UMC ACL implementation

This module implements the UMC ACLs used to define the access rights for users and groups to the UMC service.

UMC ACLs are defined by creating UMC operation set objects that are added to UMC policies. These policies can be connected with users or groups.

An UMC operation set consists of a list of UMC command patterns like

udm/* objectType=nagios/*

This specifies that all commands hat match the pattern udm/* can be called if the option objectType is given and the value matches the pattern nagios/*.

Patterns for commands and options may just use the asterik and know no other wildcards. For options there is one additional format allowed to specify that the option may not exist. Therefore the following format is used

udm/* !objectType
class univention.management.console.acl.Rule[source]

Bases: dict

A simple class representing one ACL rule in a form that can be simply serialized.

property fromUser

Returns True if the rule was connected with a user, otherwise False

property host

Returns a hostname pattern. If the pattern matches the hostname the command is allowed on the host

property command

Returns the command pattern this rule describes

property options

Returns the option pattern for the rule

property flavor

Returns the flavor if given otherwise None

class univention.management.console.acl.ACLs(ldap_base=None, acls=None)[source]

Bases: object

Provides methods to determine the access rights of users to specific UMC commands. It defines a cache for ACLs, a parser for command definitions of ACLs and functions for comparison.

MATCH_NONE = 0
MATCH_PART = 1
MATCH_FULL = 2
CACHE_DIR = '/var/cache/univention-management-console/acls'

defines the directory for the cache files

is_command_allowed(command, hostname=None, options={}, flavor=None)[source]

This method verifies if the given command (with options and flavor) is on the named host allowed.

Parameters

  • command (str) – the command to check access for

  • hostname (str) – FQDN of the host

  • options (dict) – the command options given in the UMCP request

  • flavor (str) – the flavor given in the UMCP request

Return type

bool

json()[source]

Returns the ACL definitions in a JSON compatible form.

class univention.management.console.acl.LDAP_ACLs(lo, username, ldap_base)[source]

Bases: univention.management.console.acl.ACLs

Reads ACLs from LDAP directory for the given username. By inheriting the class ACLs the ACL definitions can be cached on the local system. If the LDAP server can not be reached the cache is used if available.

FROM_USER = True
FROM_GROUP = False

Helper functions

Configuration

Global configuration variables and objects for the UMC server.

This module provides a global ConfigRegistry instance ucr some constants that are used internally.

univention.management.console.config.get_int(variable, default)[source]
class univention.management.console.tools.JSON_Object[source]

Bases: object

Converts Python object into JSON compatible data structures. Types like lists, tuples and dictionary are converted directly. If none of these types matches the method tries to convert the attributes of the object and generate a dict to represent it.

json()[source]
class univention.management.console.tools.JSON_List(iterable=(), /)[source]

Bases: list, univention.management.console.tools.JSON_Object

class univention.management.console.tools.JSON_Dict[source]

Bases: dict, univention.management.console.tools.JSON_Object

univention.management.console.tools.locale_get()[source]

Get locale name for messages. If no specific locale is set for process the default setting is returned.

Logging

This module provides a wrapper for univention.debug

univention.management.console.log.COMPONENTS = (0, 1, 3, 4, 10, 16, 21, 19, 20, 17, 18, 15)

list of available debugging components

univention.management.console.log.log_init(filename, log_level=2, log_pid=None)[source]

Initializes Univention debug.

Parameters

  • filename (str) – The filename just needs to be a relative name. The directory /var/log/univention/ is prepended and the suffix ‘.log’ is appended.

  • log_level (int) – log level to use (1-4)

  • log_pid (bool) – Prefix log message with process ID

univention.management.console.log.log_set_level(level=0)[source]

Sets the log level for all components.

Parameters

level (int) – log level to set

univention.management.console.log.log_reopen()[source]

Reopenes the logfile and reset the current loglevel

class univention.management.console.log.ILogger(id)[source]

Bases: object

This class provides a simple interface to access the univention debug function for the given component.

Parameters

id (int) – id of the component to use

error(message)[source]

Write a debug message with level ERROR

warn(message)[source]

Write a debug message with level WARN

process(message)[source]

Write a debug message with level PROCESS

info(message)[source]

Write a debug message with level INFO

previous

Protocol

next

UMC modules